Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/9F4A37143EA511EF882FE276C4F9AE02.roa
File:                     9F4A37143EA511EF882FE276C4F9AE02.roa (raw, json)
Hash identifier:          n1rSG6+YrBdrpyC7jAy4PT81hFwvfJMiF3pinZ5UvAs=
Subject key identifier:   61:FA:5A:46:41:B0:E5:F7:9E:AE:24:5D:38:67:49:E2:37:07:12:44
Certificate issuer:       /CN=A91F9E0A/serialNumber=5F1EE82BF709A26CC000995B47481E54F6F3806E
Certificate serial:       ED
Authority key identifier: 5F:1E:E8:2B:F7:09:A2:6C:C0:00:99:5B:47:48:1E:54:F6:F3:80:6E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Xx7oK_cJomzAAJlbR0geVPbzgG4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/9F4A37143EA511EF882FE276C4F9AE02.roa
Signing time:             Fri 26 Sep 2025 04:11:56 +0000
ROA not before:           Fri 26 Sep 2025 04:11:56 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     152900
IP address blocks:        160.22.78.0/24 maxlen: 24
                          160.22.79.0/24 maxlen: 24
                          192.206.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/Xx7oK_cJomzAAJlbR0geVPbzgG4.crl
                          rsync://rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/Xx7oK_cJomzAAJlbR0geVPbzgG4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Xx7oK_cJomzAAJlbR0geVPbzgG4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 08:14:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 237 (0xed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F9E0A, serialNumber=5F1EE82BF709A26CC000995B47481E54F6F3806E
        Validity
            Not Before: Sep 26 04:11:56 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68d6128c-0415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:24:7b:4e:f1:db:be:82:e5:88:fd:4d:2d:65:
                    37:ad:f2:07:64:29:ee:13:b9:b6:f8:d0:58:2e:06:
                    b4:44:43:33:27:0f:24:41:17:e8:10:34:18:fe:69:
                    77:f7:3b:48:b3:cc:a6:cc:49:90:ad:09:d8:91:95:
                    60:f9:37:eb:0d:5a:7f:c3:ae:38:31:51:c8:0c:6d:
                    b5:a1:4b:17:c3:e2:b7:53:04:f5:c7:d3:98:11:6b:
                    63:52:33:8d:51:36:16:33:f5:e1:63:56:12:58:d4:
                    4c:3f:a4:ab:45:06:44:16:ce:b5:49:dc:45:d2:d1:
                    91:1e:63:3a:2a:51:40:71:fa:01:56:e5:6d:5a:44:
                    1b:8f:05:2e:4a:4c:92:99:85:72:b7:7f:10:73:b2:
                    90:76:29:43:a4:89:0f:dc:d6:b3:ac:fb:e6:9f:3c:
                    90:2a:01:e1:52:26:d5:dc:fc:a3:30:40:bf:0d:a8:
                    a6:d3:40:de:41:b1:bb:26:c6:07:5b:50:3d:7b:46:
                    a5:2a:17:9a:17:07:d1:a4:be:c0:c6:9b:3e:2c:15:
                    68:86:88:e8:91:18:61:9c:ba:63:b3:86:96:fd:3e:
                    81:49:f0:b1:da:39:18:02:1e:e2:0d:51:95:f6:96:
                    a0:68:ec:93:75:6f:68:3e:08:6f:38:5c:8c:08:95:
                    8a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FA:5A:46:41:B0:E5:F7:9E:AE:24:5D:38:67:49:E2:37:07:12:44
            X509v3 Authority Key Identifier:
                keyid:5F:1E:E8:2B:F7:09:A2:6C:C0:00:99:5B:47:48:1E:54:F6:F3:80:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/Xx7oK_cJomzAAJlbR0geVPbzgG4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Xx7oK_cJomzAAJlbR0geVPbzgG4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F9E0A/03B052D43E6911EFA2CE676AC4F9AE02/9F4A37143EA511EF882FE276C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.78.0/23
                  192.206.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:15:37:29:64:1c:a8:ba:96:de:b1:67:cc:5a:7b:d3:ed:44:
         95:59:32:03:fb:b1:ae:55:d7:18:59:11:82:14:ff:40:c0:36:
         d9:35:08:2c:76:19:70:aa:c9:d9:17:9a:9b:18:a0:82:50:ae:
         81:3b:dd:61:62:02:2c:f8:7f:43:b9:6d:13:b8:95:fd:b1:30:
         51:16:b1:c8:26:e1:78:92:85:87:22:66:ed:b5:a9:d8:5d:bf:
         51:56:a1:7e:46:d5:d1:f4:31:56:a3:e1:c4:30:b7:dd:0e:3c:
         a4:0b:6d:d8:3e:82:72:c6:db:d7:fa:36:78:ee:71:fd:df:5d:
         15:21:60:8f:80:47:f4:0e:d9:c0:a3:35:ba:5b:5d:ab:f0:b6:
         b1:f6:54:0f:20:ac:0a:43:88:82:3b:a7:ff:29:18:ab:6a:0a:
         52:98:ca:b7:9c:06:6e:6a:6a:a1:8e:a9:66:9d:38:85:a2:54:
         04:71:f9:07:4f:f9:e6:20:81:f4:35:e7:c6:94:77:0c:a2:1e:
         67:ba:df:fa:ee:34:4e:56:b8:60:74:e6:bc:ac:c3:19:ab:62:
         24:74:2b:b2:40:87:62:79:83:47:aa:ae:3e:52:95:93:d1:80:
         46:ed:6c:35:f0:4c:78:95:8c:06:e6:d6:c0:b3:bb:a0:9e:6e:
         80:c0:bb:d2
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAO0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjlFMEExMTAvBgNVBAUTKDVGMUVFODJCRjcwOUEyNkNDMDAwOTk1QjQ3NDgxRTU0
RjZGMzgwNkUwHhcNMjUwOTI2MDQxMTU2WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ2MTI4Yy0wNDE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1iR7TvHbvoLliP1NLWU3rfIHZCnuE7m2+NBYLga0REMzJw8kQRfoEDQY/ml3
9ztIs8ymzEmQrQnYkZVg+TfrDVp/w644MVHIDG21oUsXw+K3UwT1x9OYEWtjUjON
UTYWM/XhY1YSWNRMP6SrRQZEFs61SdxF0tGRHmM6KlFAcfoBVuVtWkQbjwUuSkyS
mYVyt38Qc7KQdilDpIkP3NazrPvmnzyQKgHhUibV3PyjMEC/Daim00DeQbG7JsYH
W1A9e0alKheaFwfRpL7Axps+LBVohojokRhhnLpjs4aW/T6BSfCx2jkYAh7iDVGV
9pagaOyTdW9oPghvOFyMCJWKOwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGH6WkZB
sOX3nq4kXThnSeI3BxJEMB8GA1UdIwQYMBaAFF8e6Cv3CaJswACZW0dIHlT284Bu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGOUUwQS8wM0IwNTJENDNF
NjkxMUVGQTJDRTY3NkFDNEY5QUUwMi9YeDdvS19jSm9tekFBSmxiUjBnZVZQYnpn
RzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1h4N29LX2NKb216QUFKbGJSMGdlVlBiemdHNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjlFMEEvMDNCMDUyRDQzRTY5MTFFRkEyQ0U2NzZBQzRGOUFFMDIvOUY0QTM3MTQz
RUE1MTFFRjg4MkZFMjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAGgFk4DBADAznUwDQYJKoZIhvcNAQELBQADggEBAGIVNylk
HKi6lt6xZ8xae9PtRJVZMgP7sa5V1xhZEYIU/0DANtk1CCx2GXCqydkXmpsYoIJQ
roE73WFiAiz4f0O5bRO4lf2xMFEWscgm4XiShYciZu21qdhdv1FWoX5G1dH0MVaj
4cQwt90OPKQLbdg+gnLG29f6Nnjucf3fXRUhYI+AR/QO2cCjNbpbXavwtrH2VA8g
rApDiII7p/8pGKtqClKYyrecBm5qaqGOqWadOIWiVARx+QdP+eYggfQ158aUdwyi
Hme63/ruNE5WuGB05ryswxmrYiR0K7JAh2J5g0eqrj5SlZPRgEbtbDXwTHiVjAbm
1sCzu6CeboDAu9I=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:11:10 2025 by rpki-client