Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/2991FB703EBC11F0B4390D6CC4F9AE02.roa
File:                     2991FB703EBC11F0B4390D6CC4F9AE02.roa (raw, json)
Hash identifier:          ISWHnAnupcgdEe8p2mboULpSfRcbxX3lISCXNa8ynQ4=
Subject key identifier:   C9:A8:D0:C5:44:55:4F:2A:6D:8D:BC:05:36:D4:60:2D:20:42:5F:27
Certificate issuer:       /CN=A9159967/serialNumber=5330EEEEB0D0A9535FAC8505E735843AF6CE60AF
Certificate serial:       209A
Authority key identifier: 53:30:EE:EE:B0:D0:A9:53:5F:AC:85:05:E7:35:84:3A:F6:CE:60:AF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UzDu7rDQqVNfrIUF5zWEOvbOYK8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/2991FB703EBC11F0B4390D6CC4F9AE02.roa
Signing time:             Tue 08 Jul 2025 16:23:55 +0000
ROA not before:           Tue 08 Jul 2025 16:23:55 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     65569
IP address blocks:        2404:b180:1200::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/UzDu7rDQqVNfrIUF5zWEOvbOYK8.crl
                          rsync://rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/UzDu7rDQqVNfrIUF5zWEOvbOYK8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UzDu7rDQqVNfrIUF5zWEOvbOYK8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 16:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8346 (0x209a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9159967, serialNumber=5330EEEEB0D0A9535FAC8505E735843AF6CE60AF
        Validity
            Not Before: Jul  8 16:23:55 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=686d461a-e840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3d:b8:21:7a:a9:3a:3e:2a:00:1c:92:b9:70:
                    40:da:26:78:76:f1:8c:00:e6:42:3f:11:63:2d:02:
                    27:1d:7a:77:d9:aa:c9:70:c9:90:bc:5d:34:eb:00:
                    58:c0:11:2f:64:83:b0:45:d5:92:52:6b:c2:f3:2f:
                    e9:70:de:bf:e6:11:b8:ee:e7:9a:13:f6:88:e8:88:
                    79:6e:de:eb:10:9a:37:0d:83:02:ab:46:41:f8:ea:
                    c4:89:91:5b:a9:3c:c6:bf:4e:73:3b:6f:fa:81:73:
                    ac:fc:82:21:11:bd:83:8f:36:0d:fa:90:4b:42:ad:
                    0f:91:a7:ff:db:ce:a4:bd:84:54:cd:73:fd:cf:16:
                    90:fa:b4:87:6e:99:0b:24:c6:7d:e4:a9:3d:c4:1e:
                    14:b1:21:cf:6b:16:7d:1e:00:fb:7a:6e:a3:27:a9:
                    48:b7:cf:0f:ed:7f:3e:6a:45:ae:35:dc:e8:59:e5:
                    d3:5e:4e:05:c8:79:c4:d9:eb:de:bb:f0:32:c1:c8:
                    30:ee:55:cc:a4:ac:aa:7f:1b:be:7a:07:ff:b8:a9:
                    b5:66:43:17:6b:05:01:04:c2:30:76:7c:70:27:93:
                    5d:01:9b:2b:bf:d5:34:7f:fb:85:31:a6:02:4b:a2:
                    b0:ad:32:99:ce:de:91:c3:77:10:dc:50:1e:42:d3:
                    56:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A8:D0:C5:44:55:4F:2A:6D:8D:BC:05:36:D4:60:2D:20:42:5F:27
            X509v3 Authority Key Identifier:
                keyid:53:30:EE:EE:B0:D0:A9:53:5F:AC:85:05:E7:35:84:3A:F6:CE:60:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/UzDu7rDQqVNfrIUF5zWEOvbOYK8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UzDu7rDQqVNfrIUF5zWEOvbOYK8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9159967/0BBF257815A911E6912D423BC4F9AE02/2991FB703EBC11F0B4390D6CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:b180:1200::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:7f:5f:8d:b6:e9:ec:65:a6:d3:2d:c4:a9:e8:36:08:12:c8:
         86:b5:a0:7e:b3:b7:d1:1f:24:08:19:bc:f5:98:81:18:3a:4b:
         35:64:ca:b3:75:b6:ff:f4:f7:fa:75:59:76:c5:95:0b:53:e7:
         7d:13:49:00:09:a6:27:96:17:5c:c7:92:18:26:09:03:0f:31:
         50:9b:20:bc:a7:c8:54:ff:c9:cc:dc:84:47:03:c1:eb:0c:7d:
         37:c0:f1:b1:eb:24:68:19:74:64:2f:f5:75:df:17:ce:fd:a5:
         58:5d:47:31:b4:ec:c5:c8:18:d6:fe:d9:f6:0a:8c:f6:65:29:
         d9:06:41:2d:1a:52:cd:34:20:22:b6:13:48:3c:e2:00:aa:15:
         41:79:e5:7c:8f:6d:2a:25:ee:62:5a:62:36:75:33:5c:d7:8f:
         25:e6:e2:7f:76:f9:d3:70:f6:2e:61:b4:b6:d5:8c:7e:84:b7:
         44:a1:95:df:6d:91:30:6b:c4:65:c4:ae:c7:0d:7f:b6:c1:29:
         a7:cc:db:39:7b:95:18:8a:ea:b2:fb:f7:69:56:4f:28:d5:e0:
         7b:a8:d0:59:c0:62:ff:21:25:31:b7:99:a3:a8:f9:f0:80:30:
         20:59:b1:11:c7:36:87:7f:27:ba:41:d1:ba:e7:4d:af:96:bd:
         fc:b1:52:58
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICIJowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTk5NjcxMTAvBgNVBAUTKDUzMzBFRUVFQjBEMEE5NTM1RkFDODUwNUU3MzU4NDNB
RjZDRTYwQUYwHhcNMjUwNzA4MTYyMzU1WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZkNDYxYS1lODQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1T24IXqpOj4qABySuXBA2iZ4dvGMAOZCPxFjLQInHXp32arJcMmQvF006wBY
wBEvZIOwRdWSUmvC8y/pcN6/5hG47ueaE/aI6Ih5bt7rEJo3DYMCq0ZB+OrEiZFb
qTzGv05zO2/6gXOs/IIhEb2DjzYN+pBLQq0Pkaf/286kvYRUzXP9zxaQ+rSHbpkL
JMZ95Kk9xB4UsSHPaxZ9HgD7em6jJ6lIt88P7X8+akWuNdzoWeXTXk4FyHnE2eve
u/Aywcgw7lXMpKyqfxu+egf/uKm1ZkMXawUBBMIwdnxwJ5NdAZsrv9U0f/uFMaYC
S6KwrTKZzt6Rw3cQ3FAeQtNWdwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFMmo0MVE
VU8qbY28BTbUYC0gQl8nMB8GA1UdIwQYMBaAFFMw7u6w0KlTX6yFBec1hDr2zmCv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTk2Ny8wQkJGMjU3ODE1
QTkxMUU2OTEyRDQyM0JDNEY5QUUwMi9VekR1N3JEUXFWTmZySVVGNXpXRU92Yk9Z
SzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V6RHU3ckRRcVZOZnJJVUY1eldFT3ZiT1lLOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTk5NjcvMEJCRjI1NzgxNUE5MTFFNjkxMkQ0MjNCQzRGOUFFMDIvMjk5MUZCNzAz
RUJDMTFGMEI0MzkwRDZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQkBLGAEgAwDQYJKoZIhvcNAQELBQADggEBAKh/X4226exl
ptMtxKnoNggSyIa1oH6zt9EfJAgZvPWYgRg6SzVkyrN1tv/09/p1WXbFlQtT530T
SQAJpieWF1zHkhgmCQMPMVCbILynyFT/yczchEcDwesMfTfA8bHrJGgZdGQv9XXf
F879pVhdRzG07MXIGNb+2fYKjPZlKdkGQS0aUs00ICK2E0g84gCqFUF55XyPbSol
7mJaYjZ1M1zXjyXm4n92+dNw9i5htLbVjH6Et0Shld9tkTBrxGXErscNf7bBKafM
2zl7lRiK6rL792lWTyjV4Huo0FnAYv8hJTG3maOo+fCAMCBZsRHHNod/J7pB0brn
Ta+WvfyxUlg=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:41:10 2025 by rpki-client