Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/5BE6836E501B11F0928AD730C4F9AE02.roa
File:                     5BE6836E501B11F0928AD730C4F9AE02.roa (raw, json)
Hash identifier:          uy/I264zUdcH+IRLmqiohdKtdvR7J47WP3QRFGOJOqU=
Subject key identifier:   BB:5B:E6:B2:8F:98:84:07:A6:64:05:3A:BF:21:1D:EB:AD:A1:88:F0
Certificate issuer:       /CN=A91685E9/serialNumber=F698B5B47A06D5307DEC608969063074B68FF5CA
Certificate serial:       89
Authority key identifier: F6:98:B5:B4:7A:06:D5:30:7D:EC:60:89:69:06:30:74:B6:8F:F5:CA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9pi1tHoG1TB97GCJaQYwdLaP9co.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/5BE6836E501B11F0928AD730C4F9AE02.roa
Signing time:             Sun 27 Jul 2025 06:27:51 +0000
ROA not before:           Sun 27 Jul 2025 06:27:51 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     152565
IP address blocks:        2401:e920::/33 maxlen: 33
                          2401:e920:8000::/34 maxlen: 34
                          2401:e920:c00c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/9pi1tHoG1TB97GCJaQYwdLaP9co.crl
                          rsync://rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/9pi1tHoG1TB97GCJaQYwdLaP9co.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9pi1tHoG1TB97GCJaQYwdLaP9co.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 137 (0x89)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91685E9, serialNumber=F698B5B47A06D5307DEC608969063074B68FF5CA
        Validity
            Not Before: Jul 27 06:27:51 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=6885c6e7-de8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b4:6b:a6:07:59:75:13:f6:bb:2c:41:cb:02:
                    ef:2f:b8:8b:1c:c6:21:6c:12:2b:ef:4b:19:bd:30:
                    10:5b:54:bf:2b:32:a2:4f:ed:f9:cc:c9:17:d8:a1:
                    1b:c6:8d:e7:e3:a3:89:79:c0:6b:0a:ec:38:1f:e0:
                    76:09:d0:37:3c:f9:98:31:a2:5a:06:3d:70:96:32:
                    f1:c5:6f:8a:99:cf:e6:64:a8:f0:ca:bc:b5:3e:a3:
                    b6:ca:84:b2:b4:a2:14:0c:20:fc:86:e7:36:27:e6:
                    61:82:7b:3b:f9:7c:c4:a3:cf:f9:cf:8e:2b:c1:74:
                    84:67:2b:c2:39:81:e5:a8:ff:b7:f2:c2:1a:28:24:
                    81:87:ed:55:0a:35:6f:35:f5:c6:e9:dc:c8:94:2e:
                    53:ec:42:6b:bb:49:f1:7e:24:56:f1:4e:8a:6d:08:
                    36:62:c8:fd:92:22:39:02:8a:c3:7e:22:c0:2b:3a:
                    9b:56:c0:97:44:9b:5e:3b:18:50:9c:5b:82:03:9f:
                    30:65:eb:d3:4d:fc:27:8d:21:fa:6e:cb:5d:79:49:
                    e5:6f:28:1a:98:3f:28:a3:44:44:5f:42:7e:c6:46:
                    34:5a:74:7c:4c:61:d8:0b:ff:e5:4a:04:2f:ae:f4:
                    54:94:36:9e:39:7d:c2:33:61:49:88:1a:76:2d:d2:
                    ff:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:5B:E6:B2:8F:98:84:07:A6:64:05:3A:BF:21:1D:EB:AD:A1:88:F0
            X509v3 Authority Key Identifier:
                keyid:F6:98:B5:B4:7A:06:D5:30:7D:EC:60:89:69:06:30:74:B6:8F:F5:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/9pi1tHoG1TB97GCJaQYwdLaP9co.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9pi1tHoG1TB97GCJaQYwdLaP9co.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91685E9/C928043AD17611EF95C5DE5AC4F9AE02/5BE6836E501B11F0928AD730C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:e920::-2401:e920:bfff:ffff:ffff:ffff:ffff:ffff
                  2401:e920:c00c::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:4d:29:b2:3d:b4:98:26:0c:bd:53:65:ef:f7:3a:e6:00:7b:
         a2:56:ff:e6:bd:82:a7:4a:c0:ca:58:71:a7:a7:7b:7e:56:79:
         f9:48:1a:31:59:d7:33:48:2a:c8:67:1d:2d:ef:1a:46:e8:0d:
         24:05:db:46:de:ab:4c:74:2c:be:fe:06:91:1e:57:28:58:98:
         96:f0:fc:ac:9e:c3:ad:12:e4:7b:3a:08:b7:5c:0b:2c:42:72:
         60:c6:a5:ad:d3:df:04:ef:87:3e:d5:91:3e:b9:f6:a3:69:ce:
         d2:40:ee:8d:1b:dc:5d:a5:a9:3e:9e:5c:77:2d:1a:98:1c:31:
         1f:c0:cf:ec:45:3c:8d:5e:64:0c:91:a4:39:cc:7f:22:b0:65:
         c7:bb:ad:fc:38:28:5e:57:61:37:97:c3:f0:bf:08:eb:c3:4d:
         3d:87:b3:52:db:6e:fd:2c:7e:af:d2:2a:06:31:de:7e:d6:4f:
         4c:ce:24:e1:5b:c8:32:b8:09:ae:cd:a9:9e:6b:c1:28:87:a2:
         ee:21:2e:0c:00:02:60:65:47:82:22:a1:fc:d5:89:4e:f6:12:
         80:e1:b5:46:c2:eb:75:11:b0:00:43:4c:9c:fb:d1:7d:10:6c:
         75:54:ed:0c:55:84:22:1d:9c:78:89:07:d2:2a:c8:f5:be:81:
         74:36:bd:19
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAIkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Njg1RTkxMTAvBgNVBAUTKEY2OThCNUI0N0EwNkQ1MzA3REVDNjA4OTY5MDYzMDc0
QjY4RkY1Q0EwHhcNMjUwNzI3MDYyNzUxWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg1YzZlNy1kZThkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuLRrpgdZdRP2uyxBywLvL7iLHMYhbBIr70sZvTAQW1S/KzKiT+35zMkX2KEb
xo3n46OJecBrCuw4H+B2CdA3PPmYMaJaBj1wljLxxW+Kmc/mZKjwyry1PqO2yoSy
tKIUDCD8huc2J+Zhgns7+XzEo8/5z44rwXSEZyvCOYHlqP+38sIaKCSBh+1VCjVv
NfXG6dzIlC5T7EJru0nxfiRW8U6KbQg2Ysj9kiI5AorDfiLAKzqbVsCXRJteOxhQ
nFuCA58wZevTTfwnjSH6bstdeUnlbygamD8oo0REX0J+xkY0WnR8TGHYC//lSgQv
rvRUlDaeOX3CM2FJiBp2LdL/rQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFLtb5rKP
mIQHpmQFOr8hHeutoYjwMB8GA1UdIwQYMBaAFPaYtbR6BtUwfexgiWkGMHS2j/XK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2ODVFOS9DOTI4MDQzQUQx
NzYxMUVGOTVDNURFNUFDNEY5QUUwMi85cGkxdEhvRzFUQjk3R0NKYVFZd2RMYVA5
Y28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlwaTF0SG9HMVRCOTdHQ0phUVl3ZExhUDljby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Njg1RTkvQzkyODA0M0FEMTc2MTFFRjk1QzVERTVBQzRGOUFFMDIvNUJFNjgzNkU1
MDFCMTFGMDkyOEFENzMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgACMBowDwMFBSQB6SADBgYkAekggAMHACQB6SDADDANBgkqhkiG9w0B
AQsFAAOCAQEAGE0psj20mCYMvVNl7/c65gB7olb/5r2Cp0rAylhxp6d7flZ5+Uga
MVnXM0gqyGcdLe8aRugNJAXbRt6rTHQsvv4GkR5XKFiYlvD8rJ7DrRLkezoIt1wL
LEJyYMalrdPfBO+HPtWRPrn2o2nO0kDujRvcXaWpPp5cdy0amBwxH8DP7EU8jV5k
DJGkOcx/IrBlx7ut/DgoXldhN5fD8L8I68NNPYezUttu/Sx+r9IqBjHeftZPTM4k
4VvIMrgJrs2pnmvBKIei7iEuDAACYGVHgiKh/NWJTvYSgOG1RsLrdRGwAENMnPvR
fRBsdVTtDFWEIh2ceIkH0irI9b6BdDa9GQ==
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:22:25 2025 by rpki-client