Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/CB6840EE3BAC11EF9C334410C4F9AE02.roa
File:                     CB6840EE3BAC11EF9C334410C4F9AE02.roa (raw, json)
Hash identifier:          ZyyI/ZozrG5/nhJLIBxR0Bcz7+GF6Q+AWpBF1mK4I18=
Subject key identifier:   F8:BF:5C:FD:27:4C:53:5E:95:94:31:B1:C0:37:61:15:53:09:BF:05
Certificate issuer:       /CN=A9194AE2/serialNumber=845D88E0A215145F367D9304BF3F71AEE8EB4C2D
Certificate serial:       ED
Authority key identifier: 84:5D:88:E0:A2:15:14:5F:36:7D:93:04:BF:3F:71:AE:E8:EB:4C:2D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/hF2I4KIVFF82fZMEvz9xrujrTC0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/CB6840EE3BAC11EF9C334410C4F9AE02.roa
Signing time:             Sat 13 Sep 2025 05:42:27 +0000
ROA not before:           Sat 13 Sep 2025 05:42:26 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     55714
IP address blocks:        160.25.2.0/23 maxlen: 23
                          160.25.2.0/24 maxlen: 24
                          160.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/hF2I4KIVFF82fZMEvz9xrujrTC0.crl
                          rsync://rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/hF2I4KIVFF82fZMEvz9xrujrTC0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/hF2I4KIVFF82fZMEvz9xrujrTC0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 08:13:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 237 (0xed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9194AE2, serialNumber=845D88E0A215145F367D9304BF3F71AEE8EB4C2D
        Validity
            Not Before: Sep 13 05:42:26 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68c50442-fec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:08:72:a0:9a:d3:2c:93:fe:d3:51:f3:a0:1b:
                    85:8d:0a:97:ad:71:f1:b4:16:8d:94:e9:b8:5c:29:
                    53:8e:09:94:50:5c:a9:d1:6a:73:f2:1e:bf:f9:78:
                    f2:ca:22:f0:ab:b3:71:ae:95:7c:22:39:2a:e4:ff:
                    fc:85:f8:1e:ec:c2:88:08:a1:67:c9:50:77:e9:2f:
                    f6:dd:c3:37:e0:a3:09:b8:e8:38:fb:c0:76:8a:da:
                    65:1c:34:43:05:41:92:f2:74:4f:c8:a4:6a:ee:cf:
                    17:7e:c9:85:44:03:a2:cb:7b:b9:cd:ad:0c:af:30:
                    66:e3:cf:dc:40:ed:98:c4:86:69:9f:3e:74:76:7d:
                    0f:41:f8:01:6e:a6:7d:cb:1b:21:17:01:aa:f4:80:
                    1a:2e:55:02:55:de:c6:c2:7d:c3:b7:b8:4b:d3:ce:
                    d4:b4:b4:7d:30:26:5a:4a:ee:3a:ce:46:88:dd:26:
                    61:e6:8c:33:0e:d0:2f:c4:0a:9c:05:9d:5b:1b:47:
                    02:f2:42:38:1b:3a:62:3f:1d:07:88:ec:cb:0e:e4:
                    97:80:c3:93:7d:67:7f:de:c4:bc:5b:b5:e0:91:bf:
                    d4:eb:78:64:9c:d2:46:d5:d6:1c:73:3b:7f:b2:b3:
                    e3:f0:c7:f2:6d:ee:ca:5b:52:c9:37:0f:81:ea:ab:
                    2c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BF:5C:FD:27:4C:53:5E:95:94:31:B1:C0:37:61:15:53:09:BF:05
            X509v3 Authority Key Identifier:
                keyid:84:5D:88:E0:A2:15:14:5F:36:7D:93:04:BF:3F:71:AE:E8:EB:4C:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/hF2I4KIVFF82fZMEvz9xrujrTC0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/hF2I4KIVFF82fZMEvz9xrujrTC0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194AE2/26A6F44C3BAC11EF9D7EA871C4F9AE02/CB6840EE3BAC11EF9C334410C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:34:e7:e5:30:b8:bc:94:4c:a5:75:fe:70:4e:02:6b:cc:bb:
         75:1b:96:07:66:1a:59:e4:7c:7a:a2:8f:74:d2:72:f3:aa:18:
         d9:c7:ef:13:d3:d9:22:79:00:68:42:bd:42:be:2e:69:d9:98:
         e6:58:77:a2:d8:0e:2d:cd:bb:1e:71:3a:2f:9e:6f:7b:45:d2:
         24:28:df:b0:7c:fc:72:eb:68:89:b1:fa:f9:e7:2e:63:3e:67:
         4a:62:74:ed:9f:66:6d:7c:c1:f6:22:09:05:73:06:f4:ac:5d:
         49:76:7a:4e:79:56:7c:c7:62:cc:6e:d9:81:50:6e:48:43:91:
         6b:f7:35:77:54:c9:97:ca:bb:13:75:f5:6e:40:c0:4a:41:41:
         79:db:4a:4f:b7:0d:b2:67:5d:3d:f9:0d:66:f3:9f:ac:00:14:
         55:90:9b:a9:60:ab:e2:78:48:5b:01:a5:9a:f7:66:68:e3:37:
         d5:6d:c5:a9:f2:cf:bb:86:9d:d5:ea:44:72:a8:3e:4f:15:07:
         aa:12:9b:f5:16:a4:89:dc:61:59:71:6a:47:11:88:7f:a5:39:
         b4:31:63:e0:42:41:34:c7:e1:07:dc:af:43:f5:76:95:56:21:
         37:b1:21:ed:91:64:3a:02:b8:c9:6f:04:13:6f:b7:13:c8:98:
         77:dc:ec:d2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAO0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTRBRTIxMTAvBgNVBAUTKDg0NUQ4OEUwQTIxNTE0NUYzNjdEOTMwNEJGM0Y3MUFF
RThFQjRDMkQwHhcNMjUwOTEzMDU0MjI2WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM1MDQ0Mi1mZWM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwghyoJrTLJP+01HzoBuFjQqXrXHxtBaNlOm4XClTjgmUUFyp0Wpz8h6/+Xjy
yiLwq7NxrpV8Ijkq5P/8hfge7MKICKFnyVB36S/23cM34KMJuOg4+8B2itplHDRD
BUGS8nRPyKRq7s8XfsmFRAOiy3u5za0MrzBm48/cQO2YxIZpnz50dn0PQfgBbqZ9
yxshFwGq9IAaLlUCVd7Gwn3Dt7hL087UtLR9MCZaSu46zkaI3SZh5owzDtAvxAqc
BZ1bG0cC8kI4GzpiPx0HiOzLDuSXgMOTfWd/3sS8W7Xgkb/U63hknNJG1dYcczt/
srPj8Mfybe7KW1LJNw+B6qsspQIDAQABo4IClTCCApEwHQYDVR0OBBYEFPi/XP0n
TFNelZQxscA3YRVTCb8FMB8GA1UdIwQYMBaAFIRdiOCiFRRfNn2TBL8/ca7o60wt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NEFFMi8yNkE2RjQ0QzNC
QUMxMUVGOUQ3RUE4NzFDNEY5QUUwMi9oRjJJNEtJVkZGODJmWk1Fdno5eHJ1anJU
QzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2hGMkk0S0lWRkY4MmZaTUV2ejl4cnVqclRDMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTRBRTIvMjZBNkY0NEMzQkFDMTFFRjlEN0VBODcxQzRGOUFFMDIvQ0I2ODQwRUUz
QkFDMTFFRjlDMzM0NDEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGgGQIwDQYJKoZIhvcNAQELBQADggEBAK805+UwuLyUTKV1
/nBOAmvMu3UblgdmGlnkfHqij3TScvOqGNnH7xPT2SJ5AGhCvUK+LmnZmOZYd6LY
Di3Nux5xOi+eb3tF0iQo37B8/HLraImx+vnnLmM+Z0pidO2fZm18wfYiCQVzBvSs
XUl2ek55VnzHYsxu2YFQbkhDkWv3NXdUyZfKuxN19W5AwEpBQXnbSk+3DbJnXT35
DWbzn6wAFFWQm6lgq+J4SFsBpZr3ZmjjN9Vtxanyz7uGndXqRHKoPk8VB6oSm/UW
pIncYVlxakcRiH+lObQxY+BCQTTH4Qfcr0P1dpVWITexIe2RZDoCuMlvBBNvtxPI
mHfc7NI=
-----END CERTIFICATE-----
Generated at Tue Oct 21 03:19:23 2025 by rpki-client