Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/C4D0CEECACF611F0AC34117FC4F9AE02.roa
File:                     C4D0CEECACF611F0AC34117FC4F9AE02.roa (raw, json)
Hash identifier:          7ucYBUaCLmqgDRuv79Vd3l7kVK2Q22cJEETdC+Ms3yg=
Subject key identifier:   2D:1A:A2:28:6D:B6:2A:42:37:35:B7:F9:B5:83:8E:DB:C4:AF:A0:C4
Certificate issuer:       /CN=A91A99F8/serialNumber=F9CDB06188D54FD1373030B920C8E445DB2D3D57
Certificate serial:       79
Authority key identifier: F9:CD:B0:61:88:D5:4F:D1:37:30:30:B9:20:C8:E4:45:DB:2D:3D:57
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-c2wYYjVT9E3MDC5IMjkRdstPVc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/C4D0CEECACF611F0AC34117FC4F9AE02.roa
Signing time:             Sun 19 Oct 2025 14:20:31 +0000
ROA not before:           Sun 19 Oct 2025 14:20:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153712
IP address blocks:        163.223.156.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/-c2wYYjVT9E3MDC5IMjkRdstPVc.crl
                          rsync://rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/-c2wYYjVT9E3MDC5IMjkRdstPVc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-c2wYYjVT9E3MDC5IMjkRdstPVc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 14:20:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121 (0x79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A99F8, serialNumber=F9CDB06188D54FD1373030B920C8E445DB2D3D57
        Validity
            Not Before: Oct 19 14:20:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68f4f3af-15df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:32:e0:24:41:fb:e4:20:35:4a:c5:28:0d:
                    16:a1:4a:31:72:88:42:7b:21:64:44:97:ce:5d:4f:
                    a8:a0:39:17:ee:38:91:8e:7c:c7:e7:62:f5:8a:34:
                    20:db:a5:70:fd:a3:d0:07:0f:52:5c:bd:6c:86:80:
                    41:75:b7:28:db:86:cb:0e:69:d3:d8:34:7f:fc:09:
                    67:06:cd:d4:4f:b1:b5:8e:86:56:b4:8d:c1:c9:10:
                    c9:26:b0:57:a4:04:fa:c5:96:f8:b7:64:fb:d1:f6:
                    d0:4f:2f:97:96:5f:f3:44:d0:68:f6:1f:1d:42:02:
                    ae:94:44:ae:f6:22:29:de:21:23:cb:91:ee:63:8b:
                    67:80:c0:1c:10:93:a7:66:9a:db:3b:13:df:9b:9f:
                    2c:d5:d4:2f:2f:33:9e:ef:02:8e:6b:f7:0b:a3:60:
                    f1:51:24:0d:d7:c1:5b:27:62:79:40:7f:4f:b5:6b:
                    c6:ae:f0:78:93:d8:be:bb:3d:93:6e:9a:92:a7:e2:
                    fe:94:d6:3b:5a:11:a7:48:5c:05:16:e5:23:a1:33:
                    36:b3:44:32:9a:f6:41:48:4a:9a:d6:a9:49:18:d1:
                    a5:52:61:1a:2b:f1:65:73:20:35:55:d6:46:3a:e2:
                    1a:4e:b6:dd:1c:0c:af:76:8e:f0:66:0f:b6:e3:33:
                    27:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:1A:A2:28:6D:B6:2A:42:37:35:B7:F9:B5:83:8E:DB:C4:AF:A0:C4
            X509v3 Authority Key Identifier:
                keyid:F9:CD:B0:61:88:D5:4F:D1:37:30:30:B9:20:C8:E4:45:DB:2D:3D:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/-c2wYYjVT9E3MDC5IMjkRdstPVc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-c2wYYjVT9E3MDC5IMjkRdstPVc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A99F8/7A4D7B8804A711F0B4D73982C4F9AE02/C4D0CEECACF611F0AC34117FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.223.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:ed:ad:1b:f0:0d:fa:4d:85:24:7c:85:65:5a:fb:ba:4a:19:
         fb:93:2b:61:81:04:88:6a:ab:22:52:e5:1b:e5:ce:92:ee:8e:
         eb:1d:8d:e8:42:49:dd:82:b9:e9:d3:a6:37:7b:4d:c7:67:e0:
         8d:46:26:66:50:3a:6c:fc:59:c4:d7:02:0e:a0:e3:42:de:33:
         7e:92:3d:18:50:ef:c3:fa:e9:6d:22:07:f1:d7:6d:71:c7:d9:
         23:be:69:8f:a7:71:f2:67:c1:4e:b8:00:c3:65:56:bf:96:89:
         19:d6:fd:e5:6c:3f:2b:b0:4e:78:47:25:0e:38:f7:c5:3a:78:
         e6:d7:8a:d8:62:c0:28:99:11:4e:2d:19:d9:35:e7:91:b2:d6:
         bd:39:1d:6a:ca:fa:f1:c7:1f:ff:0e:69:8b:75:32:a0:d2:aa:
         e2:78:27:44:7d:a9:20:e2:43:03:ef:73:46:7f:f7:d5:c5:c6:
         15:bc:71:2d:85:4f:a8:91:61:de:7c:98:5c:8b:1f:81:18:cb:
         0b:fc:ec:99:4b:06:a0:22:c5:f2:18:d0:71:1a:cd:f8:52:2a:
         a9:01:be:38:0f:96:0d:9a:f4:eb:96:67:d6:58:bf:b0:f0:1e:
         52:69:47:fe:2c:0c:b5:b2:1b:dd:bc:85:44:cf:e0:4e:39:21:
         fb:f5:4b:ce
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBeTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
OTlGODExMC8GA1UEBRMoRjlDREIwNjE4OEQ1NEZEMTM3MzAzMEI5MjBDOEU0NDVE
QjJEM0Q1NzAeFw0yNTEwMTkxNDIwMzFaFw0yNjA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4ZjRmM2FmLTE1ZGYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDZ8zLgJEH75CA1SsUoDRahSjFyiEJ7IWREl85dT6igORfuOJGOfMfnYvWKNCDb
pXD9o9AHD1JcvWyGgEF1tyjbhssOadPYNH/8CWcGzdRPsbWOhla0jcHJEMkmsFek
BPrFlvi3ZPvR9tBPL5eWX/NE0Gj2Hx1CAq6URK72IineISPLke5ji2eAwBwQk6dm
mts7E9+bnyzV1C8vM57vAo5r9wujYPFRJA3XwVsnYnlAf0+1a8au8HiT2L67PZNu
mpKn4v6U1jtaEadIXAUW5SOhMzazRDKa9kFISprWqUkY0aVSYRor8WVzIDVV1kY6
4hpOtt0cDK92jvBmD7bjMye1AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQULRqiKG22
KkI3Nbf5tYOO28SvoMQwHwYDVR0jBBgwFoAU+c2wYYjVT9E3MDC5IMjkRdstPVcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUE5OUY4LzdBNEQ3Qjg4MDRB
NzExRjBCNEQ3Mzk4MkM0RjlBRTAyLy1jMndZWWpWVDlFM01EQzVJTWprUmRzdFBW
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLWMyd1lZalZUOUUzTURDNUlNamtSZHN0UFZjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
OTlGOC83QTREN0I4ODA0QTcxMUYwQjRENzM5ODJDNEY5QUUwMi9DNEQwQ0VFQ0FD
RjYxMUYwQUMzNDExN0ZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaPfnDANBgkqhkiG9w0BAQsFAAOCAQEAm+2tG/AN+k2FJHyF
ZVr7ukoZ+5MrYYEEiGqrIlLlG+XOku6O6x2N6EJJ3YK56dOmN3tNx2fgjUYmZlA6
bPxZxNcCDqDjQt4zfpI9GFDvw/rpbSIH8ddtccfZI75pj6dx8mfBTrgAw2VWv5aJ
Gdb95Ww/K7BOeEclDjj3xTp45teK2GLAKJkRTi0Z2TXnkbLWvTkdasr68ccf/w5p
i3UyoNKq4ngnRH2pIOJDA+9zRn/31cXGFbxxLYVPqJFh3nyYXIsfgRjLC/zsmUsG
oCLF8hjQcRrN+FIqqQG+OA+WDZr065Zn1li/sPAeUmlH/iwMtbIb3byFRM/gTjkh
+/VLzg==
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:18:37 2025 by rpki-client