Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A91DD5100000/0/34332e3235322e32302e302f32342d3234203d3e203136353039.roa
File:                     34332e3235322e32302e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          2pHYFNhpresl2Qe+bmQCdeuqTmZNLu6JpjLmSUgR1DM=
Subject key identifier:   79:B4:4D:A8:66:52:7A:03:6E:AA:5D:51:33:43:85:47:97:18:64:6A
Certificate issuer:       /CN=A91DD5100000/serialNumber=5D707B0D3569622432B4BDCBFD320F9A8B6DDC7B
Certificate serial:       60D04EBE73449560484049391D08602B1ACB70BF
Authority key identifier: 5D:70:7B:0D:35:69:62:24:32:B4:BD:CB:FD:32:0F:9A:8B:6D:DC:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XXB7DTVpYiQytL3L_TIPmott3Hs.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A91DD5100000/0/34332e3235322e32302e302f32342d3234203d3e203136353039.roa
Signing time:             Mon 08 Sep 2025 09:25:16 +0000
ROA not before:           Mon 08 Sep 2025 09:20:16 +0000
ROA not after:            Mon 07 Sep 2026 09:25:16 +0000
asID:                     16509
IP address blocks:        43.252.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A91DD5100000/0/5D707B0D3569622432B4BDCBFD320F9A8B6DDC7B.crl
                          rsync://rpki.sub.apnic.net/repository/A91DD5100000/0/5D707B0D3569622432B4BDCBFD320F9A8B6DDC7B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XXB7DTVpYiQytL3L_TIPmott3Hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 20 Oct 2025 18:44:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d0:4e:be:73:44:95:60:48:40:49:39:1d:08:60:2b:1a:cb:70:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DD5100000, serialNumber=5D707B0D3569622432B4BDCBFD320F9A8B6DDC7B
        Validity
            Not Before: Sep  8 09:20:16 2025 GMT
            Not After : Sep  7 09:25:16 2026 GMT
        Subject: CN=79B44DA866527A036EAA5D51334385479718646A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d9:79:44:89:82:df:86:1b:dc:d1:dc:5e:77:
                    d7:96:fb:bf:e9:37:24:62:ee:d1:a7:f6:6d:8c:46:
                    8d:38:6c:e1:3e:74:55:24:76:da:5f:f7:15:ad:76:
                    eb:ec:2b:af:7e:b1:6b:24:b9:99:18:39:c5:6b:16:
                    31:d8:06:6f:e6:5c:e3:32:9a:fc:b7:5b:1f:3d:59:
                    2c:d2:21:70:a5:9f:0a:3f:61:53:52:24:c9:13:33:
                    fc:6d:1a:36:3c:fe:c0:e1:14:6d:09:c6:a4:0b:3f:
                    0f:48:92:cb:7a:06:16:6a:d5:1f:5a:1d:8d:7f:df:
                    24:f7:db:20:f9:b0:1b:28:c1:f4:d4:4d:43:e4:7f:
                    ba:20:64:89:43:4b:57:9e:ff:a8:b9:a4:d0:7b:9b:
                    9d:31:a7:d3:80:fa:37:3b:28:35:af:17:91:f5:af:
                    b4:8f:d7:c6:4c:ee:fd:3b:ac:f1:02:2a:d9:72:81:
                    26:8b:c1:3a:35:35:e2:38:3b:ac:78:c0:16:bf:45:
                    f0:c9:fc:03:c0:ca:f2:e4:d2:a2:c6:05:24:0c:48:
                    57:f8:51:2f:b8:68:ff:64:a3:78:53:57:2b:b8:5f:
                    4f:a2:0f:15:a3:d8:ac:f0:39:75:80:73:60:04:77:
                    26:56:0a:4b:f5:56:38:f8:48:61:df:4a:59:a1:5e:
                    bb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B4:4D:A8:66:52:7A:03:6E:AA:5D:51:33:43:85:47:97:18:64:6A
            X509v3 Authority Key Identifier:
                keyid:5D:70:7B:0D:35:69:62:24:32:B4:BD:CB:FD:32:0F:9A:8B:6D:DC:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A91DD5100000/0/5D707B0D3569622432B4BDCBFD320F9A8B6DDC7B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XXB7DTVpYiQytL3L_TIPmott3Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A91DD5100000/0/34332e3235322e32302e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.252.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ca:e9:ca:3c:57:0a:94:12:8f:0b:26:5e:55:af:2d:b4:8d:
         83:23:8a:be:42:10:dc:6e:29:28:d2:20:78:73:00:75:58:93:
         ef:59:3a:1e:86:df:b3:f3:df:42:c8:11:e3:de:17:76:3b:9d:
         f6:bf:5f:47:b9:09:dc:d9:41:79:89:f0:db:68:ed:8b:c3:79:
         f7:dc:63:df:8e:08:66:25:56:c8:ba:95:d6:9e:b1:af:7a:9b:
         5e:f0:36:58:95:ae:d3:49:41:3b:c0:5a:50:72:c0:d1:4d:f1:
         ae:5e:b8:6f:69:b4:34:5a:1e:c8:11:89:c5:3a:89:18:ca:72:
         ae:c9:cf:73:18:2f:1f:12:2c:97:72:ae:61:0c:09:d6:7b:7e:
         5a:73:31:b2:69:89:20:13:4a:95:39:22:22:52:e3:a8:bb:de:
         0f:9b:3a:f1:74:e6:98:66:0f:6a:51:1a:0e:da:6b:01:49:1b:
         1f:03:e1:0c:14:8d:4b:27:ef:59:f2:10:bf:ec:5b:6c:8b:0b:
         d8:e0:b0:1a:26:d1:ad:05:92:90:be:c1:71:7c:6d:b6:a8:5e:
         01:24:66:ff:fe:3d:5e:c5:5d:c8:31:9a:19:8d:fa:92:e5:28:
         d1:fc:2d:da:e9:a8:1e:5b:15:91:f6:dd:28:7c:3d:c3:38:d4:
         6f:ec:d0:a9
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUYNBOvnNElWBIQEk5HQhgKxrLcL8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxREQ1MTAwMDAwMTEwLwYDVQQFEyg1RDcwN0IwRDM1
Njk2MjI0MzJCNEJEQ0JGRDMyMEY5QThCNkREQzdCMB4XDTI1MDkwODA5MjAxNloX
DTI2MDkwNzA5MjUxNlowMzExMC8GA1UEAxMoNzlCNDREQTg2NjUyN0EwMzZFQUE1
RDUxMzM0Mzg1NDc5NzE4NjQ2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJDZeUSJgt+GG9zR3F5315b7v+k3JGLu0af2bYxGjThs4T50VSR22l/3Fa12
6+wrr36xayS5mRg5xWsWMdgGb+Zc4zKa/LdbHz1ZLNIhcKWfCj9hU1IkyRMz/G0a
Njz+wOEUbQnGpAs/D0iSy3oGFmrVH1odjX/fJPfbIPmwGyjB9NRNQ+R/uiBkiUNL
V57/qLmk0HubnTGn04D6NzsoNa8XkfWvtI/Xxkzu/Tus8QIq2XKBJovBOjU14jg7
rHjAFr9F8Mn8A8DK8uTSosYFJAxIV/hRL7ho/2SjeFNXK7hfT6IPFaPYrPA5dYBz
YAR3JlYKS/VWOPhIYd9KWaFeu/MCAwEAAaOCAg8wggILMB0GA1UdDgQWBBR5tE2o
ZlJ6A26qXVEzQ4VHlxhkajAfBgNVHSMEGDAWgBRdcHsNNWliJDK0vcv9Mg+ai23c
ezAOBgNVHQ8BAf8EBAMCB4AwcgYDVR0fBGswaTBnoGWgY4ZhcnN5bmM6Ly9ycGtp
LnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTFERDUxMDAwMDAvMC81RDcwN0Iw
RDM1Njk2MjI0MzJCNEJEQ0JGRDMyMEY5QThCNkREQzdCLmNybDB+BggrBgEFBQcB
AQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3Np
dG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9YWEI3RFRWcFlp
UXl0TDNMX1RJUG1vdHQzSHMuY2VyMIGJBggrBgEFBQcBCwR9MHsweQYIKwYBBQUH
MAuGbXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxREQ1
MTAwMDAwLzAvMzQzMzJlMzIzNTMyMmUzMjMwMmUzMDJmMzIzNDJkMzIzNDIwM2Qz
ZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggr
BgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACv8FDANBgkqhkiG9w0BAQsFAAOCAQEA
r8rpyjxXCpQSjwsmXlWvLbSNgyOKvkIQ3G4pKNIgeHMAdViT71k6Hobfs/PfQsgR
494Xdjud9r9fR7kJ3NlBeYnw22jti8N599xj344IZiVWyLqV1p6xr3qbXvA2WJWu
00lBO8BaUHLA0U3xrl64b2m0NFoeyBGJxTqJGMpyrsnPcxgvHxIsl3KuYQwJ1nt+
WnMxsmmJIBNKlTkiIlLjqLveD5s68XTmmGYPalEaDtprAUkbHwPhDBSNSyfvWfIQ
v+xbbIsL2OCwGibRrQWSkL7BcXxttqheASRm//49XsVdyDGaGY36kuUo0fwt2umo
HlsVkfbdKHw9wzjUb+zQqQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:46:48 2025 by rpki-client