Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/2D89110A9A5311EE9CB13140C4F9AE02.roa
File:                     2D89110A9A5311EE9CB13140C4F9AE02.roa (raw, json)
Hash identifier:          Jj1NVOgg11V9rBHXb/ngLI6yeEIfUQhi8bFPhl/4/hg=
Subject key identifier:   39:E1:DE:CB:FB:D7:C2:03:2A:92:31:50:14:B7:3D:8A:2A:D2:70:83
Certificate issuer:       /CN=A91DCAE8/serialNumber=AAB0E2B62F6343895730C05488E7FC4E26C51A6C
Certificate serial:       3513
Authority key identifier: AA:B0:E2:B6:2F:63:43:89:57:30:C0:54:88:E7:FC:4E:26:C5:1A:6C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/2D89110A9A5311EE9CB13140C4F9AE02.roa
Signing time:             Sat 20 Sep 2025 15:00:59 +0000
ROA not before:           Sat 20 Sep 2025 15:00:59 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     131203
IP address blocks:        2001:df2:a980::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.crl
                          rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 14:49:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13587 (0x3513)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DCAE8, serialNumber=AAB0E2B62F6343895730C05488E7FC4E26C51A6C
        Validity
            Not Before: Sep 20 15:00:59 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68cec1ab-eae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f1:04:d4:41:2a:c1:2c:8f:6a:23:40:c1:e6:
                    52:be:b6:b9:cd:a2:e2:d3:0c:85:eb:79:45:3c:20:
                    14:74:1b:ce:62:e6:21:0c:99:7a:e6:1e:65:57:42:
                    41:c4:3b:84:77:a6:3d:38:ed:e3:1c:52:6f:1a:ed:
                    52:36:91:c6:f7:44:11:32:1f:8d:dd:41:44:f4:a8:
                    30:b4:00:be:23:6f:22:e7:85:48:c3:1a:94:0e:b6:
                    e2:25:85:d0:c0:6d:64:ae:75:b5:14:bb:e3:b1:2f:
                    a2:28:1f:93:fa:b6:f3:9b:33:71:30:18:63:8d:22:
                    d9:d6:00:11:65:36:54:89:f4:4c:71:f6:29:eb:25:
                    e8:38:f8:25:22:80:c4:86:bf:b2:41:f7:ec:38:4e:
                    f2:c7:a8:a3:d3:22:84:70:a1:a5:8a:96:cb:55:c4:
                    19:ce:f0:51:f3:cc:c1:38:97:d0:ee:8d:da:11:5d:
                    32:1a:f4:26:5a:fb:50:c6:09:2c:56:20:e5:6e:d5:
                    bd:0c:41:6a:f6:4b:ef:2f:b7:71:88:a0:29:04:3e:
                    60:64:03:50:4a:f7:34:95:02:d3:05:4c:98:28:25:
                    ce:08:73:d6:34:e7:37:74:6d:c6:55:f2:f6:bf:b0:
                    94:99:03:d8:6c:ac:c6:a9:62:2e:1d:94:5a:1c:cb:
                    b5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E1:DE:CB:FB:D7:C2:03:2A:92:31:50:14:B7:3D:8A:2A:D2:70:83
            X509v3 Authority Key Identifier:
                keyid:AA:B0:E2:B6:2F:63:43:89:57:30:C0:54:88:E7:FC:4E:26:C5:1A:6C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/2D89110A9A5311EE9CB13140C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df2:a980::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:13:e6:6a:16:20:56:3a:c8:05:f0:00:14:c3:90:ab:38:6a:
         ad:e8:39:78:4e:71:0b:a4:a3:62:b4:64:c3:0e:08:64:65:a9:
         20:c3:37:33:11:06:9e:2a:df:ec:42:44:79:1d:b7:46:93:5f:
         4e:bf:ef:9b:a0:0f:55:29:c9:07:05:4f:e6:e2:09:25:ca:98:
         0c:1a:a7:12:69:d4:53:12:19:76:5e:6d:a6:6d:c5:b4:0f:22:
         ab:7f:bc:70:79:22:ac:86:56:a4:0c:9c:ad:ba:0f:1c:87:26:
         8e:28:bd:c1:19:ae:2f:a4:d0:24:22:f3:9f:85:31:82:fd:f1:
         a9:fe:b3:47:33:fb:8a:35:98:d9:9f:fe:eb:7f:56:d4:1a:bf:
         cd:86:11:3f:4b:a4:63:4d:5c:a1:e1:22:cb:d4:f6:39:c0:1f:
         e5:24:4c:49:ba:ba:e4:df:2c:19:a0:9a:2c:0c:88:5c:fd:c2:
         cf:79:42:37:cc:1e:d7:7f:a3:7e:86:4c:b9:72:c4:a9:87:ec:
         96:af:94:4a:31:32:cf:cb:77:50:a3:b9:14:11:97:f7:b1:35:
         df:23:6e:85:20:69:58:b1:6c:b4:67:3b:af:e7:57:89:fa:44:
         1a:e7:e9:86:e7:13:ad:03:d3:e2:52:56:f0:b5:76:b3:8b:95:
         db:ac:ca:e6
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICNRMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RENBRTgxMTAvBgNVBAUTKEFBQjBFMkI2MkY2MzQzODk1NzMwQzA1NDg4RTdGQzRF
MjZDNTFBNkMwHhcNMjUwOTIwMTUwMDU5WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNlYzFhYi1lYWU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzvEE1EEqwSyPaiNAweZSvra5zaLi0wyF63lFPCAUdBvOYuYhDJl65h5lV0JB
xDuEd6Y9OO3jHFJvGu1SNpHG90QRMh+N3UFE9KgwtAC+I28i54VIwxqUDrbiJYXQ
wG1krnW1FLvjsS+iKB+T+rbzmzNxMBhjjSLZ1gARZTZUifRMcfYp6yXoOPglIoDE
hr+yQffsOE7yx6ij0yKEcKGlipbLVcQZzvBR88zBOJfQ7o3aEV0yGvQmWvtQxgks
ViDlbtW9DEFq9kvvL7dxiKApBD5gZANQSvc0lQLTBUyYKCXOCHPWNOc3dG3GVfL2
v7CUmQPYbKzGqWIuHZRaHMu1HwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFDnh3sv7
18IDKpIxUBS3PYoq0nCDMB8GA1UdIwQYMBaAFKqw4rYvY0OJVzDAVIjn/E4mxRps
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQ0FFOC84QjZBREUxNDFE
OTMxMUUyOTJDQjIzRjcwOEIwMkNEMi9xckRpdGk5alE0bFhNTUJVaU9mOFRpYkZH
bXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FyRGl0aTlqUTRsWE1NQlVpT2Y4VGliRkdtdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RENBRTgvOEI2QURFMTQxRDkzMTFFMjkyQ0IyM0Y3MDhCMDJDRDIvMkQ4OTExMEE5
QTUzMTFFRTlDQjEzMTQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3yqYAwDQYJKoZIhvcNAQELBQADggEBAI4T5moWIFY6
yAXwABTDkKs4aq3oOXhOcQuko2K0ZMMOCGRlqSDDNzMRBp4q3+xCRHkdt0aTX06/
75ugD1UpyQcFT+biCSXKmAwapxJp1FMSGXZebaZtxbQPIqt/vHB5IqyGVqQMnK26
DxyHJo4ovcEZri+k0CQi85+FMYL98an+s0cz+4o1mNmf/ut/VtQav82GET9LpGNN
XKHhIsvU9jnAH+UkTEm6uuTfLBmgmiwMiFz9ws95QjfMHtd/o36GTLlyxKmH7Jav
lEoxMs/Ld1CjuRQRl/exNd8jboUgaVixbLRnO6/nV4n6RBrn6YbnE60D0+JSVvC1
drOLldusyuY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:26:27 2025 by rpki-client