Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/2BABEEB482EE11EAB170FD4BC4F9AE02.roa
File:                     2BABEEB482EE11EAB170FD4BC4F9AE02.roa (raw, json)
Hash identifier:          TU8TSmPX0pl0lGmdo+pSWKRJSfGRcwunEDD4PcVNXOE=
Subject key identifier:   78:25:E3:BF:36:47:96:B5:51:3B:70:35:9A:4B:E4:38:AA:7E:85:F5
Certificate issuer:       /CN=A91D66A0/serialNumber=9C94A5DCCF6A65B68986C7043846C721BD33BE99
Certificate serial:       0D48
Authority key identifier: 9C:94:A5:DC:CF:6A:65:B6:89:86:C7:04:38:46:C7:21:BD:33:BE:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nJSl3M9qZbaJhscEOEbHIb0zvpk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/2BABEEB482EE11EAB170FD4BC4F9AE02.roa
Signing time:             Tue 08 Jul 2025 18:27:47 +0000
ROA not before:           Tue 08 Jul 2025 18:27:47 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     27435
IP address blocks:        116.68.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/nJSl3M9qZbaJhscEOEbHIb0zvpk.crl
                          rsync://rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/nJSl3M9qZbaJhscEOEbHIb0zvpk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nJSl3M9qZbaJhscEOEbHIb0zvpk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 18:11:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3400 (0xd48)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D66A0, serialNumber=9C94A5DCCF6A65B68986C7043846C721BD33BE99
        Validity
            Not Before: Jul  8 18:27:47 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=686d6323-64ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:85:53:58:a5:aa:18:02:5a:6d:ea:fb:85:7b:
                    07:c8:10:71:15:26:ec:f4:25:e3:29:44:34:c9:6b:
                    eb:81:02:a8:94:cf:4f:4e:81:f6:8f:e5:62:16:19:
                    e8:c0:3a:0d:97:b9:c3:9b:c5:a0:23:7f:18:86:06:
                    f6:5f:9e:df:96:d5:85:cc:25:9e:cc:d7:6f:45:b4:
                    7b:9a:5b:3a:2f:71:6b:c7:8c:a6:81:9a:43:58:04:
                    bf:9d:df:33:d2:08:3f:b6:3d:5d:99:d0:b1:7e:92:
                    e2:1c:09:1b:a2:04:6c:d7:41:29:7c:7d:64:22:17:
                    95:10:f7:8b:76:d6:1f:7c:05:94:ce:4e:0e:c1:c8:
                    7f:de:bf:78:19:78:f1:02:ef:4b:1d:c0:ea:13:d0:
                    86:7a:82:0f:05:00:b7:b5:eb:96:d4:38:d3:62:3d:
                    f8:5a:79:0b:0c:91:64:c8:a3:50:29:45:0e:fa:80:
                    6c:44:bb:25:02:c7:cf:5f:7a:1f:b6:7e:b0:4c:9a:
                    60:79:10:07:67:7d:1a:86:c1:c5:28:54:44:51:29:
                    33:d1:00:47:90:c5:d1:22:0b:2e:bd:d5:10:c5:00:
                    cb:f3:aa:6a:e4:c9:b6:36:7e:aa:82:22:9f:68:dc:
                    08:56:f7:cc:86:0e:d5:f1:25:32:c9:1b:bd:e5:b8:
                    8f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:25:E3:BF:36:47:96:B5:51:3B:70:35:9A:4B:E4:38:AA:7E:85:F5
            X509v3 Authority Key Identifier:
                keyid:9C:94:A5:DC:CF:6A:65:B6:89:86:C7:04:38:46:C7:21:BD:33:BE:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/nJSl3M9qZbaJhscEOEbHIb0zvpk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nJSl3M9qZbaJhscEOEbHIb0zvpk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D66A0/625FF726D9E711E988054016C4F9AE02/2BABEEB482EE11EAB170FD4BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.68.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:dd:82:7f:c0:c0:03:67:42:7e:e1:a8:24:77:c4:39:db:94:
         0d:05:e2:8f:08:bc:b7:10:54:e1:2f:65:54:c3:92:56:0c:7e:
         39:d4:66:ac:c0:9f:dd:cf:09:9a:d1:de:04:79:de:71:cf:da:
         5e:cd:71:00:83:29:a1:1b:a9:64:c0:7a:9a:32:75:2a:c5:44:
         89:82:2c:cc:ba:c0:90:0a:12:6c:b1:9e:db:41:c3:6c:52:a7:
         86:e0:3c:c3:d5:b3:20:1b:91:9d:85:99:32:44:bf:7e:86:ce:
         00:63:cb:c7:f6:96:35:63:d7:3b:51:6b:66:93:60:7c:94:b7:
         f4:d7:30:c9:a5:48:cf:17:be:4d:6b:10:c0:9c:60:58:1f:36:
         0c:a2:4c:35:d3:cc:28:ca:ff:d2:84:e7:64:37:71:f3:22:42:
         55:77:8b:9c:de:0e:d7:b6:1e:b9:27:44:87:cb:5b:b7:e2:44:
         f9:2c:2e:49:32:76:e1:a8:b2:cf:07:2d:c7:11:af:2c:8e:f0:
         81:5f:c4:2b:38:a3:80:65:46:f0:ec:a9:5e:55:cb:35:ed:9c:
         7a:e3:5e:1b:9e:54:45:96:32:54:aa:66:c2:1f:0d:5f:2e:da:
         ae:3d:f4:b1:66:4f:15:ac:69:e5:98:f0:11:5f:39:b5:34:54:
         c4:0d:55:c4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICDUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDY2QTAxMTAvBgNVBAUTKDlDOTRBNURDQ0Y2QTY1QjY4OTg2QzcwNDM4NDZDNzIx
QkQzM0JFOTkwHhcNMjUwNzA4MTgyNzQ3WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZkNjMyMy02NGVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqYVTWKWqGAJaber7hXsHyBBxFSbs9CXjKUQ0yWvrgQKolM9PToH2j+ViFhno
wDoNl7nDm8WgI38Yhgb2X57fltWFzCWezNdvRbR7mls6L3Frx4ymgZpDWAS/nd8z
0gg/tj1dmdCxfpLiHAkbogRs10EpfH1kIheVEPeLdtYffAWUzk4Owch/3r94GXjx
Au9LHcDqE9CGeoIPBQC3teuW1DjTYj34WnkLDJFkyKNQKUUO+oBsRLslAsfPX3of
tn6wTJpgeRAHZ30ahsHFKFREUSkz0QBHkMXRIgsuvdUQxQDL86pq5Mm2Nn6qgiKf
aNwIVvfMhg7V8SUyyRu95biPhwIDAQABo4IClTCCApEwHQYDVR0OBBYEFHgl4782
R5a1UTtwNZpL5DiqfoX1MB8GA1UdIwQYMBaAFJyUpdzPamW2iYbHBDhGxyG9M76Z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENjZBMC82MjVGRjcyNkQ5
RTcxMUU5ODgwNTQwMTZDNEY5QUUwMi9uSlNsM005cVpiYUpoc2NFT0ViSEliMHp2
cGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25KU2wzTTlxWmJhSmhzY0VPRWJISWIwenZway5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDY2QTAvNjI1RkY3MjZEOUU3MTFFOTg4MDU0MDE2QzRGOUFFMDIvMkJBQkVFQjQ4
MkVFMTFFQUIxNzBGRDRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB0RJ0wDQYJKoZIhvcNAQELBQADggEBALrdgn/AwANnQn7h
qCR3xDnblA0F4o8IvLcQVOEvZVTDklYMfjnUZqzAn93PCZrR3gR53nHP2l7NcQCD
KaEbqWTAepoydSrFRImCLMy6wJAKEmyxnttBw2xSp4bgPMPVsyAbkZ2FmTJEv36G
zgBjy8f2ljVj1ztRa2aTYHyUt/TXMMmlSM8Xvk1rEMCcYFgfNgyiTDXTzCjK/9KE
52Q3cfMiQlV3i5zeDte2HrknRIfLW7fiRPksLkkyduGoss8HLccRryyO8IFfxCs4
o4BlRvDsqV5VyzXtnHrjXhueVEWWMlSqZsIfDV8u2q499LFmTxWsaeWY8BFfObU0
VMQNVcQ=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:10:08 2025 by rpki-client