Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/9F0BF8AE48C711ECAA1A222EC4F9AE02.roa
File:                     9F0BF8AE48C711ECAA1A222EC4F9AE02.roa (raw, json)
Hash identifier:          lHZXltajMQsPVwndfMvNDpRZmhFMuS2rZHqrCavlw1s=
Subject key identifier:   4E:96:5C:65:52:B5:45:5F:F2:59:7C:5F:1A:CE:E8:A8:2B:A8:DB:44
Certificate issuer:       /CN=A91B9B37/serialNumber=47388826B81CEBCB5D58EBA41039160D247BC17F
Certificate serial:       04B3
Authority key identifier: 47:38:88:26:B8:1C:EB:CB:5D:58:EB:A4:10:39:16:0D:24:7B:C1:7F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RziIJrgc68tdWOukEDkWDSR7wX8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/9F0BF8AE48C711ECAA1A222EC4F9AE02.roa
Signing time:             Fri 03 Oct 2025 00:25:19 +0000
ROA not before:           Fri 03 Oct 2025 00:25:19 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     45768
IP address blocks:        202.129.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/RziIJrgc68tdWOukEDkWDSR7wX8.crl
                          rsync://rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/RziIJrgc68tdWOukEDkWDSR7wX8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RziIJrgc68tdWOukEDkWDSR7wX8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:43:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1203 (0x4b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B9B37, serialNumber=47388826B81CEBCB5D58EBA41039160D247BC17F
        Validity
            Not Before: Oct  3 00:25:19 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68df17ef-61c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:36:13:7a:13:6e:d9:ee:b2:2e:5a:67:24:b2:
                    b6:ec:aa:b4:db:30:e3:cf:2d:ab:ab:a3:d6:e1:88:
                    33:57:7d:b0:ff:d8:0a:e0:e0:58:f7:50:3a:02:59:
                    12:f2:ea:10:d0:4a:3b:b0:a4:09:04:74:2a:9a:1e:
                    f5:3c:40:07:17:ae:80:af:dc:68:88:78:b5:4c:51:
                    de:6a:2c:74:1f:42:64:c6:43:f7:5e:0c:71:22:27:
                    37:0b:0c:2d:79:8f:49:11:02:c1:86:42:58:4a:4c:
                    d3:bd:3c:df:1d:f5:3e:ab:de:96:c9:0f:a4:fe:b7:
                    5e:71:c2:1a:72:00:4c:27:41:39:21:73:3f:68:ea:
                    d3:78:3f:8b:fa:f5:23:a0:45:b7:33:ac:68:26:0f:
                    30:b7:06:d9:b1:33:90:90:e4:2a:4f:7e:e4:bb:74:
                    26:8b:4f:df:bf:34:d3:21:2f:47:2d:80:dc:1b:3c:
                    79:50:62:00:15:e9:c1:6e:61:12:29:6d:03:cc:76:
                    43:35:db:bc:06:03:f1:58:4a:f3:c3:f6:b1:b5:23:
                    e2:66:10:fd:2f:de:70:7c:09:37:14:8a:10:8e:9f:
                    d9:01:02:f8:e3:30:52:6f:a5:39:a6:7e:95:42:49:
                    95:37:c2:d5:ee:60:0a:d0:01:a4:72:58:e0:92:83:
                    95:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:96:5C:65:52:B5:45:5F:F2:59:7C:5F:1A:CE:E8:A8:2B:A8:DB:44
            X509v3 Authority Key Identifier:
                keyid:47:38:88:26:B8:1C:EB:CB:5D:58:EB:A4:10:39:16:0D:24:7B:C1:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/RziIJrgc68tdWOukEDkWDSR7wX8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RziIJrgc68tdWOukEDkWDSR7wX8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B9B37/9C39BE1648C411EC94E12D85C4F9AE02/9F0BF8AE48C711ECAA1A222EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.129.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:7b:2e:19:07:0b:b2:c3:95:f6:96:12:e4:72:d3:2b:67:1f:
         3d:8b:9a:59:c3:b2:44:b8:5b:42:20:0d:df:cb:3a:6c:d1:5b:
         af:89:98:b4:a9:1a:55:d4:5c:4d:ed:14:86:7c:c3:dc:07:be:
         0d:35:78:96:d4:c6:d5:a1:42:41:00:50:21:13:75:82:0f:ef:
         fa:fe:c0:5a:1c:ff:d9:2a:c0:d4:f5:38:48:2b:85:19:48:19:
         83:67:b2:4a:df:42:75:57:09:15:97:7f:cd:5e:a8:a7:2c:4a:
         9b:67:15:bb:0e:99:ee:b8:7b:94:54:0d:ca:27:9a:ce:57:eb:
         31:52:7c:26:23:a6:e1:09:8f:c8:36:86:1e:5e:d0:19:2c:4c:
         e1:ba:a9:26:35:1f:9c:e8:c3:a9:f4:2b:a5:f5:d7:7d:07:fa:
         0e:6d:f3:7d:46:77:6d:06:90:e8:5b:3c:6d:23:e0:78:b8:36:
         cc:b5:b4:37:87:7a:49:bd:78:bc:63:79:0e:f5:53:b1:9f:e0:
         18:f5:95:22:33:fd:96:3e:e2:65:f6:a2:14:4e:b3:d6:2d:06:
         e7:3d:84:1a:49:3b:0a:72:63:46:81:02:d8:05:ae:f0:a8:0e:
         75:dd:36:35:7e:f2:d0:03:e5:50:34:c3:72:e8:41:14:70:a7:
         7c:33:aa:03
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBLMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjlCMzcxMTAvBgNVBAUTKDQ3Mzg4ODI2QjgxQ0VCQ0I1RDU4RUJBNDEwMzkxNjBE
MjQ3QkMxN0YwHhcNMjUxMDAzMDAyNTE5WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRmMTdlZi02MWM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqjYTehNu2e6yLlpnJLK27Kq02zDjzy2rq6PW4YgzV32w/9gK4OBY91A6AlkS
8uoQ0Eo7sKQJBHQqmh71PEAHF66Ar9xoiHi1TFHeaix0H0JkxkP3XgxxIic3Cwwt
eY9JEQLBhkJYSkzTvTzfHfU+q96WyQ+k/rdeccIacgBMJ0E5IXM/aOrTeD+L+vUj
oEW3M6xoJg8wtwbZsTOQkOQqT37ku3Qmi0/fvzTTIS9HLYDcGzx5UGIAFenBbmES
KW0DzHZDNdu8BgPxWErzw/axtSPiZhD9L95wfAk3FIoQjp/ZAQL44zBSb6U5pn6V
QkmVN8LV7mAK0AGkcljgkoOV4wIDAQABo4IClTCCApEwHQYDVR0OBBYEFE6WXGVS
tUVf8ll8XxrO6KgrqNtEMB8GA1UdIwQYMBaAFEc4iCa4HOvLXVjrpBA5Fg0ke8F/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOUIzNy85QzM5QkUxNjQ4
QzQxMUVDOTRFMTJEODVDNEY5QUUwMi9SemlJSnJnYzY4dGRXT3VrRURrV0RTUjd3
WDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1J6aUlKcmdjNjh0ZFdPdWtFRGtXRFNSN3dYOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjlCMzcvOUMzOUJFMTY0OEM0MTFFQzk0RTEyRDg1QzRGOUFFMDIvOUYwQkY4QUU0
OEM3MTFFQ0FBMUEyMjJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADKgfwwDQYJKoZIhvcNAQELBQADggEBAHt7LhkHC7LDlfaW
EuRy0ytnHz2LmlnDskS4W0IgDd/LOmzRW6+JmLSpGlXUXE3tFIZ8w9wHvg01eJbU
xtWhQkEAUCETdYIP7/r+wFoc/9kqwNT1OEgrhRlIGYNnskrfQnVXCRWXf81eqKcs
SptnFbsOme64e5RUDconms5X6zFSfCYjpuEJj8g2hh5e0BksTOG6qSY1H5zow6n0
K6X1130H+g5t831Gd20GkOhbPG0j4Hi4Nsy1tDeHekm9eLxjeQ71U7Gf4Bj1lSIz
/ZY+4mX2ohROs9YtBuc9hBpJOwpyY0aBAtgFrvCoDnXdNjV+8tAD5VA0w3LoQRRw
p3wzqgM=
-----END CERTIFICATE-----
Generated at Tue Oct 21 00:51:50 2025 by rpki-client