Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/48D65BC2D28F11EB9F83683DC4F9AE02.roa
File:                     48D65BC2D28F11EB9F83683DC4F9AE02.roa (raw, json)
Hash identifier:          8hBGvOyNwxB7qMibVDGpuRU5HevQ+Tcv9ZjJM79y8+w=
Subject key identifier:   1C:E6:B5:AD:CE:4D:92:C7:B6:13:43:D4:0C:BC:8F:7F:AA:86:3C:0D
Certificate issuer:       /CN=A91DDCB6/serialNumber=18DC531D44F05962E97F23845736141D3E02681B
Certificate serial:       06EE
Authority key identifier: 18:DC:53:1D:44:F0:59:62:E9:7F:23:84:57:36:14:1D:3E:02:68:1B
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/GNxTHUTwWWLpfyOEVzYUHT4CaBs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/48D65BC2D28F11EB9F83683DC4F9AE02.roa
Signing time:             Wed 08 Oct 2025 20:51:39 +0000
ROA not before:           Wed 08 Oct 2025 20:51:39 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     17439
IP address blocks:        217.18.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/GNxTHUTwWWLpfyOEVzYUHT4CaBs.crl
                          rsync://rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/GNxTHUTwWWLpfyOEVzYUHT4CaBs.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/GNxTHUTwWWLpfyOEVzYUHT4CaBs.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 21:42:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1774 (0x6ee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DDCB6, serialNumber=18DC531D44F05962E97F23845736141D3E02681B
        Validity
            Not Before: Oct  8 20:51:39 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68e6ceda-639f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:72:03:b6:77:15:f5:c5:09:d4:24:46:9e:6a:
                    49:82:f5:38:50:7f:c3:7d:55:c8:e9:07:50:27:f1:
                    19:fe:29:c1:34:93:36:ba:b6:82:8c:86:b0:8a:e7:
                    03:73:ad:f3:59:57:d2:a1:04:88:63:46:26:b0:7c:
                    02:97:d6:8e:cf:88:0c:16:7a:29:ad:7b:e1:7b:5d:
                    78:c4:c5:e4:3b:61:26:bd:31:d6:a2:be:84:0e:c3:
                    7d:03:89:46:44:bc:32:34:85:c6:ac:35:a0:19:cf:
                    87:1a:b5:42:0c:9c:e1:59:e0:3a:f2:7a:0f:38:02:
                    5c:db:ff:e4:77:b3:3e:fc:62:85:36:80:1d:39:ba:
                    8c:3b:a2:5f:1c:7e:01:ac:e4:b5:ca:68:87:df:e5:
                    0d:0a:ce:39:cc:68:52:25:8d:c6:9f:bf:ea:f3:9e:
                    1e:a7:78:82:bd:10:44:33:26:96:4c:c4:fa:87:43:
                    1c:e3:c3:94:44:a8:9c:1c:ed:88:42:01:d8:5e:ef:
                    22:e4:92:a9:35:77:9a:5e:32:45:cd:cd:e9:2a:ca:
                    4f:f0:50:36:06:09:94:3a:bf:35:53:42:04:60:12:
                    4a:c7:86:cb:f2:73:59:ca:d2:87:ef:ff:7e:ae:5c:
                    55:8c:e9:af:75:d7:46:36:e2:a0:df:77:da:6d:bb:
                    db:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E6:B5:AD:CE:4D:92:C7:B6:13:43:D4:0C:BC:8F:7F:AA:86:3C:0D
            X509v3 Authority Key Identifier:
                keyid:18:DC:53:1D:44:F0:59:62:E9:7F:23:84:57:36:14:1D:3E:02:68:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/GNxTHUTwWWLpfyOEVzYUHT4CaBs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/GNxTHUTwWWLpfyOEVzYUHT4CaBs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DDCB6/6E9AC80671D811EB8047721DC4F9AE02/48D65BC2D28F11EB9F83683DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:52:a0:ce:d0:b0:f1:c6:a2:13:9d:4f:b9:b4:09:ec:86:6e:
         04:c5:bb:03:9b:18:53:69:26:8e:19:62:20:81:af:9f:be:6a:
         ae:78:70:03:66:62:49:cd:46:85:f7:26:bb:ef:52:10:d6:49:
         eb:97:ee:28:bb:1b:af:02:1f:d5:e8:22:f4:30:a6:40:bb:1d:
         a9:ed:a1:f7:69:6a:52:7d:1d:6b:3a:72:d5:c9:be:7f:ad:e0:
         5b:83:e3:b2:a0:ea:d6:63:52:ba:00:19:f8:b1:0d:f5:98:b4:
         17:aa:18:04:03:be:3b:8b:55:7a:99:cf:40:44:a2:4a:ea:2a:
         1f:32:d9:10:88:f4:5d:72:6e:ef:6a:1d:d9:2b:4b:cf:e6:8c:
         af:f6:0b:4e:15:80:00:69:49:5c:2d:d4:7e:98:4f:85:aa:3d:
         4a:43:6e:1f:c5:7f:e2:c2:b6:dd:4d:89:d8:77:ed:02:81:d2:
         c0:0e:40:bd:eb:d8:26:0e:74:c2:06:6d:e7:5d:81:f1:57:93:
         4e:55:2b:c6:59:0e:a3:43:47:29:2b:50:e9:5d:de:24:e8:fe:
         fb:2a:b0:53:40:ce:50:77:1c:93:85:3b:09:68:e2:50:8d:57:
         6f:27:e2:61:b1:69:8c:d0:04:40:0d:0e:84:92:ea:05:e9:d3:
         c6:03:d4:4e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBu4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RERDQjYxMTAvBgNVBAUTKDE4REM1MzFENDRGMDU5NjJFOTdGMjM4NDU3MzYxNDFE
M0UwMjY4MUIwHhcNMjUxMDA4MjA1MTM5WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU2Y2VkYS02MzlmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA33IDtncV9cUJ1CRGnmpJgvU4UH/DfVXI6QdQJ/EZ/inBNJM2uraCjIawiucD
c63zWVfSoQSIY0YmsHwCl9aOz4gMFnoprXvhe114xMXkO2EmvTHWor6EDsN9A4lG
RLwyNIXGrDWgGc+HGrVCDJzhWeA68noPOAJc2//kd7M+/GKFNoAdObqMO6JfHH4B
rOS1ymiH3+UNCs45zGhSJY3Gn7/q854ep3iCvRBEMyaWTMT6h0Mc48OURKicHO2I
QgHYXu8i5JKpNXeaXjJFzc3pKspP8FA2BgmUOr81U0IEYBJKx4bL8nNZytKH7/9+
rlxVjOmvdddGNuKg33fabbvbYwIDAQABo4IClTCCApEwHQYDVR0OBBYEFBzmta3O
TZLHthND1Ay8j3+qhjwNMB8GA1UdIwQYMBaAFBjcUx1E8Fli6X8jhFc2FB0+Amgb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERENCNi82RTlBQzgwNjcx
RDgxMUVCODA0NzcyMURDNEY5QUUwMi9HTnhUSFVUd1dXTHBmeU9FVnpZVUhUNENh
QnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0dOeFRIVVR3V1dMcGZ5T0VWellVSFQ0Q2FCcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RERDQjYvNkU5QUM4MDY3MUQ4MTFFQjgwNDc3MjFEQzRGOUFFMDIvNDhENjVCQzJE
MjhGMTFFQjlGODM2ODNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALZEjQwDQYJKoZIhvcNAQELBQADggEBAB1SoM7QsPHGohOd
T7m0CeyGbgTFuwObGFNpJo4ZYiCBr5++aq54cANmYknNRoX3JrvvUhDWSeuX7ii7
G68CH9XoIvQwpkC7HantofdpalJ9HWs6ctXJvn+t4FuD47Kg6tZjUroAGfixDfWY
tBeqGAQDvjuLVXqZz0BEokrqKh8y2RCI9F1ybu9qHdkrS8/mjK/2C04VgABpSVwt
1H6YT4WqPUpDbh/Ff+LCtt1Nidh37QKB0sAOQL3r2CYOdMIGbeddgfFXk05VK8ZZ
DqNDRykrUOld3iTo/vsqsFNAzlB3HJOFOwlo4lCNV28n4mGxaYzQBEANDoSS6gXp
08YD1E4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 22:02:56 2025 by rpki-client