Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/4D45F08C1E3B11EFB02B0184C4F9AE02.roa
File:                     4D45F08C1E3B11EFB02B0184C4F9AE02.roa (raw, json)
Hash identifier:          JpA4nCXirPXTeRWZSt2R1IEE7eOI01kXe4irrzUxZv4=
Subject key identifier:   00:0A:5B:CE:E5:24:F7:AD:9B:05:11:F4:67:15:85:8F:F3:D9:56:E7
Certificate issuer:       /CN=A91AE9F6/serialNumber=B1E8C11C140E0FA751E8BFA65A59C715DD7E1C53
Certificate serial:       FB
Authority key identifier: B1:E8:C1:1C:14:0E:0F:A7:51:E8:BF:A6:5A:59:C7:15:DD:7E:1C:53
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sejBHBQOD6dR6L-mWlnHFd1-HFM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/4D45F08C1E3B11EFB02B0184C4F9AE02.roa
Signing time:             Fri 19 Sep 2025 06:13:50 +0000
ROA not before:           Fri 19 Sep 2025 06:13:50 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     38079
IP address blocks:        202.12.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/sejBHBQOD6dR6L-mWlnHFd1-HFM.crl
                          rsync://rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/sejBHBQOD6dR6L-mWlnHFd1-HFM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sejBHBQOD6dR6L-mWlnHFd1-HFM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 07:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 251 (0xfb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AE9F6, serialNumber=B1E8C11C140E0FA751E8BFA65A59C715DD7E1C53
        Validity
            Not Before: Sep 19 06:13:50 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68ccf49e-0eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:43:c4:70:f3:0f:6c:8a:67:5c:6f:71:c1:3a:
                    2a:6f:52:ac:a5:bb:25:c0:86:d5:3b:aa:2b:cc:16:
                    98:3d:24:e3:30:ad:1b:4f:4d:d5:59:21:59:9b:de:
                    dd:80:de:e4:8a:03:0d:ec:18:ac:43:e6:57:24:6d:
                    c5:5f:34:08:a0:66:61:df:3e:ed:a2:1e:71:fe:44:
                    e3:a5:a7:f1:4c:25:cf:a6:79:46:6f:d2:03:2e:0e:
                    1f:4d:35:cd:15:65:8e:fe:e0:5a:3c:ed:60:8a:b6:
                    e6:e3:7c:4f:b1:9b:43:a2:82:1d:40:18:02:a1:cf:
                    56:45:bc:e3:20:4d:53:b6:e5:01:a7:f1:67:cb:53:
                    12:61:c2:c9:e8:0a:33:f8:2e:4d:2b:bc:e5:58:f8:
                    4f:08:33:46:c5:a0:eb:ab:10:66:99:19:c6:53:5c:
                    33:50:1f:9a:a0:97:9b:68:c6:bf:f5:ec:94:0e:68:
                    f7:a5:bc:14:f4:52:55:3a:2e:3e:3f:d3:8b:cf:37:
                    8c:1f:eb:b2:e6:ed:1b:34:dc:8e:4a:98:b5:94:c4:
                    b6:c0:8b:c8:e0:23:97:3d:90:dd:13:a9:db:1d:c3:
                    6a:63:12:ef:7f:43:d1:f2:db:a8:f1:fd:3e:d7:27:
                    f7:43:4f:e1:d5:b2:2a:32:af:e7:72:29:c6:f7:39:
                    14:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0A:5B:CE:E5:24:F7:AD:9B:05:11:F4:67:15:85:8F:F3:D9:56:E7
            X509v3 Authority Key Identifier:
                keyid:B1:E8:C1:1C:14:0E:0F:A7:51:E8:BF:A6:5A:59:C7:15:DD:7E:1C:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/sejBHBQOD6dR6L-mWlnHFd1-HFM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sejBHBQOD6dR6L-mWlnHFd1-HFM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AE9F6/8F23CE841D5F11EFB8374D3DC4F9AE02/4D45F08C1E3B11EFB02B0184C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.12.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4b:f7:81:a4:51:77:a3:d3:16:bf:30:fd:ee:02:c4:26:fc:
         ca:99:d9:a0:e9:ae:58:03:07:10:49:8c:3a:95:c3:43:f5:bf:
         0b:b3:e1:5f:1b:a4:79:61:8a:31:e4:77:b9:72:c1:f0:d6:06:
         b2:c6:63:98:07:d4:4e:d5:a2:10:c1:31:3f:a2:b2:c9:54:16:
         3d:81:09:99:67:df:15:48:85:4c:2c:36:d2:19:ab:6b:fa:ae:
         58:21:6f:89:4f:45:d7:78:ba:05:82:58:42:21:99:0e:2f:9c:
         59:b1:51:ea:86:cc:d0:59:76:26:02:ba:a2:8d:4c:66:97:73:
         ca:0b:82:ec:05:6d:5e:e0:f1:e4:54:bc:52:d6:22:a6:f6:2e:
         2c:d3:33:47:29:16:ac:58:15:33:b5:6f:68:8c:70:5b:a8:0e:
         9f:f0:ce:81:ff:7f:3f:b7:55:2a:be:45:e7:f2:48:21:8b:f9:
         38:55:cc:a7:a2:96:ef:91:f9:83:eb:a3:be:a7:4c:74:c9:e1:
         11:e4:b5:f8:4f:61:0a:81:20:d8:ca:e2:7d:a5:69:32:30:06:
         98:05:5f:01:97:79:38:5d:f9:c5:96:7a:5f:07:de:f5:4f:60:
         ba:b4:90:ba:66:40:de:9a:55:16:87:b4:04:de:4a:40:3b:92:
         78:45:c9:0e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAPswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUU5RjYxMTAvBgNVBAUTKEIxRThDMTFDMTQwRTBGQTc1MUU4QkZBNjVBNTlDNzE1
REQ3RTFDNTMwHhcNMjUwOTE5MDYxMzUwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNjZjQ5ZS0wZWZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwUPEcPMPbIpnXG9xwToqb1KspbslwIbVO6orzBaYPSTjMK0bT03VWSFZm97d
gN7kigMN7BisQ+ZXJG3FXzQIoGZh3z7toh5x/kTjpafxTCXPpnlGb9IDLg4fTTXN
FWWO/uBaPO1girbm43xPsZtDooIdQBgCoc9WRbzjIE1TtuUBp/Fny1MSYcLJ6Aoz
+C5NK7zlWPhPCDNGxaDrqxBmmRnGU1wzUB+aoJebaMa/9eyUDmj3pbwU9FJVOi4+
P9OLzzeMH+uy5u0bNNyOSpi1lMS2wIvI4COXPZDdE6nbHcNqYxLvf0PR8tuo8f0+
1yf3Q0/h1bIqMq/ncinG9zkUFwIDAQABo4IClTCCApEwHQYDVR0OBBYEFAAKW87l
JPetmwUR9GcVhY/z2VbnMB8GA1UdIwQYMBaAFLHowRwUDg+nUei/plpZxxXdfhxT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRTlGNi84RjIzQ0U4NDFE
NUYxMUVGQjgzNzREM0RDNEY5QUUwMi9zZWpCSEJRT0Q2ZFI2TC1tV2xuSEZkMS1I
Rk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3NlakJIQlFPRDZkUjZMLW1XbG5IRmQxLUhGTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUU5RjYvOEYyM0NFODQxRDVGMTFFRkI4Mzc0RDNEQzRGOUFFMDIvNEQ0NUYwOEMx
RTNCMTFFRkIwMkIwMTg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADKDFswDQYJKoZIhvcNAQELBQADggEBADlL94GkUXej0xa/
MP3uAsQm/MqZ2aDprlgDBxBJjDqVw0P1vwuz4V8bpHlhijHkd7lywfDWBrLGY5gH
1E7VohDBMT+isslUFj2BCZln3xVIhUwsNtIZq2v6rlghb4lPRdd4ugWCWEIhmQ4v
nFmxUeqGzNBZdiYCuqKNTGaXc8oLguwFbV7g8eRUvFLWIqb2LizTM0cpFqxYFTO1
b2iMcFuoDp/wzoH/fz+3VSq+RefySCGL+ThVzKeilu+R+YPro76nTHTJ4RHktfhP
YQqBINjK4n2laTIwBpgFXwGXeThd+cWWel8H3vVPYLq0kLpmQN6aVRaHtATeSkA7
knhFyQ4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:03:43 2025 by rpki-client