Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/5C7085CA929811ED9C3F4163C4F9AE02.roa
File:                     5C7085CA929811ED9C3F4163C4F9AE02.roa (raw, json)
Hash identifier:          n1usrOSAiqPPh6QVH101wxyixxXVokFjjpTCh03UzYI=
Subject key identifier:   A1:8B:06:28:8E:64:E3:BD:74:36:2A:18:3C:34:97:37:05:85:7C:38
Certificate issuer:       /CN=A91C9945/serialNumber=868ECB6425DA83328892E57BB0DF644E1AEB73B3
Certificate serial:       030D
Authority key identifier: 86:8E:CB:64:25:DA:83:32:88:92:E5:7B:B0:DF:64:4E:1A:EB:73:B3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ho7LZCXagzKIkuV7sN9kThrrc7M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/5C7085CA929811ED9C3F4163C4F9AE02.roa
Signing time:             Tue 01 Jul 2025 02:08:25 +0000
ROA not before:           Tue 01 Jul 2025 02:08:25 +0000
ROA not after:            Thu 30 Oct 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        2404:f980:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/ho7LZCXagzKIkuV7sN9kThrrc7M.crl
                          rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/ho7LZCXagzKIkuV7sN9kThrrc7M.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ho7LZCXagzKIkuV7sN9kThrrc7M.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 08 Jul 2025 02:08:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 781 (0x30d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C9945, serialNumber=868ECB6425DA83328892E57BB0DF644E1AEB73B3
        Validity
            Not Before: Jul  1 02:08:25 2025 GMT
            Not After : Oct 30 00:00:00 2025 GMT
        Subject: CN=68634318-f7db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:03:d1:da:49:60:f0:40:06:17:49:ad:1a:b6:
                    14:f1:d1:58:71:77:92:70:ae:cd:2d:45:f1:eb:9d:
                    ef:10:0b:fd:2a:a1:75:84:72:ba:48:fe:38:61:14:
                    49:fc:37:02:06:61:06:06:43:7e:ca:46:1b:df:a1:
                    bc:8f:35:60:36:c3:b5:34:a5:49:3d:70:8f:64:ad:
                    7d:be:1a:ea:49:bc:f2:ae:1a:09:1c:d7:54:94:c1:
                    64:e8:d9:7b:9c:13:7f:65:ca:bd:09:34:84:ae:a5:
                    35:5f:1f:98:b7:27:05:0f:93:17:dd:ab:20:cb:c3:
                    1a:01:24:eb:b3:b6:12:47:13:db:a7:e0:c3:de:30:
                    47:48:26:6f:c1:56:3e:a4:be:1c:91:b6:20:03:52:
                    45:28:8e:9b:bc:23:14:87:9d:5d:9a:b3:2b:2d:37:
                    3f:98:c1:bc:72:31:4a:1d:df:26:8a:5b:c5:eb:16:
                    5d:eb:7e:b0:36:6a:f9:af:5a:28:45:41:d7:57:2e:
                    7c:b6:6f:a4:aa:19:9c:72:3d:d3:9d:53:a1:76:f9:
                    46:71:4b:8b:05:08:5c:56:0e:d4:71:76:b2:86:0d:
                    38:b7:ad:4e:dc:4e:e0:a6:ca:5e:ad:b6:a3:15:37:
                    01:fb:7e:ee:18:2b:d0:82:9c:3a:2a:06:df:be:9a:
                    71:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:8B:06:28:8E:64:E3:BD:74:36:2A:18:3C:34:97:37:05:85:7C:38
            X509v3 Authority Key Identifier:
                keyid:86:8E:CB:64:25:DA:83:32:88:92:E5:7B:B0:DF:64:4E:1A:EB:73:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/ho7LZCXagzKIkuV7sN9kThrrc7M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ho7LZCXagzKIkuV7sN9kThrrc7M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/5C7085CA929811ED9C3F4163C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:f980:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:98:d1:a8:a3:90:8c:2d:4b:47:be:bf:1a:60:56:0a:1f:0d:
         7c:00:4c:bb:0d:eb:ea:ed:23:fe:4c:ba:3d:aa:4c:85:90:c0:
         2f:9b:62:c2:e7:b3:3e:10:d0:46:18:c1:60:89:8c:6f:a3:44:
         2e:ad:fb:4f:95:51:b7:84:71:a9:f4:33:f9:f2:81:a4:49:c4:
         a2:bc:a7:c3:c0:6e:57:26:0f:b2:d2:d8:b6:66:11:8e:38:87:
         2d:0f:2e:d7:c1:08:07:a6:87:35:a0:8e:91:93:2f:60:e3:15:
         e7:9a:c0:bf:d7:78:9f:dd:cf:4b:07:6a:59:c8:0b:2d:fe:9d:
         dd:22:21:50:d1:3a:f4:02:68:8e:1b:8d:a9:ad:4b:d9:45:7e:
         6c:9d:23:d2:6e:5e:4c:7a:19:40:5a:8a:ef:9c:68:ab:12:3c:
         d2:33:c5:a6:1f:36:f2:5d:b4:35:99:a9:06:8a:19:73:77:00:
         65:ec:4c:d9:61:47:c7:14:94:07:4a:0c:88:cf:38:96:3e:4e:
         1f:3b:8c:2c:05:f9:a0:2c:f4:53:78:56:12:0f:a3:41:2f:43:
         66:72:e9:bd:c8:4b:fb:eb:49:9a:61:69:38:09:b2:2e:d0:ad:
         a9:2e:43:fa:5b:de:a3:c5:b1:43:f8:2a:72:bf:32:b3:5f:b0:
         8d:b5:db:a6
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAw0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzk5NDUxMTAvBgNVBAUTKDg2OEVDQjY0MjVEQTgzMzI4ODkyRTU3QkIwREY2NDRF
MUFFQjczQjMwHhcNMjUwNzAxMDIwODI1WhcNMjUxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODYzNDMxOC1mN2RiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1QPR2klg8EAGF0mtGrYU8dFYcXeScK7NLUXx653vEAv9KqF1hHK6SP44YRRJ
/DcCBmEGBkN+ykYb36G8jzVgNsO1NKVJPXCPZK19vhrqSbzyrhoJHNdUlMFk6Nl7
nBN/Zcq9CTSErqU1Xx+YtycFD5MX3asgy8MaASTrs7YSRxPbp+DD3jBHSCZvwVY+
pL4ckbYgA1JFKI6bvCMUh51dmrMrLTc/mMG8cjFKHd8milvF6xZd636wNmr5r1oo
RUHXVy58tm+kqhmccj3TnVOhdvlGcUuLBQhcVg7UcXayhg04t61O3E7gpsperbaj
FTcB+37uGCvQgpw6KgbfvppxMQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFKGLBiiO
ZOO9dDYqGDw0lzcFhXw4MB8GA1UdIwQYMBaAFIaOy2Ql2oMyiJLle7DfZE4a63Oz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTk0NS9CQzAwQzhGMkYw
OUUxMUVDQUVFNzNFMTlDNEY5QUUwMi9obzdMWkNYYWd6S0lrdVY3c045a1RocnJj
N00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hvN0xaQ1hhZ3pLSWt1VjdzTjlrVGhycmM3TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzk5NDUvQkMwMEM4RjJGMDlFMTFFQ0FFRTczRTE5QzRGOUFFMDIvNUM3MDg1Q0E5
Mjk4MTFFRDlDM0Y0MTYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkBPmAAAMwDQYJKoZIhvcNAQELBQADggEBAIeY0aijkIwt
S0e+vxpgVgofDXwATLsN6+rtI/5Muj2qTIWQwC+bYsLnsz4Q0EYYwWCJjG+jRC6t
+0+VUbeEcan0M/nygaRJxKK8p8PAblcmD7LS2LZmEY44hy0PLtfBCAemhzWgjpGT
L2DjFeeawL/XeJ/dz0sHalnICy3+nd0iIVDROvQCaI4bjamtS9lFfmydI9JuXkx6
GUBaiu+caKsSPNIzxaYfNvJdtDWZqQaKGXN3AGXsTNlhR8cUlAdKDIjPOJY+Th87
jCwF+aAs9FN4VhIPo0EvQ2Zy6b3IS/vrSZphaTgJsi7QrakuQ/pb3qPFsUP4KnK/
MrNfsI2126Y=
-----END CERTIFICATE-----
Generated at Wed Jul 2 23:57:16 2025 by rpki-client