Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A91A61310000/0/34332e3235352e38302e302f32342d3234203d3e20333935373933.roa
File:                     34332e3235352e38302e302f32342d3234203d3e20333935373933.roa (raw, json)
Hash identifier:          XW5ROJXsHtfkngdlXEUs0YnhnPoR10fb35FCOeUkreg=
Subject key identifier:   C1:C3:30:94:82:1A:BB:F4:44:AA:52:CC:C7:59:3E:EB:C2:F8:22:F9
Certificate issuer:       /CN=A91A61310000/serialNumber=72EC0D8B386D96FBC741C05F3661CB7ADA8EB800
Certificate serial:       0C68B66C6EEE1E1069CC768F1A4B20B1069D7656
Authority key identifier: 72:EC:0D:8B:38:6D:96:FB:C7:41:C0:5F:36:61:CB:7A:DA:8E:B8:00
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A91A61310000/0/34332e3235352e38302e302f32342d3234203d3e20333935373933.roa
Signing time:             Tue 07 Oct 2025 15:29:20 +0000
ROA not before:           Tue 07 Oct 2025 15:24:20 +0000
ROA not after:            Tue 06 Oct 2026 15:29:20 +0000
asID:                     395793
IP address blocks:        43.255.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.crl
                          rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 01:38:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:68:b6:6c:6e:ee:1e:10:69:cc:76:8f:1a:4b:20:b1:06:9d:76:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A61310000, serialNumber=72EC0D8B386D96FBC741C05F3661CB7ADA8EB800
        Validity
            Not Before: Oct  7 15:24:20 2025 GMT
            Not After : Oct  6 15:29:20 2026 GMT
        Subject: CN=C1C33094821ABBF444AA52CCC7593EEBC2F822F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f7:3c:fc:6b:c7:b4:b6:08:71:3c:e0:45:6a:
                    d0:c5:cf:90:43:f4:7b:cb:b3:e6:78:f3:ad:cc:76:
                    c7:81:e0:dc:2d:6f:ea:cd:1b:bd:1a:42:ce:30:7e:
                    ae:a7:91:8b:dd:42:54:43:5b:d1:c4:2e:f0:01:45:
                    8e:ef:cf:77:9b:2a:f5:2d:af:1c:2f:f6:ff:f3:ed:
                    f0:18:d4:e9:1d:ec:2e:dd:3d:a2:17:b5:23:24:4f:
                    94:34:fd:cd:db:a0:5d:4b:aa:e1:ed:70:ae:05:e5:
                    65:ac:c5:53:f0:b3:6d:43:ef:b8:71:b2:f7:1d:48:
                    f0:d7:ad:fc:86:c0:b8:46:b0:bd:40:e0:c6:da:b1:
                    cb:46:ee:6f:c5:b6:78:59:42:01:b9:c4:a6:26:e1:
                    6d:dc:a2:d2:29:73:44:93:a1:7d:fe:0f:b6:8d:eb:
                    ac:34:1a:57:7b:7a:f1:73:4b:3c:11:4c:e7:61:3f:
                    7a:d7:2c:6d:65:6c:35:a3:22:28:cb:63:0f:1d:bc:
                    cc:8e:ee:2d:a2:84:19:a0:38:25:d3:f0:12:f2:7e:
                    f1:2a:5b:0f:9b:59:e7:63:e2:d3:f1:e6:7c:b3:3c:
                    2e:19:4c:4a:45:60:ea:85:42:36:24:8a:71:b7:d6:
                    6b:23:a5:cc:03:b3:9b:58:7a:0b:01:10:5e:fc:c5:
                    61:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C3:30:94:82:1A:BB:F4:44:AA:52:CC:C7:59:3E:EB:C2:F8:22:F9
            X509v3 Authority Key Identifier:
                keyid:72:EC:0D:8B:38:6D:96:FB:C7:41:C0:5F:36:61:CB:7A:DA:8E:B8:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A91A61310000/0/34332e3235352e38302e302f32342d3234203d3e20333935373933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a1:0b:9c:9c:fd:18:bb:11:94:49:f9:ab:9e:4b:24:7e:11:
         c4:a3:1b:c8:0b:49:2b:12:29:89:09:4f:44:ba:56:f0:0b:20:
         78:d9:80:d2:df:e3:f5:e0:8c:5f:9b:d2:ca:16:4a:29:d4:db:
         45:a3:37:7a:21:41:39:16:b9:9f:25:58:b8:34:06:9d:6f:05:
         e9:4d:e2:a9:fe:dc:1c:8d:26:e8:a1:f1:01:57:e8:64:9d:cd:
         42:9e:e4:48:04:95:86:db:31:64:9a:b2:89:30:c7:38:15:f8:
         d7:3b:8f:8f:fe:71:4a:aa:26:39:2f:71:fb:5e:ae:b1:35:49:
         5b:0d:01:4e:5a:9c:09:a9:21:1c:fe:bf:07:39:8d:f1:9f:68:
         83:d8:85:38:55:77:52:d5:96:eb:10:5c:20:b8:4f:f8:87:f6:
         37:19:9e:9f:49:71:cb:70:58:58:e0:93:30:7c:1a:b1:d1:e6:
         77:2e:2b:80:4d:e8:5a:40:fa:11:d9:cb:3a:b9:76:56:21:31:
         40:ac:91:5a:b9:a9:b6:2b:ec:26:6d:56:b0:94:66:3c:52:4d:
         43:9b:3e:0c:6b:c2:56:d4:ea:e7:f4:f8:f5:da:bb:43:b2:67:
         f5:be:f9:80:54:5d:2f:16:39:c2:c0:eb:15:d1:09:a7:61:b9:
         d4:1d:72:49
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIUDGi2bG7uHhBpzHaPGksgsQaddlYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQTYxMzEwMDAwMTEwLwYDVQQFEyg3MkVDMEQ4QjM4
NkQ5NkZCQzc0MUMwNUYzNjYxQ0I3QURBOEVCODAwMB4XDTI1MTAwNzE1MjQyMFoX
DTI2MTAwNjE1MjkyMFowMzExMC8GA1UEAxMoQzFDMzMwOTQ4MjFBQkJGNDQ0QUE1
MkNDQzc1OTNFRUJDMkY4MjJGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJX3PPxrx7S2CHE84EVq0MXPkEP0e8uz5njzrcx2x4Hg3C1v6s0bvRpCzjB+
rqeRi91CVENb0cQu8AFFju/Pd5sq9S2vHC/2//Pt8BjU6R3sLt09ohe1IyRPlDT9
zdugXUuq4e1wrgXlZazFU/CzbUPvuHGy9x1I8Net/IbAuEawvUDgxtqxy0bub8W2
eFlCAbnEpibhbdyi0ilzRJOhff4Pto3rrDQaV3t68XNLPBFM52E/etcsbWVsNaMi
KMtjDx28zI7uLaKEGaA4JdPwEvJ+8SpbD5tZ52Pi0/HmfLM8LhlMSkVg6oVCNiSK
cbfWayOlzAOzm1h6CwEQXvzFYdsCAwEAAaOCAhEwggINMB0GA1UdDgQWBBTBwzCU
ghq79ESqUszHWT7rwvgi+TAfBgNVHSMEGDAWgBRy7A2LOG2W+8dBwF82Yct62o64
ADAOBgNVHQ8BAf8EBAMCB4AwcgYDVR0fBGswaTBnoGWgY4ZhcnN5bmM6Ly9ycGtp
LnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTFBNjEzMTAwMDAvMC83MkVDMEQ4
QjM4NkQ5NkZCQzc0MUMwNUYzNjYxQ0I3QURBOEVCODAwLmNybDB+BggrBgEFBQcB
AQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3Np
dG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9jdXdOaXpodGx2
dkhRY0JmTm1ITGV0cU91QUEuY2VyMIGLBggrBgEFBQcBCwR/MH0wewYIKwYBBQUH
MAuGb3JzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxQTYx
MzEwMDAwLzAvMzQzMzJlMzIzNTM1MmUzODMwMmUzMDJmMzIzNDJkMzIzNDIwM2Qz
ZTIwMzMzOTM1MzczOTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/9QMA0GCSqGSIb3DQEBCwUAA4IB
AQBeoQucnP0YuxGUSfmrnkskfhHEoxvIC0krEimJCU9EulbwCyB42YDS3+P14Ixf
m9LKFkop1NtFozd6IUE5FrmfJVi4NAadbwXpTeKp/twcjSboofEBV+hknc1CnuRI
BJWG2zFkmrKJMMc4FfjXO4+P/nFKqiY5L3H7Xq6xNUlbDQFOWpwJqSEc/r8HOY3x
n2iD2IU4VXdS1ZbrEFwguE/4h/Y3GZ6fSXHLcFhY4JMwfBqx0eZ3LiuATehaQPoR
2cs6uXZWITFArJFauam2K+wmbVawlGY8Uk1Dmz4Ma8JW1Orn9Pj12rtDsmf1vvmA
VF0vFjnCwOsV0QmnYbnUHXJJ
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:40:14 2025 by rpki-client