Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/70ED9D2837D111EF99A8011CC4F9AE02.roa
File:                     70ED9D2837D111EF99A8011CC4F9AE02.roa (raw, json)
Hash identifier:          ON0MiwZBInBHM7jc0lp0894BhHXsr6LrKE7baf75anU=
Subject key identifier:   40:CB:E4:BF:CA:65:1F:F2:56:8A:22:B5:2A:FF:03:78:A3:67:11:57
Certificate issuer:       /CN=A91B7948/serialNumber=2D80BB5295580BE368DA68FB8D03EAB48D7AC6CB
Certificate serial:       C9
Authority key identifier: 2D:80:BB:52:95:58:0B:E3:68:DA:68:FB:8D:03:EA:B4:8D:7A:C6:CB
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LYC7UpVYC-No2mj7jQPqtI16xss.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/70ED9D2837D111EF99A8011CC4F9AE02.roa
Signing time:             Fri 25 Jul 2025 06:13:34 +0000
ROA not before:           Fri 25 Jul 2025 06:13:34 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     153045
IP address blocks:        160.25.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/LYC7UpVYC-No2mj7jQPqtI16xss.crl
                          rsync://rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/LYC7UpVYC-No2mj7jQPqtI16xss.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LYC7UpVYC-No2mj7jQPqtI16xss.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 201 (0xc9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7948, serialNumber=2D80BB5295580BE368DA68FB8D03EAB48D7AC6CB
        Validity
            Not Before: Jul 25 06:13:34 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6883208e-0ec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:94:e2:cb:bf:90:52:af:4b:8d:c0:eb:68:02:
                    de:fc:c4:ff:c0:56:3b:ca:ef:39:c8:53:b4:09:21:
                    2e:73:88:96:9d:85:f8:ee:af:6d:ed:70:6e:db:09:
                    83:88:dd:74:f1:cd:1a:10:d3:8d:67:34:29:2f:ea:
                    3b:90:45:41:9b:a6:40:f8:e2:48:33:f2:76:67:ab:
                    ed:9c:32:a1:7d:dc:5b:81:03:af:ab:4b:34:57:af:
                    08:1a:df:60:6b:bf:0e:9e:e2:f1:58:26:8f:ca:a7:
                    e4:c0:0f:a4:ca:93:19:b7:51:3a:7e:30:06:4f:6f:
                    8d:5c:17:87:46:41:51:ea:7e:23:6d:9c:6c:f0:de:
                    08:ef:87:46:51:61:e8:ba:21:9f:a5:8c:29:1a:e0:
                    b1:c7:4a:54:7a:98:2d:4e:d7:d2:65:fb:77:90:c6:
                    7d:b8:5b:1d:dc:d6:df:c9:11:e7:a3:57:12:be:b8:
                    0d:d2:d8:ec:cd:bf:37:91:0b:63:73:41:2a:dc:c7:
                    f9:e5:84:5e:07:20:ee:7c:fd:ec:bf:1d:a1:ca:98:
                    f8:11:19:bb:65:36:5d:d2:1d:75:b2:e1:13:2c:8e:
                    fa:77:6d:7b:e5:cc:76:56:0c:25:1b:7e:fb:24:78:
                    2b:82:56:a6:3f:0b:2d:5a:cc:80:36:a3:79:0d:ba:
                    5a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CB:E4:BF:CA:65:1F:F2:56:8A:22:B5:2A:FF:03:78:A3:67:11:57
            X509v3 Authority Key Identifier:
                keyid:2D:80:BB:52:95:58:0B:E3:68:DA:68:FB:8D:03:EA:B4:8D:7A:C6:CB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/LYC7UpVYC-No2mj7jQPqtI16xss.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LYC7UpVYC-No2mj7jQPqtI16xss.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7948/46DC6B0A37D011EF8945471AC4F9AE02/70ED9D2837D111EF99A8011CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b1:b6:9c:0c:a9:91:56:24:d7:20:19:12:2c:7f:72:3b:be:
         8e:52:87:f6:c8:85:57:ef:12:a5:b4:af:6a:80:a8:45:14:52:
         7e:60:31:f8:e9:32:12:d2:2a:17:61:ba:9b:23:09:6d:92:80:
         34:65:87:f9:7f:14:4e:70:b4:23:4d:72:ad:81:93:cc:6b:b9:
         7d:fd:d2:e6:11:74:de:cf:a5:ff:e2:ba:36:48:b2:17:87:1e:
         1c:3b:d6:49:78:45:6c:ed:bb:8e:c5:b4:3e:30:4d:00:c4:54:
         c8:dd:2c:1c:f9:ef:69:e0:ba:41:23:ec:f5:14:59:ff:53:e0:
         0b:b7:8f:44:d4:5a:0f:8c:86:94:42:38:ab:21:4c:2d:84:6a:
         0e:4a:54:04:07:77:cc:d1:0f:09:4c:b2:ad:cd:35:bc:15:67:
         c5:90:58:3f:9d:b9:98:ca:f1:da:46:28:27:f7:6e:45:58:cd:
         9d:9a:c5:01:5e:32:31:1c:3d:ff:20:fa:70:aa:e4:ac:86:93:
         fe:26:f1:20:c3:2f:cd:37:06:a6:b2:e7:ec:ec:f9:66:5c:53:
         ba:d2:56:2f:70:2c:f7:d7:e0:5b:3a:90:ee:35:65:87:36:68:
         61:c6:04:57:4f:57:65:fd:92:bd:5e:36:ed:af:69:a0:8f:9a:
         ae:3a:fa:64
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjc5NDgxMTAvBgNVBAUTKDJEODBCQjUyOTU1ODBCRTM2OERBNjhGQjhEMDNFQUI0
OEQ3QUM2Q0IwHhcNMjUwNzI1MDYxMzM0WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgzMjA4ZS0wZWM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0pTiy7+QUq9LjcDraALe/MT/wFY7yu85yFO0CSEuc4iWnYX47q9t7XBu2wmD
iN108c0aENONZzQpL+o7kEVBm6ZA+OJIM/J2Z6vtnDKhfdxbgQOvq0s0V68IGt9g
a78OnuLxWCaPyqfkwA+kypMZt1E6fjAGT2+NXBeHRkFR6n4jbZxs8N4I74dGUWHo
uiGfpYwpGuCxx0pUepgtTtfSZft3kMZ9uFsd3NbfyRHno1cSvrgN0tjszb83kQtj
c0Eq3Mf55YReByDufP3svx2hypj4ERm7ZTZd0h11suETLI76d2175cx2VgwlG377
JHgrglamPwstWsyANqN5Dbpa5wIDAQABo4IClTCCApEwHQYDVR0OBBYEFEDL5L/K
ZR/yVooitSr/A3ijZxFXMB8GA1UdIwQYMBaAFC2Au1KVWAvjaNpo+40D6rSNesbL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNzk0OC80NkRDNkIwQTM3
RDAxMUVGODk0NTQ3MUFDNEY5QUUwMi9MWUM3VXBWWUMtTm8ybWo3alFQcXRJMTZ4
c3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0xZQzdVcFZZQy1ObzJtajdqUVBxdEkxNnhzcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjc5NDgvNDZEQzZCMEEzN0QwMTFFRjg5NDU0NzFBQzRGOUFFMDIvNzBFRDlEMjgz
N0QxMTFFRjk5QTgwMTFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACgGSwwDQYJKoZIhvcNAQELBQADggEBAASxtpwMqZFWJNcg
GRIsf3I7vo5Sh/bIhVfvEqW0r2qAqEUUUn5gMfjpMhLSKhdhupsjCW2SgDRlh/l/
FE5wtCNNcq2Bk8xruX390uYRdN7Ppf/iujZIsheHHhw71kl4RWztu47FtD4wTQDE
VMjdLBz572ngukEj7PUUWf9T4Au3j0TUWg+MhpRCOKshTC2Eag5KVAQHd8zRDwlM
sq3NNbwVZ8WQWD+duZjK8dpGKCf3bkVYzZ2axQFeMjEcPf8g+nCq5KyGk/4m8SDD
L803Bqay5+zs+WZcU7rSVi9wLPfX4Fs6kO41ZYc2aGHGBFdPV2X9kr1eNu2vaaCP
mq46+mQ=
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:05:06 2025 by rpki-client