Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/0AC098846EDA11F08D404571C4F9AE02.roa
File:                     0AC098846EDA11F08D404571C4F9AE02.roa (raw, json)
Hash identifier:          XUaCHo7ISEfVt8zg4dz4qiHM8RTC6XTgDTg25gi/BRg=
Subject key identifier:   2D:2E:EA:27:A1:D6:0D:13:BC:34:62:94:61:B1:76:42:32:D9:6E:AE
Certificate issuer:       /CN=A91E8BE3/serialNumber=554F5D7C66EC50E84A8ABBBA9968177E4729D366
Certificate serial:       75
Authority key identifier: 55:4F:5D:7C:66:EC:50:E8:4A:8A:BB:BA:99:68:17:7E:47:29:D3:66
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VU9dfGbsUOhKiru6mWgXfkcp02Y.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/0AC098846EDA11F08D404571C4F9AE02.roa
Signing time:             Fri 01 Aug 2025 13:18:41 +0000
ROA not before:           Fri 01 Aug 2025 13:18:41 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     151133
IP address blocks:        2001:df4:ccc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/VU9dfGbsUOhKiru6mWgXfkcp02Y.crl
                          rsync://rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/VU9dfGbsUOhKiru6mWgXfkcp02Y.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VU9dfGbsUOhKiru6mWgXfkcp02Y.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 117 (0x75)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E8BE3, serialNumber=554F5D7C66EC50E84A8ABBBA9968177E4729D366
        Validity
            Not Before: Aug  1 13:18:41 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=688cbeb1-48bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b6:06:a5:f5:17:8f:6c:f5:05:c4:d3:35:38:
                    88:ab:ed:4e:ef:d8:cc:6d:44:52:5a:6a:cd:9e:f9:
                    06:aa:7b:a2:e7:e6:d9:ae:50:f3:bd:87:98:25:31:
                    5d:18:f6:97:e6:96:52:71:14:91:b4:2e:99:17:5c:
                    67:5b:c2:ce:8b:54:8a:c2:3c:ec:bf:c2:8c:77:5f:
                    7f:bd:59:eb:69:b2:6d:f0:d6:49:d7:ec:9d:e1:89:
                    7a:19:ae:28:90:b8:b3:6b:68:dc:9e:98:2d:28:c3:
                    8a:00:c0:2d:4e:4b:d2:95:35:9b:41:cc:29:9d:dc:
                    01:54:0e:14:1c:58:2e:b4:c0:4b:2d:f4:6a:00:d8:
                    43:98:af:ee:71:4e:57:f5:f2:76:9d:70:71:b9:ac:
                    04:f9:3b:55:94:db:99:84:86:8d:b1:ad:58:e0:8f:
                    1e:55:b1:9f:66:09:09:77:c9:7a:4d:57:b8:30:d5:
                    c3:ab:eb:35:ad:df:29:ab:a9:37:73:7e:af:1e:c3:
                    ec:fb:cc:4b:69:7d:cc:a5:11:65:7d:d3:b9:4a:1f:
                    bc:0e:19:2e:5f:d7:92:2c:d5:1f:4f:5f:b4:6c:da:
                    f4:20:2a:be:94:2b:2d:c7:b2:47:c6:db:1b:87:db:
                    82:78:eb:12:1f:71:4c:21:9c:34:3c:42:85:de:d4:
                    28:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2E:EA:27:A1:D6:0D:13:BC:34:62:94:61:B1:76:42:32:D9:6E:AE
            X509v3 Authority Key Identifier:
                keyid:55:4F:5D:7C:66:EC:50:E8:4A:8A:BB:BA:99:68:17:7E:47:29:D3:66

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/VU9dfGbsUOhKiru6mWgXfkcp02Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VU9dfGbsUOhKiru6mWgXfkcp02Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E8BE3/EEEF7FEABF9C11EF9DA88282C4F9AE02/0AC098846EDA11F08D404571C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:ccc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:5a:c6:b8:54:c2:4a:15:f3:06:24:2a:4e:f0:55:8d:6e:00:
         3d:39:2f:d9:81:69:a8:2a:4f:d6:bf:ee:da:d0:eb:8c:bb:f9:
         8a:f1:2f:5d:7a:25:90:81:64:61:52:af:c6:f4:f3:db:c1:85:
         22:98:a1:a7:d9:7c:fc:0d:d6:40:a1:48:22:27:08:04:e7:83:
         9c:09:84:04:70:c0:dd:0b:1a:66:44:b5:88:3c:f1:3b:86:6a:
         e6:f2:d1:74:fc:8f:9f:61:97:1a:49:55:5e:30:2e:fc:64:75:
         10:67:53:c5:5e:ec:3b:2b:1a:cb:b4:11:c3:57:2d:23:18:17:
         a2:ab:9a:34:4d:23:96:79:6d:66:f4:18:e2:27:5d:ef:d3:83:
         23:df:cc:dc:a7:a5:aa:6e:bc:5b:d9:1d:88:e7:a1:cb:23:c7:
         b6:5d:d4:c8:c7:ae:26:c5:09:8c:52:3a:f1:19:b7:0a:7c:11:
         cc:6d:b3:9e:1e:01:c9:14:5e:61:54:e8:0e:a1:08:e4:90:59:
         69:31:74:86:34:95:0f:a0:43:98:e2:2e:2e:35:ec:af:36:d0:
         f8:3a:cb:97:45:99:26:0e:39:4e:ee:03:f9:7c:b9:e1:d9:05:
         1b:af:5e:93:6b:48:fa:ad:28:e4:b3:5a:e5:13:e0:67:bc:26:
         a2:60:ad:ba
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBdTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
OEJFMzExMC8GA1UEBRMoNTU0RjVEN0M2NkVDNTBFODRBOEFCQkJBOTk2ODE3N0U0
NzI5RDM2NjAeFw0yNTA4MDExMzE4NDFaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4OGNiZWIxLTQ4YmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDgtgal9RePbPUFxNM1OIir7U7v2MxtRFJaas2e+Qaqe6Ln5tmuUPO9h5glMV0Y
9pfmllJxFJG0LpkXXGdbws6LVIrCPOy/wox3X3+9Wetpsm3w1knX7J3hiXoZriiQ
uLNraNyemC0ow4oAwC1OS9KVNZtBzCmd3AFUDhQcWC60wEst9GoA2EOYr+5xTlf1
8nadcHG5rAT5O1WU25mEho2xrVjgjx5VsZ9mCQl3yXpNV7gw1cOr6zWt3ymrqTdz
fq8ew+z7zEtpfcylEWV907lKH7wOGS5f15Is1R9PX7Rs2vQgKr6UKy3HskfG2xuH
24J46xIfcUwhnDQ8QoXe1Ch/AgMBAAGjggKYMIIClDAdBgNVHQ4EFgQULS7qJ6HW
DRO8NGKUYbF2QjLZbq4wHwYDVR0jBBgwFoAUVU9dfGbsUOhKiru6mWgXfkcp02Yw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUU4QkUzL0VFRUY3RkVBQkY5
QzExRUY5REE4ODI4MkM0RjlBRTAyL1ZVOWRmR2JzVU9oS2lydTZtV2dYZmtjcDAy
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvVlU5ZGZHYnNVT2hLaXJ1Nm1XZ1hma2NwMDJZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
OEJFMy9FRUVGN0ZFQUJGOUMxMUVGOURBODgyODJDNEY5QUUwMi8wQUMwOTg4NDZF
REExMUYwOEQ0MDQ1NzFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfTMwDANBgkqhkiG9w0BAQsFAAOCAQEAIVrGuFTCShXz
BiQqTvBVjW4APTkv2YFpqCpP1r/u2tDrjLv5ivEvXXolkIFkYVKvxvTz28GFIpih
p9l8/A3WQKFIIicIBOeDnAmEBHDA3QsaZkS1iDzxO4Zq5vLRdPyPn2GXGklVXjAu
/GR1EGdTxV7sOysay7QRw1ctIxgXoquaNE0jlnltZvQY4idd79ODI9/M3Kelqm68
W9kdiOehyyPHtl3UyMeuJsUJjFI68Rm3CnwRzG2znh4ByRReYVToDqEI5JBZaTF0
hjSVD6BDmOIuLjXsrzbQ+DrLl0WZJg45Tu4D+Xy54dkFG69ek2tI+q0o5LNa5RPg
Z7wmomCtug==
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:52:04 2025 by rpki-client