Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/4A71D7E08DB811E98ACC9F7EC4F9AE02.roa
File:                     4A71D7E08DB811E98ACC9F7EC4F9AE02.roa (raw, json)
Hash identifier:          am25QW4MJ5THnozpBZGdhNNGRi5OPU/F57+oBhLG+ss=
Subject key identifier:   BE:63:8D:C3:32:80:0A:A7:97:1C:6F:66:7E:29:F7:73:40:49:7D:20
Certificate issuer:       /CN=A91697FA/serialNumber=9F82DBC9466312C5BA2E921279302400956A982A
Certificate serial:       35E0
Authority key identifier: 9F:82:DB:C9:46:63:12:C5:BA:2E:92:12:79:30:24:00:95:6A:98:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n4LbyUZjEsW6LpISeTAkAJVqmCo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/4A71D7E08DB811E98ACC9F7EC4F9AE02.roa
Signing time:             Thu 24 Jul 2025 14:50:40 +0000
ROA not before:           Thu 24 Jul 2025 14:50:40 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     55844
IP address blocks:        203.155.156.0/24 maxlen: 24
                          2405:a000:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/n4LbyUZjEsW6LpISeTAkAJVqmCo.crl
                          rsync://rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/n4LbyUZjEsW6LpISeTAkAJVqmCo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n4LbyUZjEsW6LpISeTAkAJVqmCo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13792 (0x35e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91697FA, serialNumber=9F82DBC9466312C5BA2E921279302400956A982A
        Validity
            Not Before: Jul 24 14:50:40 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68824840-3625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:04:50:f1:21:bf:89:89:54:c4:fb:eb:db:c9:
                    81:ea:b2:a9:90:cd:eb:91:73:ca:60:86:08:4e:02:
                    32:cb:cb:db:0a:f3:e5:c7:36:d9:cb:4d:ff:d3:96:
                    4f:8f:1c:1f:ed:e4:10:76:19:71:30:6a:83:11:8f:
                    4d:72:00:08:a7:fe:41:c6:ed:60:92:2b:35:6a:47:
                    30:34:46:6e:1c:75:db:ab:ba:bb:7d:fe:15:ff:b3:
                    4c:c0:ee:94:23:bf:97:ae:b3:2f:d2:ee:bb:d6:c9:
                    9d:f3:4c:30:e6:30:67:74:2d:8a:a8:4e:15:67:eb:
                    87:3c:9f:1f:ca:9e:98:c0:5c:fc:92:cc:12:ba:ea:
                    bb:3e:b8:59:e6:b9:12:bd:0a:e7:a5:11:a7:52:ae:
                    f9:fc:be:d4:31:0a:34:0b:66:a9:7e:b3:02:e5:8f:
                    b9:64:2a:b8:e7:18:29:e5:49:22:d8:85:ff:5c:1f:
                    68:f2:3c:13:5d:24:95:8e:0f:37:43:61:1b:6e:00:
                    64:d7:93:04:24:21:e1:62:6b:da:fd:23:86:c4:a9:
                    85:2a:71:ca:e0:16:2b:86:49:b9:2b:d2:22:5a:b2:
                    a9:82:72:65:36:07:e1:69:c4:28:41:5c:be:cf:43:
                    30:35:12:4f:3e:c8:60:ee:45:82:32:6f:7e:0e:d8:
                    e9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:63:8D:C3:32:80:0A:A7:97:1C:6F:66:7E:29:F7:73:40:49:7D:20
            X509v3 Authority Key Identifier:
                keyid:9F:82:DB:C9:46:63:12:C5:BA:2E:92:12:79:30:24:00:95:6A:98:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/n4LbyUZjEsW6LpISeTAkAJVqmCo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n4LbyUZjEsW6LpISeTAkAJVqmCo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91697FA/27F83B701D8311E2932921D808B02CD2/4A71D7E08DB811E98ACC9F7EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.155.156.0/24
                IPv6:
                  2405:a000:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:1c:f7:48:a3:f8:9f:f4:ea:a1:6a:38:4e:ba:8f:b3:0f:57:
         a3:83:66:90:f7:f8:90:ad:c9:25:e6:4b:0f:70:a7:fb:34:0a:
         77:e5:e3:74:58:eb:4c:fe:48:3c:ff:79:59:c9:d5:68:4b:f5:
         63:40:bc:dd:f4:43:cf:8d:bd:58:bc:92:94:77:80:ff:2c:cc:
         65:4a:16:ff:e8:8e:e8:1a:11:03:69:3b:18:f9:a1:b3:f4:47:
         37:61:d8:97:88:7d:d1:dd:03:7d:19:a6:9d:35:08:68:79:f0:
         31:e1:d8:ee:37:c1:36:61:45:cc:e9:43:e8:83:46:53:f9:d8:
         08:21:70:ed:f9:bf:4f:7e:9d:c5:6b:00:b7:f1:8e:ed:b4:be:
         f5:7a:ac:72:7d:82:28:58:5f:88:b2:20:59:c4:c3:e6:39:60:
         de:a0:83:d3:3d:dc:6e:e4:36:d7:51:78:0f:d3:24:d2:56:ae:
         e5:98:f0:ed:22:d8:47:fd:de:9d:60:eb:7b:51:a8:ea:9e:fc:
         d8:75:ae:ec:79:11:96:a3:cf:a0:9c:fd:37:2f:3f:a4:36:89:
         d3:52:a9:1a:35:d7:02:31:8e:56:cd:1f:6e:ab:36:81:6c:e6:
         d0:96:f9:20:5e:e9:40:f7:3d:e8:2e:87:fb:b8:77:b0:9f:f1:
         72:98:56:90
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNeAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Njk3RkExMTAvBgNVBAUTKDlGODJEQkM5NDY2MzEyQzVCQTJFOTIxMjc5MzAyNDAw
OTU2QTk4MkEwHhcNMjUwNzI0MTQ1MDQwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgyNDg0MC0zNjI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1wRQ8SG/iYlUxPvr28mB6rKpkM3rkXPKYIYITgIyy8vbCvPlxzbZy03/05ZP
jxwf7eQQdhlxMGqDEY9NcgAIp/5Bxu1gkis1akcwNEZuHHXbq7q7ff4V/7NMwO6U
I7+XrrMv0u671smd80ww5jBndC2KqE4VZ+uHPJ8fyp6YwFz8kswSuuq7PrhZ5rkS
vQrnpRGnUq75/L7UMQo0C2apfrMC5Y+5ZCq45xgp5Uki2IX/XB9o8jwTXSSVjg83
Q2EbbgBk15MEJCHhYmva/SOGxKmFKnHK4BYrhkm5K9IiWrKpgnJlNgfhacQoQVy+
z0MwNRJPPshg7kWCMm9+DtjpkwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFL5jjcMy
gAqnlxxvZn4p93NASX0gMB8GA1UdIwQYMBaAFJ+C28lGYxLFui6SEnkwJACVapgq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OTdGQS8yN0Y4M0I3MDFE
ODMxMUUyOTMyOTIxRDgwOEIwMkNEMi9uNExieVVaakVzVzZMcElTZVRBa0FKVnFt
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL240TGJ5VVpqRXNXNkxwSVNlVEFrQUpWcW1Dby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Njk3RkEvMjdGODNCNzAxRDgzMTFFMjkzMjkyMUQ4MDhCMDJDRDIvNEE3MUQ3RTA4
REI4MTFFOThBQ0M5RjdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBADLm5wwDwQCAAIwCQMHACQFoAAAEzANBgkqhkiG9w0BAQsF
AAOCAQEAqhz3SKP4n/TqoWo4TrqPsw9Xo4NmkPf4kK3JJeZLD3Cn+zQKd+XjdFjr
TP5IPP95WcnVaEv1Y0C83fRDz429WLySlHeA/yzMZUoW/+iO6BoRA2k7GPmhs/RH
N2HYl4h90d0DfRmmnTUIaHnwMeHY7jfBNmFFzOlD6INGU/nYCCFw7fm/T36dxWsA
t/GO7bS+9Xqscn2CKFhfiLIgWcTD5jlg3qCD0z3cbuQ211F4D9Mk0lau5Zjw7SLY
R/3enWDre1Go6p782HWu7HkRlqPPoJz9Ny8/pDaJ01KpGjXXAjGOVs0fbqs2gWzm
0Jb5IF7pQPc96C6H+7h3sJ/xcphWkA==
-----END CERTIFICATE-----
Generated at Mon Aug 11 04:08:05 2025 by rpki-client