Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/CC7502F8670E11EC90C22B7EC4F9AE02.roa
File:                     CC7502F8670E11EC90C22B7EC4F9AE02.roa (raw, json)
Hash identifier:          OqEEQNcYyBCDgQL1llF0AYlCqLNvN3uXPMeNJtc0cyI=
Subject key identifier:   0E:9F:A9:5F:59:D8:6A:E4:EF:E2:9E:ED:C3:3D:4E:93:22:28:B8:1D
Certificate issuer:       /CN=A91BC847/serialNumber=79D66C64A6165A2E4CB37D49700E6C761841C39A
Certificate serial:       1429
Authority key identifier: 79:D6:6C:64:A6:16:5A:2E:4C:B3:7D:49:70:0E:6C:76:18:41:C3:9A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/edZsZKYWWi5Ms31JcA5sdhhBw5o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/CC7502F8670E11EC90C22B7EC4F9AE02.roa
Signing time:             Thu 18 Sep 2025 17:26:09 +0000
ROA not before:           Thu 18 Sep 2025 17:26:09 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     45532
IP address blocks:        180.211.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/edZsZKYWWi5Ms31JcA5sdhhBw5o.crl
                          rsync://rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/edZsZKYWWi5Ms31JcA5sdhhBw5o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/edZsZKYWWi5Ms31JcA5sdhhBw5o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 17:25:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5161 (0x1429)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BC847, serialNumber=79D66C64A6165A2E4CB37D49700E6C761841C39A
        Validity
            Not Before: Sep 18 17:26:09 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68cc40b1-b5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7b:4f:dc:a0:d7:85:ea:81:dd:22:08:d1:8f:
                    c1:d0:a2:23:e5:0f:36:71:43:e2:20:3a:51:e6:77:
                    ab:6b:f9:ce:d3:0b:94:32:a8:5a:da:9a:b1:4e:fa:
                    cb:b8:7f:8c:a4:c4:5a:2d:e6:3c:f7:52:cb:b0:5f:
                    a4:d2:9d:f5:54:ce:55:39:94:7b:82:9d:3b:13:27:
                    75:00:06:0f:01:d2:75:86:b2:e3:7d:f5:00:e1:57:
                    ad:1b:37:f1:15:0c:fd:30:40:6e:90:3e:64:db:7b:
                    09:52:0d:ed:2f:d3:e1:34:4e:df:67:16:0b:76:c2:
                    79:20:5a:ec:8f:42:05:15:89:8f:9c:f1:31:1c:47:
                    8d:92:37:40:82:5e:c3:a0:ca:11:93:69:77:99:ea:
                    43:23:e4:5e:b2:da:02:66:30:62:8b:59:c8:9d:56:
                    35:33:a7:3d:e5:c7:b5:d8:8a:df:d9:66:33:cd:a4:
                    78:3a:5e:00:6a:d8:f1:e2:c5:b2:70:01:6a:99:d7:
                    59:02:fe:0a:14:57:d5:f0:db:bb:ad:d3:5d:44:de:
                    03:09:5f:38:5e:2f:8e:de:d2:28:f1:98:d3:36:dc:
                    a3:84:f2:63:bc:72:97:eb:b9:84:74:6e:16:d9:0e:
                    b3:ad:b0:60:f4:78:b6:f3:9b:a2:74:71:22:b1:63:
                    7d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:9F:A9:5F:59:D8:6A:E4:EF:E2:9E:ED:C3:3D:4E:93:22:28:B8:1D
            X509v3 Authority Key Identifier:
                keyid:79:D6:6C:64:A6:16:5A:2E:4C:B3:7D:49:70:0E:6C:76:18:41:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/edZsZKYWWi5Ms31JcA5sdhhBw5o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/edZsZKYWWi5Ms31JcA5sdhhBw5o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BC847/ACF943529AF311E8AAB4D55DC4F9AE02/CC7502F8670E11EC90C22B7EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.211.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:99:33:28:76:c0:c4:6e:59:91:d9:14:7e:07:dd:5f:13:0f:
         24:48:b9:52:3c:42:e7:0c:60:aa:58:f3:e7:1a:a6:56:e0:06:
         4e:95:e5:1f:70:ef:d7:e0:b4:c6:e7:15:ee:4a:5d:ff:93:c5:
         cf:de:5a:91:ba:5b:67:14:15:11:96:e4:d2:70:71:db:22:05:
         4c:48:ce:90:91:ef:a0:ad:56:95:31:d9:3e:c6:57:57:e2:2f:
         a7:cc:c8:22:01:82:4a:af:7f:e1:07:ba:88:60:7a:f2:35:cd:
         30:2e:98:56:14:08:85:2a:15:97:f7:d0:ff:ad:53:cc:50:b4:
         74:22:db:d8:fe:f2:b3:09:2c:80:85:1c:ae:a8:2b:70:41:05:
         bc:a1:55:0e:e6:6d:1c:2c:b9:2a:af:ef:78:57:8b:94:cc:18:
         a7:23:58:48:ae:55:46:d1:00:fb:3d:12:46:6f:e1:42:2a:02:
         5d:33:7e:b7:02:06:ad:df:bd:14:03:61:f4:27:4e:39:1e:eb:
         a5:d1:fe:67:53:a3:3a:58:b8:fc:ac:16:d3:25:b5:04:f2:80:
         f2:9d:ce:e4:0e:d0:4e:ba:3b:15:34:f2:80:89:49:eb:52:15:
         a0:cf:d7:cb:9b:b0:d4:9b:45:ec:2f:e2:be:46:a4:3b:57:b1:
         01:c8:76:41
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFCkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkM4NDcxMTAvBgNVBAUTKDc5RDY2QzY0QTYxNjVBMkU0Q0IzN0Q0OTcwMEU2Qzc2
MTg0MUMzOUEwHhcNMjUwOTE4MTcyNjA5WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNjNDBiMS1iNWUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqntP3KDXheqB3SII0Y/B0KIj5Q82cUPiIDpR5nera/nO0wuUMqha2pqxTvrL
uH+MpMRaLeY891LLsF+k0p31VM5VOZR7gp07Eyd1AAYPAdJ1hrLjffUA4VetGzfx
FQz9MEBukD5k23sJUg3tL9PhNE7fZxYLdsJ5IFrsj0IFFYmPnPExHEeNkjdAgl7D
oMoRk2l3mepDI+RestoCZjBii1nInVY1M6c95ce12Irf2WYzzaR4Ol4Aatjx4sWy
cAFqmddZAv4KFFfV8Nu7rdNdRN4DCV84Xi+O3tIo8ZjTNtyjhPJjvHKX67mEdG4W
2Q6zrbBg9Hi285uidHEisWN9xQIDAQABo4IClTCCApEwHQYDVR0OBBYEFA6fqV9Z
2Grk7+Ke7cM9TpMiKLgdMB8GA1UdIwQYMBaAFHnWbGSmFlouTLN9SXAObHYYQcOa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQzg0Ny9BQ0Y5NDM1MjlB
RjMxMUU4QUFCNEQ1NURDNEY5QUUwMi9lZFpzWktZV1dpNU1zMzFKY0E1c2RoaEJ3
NW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VkWnNaS1lXV2k1TXMzMUpjQTVzZGhoQnc1by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkM4NDcvQUNGOTQzNTI5QUYzMTFFOEFBQjRENTVEQzRGOUFFMDIvQ0M3NTAyRjg2
NzBFMTFFQzkwQzIyQjdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAC009AwDQYJKoZIhvcNAQELBQADggEBACeZMyh2wMRuWZHZ
FH4H3V8TDyRIuVI8QucMYKpY8+caplbgBk6V5R9w79fgtMbnFe5KXf+Txc/eWpG6
W2cUFRGW5NJwcdsiBUxIzpCR76CtVpUx2T7GV1fiL6fMyCIBgkqvf+EHuohgevI1
zTAumFYUCIUqFZf30P+tU8xQtHQi29j+8rMJLICFHK6oK3BBBbyhVQ7mbRwsuSqv
73hXi5TMGKcjWEiuVUbRAPs9EkZv4UIqAl0zfrcCBq3fvRQDYfQnTjke66XR/mdT
ozpYuPysFtMltQTygPKdzuQO0E66OxU08oCJSetSFaDP18ubsNSbRewv4r5GpDtX
sQHIdkE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:40:52 2025 by rpki-client