Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/46654408C6CB11ECB185E43EC4F9AE02.roa
File:                     46654408C6CB11ECB185E43EC4F9AE02.roa (raw, json)
Hash identifier:          2bcV6GxsWp02/25GPOOyDI2TUUeSbqzzvJgPU+rv3Lc=
Subject key identifier:   56:53:F7:ED:A8:E2:33:7C:03:C2:64:E7:AA:D9:26:59:79:E4:2B:C6
Certificate issuer:       /CN=A91CD00C/serialNumber=DB2CCCA83D853288C500CDFC3AE1E2FEA049F514
Certificate serial:       037B
Authority key identifier: DB:2C:CC:A8:3D:85:32:88:C5:00:CD:FC:3A:E1:E2:FE:A0:49:F5:14
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2yzMqD2FMojFAM38OuHi_qBJ9RQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/46654408C6CB11ECB185E43EC4F9AE02.roa
Signing time:             Sat 11 Oct 2025 03:27:43 +0000
ROA not before:           Sat 11 Oct 2025 03:27:43 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     132742
IP address blocks:        43.248.64.0/22 maxlen: 24
                          103.39.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/2yzMqD2FMojFAM38OuHi_qBJ9RQ.crl
                          rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/2yzMqD2FMojFAM38OuHi_qBJ9RQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2yzMqD2FMojFAM38OuHi_qBJ9RQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 02:53:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891 (0x37b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD00C, serialNumber=DB2CCCA83D853288C500CDFC3AE1E2FEA049F514
        Validity
            Not Before: Oct 11 03:27:43 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68e9ceaf-91d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:09:ad:37:6d:93:92:ac:a7:24:20:a9:4b:
                    13:0b:8b:8a:d7:21:31:b9:94:9e:c3:d0:c0:01:16:
                    21:54:f7:cd:76:65:3a:82:59:53:a7:f5:a2:4d:15:
                    4d:2f:14:60:58:d0:89:c1:71:a8:b0:a9:bb:9c:9d:
                    72:90:3f:b9:b5:7d:03:c2:17:a5:db:5e:e9:31:89:
                    ac:0f:a0:1b:20:66:05:da:ed:b2:da:f1:9a:0b:2a:
                    1d:66:b1:28:c9:0d:66:4a:bd:6f:ac:87:9c:43:27:
                    a3:37:c2:15:45:78:8e:5c:ee:29:79:bd:60:32:64:
                    b6:20:92:79:b0:ff:6e:e0:71:4d:8f:70:07:05:93:
                    51:10:dd:0b:de:3e:35:d2:74:f4:a0:bd:f2:b5:4f:
                    98:29:75:77:51:ff:87:1b:fa:a0:b6:db:05:67:b9:
                    14:c3:49:15:e7:67:56:11:45:99:bc:01:9f:36:ff:
                    8a:8b:5c:be:10:7f:3e:9d:dd:4b:66:8c:0e:a4:4d:
                    af:71:24:b5:30:f3:a1:44:6e:ff:c2:c3:6e:7d:b2:
                    7c:81:1e:ec:fd:53:24:0b:00:a7:9f:6a:df:a3:b8:
                    a6:14:ea:22:13:85:d0:64:14:63:83:5f:ef:d4:91:
                    38:dc:61:84:60:b6:f0:6e:53:32:08:a2:e1:dc:e2:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:53:F7:ED:A8:E2:33:7C:03:C2:64:E7:AA:D9:26:59:79:E4:2B:C6
            X509v3 Authority Key Identifier:
                keyid:DB:2C:CC:A8:3D:85:32:88:C5:00:CD:FC:3A:E1:E2:FE:A0:49:F5:14

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/2yzMqD2FMojFAM38OuHi_qBJ9RQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2yzMqD2FMojFAM38OuHi_qBJ9RQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/46654408C6CB11ECB185E43EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.248.64.0/22
                  103.39.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:fb:9f:e6:ef:e3:49:8f:ec:a5:d9:f6:a2:42:34:3c:a2:2a:
         a9:8e:64:64:83:f8:d3:d7:e0:1a:8d:81:79:5b:8b:3e:3d:84:
         ba:39:03:82:6b:8b:db:c8:e7:7e:00:c4:a7:02:52:0d:4d:31:
         9a:d0:be:ca:cf:8b:c4:06:a6:a0:7b:a8:72:2b:86:bb:f3:15:
         b3:8f:6c:12:f7:49:f7:f1:8d:2a:10:75:8b:79:f9:87:05:6d:
         9c:86:ad:80:1b:e5:7d:0f:d8:94:95:64:8f:ed:11:a9:da:09:
         f7:f7:91:fe:66:38:42:56:ed:f7:e2:48:f1:b8:77:1a:ee:8a:
         b9:3e:fb:f5:2f:61:3a:f0:b6:6b:13:d5:48:ff:6e:61:b4:d9:
         0f:a6:b8:45:dc:93:db:8c:38:ba:4f:bc:44:77:b3:7a:c1:3e:
         1f:e0:d7:7b:ae:f3:eb:66:4c:3f:96:fd:dd:c8:3f:ec:42:4d:
         77:8f:9b:70:b3:47:86:1d:92:b2:4a:ac:07:7d:f4:ff:e1:83:
         69:14:cc:cd:3c:d0:87:8e:67:07:04:73:78:21:bf:2e:13:34:
         77:65:03:3e:0f:8f:5c:49:28:12:15:8f:a1:52:28:8a:b4:2f:
         e7:38:d0:0e:5e:8b:57:ac:80:cd:89:fe:95:df:dd:bc:8e:2c:
         f8:aa:c7:3e
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA3swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0QwMEMxMTAvBgNVBAUTKERCMkNDQ0E4M0Q4NTMyODhDNTAwQ0RGQzNBRTFFMkZF
QTA0OUY1MTQwHhcNMjUxMDExMDMyNzQzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5Y2VhZi05MWQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm6AJrTdtk5KspyQgqUsTC4uK1yExuZSew9DAARYhVPfNdmU6gllTp/WiTRVN
LxRgWNCJwXGosKm7nJ1ykD+5tX0Dwhel217pMYmsD6AbIGYF2u2y2vGaCyodZrEo
yQ1mSr1vrIecQyejN8IVRXiOXO4peb1gMmS2IJJ5sP9u4HFNj3AHBZNREN0L3j41
0nT0oL3ytU+YKXV3Uf+HG/qgttsFZ7kUw0kV52dWEUWZvAGfNv+Ki1y+EH8+nd1L
ZowOpE2vcSS1MPOhRG7/wsNufbJ8gR7s/VMkCwCnn2rfo7imFOoiE4XQZBRjg1/v
1JE43GGEYLbwblMyCKLh3OLDzwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFFZT9+2o
4jN8A8Jk56rZJll55CvGMB8GA1UdIwQYMBaAFNsszKg9hTKIxQDN/Drh4v6gSfUU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRDAwQy9DQUE4ODYxRUM2
MDExMUVDOTVGRjFFMTFDNEY5QUUwMi8yeXpNcUQyRk1vakZBTTM4T3VIaV9xQko5
UlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJ5ek1xRDJGTW9qRkFNMzhPdUhpX3FCSjlSUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0QwMEMvQ0FBODg2MUVDNjAxMTFFQzk1RkYxRTExQzRGOUFFMDIvNDY2NTQ0MDhD
NkNCMTFFQ0IxODVFNDNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr+EADBAJnJ5gwDQYJKoZIhvcNAQELBQADggEBAKv7n+bv
40mP7KXZ9qJCNDyiKqmOZGSD+NPX4BqNgXlbiz49hLo5A4Jri9vI534AxKcCUg1N
MZrQvsrPi8QGpqB7qHIrhrvzFbOPbBL3SffxjSoQdYt5+YcFbZyGrYAb5X0P2JSV
ZI/tEanaCff3kf5mOEJW7ffiSPG4dxruirk++/UvYTrwtmsT1Uj/bmG02Q+muEXc
k9uMOLpPvER3s3rBPh/g13uu8+tmTD+W/d3IP+xCTXePm3CzR4YdkrJKrAd99P/h
g2kUzM080IeOZwcEc3ghvy4TNHdlAz4Pj1xJKBIVj6FSKIq0L+c40A5ei1esgM2J
/pXf3byOLPiqxz4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:27:47 2025 by rpki-client