Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/F9ECF4A0295A11EFBECFCA7EC4F9AE02.roa
File:                     F9ECF4A0295A11EFBECFCA7EC4F9AE02.roa (raw, json)
Hash identifier:          DUkD4dNjUkFTokfAlqm3Uyonu5h9UsmoJuMWKvodIy4=
Subject key identifier:   E5:E2:5B:C2:00:6B:8C:DC:D5:99:BF:AA:75:B6:35:BF:3E:9F:E3:67
Certificate issuer:       /CN=A91A5560/serialNumber=E38EB3F5A5107E30F0CA71DDEA75B170D0B03256
Certificate serial:       011B
Authority key identifier: E3:8E:B3:F5:A5:10:7E:30:F0:CA:71:DD:EA:75:B1:70:D0:B0:32:56
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/446z9aUQfjDwynHd6nWxcNCwMlY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/F9ECF4A0295A11EFBECFCA7EC4F9AE02.roa
Signing time:             Wed 15 Oct 2025 08:31:58 +0000
ROA not before:           Wed 15 Oct 2025 08:31:58 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     150062
IP address blocks:        2001:df1:1840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/446z9aUQfjDwynHd6nWxcNCwMlY.crl
                          rsync://rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/446z9aUQfjDwynHd6nWxcNCwMlY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/446z9aUQfjDwynHd6nWxcNCwMlY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 07:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 283 (0x11b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A5560, serialNumber=E38EB3F5A5107E30F0CA71DDEA75B170D0B03256
        Validity
            Not Before: Oct 15 08:31:58 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68ef5bfd-ca6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b2:b2:79:78:cc:78:8e:95:b9:e5:ec:34:d9:
                    8d:2c:aa:6a:3a:17:0e:4f:d3:0b:3c:7e:a7:b1:35:
                    f5:e1:79:81:4a:30:30:f6:9c:b8:bc:2f:c1:6d:e3:
                    a0:53:1d:a0:59:ad:c3:2a:0e:b5:58:3b:ff:a2:ca:
                    c4:83:11:36:5d:33:e4:77:7c:6c:61:9f:e3:ef:64:
                    44:37:c4:07:6f:e4:7a:14:b3:c6:af:fe:67:9f:3d:
                    fc:fb:5b:18:4b:c5:04:cc:b7:d1:9a:b0:69:91:78:
                    c1:f9:57:b5:8e:86:d7:12:0a:bb:b3:26:a9:55:1c:
                    96:52:a2:e8:11:23:09:61:7d:1d:dd:4e:8c:59:52:
                    21:d2:19:80:54:11:8c:70:49:a4:9a:4b:e8:bd:aa:
                    0c:54:95:0b:f9:c5:ac:13:42:6d:e1:23:e8:4a:49:
                    94:7a:62:23:78:cc:d4:bf:8c:9f:75:7a:13:2c:a8:
                    51:c9:65:01:a5:0c:24:4b:97:e1:1a:00:16:a1:15:
                    7a:97:cf:ad:19:4a:af:70:4d:60:15:58:c3:7e:55:
                    36:f7:07:45:33:26:48:f1:9a:94:a3:a7:e4:3b:2d:
                    bf:de:50:59:e9:70:c5:1f:88:fa:34:8d:77:54:ed:
                    9a:c9:0a:63:dd:8b:34:98:1f:36:a3:b8:b5:b5:48:
                    3c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E2:5B:C2:00:6B:8C:DC:D5:99:BF:AA:75:B6:35:BF:3E:9F:E3:67
            X509v3 Authority Key Identifier:
                keyid:E3:8E:B3:F5:A5:10:7E:30:F0:CA:71:DD:EA:75:B1:70:D0:B0:32:56

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/446z9aUQfjDwynHd6nWxcNCwMlY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/446z9aUQfjDwynHd6nWxcNCwMlY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A5560/4C3D6BC0216F11EFAF45EA2DC4F9AE02/F9ECF4A0295A11EFBECFCA7EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:1840::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:4a:00:d2:22:22:5a:fa:cb:05:8a:6d:8c:41:a7:43:a9:86:
         c3:e3:1e:30:6c:1d:49:5e:49:78:0b:17:0f:15:f9:c3:3f:09:
         c0:e9:65:5b:55:95:c8:48:2f:50:83:a2:1f:e4:a3:ed:3e:33:
         39:e2:58:69:f8:9d:90:12:85:42:f0:63:ab:25:81:2d:62:4a:
         53:3e:46:8c:11:83:b3:d4:2d:22:02:03:e2:9b:a2:ae:e0:9e:
         48:14:ab:76:b1:75:cf:11:3e:64:85:29:d9:f1:a0:8e:88:43:
         9f:f0:bd:b1:35:b1:1b:58:43:fb:7c:e7:fb:f5:68:01:00:9c:
         e1:6b:0b:f9:bc:e6:64:cc:ef:25:8f:5f:3b:24:c8:83:0b:c8:
         47:ec:61:08:8d:87:45:3b:74:f4:ae:61:cd:74:bf:69:1d:80:
         ea:d2:c4:74:1d:d5:3d:25:2a:7e:c6:af:1b:45:e0:fa:89:4e:
         4f:2c:4d:ae:74:80:f6:9d:ec:0c:ca:bc:b4:28:48:95:e8:37:
         d6:1a:53:e5:d2:16:e9:9a:b4:45:34:9d:2d:d7:da:54:12:f3:
         2f:4a:62:ce:87:6b:c8:39:00:45:de:10:b8:63:31:80:d1:11:
         28:05:df:00:52:1d:a3:88:18:ce:c7:36:70:21:3d:09:9a:ed:
         85:c0:39:de
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICARswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU1NjAxMTAvBgNVBAUTKEUzOEVCM0Y1QTUxMDdFMzBGMENBNzFEREVBNzVCMTcw
RDBCMDMyNTYwHhcNMjUxMDE1MDgzMTU4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVmNWJmZC1jYTZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqbKyeXjMeI6VueXsNNmNLKpqOhcOT9MLPH6nsTX14XmBSjAw9py4vC/BbeOg
Ux2gWa3DKg61WDv/osrEgxE2XTPkd3xsYZ/j72REN8QHb+R6FLPGr/5nnz38+1sY
S8UEzLfRmrBpkXjB+Ve1jobXEgq7syapVRyWUqLoESMJYX0d3U6MWVIh0hmAVBGM
cEmkmkvovaoMVJUL+cWsE0Jt4SPoSkmUemIjeMzUv4yfdXoTLKhRyWUBpQwkS5fh
GgAWoRV6l8+tGUqvcE1gFVjDflU29wdFMyZI8ZqUo6fkOy2/3lBZ6XDFH4j6NI13
VO2ayQpj3Ys0mB82o7i1tUg8BwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFOXiW8IA
a4zc1Zm/qnW2Nb8+n+NnMB8GA1UdIwQYMBaAFOOOs/WlEH4w8Mpx3ep1sXDQsDJW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTU2MC80QzNENkJDMDIx
NkYxMUVGQUY0NUVBMkRDNEY5QUUwMi80NDZ6OWFVUWZqRHd5bkhkNm5XeGNOQ3dN
bFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzQ0Nno5YVVRZmpEd3luSGQ2bld4Y05Dd01sWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU1NjAvNEMzRDZCQzAyMTZGMTFFRkFGNDVFQTJEQzRGOUFFMDIvRjlFQ0Y0QTAy
OTVBMTFFRkJFQ0ZDQTdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3xGEAwDQYJKoZIhvcNAQELBQADggEBAHVKANIiIlr6
ywWKbYxBp0OphsPjHjBsHUleSXgLFw8V+cM/CcDpZVtVlchIL1CDoh/ko+0+Mzni
WGn4nZAShULwY6slgS1iSlM+RowRg7PULSICA+Kboq7gnkgUq3axdc8RPmSFKdnx
oI6IQ5/wvbE1sRtYQ/t85/v1aAEAnOFrC/m85mTM7yWPXzskyIMLyEfsYQiNh0U7
dPSuYc10v2kdgOrSxHQd1T0lKn7GrxtF4PqJTk8sTa50gPad7AzKvLQoSJXoN9Ya
U+XSFumatEU0nS3X2lQS8y9KYs6Ha8g5AEXeELhjMYDRESgF3wBSHaOIGM7HNnAh
PQma7YXAOd4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:57:45 2025 by rpki-client