Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/286AB0F22CB011F084E4A915C4F9AE02.roa
File:                     286AB0F22CB011F084E4A915C4F9AE02.roa (raw, json)
Hash identifier:          ZhBtT8PPZLIx6KpVofQIdCfnHMsDO/G3FnbenkGUmNY=
Subject key identifier:   66:D3:3E:36:3E:FE:D8:A0:71:F7:90:4E:ED:F8:65:D5:E0:1E:CB:AB
Certificate issuer:       /CN=A91B61A7/serialNumber=BAEF78F78DC7CBF9B731270AAB1069F5E3433CBB
Certificate serial:       E6
Authority key identifier: BA:EF:78:F7:8D:C7:CB:F9:B7:31:27:0A:AB:10:69:F5:E3:43:3C:BB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/286AB0F22CB011F084E4A915C4F9AE02.roa
Signing time:             Sat 11 Oct 2025 09:03:12 +0000
ROA not before:           Sat 11 Oct 2025 09:03:12 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     153494
IP address blocks:        116.206.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.crl
                          rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 08:33:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 230 (0xe6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B61A7, serialNumber=BAEF78F78DC7CBF9B731270AAB1069F5E3433CBB
        Validity
            Not Before: Oct 11 09:03:12 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68ea1d50-99c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a7:7a:0c:64:d5:93:41:09:fe:a3:e8:2a:02:
                    a2:c7:05:85:52:6d:a4:19:6e:9b:95:46:65:b2:57:
                    ec:4d:23:40:f4:04:bb:4a:a5:0f:4a:79:7c:09:82:
                    a6:8d:7b:31:00:38:76:bc:16:0d:a6:35:e2:3f:ef:
                    6e:55:1f:83:21:ea:6e:37:f9:44:6a:1c:cb:c3:bf:
                    b0:02:70:e8:46:0f:b3:0f:81:fc:45:80:f3:58:8f:
                    8f:3e:02:92:d5:fa:aa:e6:eb:89:3b:6e:e5:a1:8a:
                    aa:8b:61:a1:d9:c9:9e:f1:24:3e:3a:a1:3a:78:f4:
                    a7:a3:5d:4c:fa:7c:e0:d8:2b:61:32:5f:ca:2b:16:
                    fe:ee:c6:0a:b3:f6:a9:88:9b:5f:6f:bb:13:2e:f9:
                    ef:6c:0b:fb:e4:7c:64:20:29:fa:57:cb:44:fc:36:
                    09:41:68:b2:b8:01:38:3e:0d:c5:93:c7:00:8a:7f:
                    b3:6c:a6:b5:79:b3:2a:65:88:d9:4c:ce:65:2e:51:
                    6a:6e:a2:c4:32:6b:7b:98:a2:b4:4a:43:b8:a0:81:
                    d6:02:5b:cd:38:e3:da:0b:89:c5:90:bf:98:e7:fd:
                    3a:a2:22:eb:bf:b9:53:33:94:fe:cc:7d:d3:f3:82:
                    0d:98:0c:d1:cd:6c:17:62:c7:a9:43:6e:ae:3a:53:
                    7d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D3:3E:36:3E:FE:D8:A0:71:F7:90:4E:ED:F8:65:D5:E0:1E:CB:AB
            X509v3 Authority Key Identifier:
                keyid:BA:EF:78:F7:8D:C7:CB:F9:B7:31:27:0A:AB:10:69:F5:E3:43:3C:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/286AB0F22CB011F084E4A915C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.206.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:66:bf:4d:60:ca:93:64:e1:e5:76:43:54:a1:e8:2a:c6:bd:
         ec:00:e9:94:20:d5:37:67:7c:99:d2:a6:53:f7:29:33:ba:06:
         bf:fc:37:61:0f:30:00:cf:e8:b5:66:36:c6:cc:38:55:c7:f0:
         78:d3:89:af:64:4f:0a:56:b7:45:6a:34:00:fc:fd:ff:a1:74:
         5c:8c:14:da:13:a8:ca:81:79:a3:ce:c2:b2:0b:45:8e:28:d9:
         57:3d:90:10:bb:a9:f6:b2:6e:4d:fd:2a:fa:18:f3:81:bf:18:
         0f:7f:4a:db:09:60:dd:91:b1:34:82:02:6e:8b:62:d1:91:c8:
         f2:e8:fd:fc:e3:07:87:6e:06:80:05:b6:89:6a:7e:61:3f:44:
         ce:17:83:cf:5f:80:66:60:f7:70:dc:73:1b:fb:0e:2a:77:45:
         ae:1c:00:e8:89:41:d8:63:95:c7:84:7d:eb:a6:23:03:8f:75:
         d0:b1:ee:31:54:20:32:63:8b:68:bb:8f:64:8a:2e:28:45:9d:
         a5:00:23:a7:31:09:00:32:e7:8a:38:a7:02:e2:e4:4a:3d:85:
         b3:33:7d:98:72:ba:7f:85:89:d7:90:1b:33:32:4c:31:4b:a4:
         df:c6:3c:af:0c:2a:b8:da:bc:67:b8:fa:ec:74:94:9e:56:99:
         2d:65:0e:36
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAOYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjYxQTcxMTAvBgNVBAUTKEJBRUY3OEY3OERDN0NCRjlCNzMxMjcwQUFCMTA2OUY1
RTM0MzNDQkIwHhcNMjUxMDExMDkwMzEyWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVhMWQ1MC05OWMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqqd6DGTVk0EJ/qPoKgKixwWFUm2kGW6blUZlslfsTSNA9AS7SqUPSnl8CYKm
jXsxADh2vBYNpjXiP+9uVR+DIepuN/lEahzLw7+wAnDoRg+zD4H8RYDzWI+PPgKS
1fqq5uuJO27loYqqi2Gh2cme8SQ+OqE6ePSno11M+nzg2CthMl/KKxb+7sYKs/ap
iJtfb7sTLvnvbAv75HxkICn6V8tE/DYJQWiyuAE4Pg3Fk8cAin+zbKa1ebMqZYjZ
TM5lLlFqbqLEMmt7mKK0SkO4oIHWAlvNOOPaC4nFkL+Y5/06oiLrv7lTM5T+zH3T
84INmAzRzWwXYsepQ26uOlN9+QIDAQABo4IClTCCApEwHQYDVR0OBBYEFGbTPjY+
/tigcfeQTu34ZdXgHsurMB8GA1UdIwQYMBaAFLrvePeNx8v5tzEnCqsQafXjQzy7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNjFBNy8wRjQ5OTIwNDVC
QTExMUVGOUE3OUU5NjFDNEY5QUUwMi91dTk0OTQzSHlfbTNNU2NLcXhCcDllTkRQ
THMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3V1OTQ5NDNIeV9tM01TY0txeEJwOWVORFBMcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjYxQTcvMEY0OTkyMDQ1QkExMTFFRjlBNzlFOTYxQzRGOUFFMDIvMjg2QUIwRjIy
Q0IwMTFGMDg0RTRBOTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJ0zjQwDQYJKoZIhvcNAQELBQADggEBAK9mv01gypNk4eV2
Q1Sh6CrGvewA6ZQg1TdnfJnSplP3KTO6Br/8N2EPMADP6LVmNsbMOFXH8HjTia9k
TwpWt0VqNAD8/f+hdFyMFNoTqMqBeaPOwrILRY4o2Vc9kBC7qfaybk39KvoY84G/
GA9/StsJYN2RsTSCAm6LYtGRyPLo/fzjB4duBoAFtolqfmE/RM4Xg89fgGZg93Dc
cxv7Dip3Ra4cAOiJQdhjlceEfeumIwOPddCx7jFUIDJji2i7j2SKLihFnaUAI6cx
CQAy54o4pwLi5Eo9hbMzfZhyun+FideQGzMyTDFLpN/GPK8MKrjavGe4+ux0lJ5W
mS1lDjY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:35:27 2025 by rpki-client