Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/FD398FA0BB5D11ECA62F8674C4F9AE02.roa
File:                     FD398FA0BB5D11ECA62F8674C4F9AE02.roa (raw, json)
Hash identifier:          OZN4xQkAGlo2J7xAsq7WK/TKxkfRBmTruJ0GM4QH81c=
Subject key identifier:   A9:8A:9C:27:39:AE:50:E9:C1:90:B4:73:6B:08:A0:9F:FB:3E:01:0D
Certificate issuer:       /CN=A91607DE/serialNumber=3D0A88C0CCA3EE8677CD17DF3EE86DE71DFC1129
Certificate serial:       0371
Authority key identifier: 3D:0A:88:C0:CC:A3:EE:86:77:CD:17:DF:3E:E8:6D:E7:1D:FC:11:29
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PQqIwMyj7oZ3zRffPuht5x38ESk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/FD398FA0BB5D11ECA62F8674C4F9AE02.roa
Signing time:             Thu 07 Aug 2025 01:36:43 +0000
ROA not before:           Thu 07 Aug 2025 01:36:43 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     56286
IP address blocks:        203.222.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/PQqIwMyj7oZ3zRffPuht5x38ESk.crl
                          rsync://rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/PQqIwMyj7oZ3zRffPuht5x38ESk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PQqIwMyj7oZ3zRffPuht5x38ESk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 881 (0x371)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91607DE, serialNumber=3D0A88C0CCA3EE8677CD17DF3EE86DE71DFC1129
        Validity
            Not Before: Aug  7 01:36:43 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6894032b-e82b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1c:be:2f:b9:22:5d:9c:32:43:f0:ed:c0:92:
                    d1:df:ae:6f:96:42:dd:97:97:6f:db:d5:3f:57:a9:
                    51:c0:05:c2:41:ba:17:6b:d8:61:27:aa:75:af:39:
                    14:1d:ee:e8:e0:2f:f8:34:f6:cc:c8:5e:25:5d:c7:
                    25:c1:17:ec:fa:4d:8c:da:42:be:99:8f:b8:57:5c:
                    72:b5:dd:9b:16:10:f7:57:1c:9a:74:49:90:d5:05:
                    1d:5c:b2:37:2c:16:18:56:a8:52:e6:32:55:55:70:
                    71:e7:08:22:4f:1e:17:41:0e:66:39:c9:8c:ac:17:
                    13:07:e6:6f:4e:f3:e9:fc:21:6c:b9:17:2d:0c:6c:
                    c5:89:83:43:4c:e4:1a:1b:d1:40:7b:52:6d:07:1b:
                    15:7f:31:d1:cf:77:ea:a1:6d:f4:b6:9b:7a:51:19:
                    1d:48:aa:11:17:42:fc:e9:81:d4:52:e0:5c:25:ee:
                    c7:72:66:bb:b7:a3:6c:8e:08:ba:29:7e:97:c2:b9:
                    bc:dc:d4:31:2a:aa:7f:96:81:7e:22:4a:cc:a9:a4:
                    c1:2a:a1:bd:97:2b:ee:2b:c8:2d:98:da:1d:b6:62:
                    ad:6e:67:17:81:4f:34:f5:58:3a:41:60:b0:ef:73:
                    25:73:40:3c:24:97:1d:dc:ea:d6:b7:d5:ae:52:41:
                    a8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8A:9C:27:39:AE:50:E9:C1:90:B4:73:6B:08:A0:9F:FB:3E:01:0D
            X509v3 Authority Key Identifier:
                keyid:3D:0A:88:C0:CC:A3:EE:86:77:CD:17:DF:3E:E8:6D:E7:1D:FC:11:29

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/PQqIwMyj7oZ3zRffPuht5x38ESk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PQqIwMyj7oZ3zRffPuht5x38ESk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91607DE/C76814C6BB5A11EC908AC96EC4F9AE02/FD398FA0BB5D11ECA62F8674C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.222.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:06:77:1a:66:17:95:9a:fe:44:1c:a3:81:9c:44:c4:15:01:
         ee:d6:4d:3a:6f:d6:02:b5:2e:7b:4f:5f:ba:e9:2e:85:f3:e8:
         90:c1:c2:c1:3a:da:63:ab:19:15:85:64:f0:16:39:10:ef:3e:
         97:52:b4:fe:79:c8:2c:fb:68:7a:51:73:17:88:69:a7:de:3b:
         24:19:11:71:35:e2:12:b6:6a:c0:86:4c:8b:d4:d4:af:d1:f3:
         1d:a1:73:28:6c:35:57:c0:06:f8:d7:65:43:d7:dc:15:b4:02:
         60:71:32:46:f0:68:6b:0d:bf:56:79:e8:82:d0:c7:cd:55:4d:
         b3:f8:b9:76:0f:8f:89:8d:43:e1:96:f1:9f:29:48:c3:15:8f:
         6f:27:5a:7e:65:d2:44:f5:2c:9b:9f:03:6e:a6:f7:51:bf:6f:
         3c:d9:97:48:de:7e:a2:9a:99:19:ab:b1:01:4f:39:14:bd:3e:
         26:35:3c:ff:92:29:9f:a2:09:b4:b2:ce:0d:2d:0a:76:5e:19:
         8e:e8:89:44:6a:a6:fd:67:dd:49:33:5b:2c:20:28:65:72:1b:
         53:4e:7d:ef:96:b1:c9:bd:f7:8e:c6:db:fc:60:e1:3f:72:a6:
         37:27:e5:42:d4:3a:e0:d1:b3:05:37:b0:c6:28:03:a0:5a:d6:
         8f:35:25:f2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA3EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjA3REUxMTAvBgNVBAUTKDNEMEE4OEMwQ0NBM0VFODY3N0NEMTdERjNFRTg2REU3
MURGQzExMjkwHhcNMjUwODA3MDEzNjQzWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODk0MDMyYi1lODJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuRy+L7kiXZwyQ/DtwJLR365vlkLdl5dv29U/V6lRwAXCQboXa9hhJ6p1rzkU
He7o4C/4NPbMyF4lXcclwRfs+k2M2kK+mY+4V1xytd2bFhD3VxyadEmQ1QUdXLI3
LBYYVqhS5jJVVXBx5wgiTx4XQQ5mOcmMrBcTB+ZvTvPp/CFsuRctDGzFiYNDTOQa
G9FAe1JtBxsVfzHRz3fqoW30tpt6URkdSKoRF0L86YHUUuBcJe7Hcma7t6Nsjgi6
KX6Xwrm83NQxKqp/loF+IkrMqaTBKqG9lyvuK8gtmNodtmKtbmcXgU809Vg6QWCw
73Mlc0A8JJcd3OrWt9WuUkGoxwIDAQABo4IClTCCApEwHQYDVR0OBBYEFKmKnCc5
rlDpwZC0c2sIoJ/7PgENMB8GA1UdIwQYMBaAFD0KiMDMo+6Gd80X3z7obecd/BEp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MDdERS9DNzY4MTRDNkJC
NUExMUVDOTA4QUM5NkVDNEY5QUUwMi9QUXFJd015ajdvWjN6UmZmUHVodDV4MzhF
U2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BRcUl3TXlqN29aM3pSZmZQdWh0NXgzOEVTay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjA3REUvQzc2ODE0QzZCQjVBMTFFQzkwOEFDOTZFQzRGOUFFMDIvRkQzOThGQTBC
QjVEMTFFQ0E2MkY4Njc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADL3i8wDQYJKoZIhvcNAQELBQADggEBAGcGdxpmF5Wa/kQc
o4GcRMQVAe7WTTpv1gK1LntPX7rpLoXz6JDBwsE62mOrGRWFZPAWORDvPpdStP55
yCz7aHpRcxeIaafeOyQZEXE14hK2asCGTIvU1K/R8x2hcyhsNVfABvjXZUPX3BW0
AmBxMkbwaGsNv1Z56ILQx81VTbP4uXYPj4mNQ+GW8Z8pSMMVj28nWn5l0kT1LJuf
A26m91G/bzzZl0jefqKamRmrsQFPORS9PiY1PP+SKZ+iCbSyzg0tCnZeGY7oiURq
pv1n3UkzWywgKGVyG1NOfe+Wscm9947G2/xg4T9ypjcn5ULUOuDRswU3sMYoA6Ba
1o81JfI=
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:10:46 2025 by rpki-client