Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/37E179CC6F0011EEAFD97016C4F9AE02.roa
File:                     37E179CC6F0011EEAFD97016C4F9AE02.roa (raw, json)
Hash identifier:          0EXIo+3jT2LrdvdE+EYM/ALiqqQUvx4lMi+70Kb3xlE=
Subject key identifier:   68:EF:18:22:5E:2E:44:0F:09:7C:58:D6:40:A4:D8:65:76:6A:7E:22
Certificate issuer:       /CN=A91A1B9F/serialNumber=F53E56407698C1FAA75D25765513B507652C97AB
Certificate serial:       0164
Authority key identifier: F5:3E:56:40:76:98:C1:FA:A7:5D:25:76:55:13:B5:07:65:2C:97:AB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9T5WQHaYwfqnXSV2VRO1B2Usl6s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/37E179CC6F0011EEAFD97016C4F9AE02.roa
Signing time:             Fri 05 Sep 2025 04:40:23 +0000
ROA not before:           Fri 05 Sep 2025 04:40:23 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     10143
IP address blocks:        203.21.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/9T5WQHaYwfqnXSV2VRO1B2Usl6s.crl
                          rsync://rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/9T5WQHaYwfqnXSV2VRO1B2Usl6s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9T5WQHaYwfqnXSV2VRO1B2Usl6s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 06:23:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 356 (0x164)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A1B9F, serialNumber=F53E56407698C1FAA75D25765513B507652C97AB
        Validity
            Not Before: Sep  5 04:40:23 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68ba69b7-baf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c8:b2:be:67:ea:b3:12:ad:f0:bc:c8:24:f0:
                    b9:c7:8b:2a:a8:5b:0a:64:e6:71:d0:e4:d5:a9:b5:
                    34:3e:44:47:8e:38:b6:ca:36:5f:0a:06:1b:30:69:
                    a1:ce:67:1c:35:97:40:2f:5e:63:d5:94:c2:a2:03:
                    4a:8a:77:08:10:8d:bb:e0:96:f7:68:1a:38:99:3b:
                    ec:90:bd:85:f1:f2:51:2c:97:ab:39:97:61:c2:6f:
                    f3:50:79:de:44:18:31:b4:6c:c3:10:21:b3:56:03:
                    9e:95:67:31:8c:86:20:ce:d2:ef:a4:23:48:6d:02:
                    e9:d5:42:cb:66:2d:71:73:a3:ce:2b:75:51:3b:0e:
                    df:a9:bd:63:8f:fb:d6:0f:96:cb:af:66:7b:dd:83:
                    97:c7:4a:e9:9a:eb:a6:fe:1e:62:66:c5:45:7c:c6:
                    4e:52:71:30:dc:7a:70:b4:d5:99:41:23:db:1d:ba:
                    b7:bc:c8:e3:5b:55:34:58:ce:4b:ff:ab:e3:fd:e5:
                    bc:0f:c1:87:36:ac:34:1d:5b:e2:f2:18:8d:2e:50:
                    77:33:ad:82:82:32:d7:ad:15:f8:d1:e9:06:99:87:
                    a1:46:f1:c0:fe:fc:4d:14:cb:b3:c4:b3:97:09:ce:
                    06:b4:04:77:d9:09:48:38:b2:65:c4:ea:96:0c:ef:
                    9d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:EF:18:22:5E:2E:44:0F:09:7C:58:D6:40:A4:D8:65:76:6A:7E:22
            X509v3 Authority Key Identifier:
                keyid:F5:3E:56:40:76:98:C1:FA:A7:5D:25:76:55:13:B5:07:65:2C:97:AB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/9T5WQHaYwfqnXSV2VRO1B2Usl6s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9T5WQHaYwfqnXSV2VRO1B2Usl6s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A1B9F/569229026E1511EE8D6ED458C4F9AE02/37E179CC6F0011EEAFD97016C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.21.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:fe:c6:7a:c7:e3:d5:ec:c9:00:a5:ad:9c:e3:bf:42:b2:9a:
         52:21:87:81:71:cb:18:52:4b:8b:72:c6:b7:85:6f:cb:ba:f3:
         03:b5:fa:bc:9e:25:ce:a4:07:7b:1a:cc:ea:31:09:ba:1e:62:
         38:b6:9f:da:70:72:87:fb:37:54:8b:80:04:b4:82:ce:aa:b7:
         eb:ad:95:09:3a:d5:68:7e:c7:95:3e:c2:42:0d:47:c0:d4:b1:
         54:a5:28:bb:5b:ec:ce:65:62:67:f5:09:b7:0a:89:a0:43:0a:
         c1:7a:1d:98:3c:67:4c:5a:61:4b:97:a0:8b:fa:b0:1c:1f:3e:
         a1:84:6f:60:eb:45:44:a1:22:53:ce:75:9f:98:de:78:8e:d6:
         4f:9c:33:69:59:fe:a8:cf:b3:86:f6:18:19:b5:02:91:0a:b4:
         45:67:80:df:79:2b:c5:90:8f:07:5c:ec:9b:7b:44:21:6e:ab:
         c9:04:4d:6c:09:e3:1e:17:01:8c:c7:66:39:bb:82:64:ea:af:
         5e:7c:06:4b:4b:b9:a4:42:f7:cf:8c:a3:a0:d2:cc:32:5a:87:
         1e:42:2f:74:48:56:e0:53:90:36:37:22:c3:69:05:b3:d0:ee:
         ed:50:75:94:0f:fe:9d:24:e4:dd:b3:9c:df:d7:af:65:ff:3c:
         1c:ff:13:33
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAWQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTFCOUYxMTAvBgNVBAUTKEY1M0U1NjQwNzY5OEMxRkFBNzVEMjU3NjU1MTNCNTA3
NjUyQzk3QUIwHhcNMjUwOTA1MDQ0MDIzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGJhNjliNy1iYWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ciyvmfqsxKt8LzIJPC5x4sqqFsKZOZx0OTVqbU0PkRHjji2yjZfCgYbMGmh
zmccNZdAL15j1ZTCogNKincIEI274Jb3aBo4mTvskL2F8fJRLJerOZdhwm/zUHne
RBgxtGzDECGzVgOelWcxjIYgztLvpCNIbQLp1ULLZi1xc6POK3VROw7fqb1jj/vW
D5bLr2Z73YOXx0rpmuum/h5iZsVFfMZOUnEw3HpwtNWZQSPbHbq3vMjjW1U0WM5L
/6vj/eW8D8GHNqw0HVvi8hiNLlB3M62CgjLXrRX40ekGmYehRvHA/vxNFMuzxLOX
Cc4GtAR32QlIOLJlxOqWDO+dUQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGjvGCJe
LkQPCXxY1kCk2GV2an4iMB8GA1UdIwQYMBaAFPU+VkB2mMH6p10ldlUTtQdlLJer
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMUI5Ri81NjkyMjkwMjZF
MTUxMUVFOEQ2RUQ0NThDNEY5QUUwMi85VDVXUUhhWXdmcW5YU1YyVlJPMUIyVXNs
NnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlUNVdRSGFZd2ZxblhTVjJWUk8xQjJVc2w2cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTFCOUYvNTY5MjI5MDI2RTE1MTFFRThENkVENDU4QzRGOUFFMDIvMzdFMTc5Q0M2
RjAwMTFFRUFGRDk3MDE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLFQkwDQYJKoZIhvcNAQELBQADggEBAI3+xnrH49XsyQCl
rZzjv0KymlIhh4FxyxhSS4tyxreFb8u68wO1+ryeJc6kB3sazOoxCboeYji2n9pw
cof7N1SLgAS0gs6qt+utlQk61Wh+x5U+wkINR8DUsVSlKLtb7M5lYmf1CbcKiaBD
CsF6HZg8Z0xaYUuXoIv6sBwfPqGEb2DrRUShIlPOdZ+Y3niO1k+cM2lZ/qjPs4b2
GBm1ApEKtEVngN95K8WQjwdc7Jt7RCFuq8kETWwJ4x4XAYzHZjm7gmTqr158BktL
uaRC98+Mo6DSzDJahx5CL3RIVuBTkDY3IsNpBbPQ7u1QdZQP/p0k5N2znN/Xr2X/
PBz/EzM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:44:12 2025 by rpki-client