Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/533DC25E60B511F0AB567568C4F9AE02.roa
File:                     533DC25E60B511F0AB567568C4F9AE02.roa (raw, json)
Hash identifier:          9UZrURL/5cYm+3q79UbhWbJw8l3P1ZGycupb15ORpsw=
Subject key identifier:   19:92:1E:96:41:DA:3F:FA:7B:DB:29:25:1A:5F:B6:41:DD:C0:F4:6A
Certificate issuer:       /CN=A91951DE/serialNumber=647E5CADCB1FBF7EBB899A7219C3A0F03D3F7B0D
Certificate serial:       02
Authority key identifier: 64:7E:5C:AD:CB:1F:BF:7E:BB:89:9A:72:19:C3:A0:F0:3D:3F:7B:0D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH5crcsfv367iZpyGcOg8D0_ew0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/533DC25E60B511F0AB567568C4F9AE02.roa
Signing time:             Mon 14 Jul 2025 13:20:35 +0000
ROA not before:           Mon 14 Jul 2025 13:20:35 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     154047
IP address blocks:        2001:df5:db40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/ZH5crcsfv367iZpyGcOg8D0_ew0.crl
                          rsync://rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/ZH5crcsfv367iZpyGcOg8D0_ew0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH5crcsfv367iZpyGcOg8D0_ew0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 08:23:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91951DE, serialNumber=647E5CADCB1FBF7EBB899A7219C3A0F03D3F7B0D
        Validity
            Not Before: Jul 14 13:20:35 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68750423-df7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:75:7d:c2:0c:6c:18:a8:4a:3d:56:78:6d:bc:
                    42:5c:7c:37:72:2f:cf:96:ca:f5:60:97:9c:99:4f:
                    e3:0f:70:85:dc:a0:f6:6e:d3:89:52:a4:58:d4:de:
                    3d:e9:42:94:39:92:8e:0e:c7:27:fe:28:af:04:5e:
                    a2:0d:7a:53:3e:c3:9a:a8:fc:60:ca:14:26:f7:ff:
                    47:0b:8d:fa:60:cb:7d:dd:7e:90:4e:eb:f4:48:a4:
                    f5:64:57:b6:46:56:b3:76:fd:92:ef:df:71:29:aa:
                    a4:dd:f8:bc:99:d5:bc:40:8e:2e:b0:5a:ee:01:37:
                    92:98:12:c5:f9:4e:5b:04:54:ea:d8:4a:f1:69:36:
                    34:6f:88:9f:07:a3:0e:1d:19:80:b4:77:a3:07:32:
                    79:61:b1:ed:15:30:84:9b:f3:d4:a5:e8:1d:39:14:
                    62:45:59:6a:1c:a5:a1:84:fa:3b:c5:1a:04:43:74:
                    73:a2:b5:d8:e5:13:f2:53:0f:be:ea:09:b7:e9:36:
                    80:32:7e:d3:30:7b:ee:9a:fe:4f:9f:b6:cd:8e:60:
                    e8:a0:36:08:d8:a9:26:61:8c:9f:d4:19:7c:28:47:
                    38:80:61:bb:e2:9c:0d:4f:cd:1b:c6:26:53:92:b2:
                    a7:cd:bf:77:9b:cb:8d:bc:c0:6e:07:42:81:b6:18:
                    3b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:92:1E:96:41:DA:3F:FA:7B:DB:29:25:1A:5F:B6:41:DD:C0:F4:6A
            X509v3 Authority Key Identifier:
                keyid:64:7E:5C:AD:CB:1F:BF:7E:BB:89:9A:72:19:C3:A0:F0:3D:3F:7B:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/ZH5crcsfv367iZpyGcOg8D0_ew0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH5crcsfv367iZpyGcOg8D0_ew0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91951DE/904F870A60B411F08ED7AE63C4F9AE02/533DC25E60B511F0AB567568C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:db40::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:b0:3f:70:9c:b0:ea:0a:e7:df:a5:a7:b7:0a:db:86:52:1e:
         5c:78:e5:9a:74:4c:b0:79:7f:42:56:43:9e:b8:b3:a0:34:fc:
         31:03:38:90:b2:07:fa:2a:a2:33:0d:2c:be:ee:a5:ac:c4:aa:
         70:1d:36:84:fc:de:d1:02:b4:2d:c1:d5:00:bc:36:27:5b:4a:
         a5:4b:5a:8f:af:c6:b0:b4:0a:8f:8b:23:bc:49:d7:da:45:48:
         f3:70:ae:42:11:b4:d1:3e:6c:26:2a:b7:6c:63:90:a5:ba:7c:
         14:a3:73:d2:86:f7:aa:d7:f8:08:57:31:15:c8:30:32:a8:6e:
         2a:c4:50:99:e5:a1:ae:b6:57:bd:fa:1d:47:51:3f:80:14:8d:
         48:70:6d:6d:05:95:72:73:e6:f7:8e:df:36:71:87:ab:b1:80:
         d9:f8:18:85:e1:fe:c5:60:94:10:ce:e1:04:33:33:06:36:bf:
         4d:18:54:bf:96:5e:09:b1:da:8e:3e:6f:00:e5:27:c5:2e:e9:
         f9:23:74:0c:1b:cf:13:8f:c6:37:39:63:07:7d:af:fc:1b:da:
         25:75:7b:ca:2b:32:c9:f6:e9:86:44:d9:04:db:96:67:db:dc:
         cf:ec:24:7c:18:33:1a:b5:14:4d:72:8f:1e:c7:b4:d3:c2:bd:
         4f:eb:a1:c7
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
NTFERTExMC8GA1UEBRMoNjQ3RTVDQURDQjFGQkY3RUJCODk5QTcyMTlDM0EwRjAz
RDNGN0IwRDAeFw0yNTA3MTQxMzIwMzVaFw0yNjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4NzUwNDIzLWRmN2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPdX3CDGwYqEo9VnhtvEJcfDdyL8+WyvVgl5yZT+MPcIXcoPZu04lSpFjU3j3p
QpQ5ko4Oxyf+KK8EXqINelM+w5qo/GDKFCb3/0cLjfpgy33dfpBO6/RIpPVkV7ZG
VrN2/ZLv33EpqqTd+LyZ1bxAji6wWu4BN5KYEsX5TlsEVOrYSvFpNjRviJ8How4d
GYC0d6MHMnlhse0VMISb89Sl6B05FGJFWWocpaGE+jvFGgRDdHOitdjlE/JTD77q
CbfpNoAyftMwe+6a/k+fts2OYOigNgjYqSZhjJ/UGXwoRziAYbvinA1PzRvGJlOS
sqfNv3eby428wG4HQoG2GDsFAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUGZIelkHa
P/p72yklGl+2Qd3A9GowHwYDVR0jBBgwFoAUZH5crcsfv367iZpyGcOg8D0/ew0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTk1MURFLzkwNEY4NzBBNjBC
NDExRjA4RUQ3QUU2M0M0RjlBRTAyL1pINWNyY3NmdjM2N2lacHlHY09nOEQwX2V3
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWkg1Y3Jjc2Z2MzY3aVpweUdjT2c4RDBfZXcwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
NTFERS85MDRGODcwQTYwQjQxMUYwOEVEN0FFNjNDNEY5QUUwMi81MzNEQzI1RTYw
QjUxMUYwQUI1Njc1NjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfXbQDANBgkqhkiG9w0BAQsFAAOCAQEAHbA/cJyw6grn
36WntwrbhlIeXHjlmnRMsHl/QlZDnrizoDT8MQM4kLIH+iqiMw0svu6lrMSqcB02
hPze0QK0LcHVALw2J1tKpUtaj6/GsLQKj4sjvEnX2kVI83CuQhG00T5sJiq3bGOQ
pbp8FKNz0ob3qtf4CFcxFcgwMqhuKsRQmeWhrrZXvfodR1E/gBSNSHBtbQWVcnPm
947fNnGHq7GA2fgYheH+xWCUEM7hBDMzBja/TRhUv5ZeCbHajj5vAOUnxS7p+SN0
DBvPE4/GNzljB32v/BvaJXV7yisyyfbphkTZBNuWZ9vcz+wkfBgzGrUUTXKPHse0
08K9T+uhxw==
-----END CERTIFICATE-----
Generated at Tue Jul 22 05:10:07 2025 by rpki-client