Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/0E9272DA768611F08998521AC4F9AE02.roa
File:                     0E9272DA768611F08998521AC4F9AE02.roa (raw, json)
Hash identifier:          bGBXDK+xcvHyPNZ/oI+s2EN0dL3EuzSCaA64bObOVdg=
Subject key identifier:   94:3A:39:D6:F4:05:2F:B4:9D:C7:93:E5:41:AA:8A:26:E0:4F:7E:98
Certificate issuer:       /CN=A91E8C90/serialNumber=58A196A7BF06F2E16E909D277141BA44911F1F4F
Certificate serial:       3639
Authority key identifier: 58:A1:96:A7:BF:06:F2:E1:6E:90:9D:27:71:41:BA:44:91:1F:1F:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WKGWp78G8uFukJ0ncUG6RJEfH08.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/0E9272DA768611F08998521AC4F9AE02.roa
Signing time:             Tue 02 Sep 2025 15:01:35 +0000
ROA not before:           Tue 02 Sep 2025 15:01:35 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     834
IP address blocks:        182.54.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/WKGWp78G8uFukJ0ncUG6RJEfH08.crl
                          rsync://rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/WKGWp78G8uFukJ0ncUG6RJEfH08.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WKGWp78G8uFukJ0ncUG6RJEfH08.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 14:54:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13881 (0x3639)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E8C90, serialNumber=58A196A7BF06F2E16E909D277141BA44911F1F4F
        Validity
            Not Before: Sep  2 15:01:35 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b706cf-16c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a9:e1:ae:a7:be:3b:b4:b7:68:3a:a6:64:7a:
                    20:b6:59:1e:91:87:bc:fa:53:44:fa:cd:25:bc:17:
                    c6:2d:a7:84:58:f4:73:16:77:9d:27:ff:59:54:87:
                    a3:13:d1:e1:b9:0d:cd:da:69:42:77:9f:f8:9e:a8:
                    07:59:32:26:94:39:55:98:f7:53:50:3c:e7:3d:60:
                    28:1f:cb:22:2f:08:0f:7f:01:db:f4:2b:bc:01:75:
                    d9:7b:66:2d:b7:98:56:65:17:d0:62:79:89:67:ea:
                    e9:60:c7:62:93:bd:a1:6b:bc:b5:6a:a6:78:0d:de:
                    0a:a8:79:f1:6f:14:fe:9b:04:9f:23:78:29:f4:fd:
                    97:cd:3e:b8:f9:8d:8c:80:a5:de:e4:1b:2b:b8:cd:
                    c3:15:d0:5a:1d:fd:0b:11:e8:07:f4:4d:09:ef:be:
                    33:d0:7b:0a:28:86:ca:ae:5f:64:9d:53:0a:d2:3c:
                    61:58:c8:38:85:5e:5e:4a:fe:36:c4:9a:11:1b:e9:
                    1c:7a:00:6b:1e:36:2a:dc:73:e1:86:cf:68:4b:c5:
                    2a:52:8b:1a:a2:d1:d8:3c:03:6e:ab:94:46:13:c4:
                    06:f5:82:5f:06:07:42:61:d4:68:9b:a5:e9:fc:4e:
                    88:9d:8a:d4:9b:bf:8e:fe:0a:c0:7d:a8:3e:9f:df:
                    1e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3A:39:D6:F4:05:2F:B4:9D:C7:93:E5:41:AA:8A:26:E0:4F:7E:98
            X509v3 Authority Key Identifier:
                keyid:58:A1:96:A7:BF:06:F2:E1:6E:90:9D:27:71:41:BA:44:91:1F:1F:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/WKGWp78G8uFukJ0ncUG6RJEfH08.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WKGWp78G8uFukJ0ncUG6RJEfH08.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E8C90/2D1BEBE41D9511E288E6B3FA08B02CD2/0E9272DA768611F08998521AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.54.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:62:c6:a3:fb:24:fa:f2:8a:65:18:5c:a9:54:72:49:29:23:
         e8:09:9e:2e:0f:4c:82:a0:05:a1:c2:48:35:fb:4b:65:4f:77:
         47:d4:f4:70:15:6c:87:3a:a5:0d:bf:51:4c:f9:08:ab:22:fa:
         65:0b:44:09:0b:5c:a8:0c:66:3c:c3:42:9d:a3:de:75:e2:4e:
         5c:2e:00:44:ae:95:52:6d:22:eb:4f:4a:ed:a5:65:45:d6:c4:
         02:66:45:73:ac:7e:e4:ae:42:63:77:d2:68:f3:48:1f:20:52:
         d3:4d:73:f3:a6:63:25:e4:1b:3f:e3:f1:82:da:16:7d:fb:00:
         27:5e:2d:00:c9:e3:90:43:de:4e:20:99:34:39:ce:d4:ff:aa:
         de:78:93:e4:a3:d3:60:f3:03:99:d5:2b:66:78:ad:15:e1:71:
         c8:38:5f:42:11:94:27:4a:07:1d:61:72:a1:2d:24:27:a0:97:
         12:20:be:37:62:68:c4:6c:18:94:57:33:72:67:d2:77:70:23:
         8c:30:07:dc:47:4a:e7:bc:db:41:32:4d:90:d5:99:7a:87:5e:
         d8:28:23:fe:1f:2a:92:0e:5c:c4:02:04:5b:12:7a:0a:21:be:
         50:e1:b2:3e:10:5d:65:95:5d:e8:ec:6d:99:94:89:a3:8a:95:
         36:42:c3:94
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNjkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RThDOTAxMTAvBgNVBAUTKDU4QTE5NkE3QkYwNkYyRTE2RTkwOUQyNzcxNDFCQTQ0
OTExRjFGNEYwHhcNMjUwOTAyMTUwMTM1WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI3MDZjZi0xNmMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo6nhrqe+O7S3aDqmZHogtlkekYe8+lNE+s0lvBfGLaeEWPRzFnedJ/9ZVIej
E9HhuQ3N2mlCd5/4nqgHWTImlDlVmPdTUDznPWAoH8siLwgPfwHb9Cu8AXXZe2Yt
t5hWZRfQYnmJZ+rpYMdik72ha7y1aqZ4Dd4KqHnxbxT+mwSfI3gp9P2XzT64+Y2M
gKXe5BsruM3DFdBaHf0LEegH9E0J774z0HsKKIbKrl9knVMK0jxhWMg4hV5eSv42
xJoRG+kcegBrHjYq3HPhhs9oS8UqUosaotHYPANuq5RGE8QG9YJfBgdCYdRom6Xp
/E6InYrUm7+O/grAfag+n98e8wIDAQABo4IClTCCApEwHQYDVR0OBBYEFJQ6Odb0
BS+0nceT5UGqiibgT36YMB8GA1UdIwQYMBaAFFihlqe/BvLhbpCdJ3FBukSRHx9P
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFOEM5MC8yRDFCRUJFNDFE
OTUxMUUyODhFNkIzRkEwOEIwMkNEMi9XS0dXcDc4Rzh1RnVrSjBuY1VHNlJKRWZI
MDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dLR1dwNzhHOHVGdWtKMG5jVUc2UkpFZkgwOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RThDOTAvMkQxQkVCRTQxRDk1MTFFMjg4RTZCM0ZBMDhCMDJDRDIvMEU5MjcyREE3
Njg2MTFGMDg5OTg1MjFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAC2Nu8wDQYJKoZIhvcNAQELBQADggEBAA1ixqP7JPryimUY
XKlUckkpI+gJni4PTIKgBaHCSDX7S2VPd0fU9HAVbIc6pQ2/UUz5CKsi+mULRAkL
XKgMZjzDQp2j3nXiTlwuAESulVJtIutPSu2lZUXWxAJmRXOsfuSuQmN30mjzSB8g
UtNNc/OmYyXkGz/j8YLaFn37ACdeLQDJ45BD3k4gmTQ5ztT/qt54k+Sj02DzA5nV
K2Z4rRXhccg4X0IRlCdKBx1hcqEtJCeglxIgvjdiaMRsGJRXM3Jn0ndwI4wwB9xH
Sue820EyTZDVmXqHXtgoI/4fKpIOXMQCBFsSegohvlDhsj4QXWWVXejsbZmUiaOK
lTZCw5Q=
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:46:11 2025 by rpki-client