Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/60A2CF98817811EE9E9A211DC4F9AE02.roa
File:                     60A2CF98817811EE9E9A211DC4F9AE02.roa (raw, json)
Hash identifier:          aB3dythZL58wPQ38hpXRQSekusK0F1zAbGBxXUIobiU=
Subject key identifier:   0A:07:BF:6F:F1:48:39:F3:2D:46:C8:0B:3A:26:3D:AD:2F:4C:6D:2A
Certificate issuer:       /CN=A91447E7/serialNumber=E77B87146805E2604B49EEF2B4A438CBD2A51424
Certificate serial:       02A1
Authority key identifier: E7:7B:87:14:68:05:E2:60:4B:49:EE:F2:B4:A4:38:CB:D2:A5:14:24
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/60A2CF98817811EE9E9A211DC4F9AE02.roa
Signing time:             Mon 07 Jul 2025 02:08:08 +0000
ROA not before:           Mon 07 Jul 2025 02:08:08 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     150296
IP address blocks:        2001:df0:c940::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.crl
                          rsync://rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 01:58:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 673 (0x2a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91447E7, serialNumber=E77B87146805E2604B49EEF2B4A438CBD2A51424
        Validity
            Not Before: Jul  7 02:08:08 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=686b2c08-224a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ab:c1:93:02:80:2b:1d:5a:87:88:4c:43:3b:
                    13:0b:af:82:cb:35:fb:6b:64:fd:0d:13:01:f9:5e:
                    a5:25:0c:99:8a:ab:c0:e4:41:11:14:a9:7f:81:29:
                    7c:fe:72:b9:ac:d1:42:83:ed:12:83:be:65:ff:10:
                    26:c4:bb:52:6f:47:eb:8e:80:f5:a3:bb:e0:2d:06:
                    e1:61:82:33:ee:3e:bf:9d:5e:f0:2b:aa:47:cb:9e:
                    05:dd:e2:07:f6:a4:d2:1d:14:05:5a:85:c0:a7:60:
                    88:7d:ec:bc:f6:65:46:0c:79:ae:65:70:d6:f7:52:
                    af:bd:16:f3:cf:16:f7:59:f1:29:31:68:80:14:c6:
                    90:43:86:25:f5:50:68:3d:ba:27:28:2a:c5:0e:6d:
                    70:4a:1e:75:ec:9b:10:a3:ad:d4:9a:ea:c4:f9:ac:
                    df:20:99:cf:5a:e0:9e:97:78:e9:b4:3e:b4:35:f9:
                    73:e9:60:c3:2d:79:d2:11:4d:02:18:7f:ab:54:95:
                    cc:1c:53:bd:a7:b6:0c:cb:65:05:24:a7:c1:8a:31:
                    fd:71:84:d3:b7:f1:c8:29:c7:78:4c:ac:7f:58:a7:
                    a2:81:ee:5c:2f:44:fb:98:c0:11:05:2e:4b:9a:1f:
                    94:fa:07:af:83:0e:27:88:74:4b:da:51:7b:f9:99:
                    1c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:07:BF:6F:F1:48:39:F3:2D:46:C8:0B:3A:26:3D:AD:2F:4C:6D:2A
            X509v3 Authority Key Identifier:
                keyid:E7:7B:87:14:68:05:E2:60:4B:49:EE:F2:B4:A4:38:CB:D2:A5:14:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/53uHFGgF4mBLSe7ytKQ4y9KlFCQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91447E7/FE4469D2130111EDADCE5C7DC4F9AE02/60A2CF98817811EE9E9A211DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:c940::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:ec:b7:68:6c:2c:9f:81:7a:32:79:ab:e5:3b:57:77:08:cd:
         8c:3a:0b:8f:86:eb:ee:bc:a8:af:e9:d1:2b:1e:97:8b:e1:ad:
         eb:fc:b3:db:7b:45:ae:62:bc:c5:ae:66:2f:a2:5e:8a:5a:3e:
         f9:70:7f:6e:57:8c:73:0c:05:98:5d:63:de:2c:bb:ee:12:8b:
         4d:5a:b9:11:74:b1:12:d3:24:5e:e4:80:0b:c9:3d:20:8d:54:
         f0:12:ff:b6:2d:a6:3e:7a:3b:89:e6:05:fe:49:ff:c7:87:5f:
         bc:12:d5:fe:98:4a:eb:69:61:dd:9e:cf:be:28:2a:ce:7e:c4:
         0d:ff:32:e7:38:0b:2c:d1:84:dc:b2:4b:7f:fc:c8:57:1f:46:
         fd:b9:23:0f:25:5c:d3:7e:57:79:70:c3:1a:d2:68:df:f1:2b:
         71:50:c6:1d:62:ae:a3:aa:86:5b:ea:2c:5f:27:11:95:59:29:
         77:19:ea:63:55:01:32:22:98:be:f8:85:d5:51:81:3e:14:1c:
         c8:ca:c3:2d:82:7d:dd:6a:5c:b7:0a:17:ee:10:c0:7d:e3:c1:
         53:36:34:fc:52:36:e7:a7:c0:eb:9b:58:0e:9d:69:78:59:f6:
         ca:73:76:8f:a3:9b:dc:71:52:13:a3:a0:08:77:f5:06:72:a6:
         ed:3f:45:2b
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAqEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDQ3RTcxMTAvBgNVBAUTKEU3N0I4NzE0NjgwNUUyNjA0QjQ5RUVGMkI0QTQzOENC
RDJBNTE0MjQwHhcNMjUwNzA3MDIwODA4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZiMmMwOC0yMjRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2qvBkwKAKx1ah4hMQzsTC6+CyzX7a2T9DRMB+V6lJQyZiqvA5EERFKl/gSl8
/nK5rNFCg+0Sg75l/xAmxLtSb0frjoD1o7vgLQbhYYIz7j6/nV7wK6pHy54F3eIH
9qTSHRQFWoXAp2CIfey89mVGDHmuZXDW91KvvRbzzxb3WfEpMWiAFMaQQ4Yl9VBo
PbonKCrFDm1wSh517JsQo63UmurE+azfIJnPWuCel3jptD60Nflz6WDDLXnSEU0C
GH+rVJXMHFO9p7YMy2UFJKfBijH9cYTTt/HIKcd4TKx/WKeige5cL0T7mMARBS5L
mh+U+gevgw4niHRL2lF7+ZkcsQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFAoHv2/x
SDnzLUbICzomPa0vTG0qMB8GA1UdIwQYMBaAFOd7hxRoBeJgS0nu8rSkOMvSpRQk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NDdFNy9GRTQ0NjlEMjEz
MDExMUVEQURDRTVDN0RDNEY5QUUwMi81M3VIRkdnRjRtQkxTZTd5dEtRNHk5S2xG
Q1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzUzdUhGR2dGNG1CTFNlN3l0S1E0eTlLbEZDUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDQ3RTcvRkU0NDY5RDIxMzAxMTFFREFEQ0U1QzdEQzRGOUFFMDIvNjBBMkNGOTg4
MTc4MTFFRTlFOUEyMTFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3wyUAwDQYJKoZIhvcNAQELBQADggEBAAvst2hsLJ+B
ejJ5q+U7V3cIzYw6C4+G6+68qK/p0Ssel4vhrev8s9t7Ra5ivMWuZi+iXopaPvlw
f25XjHMMBZhdY94su+4Si01auRF0sRLTJF7kgAvJPSCNVPAS/7Ytpj56O4nmBf5J
/8eHX7wS1f6YSutpYd2ez74oKs5+xA3/Muc4CyzRhNyyS3/8yFcfRv25Iw8lXNN+
V3lwwxrSaN/xK3FQxh1irqOqhlvqLF8nEZVZKXcZ6mNVATIimL74hdVRgT4UHMjK
wy2Cfd1qXLcKF+4QwH3jwVM2NPxSNuenwOubWA6daXhZ9spzdo+jm9xxUhOjoAh3
9QZypu0/RSs=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:06:59 2025 by rpki-client