Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/D918B46C684211F0BE03503CC4F9AE02.roa
File:                     D918B46C684211F0BE03503CC4F9AE02.roa (raw, json)
Hash identifier:          IhK2cshQpEX+npxu/NN0aCUzUVi2L+34EqYhm+54jyI=
Subject key identifier:   B3:28:9C:5F:75:43:D4:A5:9D:0C:E8:39:B3:33:F5:71:C6:EC:4C:C8
Certificate issuer:       /CN=A91EB820/serialNumber=FCAC6FA831E8F5A284134C95A8D020FCBC8EC9F2
Certificate serial:       02
Authority key identifier: FC:AC:6F:A8:31:E8:F5:A2:84:13:4C:95:A8:D0:20:FC:BC:8E:C9:F2
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/_KxvqDHo9aKEE0yVqNAg_LyOyfI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/D918B46C684211F0BE03503CC4F9AE02.roa
Signing time:             Thu 24 Jul 2025 04:01:17 +0000
ROA not before:           Thu 24 Jul 2025 04:01:17 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     154063
IP address blocks:        165.101.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/_KxvqDHo9aKEE0yVqNAg_LyOyfI.crl
                          rsync://rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/_KxvqDHo9aKEE0yVqNAg_LyOyfI.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/_KxvqDHo9aKEE0yVqNAg_LyOyfI.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB820, serialNumber=FCAC6FA831E8F5A284134C95A8D020FCBC8EC9F2
        Validity
            Not Before: Jul 24 04:01:17 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6881b00d-665f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:03:02:07:7a:7e:07:76:f1:58:06:7b:d3:3d:
                    3f:f2:b6:82:b9:15:7a:bb:e3:da:13:b0:05:38:31:
                    64:3e:b9:de:13:ec:f2:2e:30:2f:71:b5:e8:f0:88:
                    2b:b2:3b:c0:4c:00:cc:5e:03:4f:c8:cd:82:d3:3b:
                    40:6c:f9:9e:e2:e9:66:fd:ec:4f:18:36:05:54:a7:
                    09:3e:2c:63:09:f5:38:c7:5d:e8:80:e8:c2:dc:f6:
                    0b:66:0f:40:90:5b:0b:9b:23:ac:47:25:5a:a8:b7:
                    cb:02:89:74:17:64:2b:9d:e5:87:a4:88:a7:6b:45:
                    16:a6:28:7c:45:ce:f4:7f:f7:8e:8c:9a:89:3a:be:
                    b9:cb:47:63:2a:e6:a4:1e:0f:b7:78:54:4f:92:4a:
                    f1:76:7e:84:f8:f9:b5:ac:76:53:c5:af:a3:bb:4d:
                    e4:ff:fc:f2:f1:75:45:20:ac:7b:4f:57:5e:63:18:
                    61:57:98:f9:20:13:f0:b5:82:44:8e:cc:3f:20:7e:
                    fe:50:a9:a4:ce:28:f0:3b:bb:56:c9:9f:aa:39:55:
                    5a:35:29:df:7f:26:7f:93:d8:34:6f:48:21:06:50:
                    77:90:0f:a8:4e:45:75:cf:a5:21:79:a3:c3:cb:62:
                    d3:86:5f:93:96:f6:d0:cc:84:da:49:20:b1:e7:3a:
                    87:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:28:9C:5F:75:43:D4:A5:9D:0C:E8:39:B3:33:F5:71:C6:EC:4C:C8
            X509v3 Authority Key Identifier:
                keyid:FC:AC:6F:A8:31:E8:F5:A2:84:13:4C:95:A8:D0:20:FC:BC:8E:C9:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/_KxvqDHo9aKEE0yVqNAg_LyOyfI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/_KxvqDHo9aKEE0yVqNAg_LyOyfI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB820/90A8B08A684011F0A940476BC4F9AE02/D918B46C684211F0BE03503CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:06:7f:b5:61:69:8d:4e:91:42:a2:76:3b:07:6b:e4:4e:67:
         3d:f6:5c:4e:4d:f7:ef:60:1a:04:b6:bc:4b:7a:28:d1:8f:fc:
         5e:06:d3:87:70:20:b6:98:8d:7b:fb:44:10:1f:65:e0:45:22:
         b1:ad:74:50:51:3b:fd:b4:dc:ca:82:84:03:d0:f2:7b:63:2a:
         e7:9d:01:f1:3e:77:62:f2:3d:8f:87:d4:49:15:5b:bd:5d:1e:
         83:f6:f9:11:c7:67:96:fa:ce:f5:4a:4a:ca:9a:7c:bd:ef:eb:
         c8:95:66:6a:ee:b2:ce:72:87:14:8d:61:a8:ce:6c:d0:c4:ae:
         f1:a7:cf:91:36:a8:4f:e6:cf:be:fa:a4:bc:5d:e7:6c:78:dd:
         b5:bf:e5:45:4a:14:04:7c:af:dd:6a:8e:d6:9c:9d:d3:01:8a:
         27:a8:63:73:8a:d4:08:7d:65:54:f7:9b:ac:49:d0:50:d3:f1:
         ec:7e:b0:70:e4:10:8f:aa:54:65:7a:5b:17:1b:69:68:1b:85:
         b9:78:32:5b:58:2d:fa:8f:69:ac:f9:41:f8:c8:4f:f5:f1:0b:
         db:6c:34:3b:b1:23:a0:c1:3a:c3:d5:c1:5a:b8:d1:6f:aa:1e:
         1d:68:fc:0e:c2:47:e0:55:b4:bf:01:68:95:fa:51:3b:8b:84:
         d5:ad:3f:6c
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
QjgyMDExMC8GA1UEBRMoRkNBQzZGQTgzMUU4RjVBMjg0MTM0Qzk1QThEMDIwRkNC
QzhFQzlGMjAeFw0yNTA3MjQwNDAxMTdaFw0yNjA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4ODFiMDBkLTY2NWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCtAwIHen4HdvFYBnvTPT/ytoK5FXq749oTsAU4MWQ+ud4T7PIuMC9xtejwiCuy
O8BMAMxeA0/IzYLTO0Bs+Z7i6Wb97E8YNgVUpwk+LGMJ9TjHXeiA6MLc9gtmD0CQ
WwubI6xHJVqot8sCiXQXZCud5YekiKdrRRamKHxFzvR/946Mmok6vrnLR2Mq5qQe
D7d4VE+SSvF2foT4+bWsdlPFr6O7TeT//PLxdUUgrHtPV15jGGFXmPkgE/C1gkSO
zD8gfv5QqaTOKPA7u1bJn6o5VVo1Kd9/Jn+T2DRvSCEGUHeQD6hORXXPpSF5o8PL
YtOGX5OW9tDMhNpJILHnOoeJAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUsyicX3VD
1KWdDOg5szP1ccbsTMgwHwYDVR0jBBgwFoAU/KxvqDHo9aKEE0yVqNAg/LyOyfIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUVCODIwLzkwQThCMDhBNjg0
MDExRjBBOTQwNDc2QkM0RjlBRTAyL19LeHZxREhvOWFLRUUweVZxTkFnX0x5T3lm
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvX0t4dnFESG85YUtFRTB5VnFOQWdfTHlPeWZJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
QjgyMC85MEE4QjA4QTY4NDAxMUYwQTk0MDQ3NkJDNEY5QUUwMi9EOTE4QjQ2QzY4
NDIxMUYwQkUwMzUwM0NDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAKVl1TANBgkqhkiG9w0BAQsFAAOCAQEAsQZ/tWFpjU6RQqJ2
Owdr5E5nPfZcTk3372AaBLa8S3oo0Y/8XgbTh3AgtpiNe/tEEB9l4EUisa10UFE7
/bTcyoKEA9Dye2Mq550B8T53YvI9j4fUSRVbvV0eg/b5EcdnlvrO9UpKypp8ve/r
yJVmau6yznKHFI1hqM5s0MSu8afPkTaoT+bPvvqkvF3nbHjdtb/lRUoUBHyv3WqO
1pyd0wGKJ6hjc4rUCH1lVPebrEnQUNPx7H6wcOQQj6pUZXpbFxtpaBuFuXgyW1gt
+o9prPlB+MhP9fEL22w0O7EjoME6w9XBWrjRb6oeHWj8DsJH4FW0vwFolfpRO4uE
1a0/bA==
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:49:15 2025 by rpki-client