Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/AAFB89C25B8E11EF8774691FC4F9AE02.roa
File:                     AAFB89C25B8E11EF8774691FC4F9AE02.roa (raw, json)
Hash identifier:          Z8UDv1UV/5P3Y0FPBjtW9ftg+P9GP6R45lfE98ZqVpY=
Subject key identifier:   0B:BD:DC:AF:36:B7:9B:93:0C:03:C9:EA:15:06:1E:E8:DF:EA:CB:E3
Certificate issuer:       /CN=A91D84F7/serialNumber=2CD1082EB47771D21DA900582F3EC87C69DD5CCC
Certificate serial:       D8
Authority key identifier: 2C:D1:08:2E:B4:77:71:D2:1D:A9:00:58:2F:3E:C8:7C:69:DD:5C:CC
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LNEILrR3cdIdqQBYLz7IfGndXMw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/AAFB89C25B8E11EF8774691FC4F9AE02.roa
Signing time:             Sun 05 Oct 2025 06:01:38 +0000
ROA not before:           Sun 05 Oct 2025 06:01:38 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     136557
IP address blocks:        160.30.138.0/24 maxlen: 24
                          160.30.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/LNEILrR3cdIdqQBYLz7IfGndXMw.crl
                          rsync://rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/LNEILrR3cdIdqQBYLz7IfGndXMw.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LNEILrR3cdIdqQBYLz7IfGndXMw.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 08:30:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 216 (0xd8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D84F7, serialNumber=2CD1082EB47771D21DA900582F3EC87C69DD5CCC
        Validity
            Not Before: Oct  5 06:01:38 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e209c2-70f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:bc:89:e8:4c:b2:50:fd:cc:f5:0e:6d:c9:
                    3f:a7:73:8a:39:87:bc:28:e2:8c:b8:f4:69:0e:38:
                    bb:95:56:41:b0:f9:36:75:65:b2:8d:3a:0e:ab:61:
                    96:4c:6c:8b:f5:43:33:fb:e6:70:a0:08:6d:1e:06:
                    76:0e:d0:36:f0:83:99:79:fd:4a:55:5a:53:d8:cd:
                    50:4c:ce:43:ef:1a:37:90:42:63:ce:79:56:e9:5b:
                    92:f5:6a:6b:fc:6d:f0:04:d6:31:bc:74:fe:52:63:
                    ba:f6:e2:f1:e1:3b:d1:1b:95:e2:63:bf:f6:01:b5:
                    af:f8:85:c1:02:7c:53:fa:53:d2:98:29:1b:dc:37:
                    d1:7b:ad:f8:de:e4:cf:11:07:c9:65:d3:a1:79:58:
                    49:8f:b5:71:98:a5:b5:29:f1:33:fb:ab:16:0b:67:
                    ac:b2:f2:09:a8:51:f1:31:d1:5c:69:67:79:b3:1f:
                    10:09:b8:84:43:79:01:ac:3d:ec:71:c3:d1:d9:10:
                    7a:7b:4f:c0:98:7c:4c:0c:eb:d1:9e:be:b2:44:25:
                    db:a7:f3:bc:e0:6c:dc:ca:84:d2:da:6b:72:ff:aa:
                    ce:6f:a8:a3:6c:27:a7:7c:e8:de:a6:85:46:af:5e:
                    71:d0:1b:02:cb:23:dc:0d:10:1a:f5:41:36:3e:1c:
                    e7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BD:DC:AF:36:B7:9B:93:0C:03:C9:EA:15:06:1E:E8:DF:EA:CB:E3
            X509v3 Authority Key Identifier:
                keyid:2C:D1:08:2E:B4:77:71:D2:1D:A9:00:58:2F:3E:C8:7C:69:DD:5C:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/LNEILrR3cdIdqQBYLz7IfGndXMw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LNEILrR3cdIdqQBYLz7IfGndXMw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D84F7/79CAFB265B8E11EF9177E91EC4F9AE02/AAFB89C25B8E11EF8774691FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.30.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:80:1a:5e:ba:5d:c1:6e:15:fd:42:d6:70:ae:a0:f8:81:f7:
         1c:6b:fb:a9:01:3b:5a:eb:d3:37:be:2a:f7:ab:41:5b:a8:80:
         7e:b1:9b:63:88:fb:4a:06:b8:0b:ed:e6:72:5c:79:2b:98:25:
         6c:b6:4c:60:a9:84:6e:48:63:ce:9c:7c:2c:0e:4e:5d:ca:2e:
         61:13:65:5f:e3:9d:84:ae:0b:f6:1e:71:84:4e:d8:2a:f2:98:
         e0:85:38:7d:f2:2b:c5:1f:b6:0d:68:79:f9:39:4e:f5:e5:da:
         7e:58:e1:42:75:83:dc:c1:e2:ea:38:74:a7:ce:ae:7f:0a:70:
         01:8c:ac:62:c3:ed:24:95:8a:7c:13:63:69:74:e5:63:75:c2:
         6a:41:bf:a5:8b:ba:32:85:c8:03:e3:c6:b1:4c:4d:21:cf:58:
         dd:d6:54:4a:c7:1e:4b:d3:7b:00:64:a2:a6:3d:30:38:8b:6d:
         52:4e:7c:59:48:f5:c0:f0:71:0c:1b:45:60:bb:d7:82:0d:87:
         6b:f6:d7:1b:84:2d:70:62:99:5b:46:d5:37:3c:d6:31:bb:07:
         e5:57:6e:ae:93:ca:47:61:b5:ae:71:0b:c0:77:33:14:93:a3:
         c6:9d:5c:62:6f:97:5f:d5:9f:f9:a1:51:40:c5:a1:d1:df:98:
         eb:dc:ca:2d
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICANgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDg0RjcxMTAvBgNVBAUTKDJDRDEwODJFQjQ3NzcxRDIxREE5MDA1ODJGM0VDODdD
NjlERDVDQ0MwHhcNMjUxMDA1MDYwMTM4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGUyMDljMi03MGY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwIG8iehMslD9zPUObck/p3OKOYe8KOKMuPRpDji7lVZBsPk2dWWyjToOq2GW
TGyL9UMz++ZwoAhtHgZ2DtA28IOZef1KVVpT2M1QTM5D7xo3kEJjznlW6VuS9Wpr
/G3wBNYxvHT+UmO69uLx4TvRG5XiY7/2AbWv+IXBAnxT+lPSmCkb3DfRe6343uTP
EQfJZdOheVhJj7VxmKW1KfEz+6sWC2essvIJqFHxMdFcaWd5sx8QCbiEQ3kBrD3s
ccPR2RB6e0/AmHxMDOvRnr6yRCXbp/O84GzcyoTS2mty/6rOb6ijbCenfOjepoVG
r15x0BsCyyPcDRAa9UE2PhznaQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAu93K82
t5uTDAPJ6hUGHujf6svjMB8GA1UdIwQYMBaAFCzRCC60d3HSHakAWC8+yHxp3VzM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEODRGNy83OUNBRkIyNjVC
OEUxMUVGOTE3N0U5MUVDNEY5QUUwMi9MTkVJTHJSM2NkSWRxUUJZTHo3SWZHbmRY
TXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0xORUlMclIzY2RJZHFRQllMejdJZkduZFhNdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDg0RjcvNzlDQUZCMjY1QjhFMTFFRjkxNzdFOTFFQzRGOUFFMDIvQUFGQjg5QzI1
QjhFMTFFRjg3NzQ2OTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGgHoowDQYJKoZIhvcNAQELBQADggEBAESAGl66XcFuFf1C
1nCuoPiB9xxr+6kBO1rr0ze+KverQVuogH6xm2OI+0oGuAvt5nJceSuYJWy2TGCp
hG5IY86cfCwOTl3KLmETZV/jnYSuC/YecYRO2CrymOCFOH3yK8Uftg1oefk5TvXl
2n5Y4UJ1g9zB4uo4dKfOrn8KcAGMrGLD7SSVinwTY2l05WN1wmpBv6WLujKFyAPj
xrFMTSHPWN3WVErHHkvTewBkoqY9MDiLbVJOfFlI9cDwcQwbRWC714INh2v21xuE
LXBimVtG1Tc81jG7B+VXbq6Tykdhta5xC8B3MxSTo8adXGJvl1/Vn/mhUUDFodHf
mOvcyi0=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:44:07 2025 by rpki-client