Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/FFC89DF8CECD11EEA4AA6D44C4F9AE02.roa
File:                     FFC89DF8CECD11EEA4AA6D44C4F9AE02.roa (raw, json)
Hash identifier:          Ia/j0/zm2+DZmW6lBQa66nn1YakkPhVuWJjGJSOQHIU=
Subject key identifier:   3F:A7:41:54:B3:93:00:30:93:B1:D2:24:2D:32:DC:FA:00:29:89:6A
Certificate issuer:       /CN=A91C9484/serialNumber=F972E75E3D03E5CE1901930C43D16DC4A89C4792
Certificate serial:       34F4
Authority key identifier: F9:72:E7:5E:3D:03:E5:CE:19:01:93:0C:43:D1:6D:C4:A8:9C:47:92
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/FFC89DF8CECD11EEA4AA6D44C4F9AE02.roa
Signing time:             Thu 11 Sep 2025 03:53:01 +0000
ROA not before:           Thu 11 Sep 2025 03:53:01 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     4646
IP address blocks:        117.18.67.0/24 maxlen: 24
                          117.18.72.0/24 maxlen: 24
                          117.18.78.0/24 maxlen: 24
                          124.248.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.crl
                          rsync://rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 14:52:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13556 (0x34f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C9484, serialNumber=F972E75E3D03E5CE1901930C43D16DC4A89C4792
        Validity
            Not Before: Sep 11 03:53:01 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=68c2479d-b46b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3e:9c:66:9b:ee:c0:00:ed:db:de:3e:25:52:
                    4c:e7:fb:bb:82:ce:b6:1b:59:2f:20:94:84:cc:21:
                    33:f8:5c:4b:a1:8c:4c:96:8a:04:97:af:e9:a8:88:
                    b3:f6:ad:ed:49:71:80:fa:c1:4a:d0:bb:3d:40:6b:
                    44:39:d9:d7:71:7d:5d:02:6d:1f:38:d8:6e:19:c4:
                    16:1a:23:f1:75:d4:73:e9:1b:fc:46:af:06:92:d1:
                    c3:42:1c:8c:2f:84:b3:61:e0:a7:de:3f:f4:24:be:
                    bd:b8:97:12:4e:8f:74:f7:76:fc:c6:64:ed:d1:8f:
                    43:2f:48:71:69:7b:83:f3:90:6d:f8:57:1d:50:67:
                    73:11:49:96:c1:a7:66:8d:69:fe:72:62:08:d7:42:
                    ee:59:b2:5c:b1:2b:1c:42:ee:58:bc:c9:8e:0f:1b:
                    ce:db:b3:d5:4b:7e:da:7f:b4:53:ce:e4:df:22:c2:
                    54:0b:6d:f7:06:e4:ce:60:64:d6:83:5c:40:75:2e:
                    6e:36:0d:44:cc:91:f8:97:ad:4f:42:48:d0:28:a8:
                    41:70:bc:f1:26:d6:2e:1c:5d:6e:7d:cb:16:37:6f:
                    cd:84:22:2d:ff:49:1e:80:15:c3:a5:2d:0b:b3:89:
                    6b:9d:d2:bb:d8:52:33:ca:d7:95:84:06:0d:54:08:
                    92:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A7:41:54:B3:93:00:30:93:B1:D2:24:2D:32:DC:FA:00:29:89:6A
            X509v3 Authority Key Identifier:
                keyid:F9:72:E7:5E:3D:03:E5:CE:19:01:93:0C:43:D1:6D:C4:A8:9C:47:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XLnXj0D5c4ZAZMMQ9FtxKicR5I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9484/6FF0DDE01D9411E29DECB5F808B02CD2/FFC89DF8CECD11EEA4AA6D44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.18.67.0/24
                  117.18.72.0/24
                  117.18.78.0/24
                  124.248.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:69:ab:8e:b4:22:e9:45:b3:73:51:f6:a0:56:62:4c:13:6b:
         58:cf:b6:e7:09:db:ba:a3:67:09:0e:5a:b7:2f:2e:f5:37:1a:
         9f:80:ce:c9:5a:a2:c2:7c:f6:25:ab:b6:fb:5a:f7:7a:b4:5a:
         e5:1d:17:7e:54:75:e9:f4:8d:e6:5f:f4:87:cc:27:3b:14:e0:
         ea:9b:65:b5:a0:17:ac:16:28:6f:4b:62:c3:06:b5:a2:da:7a:
         42:3d:6a:81:a3:b0:3a:19:a2:3f:70:57:a5:9e:a7:5f:9c:08:
         96:2e:4d:54:bb:d0:e9:ea:f4:43:b5:a9:46:1e:07:19:48:28:
         a2:84:61:a3:61:ad:c3:83:c0:b0:20:44:ed:49:59:9c:9d:66:
         96:73:53:81:f3:fe:5a:d1:37:13:e4:57:f7:fd:ed:73:79:d7:
         14:1d:61:28:9e:0f:f5:b6:32:e4:52:bb:dd:24:32:22:49:19:
         39:cd:43:e4:b5:1a:ae:5a:71:47:e9:bf:7a:73:5a:4a:fd:3d:
         36:c2:a2:a1:b1:b1:79:76:ae:b4:5b:f9:f0:2a:ac:96:4b:b6:
         60:a9:8d:6b:e3:77:fc:c3:7e:e7:69:be:5f:cc:15:11:e6:33:
         98:aa:cc:dd:76:4c:84:d1:4c:18:47:76:5b:93:34:a3:2d:0c:
         03:8a:3d:0a
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICNPQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzk0ODQxMTAvBgNVBAUTKEY5NzJFNzVFM0QwM0U1Q0UxOTAxOTMwQzQzRDE2REM0
QTg5QzQ3OTIwHhcNMjUwOTExMDM1MzAxWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OGMyNDc5ZC1iNDZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuj6cZpvuwADt294+JVJM5/u7gs62G1kvIJSEzCEz+FxLoYxMlooEl6/pqIiz
9q3tSXGA+sFK0Ls9QGtEOdnXcX1dAm0fONhuGcQWGiPxddRz6Rv8Rq8GktHDQhyM
L4SzYeCn3j/0JL69uJcSTo9093b8xmTt0Y9DL0hxaXuD85Bt+FcdUGdzEUmWwadm
jWn+cmII10LuWbJcsSscQu5YvMmODxvO27PVS37af7RTzuTfIsJUC233BuTOYGTW
g1xAdS5uNg1EzJH4l61PQkjQKKhBcLzxJtYuHF1ufcsWN2/NhCIt/0kegBXDpS0L
s4lrndK72FIzyteVhAYNVAiSkwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFD+nQVSz
kwAwk7HSJC0y3PoAKYlqMB8GA1UdIwQYMBaAFPly5149A+XOGQGTDEPRbcSonEeS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTQ4NC82RkYwRERFMDFE
OTQxMUUyOURFQ0I1RjgwOEIwMkNEMi8tWExuWGowRDVjNFpBWk1NUTlGdHhLaWNS
NUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1YTG5YajBENWM0WkFaTU1ROUZ0eEtpY1I1SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzk0ODQvNkZGMERERTAxRDk0MTFFMjlERUNCNUY4MDhCMDJDRDIvRkZDODlERjhD
RUNEMTFFRUE0QUE2RDQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAB1EkMDBAB1EkgDBAB1Ek4DBAB8+M8wDQYJKoZIhvcNAQEL
BQADggEBAI9pq460IulFs3NR9qBWYkwTa1jPtucJ27qjZwkOWrcvLvU3Gp+Azsla
osJ89iWrtvta93q0WuUdF35Uden0jeZf9IfMJzsU4OqbZbWgF6wWKG9LYsMGtaLa
ekI9aoGjsDoZoj9wV6Wep1+cCJYuTVS70Onq9EO1qUYeBxlIKKKEYaNhrcODwLAg
RO1JWZydZpZzU4Hz/lrRNxPkV/f97XN51xQdYSieD/W2MuRSu90kMiJJGTnNQ+S1
Gq5acUfpv3pzWkr9PTbCoqGxsXl2rrRb+fAqrJZLtmCpjWvjd/zDfudpvl/MFRHm
M5iqzN12TITRTBhHdluTNKMtDAOKPQo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:41:01 2025 by rpki-client