Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CED9053CE35211EDB7F6B44EC4F9AE02.roa
File:                     CED9053CE35211EDB7F6B44EC4F9AE02.roa (raw, json)
Hash identifier:          xTtZn9aZIB/fSzr6F1pFXv9qqXV1JjTBS40WClRRCIw=
Subject key identifier:   4A:7A:77:A5:47:34:7B:BC:01:B3:06:10:DA:54:2B:78:E6:77:10:86
Certificate issuer:       /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial:       0C1C
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CED9053CE35211EDB7F6B44EC4F9AE02.roa
Signing time:             Tue 30 Sep 2025 20:22:12 +0000
ROA not before:           Tue 30 Sep 2025 20:22:12 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     9387
IP address blocks:        2401:4100::/32 maxlen: 32
                          2401:4100::/33 maxlen: 33
                          2401:4100:8000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
                          rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 21:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3100 (0xc1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F69E7, serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
        Validity
            Not Before: Sep 30 20:22:12 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68dc3bf3-43de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0b:c6:34:e1:da:65:e6:c6:16:2e:5a:54:b1:
                    e0:ce:0c:1c:44:66:0e:58:1f:c9:e1:aa:7f:8c:e4:
                    5d:94:75:ef:2a:4f:7a:64:ff:6b:90:fa:2b:dd:bd:
                    be:fa:1e:3d:20:43:9a:74:ae:1f:d6:41:d5:a2:1e:
                    8a:6d:0e:bc:17:86:c5:71:b4:86:0f:28:15:76:42:
                    78:f4:5c:50:c6:e0:6e:8d:a0:b5:cf:fd:74:32:db:
                    01:9f:77:cf:71:85:db:c8:51:4c:a6:e2:27:1c:81:
                    f3:7a:49:e6:06:d2:92:d2:cf:81:85:10:f4:31:99:
                    f5:eb:cb:2a:14:4c:fb:78:e3:d1:00:24:4e:6a:ac:
                    21:9f:08:f7:1a:e0:e5:49:2b:dc:64:39:b9:58:c6:
                    e7:0b:5e:f7:73:07:af:8d:a4:ef:30:eb:7e:6e:68:
                    8e:0f:d3:15:cc:6d:f6:cd:1c:31:13:73:f0:80:9d:
                    ed:f1:e0:f4:c3:f4:b9:a5:88:bd:1e:5c:2b:60:4a:
                    46:08:c7:d4:44:71:93:76:62:f1:7a:ec:83:28:2e:
                    74:c3:1c:ec:10:c5:4f:a3:bc:5b:f7:bd:1f:6e:0e:
                    34:d3:92:c7:e2:bb:94:cb:15:1c:af:b5:31:38:79:
                    0d:99:7f:27:9d:40:10:19:87:f8:a8:a7:5b:ef:47:
                    f0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7A:77:A5:47:34:7B:BC:01:B3:06:10:DA:54:2B:78:E6:77:10:86
            X509v3 Authority Key Identifier:
                keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CED9053CE35211EDB7F6B44EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:4100::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:8d:e6:17:7e:1d:44:ff:48:8a:c0:db:90:c8:30:ff:6c:e3:
         af:e1:da:81:35:b6:5d:bb:bb:41:ff:a1:c4:1e:fb:b2:2c:3b:
         21:67:bc:ec:1a:1f:4e:1c:0f:70:f2:a1:7e:e9:aa:83:85:9e:
         69:bd:5a:1e:2f:c9:4f:ea:b1:fd:96:66:34:87:cf:41:da:7b:
         00:39:e8:9e:4c:58:b9:e2:b7:67:f5:4f:e3:ab:40:5c:30:38:
         dc:fa:c5:7e:35:6a:35:ed:21:c2:8d:b3:c1:73:6d:c8:90:7b:
         db:f3:73:71:b1:16:59:43:89:6a:95:e9:c5:fc:3c:74:96:67:
         df:d3:90:2c:1e:72:40:a0:d7:f3:24:09:38:0f:a8:7f:be:8b:
         57:6d:c2:00:a6:c9:07:ff:73:6d:27:e9:03:d6:9e:a4:ad:54:
         62:d3:2c:b0:42:72:af:73:2b:7b:28:5a:76:17:1c:d0:0f:c5:
         cd:c3:f1:7d:74:49:34:d4:b8:fe:3e:15:90:61:91:b1:1a:c1:
         d9:aa:84:a3:aa:68:11:70:c7:d9:51:5b:3d:5c:11:8b:2b:17:
         8c:c3:cb:16:a9:e3:98:2a:18:7b:99:b0:08:7d:d6:96:c2:3e:
         02:dd:ed:0c:bb:7f:6c:04:4a:50:79:26:7e:c0:7b:5c:35:32:
         d0:5e:20:b4
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICDBwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjUwOTMwMjAyMjEyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRjM2JmMy00M2RlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArwvGNOHaZebGFi5aVLHgzgwcRGYOWB/J4ap/jORdlHXvKk96ZP9rkPor3b2+
+h49IEOadK4f1kHVoh6KbQ68F4bFcbSGDygVdkJ49FxQxuBujaC1z/10MtsBn3fP
cYXbyFFMpuInHIHzeknmBtKS0s+BhRD0MZn168sqFEz7eOPRACROaqwhnwj3GuDl
SSvcZDm5WMbnC173cwevjaTvMOt+bmiOD9MVzG32zRwxE3PwgJ3t8eD0w/S5pYi9
HlwrYEpGCMfURHGTdmLxeuyDKC50wxzsEMVPo7xb970fbg4005LH4ruUyxUcr7Ux
OHkNmX8nnUAQGYf4qKdb70fw7wIDAQABo4ICljCCApIwHQYDVR0OBBYEFEp6d6VH
NHu8AbMGENpUK3jmdxCGMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQ0VEOTA1M0NF
MzUyMTFFREI3RjZCNDRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQAkAUEAMA0GCSqGSIb3DQEBCwUAA4IBAQA+jeYXfh1E/0iK
wNuQyDD/bOOv4dqBNbZdu7tB/6HEHvuyLDshZ7zsGh9OHA9w8qF+6aqDhZ5pvVoe
L8lP6rH9lmY0h89B2nsAOeieTFi54rdn9U/jq0BcMDjc+sV+NWo17SHCjbPBc23I
kHvb83NxsRZZQ4lqlenF/Dx0lmff05AsHnJAoNfzJAk4D6h/votXbcIApskH/3Nt
J+kD1p6krVRi0yywQnKvcyt7KFp2FxzQD8XNw/F9dEk01Lj+PhWQYZGxGsHZqoSj
qmgRcMfZUVs9XBGLKxeMw8sWqeOYKhh7mbAIfdaWwj4C3e0Mu39sBEpQeSZ+wHtc
NTLQXiC0
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:22:43 2025 by rpki-client