Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E03999C441C511E8BEC06D36C4F9AE02.roa
File:                     E03999C441C511E8BEC06D36C4F9AE02.roa (raw, json)
Hash identifier:          O3rOOeO9NEzWJisf/+SOItZOvkqX45T7Wsg+v5VOxko=
Subject key identifier:   60:BB:03:74:B1:2E:F5:64:FF:50:92:71:3D:95:0A:C5:9F:2D:1A:65
Certificate issuer:       /CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Certificate serial:       2867
Authority key identifier: 99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E03999C441C511E8BEC06D36C4F9AE02.roa
Signing time:             Sat 26 Jul 2025 15:53:35 +0000
ROA not before:           Sat 26 Jul 2025 15:53:35 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     135605
IP address blocks:        2402:9e80:19::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl
                          rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10343 (0x2867)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911C28D, serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
        Validity
            Not Before: Jul 26 15:53:35 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6884f9ff-a39b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ed:96:ee:5a:99:d7:fa:d8:43:7a:46:63:7e:
                    fc:68:b4:89:5c:08:d6:bf:83:f4:64:87:bf:12:33:
                    d6:05:e0:f8:d3:c3:d2:83:63:6c:cf:7b:90:60:f7:
                    3a:dd:74:de:27:10:51:58:1d:4d:75:72:14:a5:2c:
                    50:50:02:86:4c:4d:d7:a3:d0:35:b9:d6:f8:c2:72:
                    6d:2f:ee:df:df:c4:25:9c:b5:9d:97:ff:27:84:a0:
                    b1:8c:d9:f5:22:42:01:e4:82:e4:48:2f:7d:8a:62:
                    5a:70:1a:83:d9:de:b6:cd:d4:65:03:22:18:f6:5b:
                    3d:b0:17:b7:13:2e:12:56:75:b2:16:2f:4d:1c:63:
                    c7:4f:8a:93:bc:de:12:ac:bb:7f:ed:f2:63:7e:bf:
                    92:19:40:23:21:cb:f2:7f:1d:11:83:e8:c5:b6:43:
                    15:51:3b:57:71:bc:12:8b:37:93:57:10:fa:db:89:
                    f3:8b:b4:08:65:87:1d:28:9a:41:89:04:0d:b3:77:
                    24:af:38:1e:5a:50:06:b2:f3:e1:09:8a:d6:01:c6:
                    29:98:22:47:04:50:42:38:03:aa:d5:d1:0b:ce:86:
                    54:72:db:a4:78:45:32:3c:e6:4d:e0:e0:14:dd:7e:
                    d6:0c:35:4f:6d:95:5d:02:dc:14:c1:a0:f1:1a:1c:
                    54:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:BB:03:74:B1:2E:F5:64:FF:50:92:71:3D:95:0A:C5:9F:2D:1A:65
            X509v3 Authority Key Identifier:
                keyid:99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E03999C441C511E8BEC06D36C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:9e80:19::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:13:45:58:0c:d5:cc:1f:16:e3:95:fa:37:24:d4:37:b5:78:
         ba:64:4c:36:78:1d:81:85:09:3f:78:f3:78:80:4e:72:6e:36:
         ed:32:c5:e2:94:71:62:70:9f:02:28:ce:15:99:2a:97:cd:3b:
         f0:67:d9:b8:a8:ec:9d:f0:90:f6:e1:83:44:d0:6b:0d:88:50:
         be:49:36:bd:d0:57:0c:54:5f:f6:03:de:06:6d:27:ff:62:48:
         65:d1:9c:bb:4c:10:ce:08:78:3f:28:db:af:ce:d3:da:67:f2:
         ee:67:7d:78:e7:2c:3f:a3:c3:8d:ae:e0:9f:fb:24:6e:e9:05:
         05:00:c3:c0:61:06:d7:d6:e6:e0:3b:58:d6:46:45:ff:d6:f8:
         2c:e3:32:0a:1f:93:5d:fb:a1:50:c0:de:32:53:d6:39:ea:c6:
         dc:56:02:02:81:b4:8f:dd:52:da:ff:f6:53:70:2d:d8:a8:64:
         86:5a:be:f2:be:ab:b3:20:fc:49:b0:7c:e5:35:da:37:2c:2e:
         10:25:4a:1e:1d:29:1d:6f:a5:1d:98:d0:c7:b5:fe:b3:d1:4d:
         d9:8a:f7:36:fb:6d:fd:45:70:56:81:7a:41:8c:35:80:dc:e6:
         ec:9f:76:8b:cf:da:28:23:76:7a:12:82:e4:cd:5e:f7:bf:0e:
         d0:52:8d:ab
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICKGcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMyOEQxMTAvBgNVBAUTKDk5REZCNkJGNzk1MEU2QjQwMTk1QTU5MDI0RjRCNzUw
ODYzRDNEOTMwHhcNMjUwNzI2MTU1MzM1WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg0ZjlmZi1hMzliMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyu2W7lqZ1/rYQ3pGY378aLSJXAjWv4P0ZIe/EjPWBeD408PSg2Nsz3uQYPc6
3XTeJxBRWB1NdXIUpSxQUAKGTE3Xo9A1udb4wnJtL+7f38QlnLWdl/8nhKCxjNn1
IkIB5ILkSC99imJacBqD2d62zdRlAyIY9ls9sBe3Ey4SVnWyFi9NHGPHT4qTvN4S
rLt/7fJjfr+SGUAjIcvyfx0Rg+jFtkMVUTtXcbwSizeTVxD624nzi7QIZYcdKJpB
iQQNs3ckrzgeWlAGsvPhCYrWAcYpmCJHBFBCOAOq1dELzoZUctukeEUyPOZN4OAU
3X7WDDVPbZVdAtwUwaDxGhxUqwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFGC7A3Sx
LvVk/1CScT2VCsWfLRplMB8GA1UdIwQYMBaAFJnftr95UOa0AZWlkCT0t1CGPT2T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzI4RC9CREFCNjdGNjNB
ODAxMUU1QUUzOTAxNTVDNEY5QUUwMi9tZC0ydjNsUTVyUUJsYVdRSlBTM1VJWTlQ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21kLTJ2M2xRNXJRQmxhV1FKUFMzVUlZOVBaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMyOEQvQkRBQjY3RjYzQTgwMTFFNUFFMzkwMTU1QzRGOUFFMDIvRTAzOTk5QzQ0
MUM1MTFFOEJFQzA2RDM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkAp6AABkwDQYJKoZIhvcNAQELBQADggEBACgTRVgM1cwf
FuOV+jck1De1eLpkTDZ4HYGFCT9483iATnJuNu0yxeKUcWJwnwIozhWZKpfNO/Bn
2bio7J3wkPbhg0TQaw2IUL5JNr3QVwxUX/YD3gZtJ/9iSGXRnLtMEM4IeD8o26/O
09pn8u5nfXjnLD+jw42u4J/7JG7pBQUAw8BhBtfW5uA7WNZGRf/W+CzjMgofk137
oVDA3jJT1jnqxtxWAgKBtI/dUtr/9lNwLdioZIZavvK+q7Mg/EmwfOU12jcsLhAl
Sh4dKR1vpR2Y0Me1/rPRTdmK9zb7bf1FcFaBekGMNYDc5uyfdovP2igjdnoSguTN
Xve/DtBSjas=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:47:37 2025 by rpki-client