Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/21C0B7E23BD311F0B1BF6C56C4F9AE02.roa
File:                     21C0B7E23BD311F0B1BF6C56C4F9AE02.roa (raw, json)
Hash identifier:          unO0oTKhnor9ebnRuAfkAYkGc9LOIbi0DbBC0WH9UfY=
Subject key identifier:   18:EB:F0:CB:10:9F:1C:2D:13:41:1B:0E:46:9E:41:7B:44:DF:6C:6D
Certificate issuer:       /CN=A91AA48F/serialNumber=BE0E7A890F7281C654632E8BE80EBBF9FFB56503
Certificate serial:       3514
Authority key identifier: BE:0E:7A:89:0F:72:81:C6:54:63:2E:8B:E8:0E:BB:F9:FF:B5:65:03
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/21C0B7E23BD311F0B1BF6C56C4F9AE02.roa
Signing time:             Thu 02 Oct 2025 14:40:48 +0000
ROA not before:           Thu 02 Oct 2025 14:40:48 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        111.65.100.0/24 maxlen: 24
                          111.65.101.0/24 maxlen: 24
                          111.65.102.0/23 maxlen: 23
                          111.65.104.0/21 maxlen: 22
                          111.65.112.0/20 maxlen: 20
                          202.78.52.0/22 maxlen: 22
                          202.78.55.0/24 maxlen: 24
                          2400:1c00:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.crl
                          rsync://rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 14:41:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13588 (0x3514)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AA48F, serialNumber=BE0E7A890F7281C654632E8BE80EBBF9FFB56503
        Validity
            Not Before: Oct  2 14:40:48 2025 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=68de8eef-a4c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:88:65:c1:79:12:82:dd:84:25:6e:ce:a0:f6:
                    65:39:bc:ba:10:57:d9:2e:e9:1d:6e:7e:9b:84:c6:
                    fa:78:95:b1:c7:9d:e7:cd:71:a3:91:95:4a:17:61:
                    ae:f3:bb:9a:8e:2d:ca:79:d9:0b:2b:d7:c8:cd:48:
                    b3:1a:57:57:42:03:bb:2f:16:01:01:06:95:40:38:
                    d0:51:80:04:18:e4:10:b3:6f:8a:9a:64:34:b2:3c:
                    c1:16:89:82:15:5e:6e:3c:34:b6:a7:a8:49:14:8a:
                    1f:bc:da:93:2e:ed:8d:71:05:39:c4:49:0d:85:26:
                    a0:dd:b6:b9:13:f0:5e:2a:50:fb:ff:8e:56:6f:eb:
                    33:f3:4e:06:15:5b:87:a1:8d:bd:e4:6a:b2:39:cf:
                    20:d4:a0:d3:12:33:e5:e8:09:2e:aa:79:d0:f8:03:
                    5c:0e:8f:be:64:f8:de:db:5f:c2:94:87:a6:94:37:
                    fe:3c:13:ec:e7:c1:b7:92:32:e2:56:f3:70:65:f8:
                    4f:ee:7f:c9:e0:83:37:e3:d7:19:ec:d6:bf:c0:90:
                    ad:78:cd:48:4d:b2:81:3f:6a:79:db:d6:72:04:ad:
                    e6:07:b1:2f:e5:c6:ee:5c:c4:d9:d4:12:86:2a:58:
                    2d:4a:c9:1a:56:55:65:25:07:f9:3e:e8:91:16:f1:
                    9b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EB:F0:CB:10:9F:1C:2D:13:41:1B:0E:46:9E:41:7B:44:DF:6C:6D
            X509v3 Authority Key Identifier:
                keyid:BE:0E:7A:89:0F:72:81:C6:54:63:2E:8B:E8:0E:BB:F9:FF:B5:65:03

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vg56iQ9ygcZUYy6L6A67-f-1ZQM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AA48F/8C81A8561D8D11E2866C50EB08B02CD2/21C0B7E23BD311F0B1BF6C56C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.65.100.0-111.65.127.255
                  202.78.52.0/22
                IPv6:
                  2400:1c00:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:8d:b5:eb:65:94:38:d0:fa:4f:28:bb:d4:bb:4c:eb:7e:1f:
         85:83:b1:71:e8:02:56:b2:c4:fe:5b:2e:d4:5f:f8:dc:12:0d:
         cc:0c:54:d7:6e:bd:0a:07:4b:4a:64:f9:b4:0e:28:26:51:99:
         ff:2e:5a:b7:4c:0c:7e:59:98:e9:3c:aa:30:54:00:fd:5c:45:
         23:8b:df:3d:7c:6d:b2:d3:21:6f:8c:38:c8:75:fc:c3:cd:17:
         a4:a7:a5:e3:9e:4b:0e:6c:cf:4b:cf:e0:d9:72:32:6d:46:c4:
         69:73:82:c2:85:14:52:33:91:aa:8b:a8:33:62:4f:e5:e6:a6:
         e7:21:ed:2d:fc:f4:27:07:8a:e4:7f:10:22:af:f4:c5:ad:b8:
         e1:a0:4d:00:50:2e:42:ee:d5:b3:3e:6d:ba:04:b2:9f:00:4d:
         bc:28:69:48:8c:a7:72:d9:93:1f:4b:f0:7a:53:cb:4a:cd:1b:
         08:09:37:08:64:8e:45:75:1a:d3:ea:1d:10:8e:5f:57:d5:2b:
         f6:af:a7:f2:3f:44:fa:ad:e1:da:8a:85:de:b1:aa:51:48:02:
         85:d5:a9:8d:42:a7:76:a9:bb:93:24:04:46:7a:34:2a:1b:6d:
         27:1a:a6:03:3c:11:1d:49:30:cd:d2:83:41:ad:5a:49:0f:2b:
         a6:79:a1:d5
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgICNRQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUE0OEYxMTAvBgNVBAUTKEJFMEU3QTg5MEY3MjgxQzY1NDYzMkU4QkU4MEVCQkY5
RkZCNTY1MDMwHhcNMjUxMDAyMTQ0MDQ4WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRlOGVlZi1hNGM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9YhlwXkSgt2EJW7OoPZlOby6EFfZLukdbn6bhMb6eJWxx53nzXGjkZVKF2Gu
87uaji3KedkLK9fIzUizGldXQgO7LxYBAQaVQDjQUYAEGOQQs2+KmmQ0sjzBFomC
FV5uPDS2p6hJFIofvNqTLu2NcQU5xEkNhSag3ba5E/BeKlD7/45Wb+sz804GFVuH
oY295GqyOc8g1KDTEjPl6AkuqnnQ+ANcDo++ZPje21/ClIemlDf+PBPs58G3kjLi
VvNwZfhP7n/J4IM349cZ7Na/wJCteM1ITbKBP2p529ZyBK3mB7Ev5cbuXMTZ1BKG
KlgtSskaVlVlJQf5PuiRFvGbJQIDAQABo4ICtDCCArAwHQYDVR0OBBYEFBjr8MsQ
nxwtE0EbDkaeQXtE32xtMB8GA1UdIwQYMBaAFL4OeokPcoHGVGMui+gOu/n/tWUD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQTQ4Ri84QzgxQTg1NjFE
OEQxMUUyODY2QzUwRUIwOEIwMkNEMi92ZzU2aVE5eWdjWlVZeTZMNkE2Ny1mLTFa
UU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZnNTZpUTl5Z2NaVVl5Nkw2QTY3LWYtMVpRTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUE0OEYvOEM4MUE4NTYxRDhEMTFFMjg2NkM1MEVCMDhCMDJDRDIvMjFDMEI3RTIz
QkQzMTFGMEIxQkY2QzU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPgYIKwYBBQUHAQcBAf8E
LzAtMBoEAgABMBQwDAMEAm9BZAMEB29BAAMEAspONDAPBAIAAjAJAwcAJAAcAAAT
MA0GCSqGSIb3DQEBCwUAA4IBAQA9jbXrZZQ40PpPKLvUu0zrfh+Fg7Fx6AJWssT+
Wy7UX/jcEg3MDFTXbr0KB0tKZPm0DigmUZn/Llq3TAx+WZjpPKowVAD9XEUji989
fG2y0yFvjDjIdfzDzRekp6XjnksObM9Lz+DZcjJtRsRpc4LChRRSM5Gqi6gzYk/l
5qbnIe0t/PQnB4rkfxAir/TFrbjhoE0AUC5C7tWzPm26BLKfAE28KGlIjKdy2ZMf
S/B6U8tKzRsICTcIZI5FdRrT6h0Qjl9X1Sv2r6fyP0T6reHaioXesapRSAKF1amN
Qqd2qbuTJARGejQqG20nGqYDPBEdSTDN0oNBrVpJDyumeaHV
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:00:47 2025 by rpki-client