Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/485C422CA5FF11F08004B67CC4F9AE02.roa
File:                     485C422CA5FF11F08004B67CC4F9AE02.roa (raw, json)
Hash identifier:          ybEJ6ypns4vD/7VDe+vdDoeXho9P9fe6phtZ1wIUdQE=
Subject key identifier:   74:E0:80:BC:5A:6B:0A:D7:2F:12:9F:5B:33:2B:49:7F:E7:AE:BC:6F
Certificate issuer:       /CN=A91E3493/serialNumber=31311CFCC1401BD6D0E6B6B39167B65C21092114
Certificate serial:       0F
Authority key identifier: 31:31:1C:FC:C1:40:1B:D6:D0:E6:B6:B3:91:67:B6:5C:21:09:21:14
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/MTEc_MFAG9bQ5razkWe2XCEJIRQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/485C422CA5FF11F08004B67CC4F9AE02.roa
Signing time:             Fri 10 Oct 2025 17:33:50 +0000
ROA not before:           Fri 10 Oct 2025 17:33:50 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     19527
IP address blocks:        152.65.192.0/18 maxlen: 21
                          152.65.192.0/19 maxlen: 24
                          152.65.224.0/20 maxlen: 24
                          152.65.240.0/21 maxlen: 24
                          152.65.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/MTEc_MFAG9bQ5razkWe2XCEJIRQ.crl
                          rsync://rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/MTEc_MFAG9bQ5razkWe2XCEJIRQ.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/MTEc_MFAG9bQ5razkWe2XCEJIRQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 18 Oct 2025 01:51:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15 (0xf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E3493, serialNumber=31311CFCC1401BD6D0E6B6B39167B65C21092114
        Validity
            Not Before: Oct 10 17:33:50 2025 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=68e9437e-56d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7c:a2:cf:48:7d:62:3a:59:b6:5b:16:ff:ff:
                    bd:66:85:d4:e9:98:55:a3:92:58:bb:70:3b:52:4c:
                    08:98:8b:38:35:a1:ae:56:ce:fc:72:ea:d4:7f:9c:
                    cf:af:63:49:50:51:09:cc:d8:6b:76:e5:b6:f0:c7:
                    e1:41:4e:e9:2c:e6:12:2a:9e:aa:c9:06:fd:3f:e8:
                    6f:87:93:c0:29:dc:90:a1:53:ef:71:8a:29:4a:dc:
                    00:a8:fc:77:17:95:8b:c2:73:99:d9:d2:e7:1f:9a:
                    d0:68:53:14:0f:c7:dc:42:2d:63:52:09:36:ae:f5:
                    c2:bc:03:c1:26:e1:21:e2:0a:22:ad:c2:fa:11:22:
                    96:38:50:94:27:4d:eb:0e:79:31:c1:96:56:60:35:
                    cf:c1:f1:00:5d:66:b5:5b:4e:76:17:12:ca:fb:ac:
                    78:b3:5c:c3:a7:30:6f:e5:a7:68:3b:b9:ae:de:1b:
                    ca:54:f3:4f:39:f8:ce:b7:15:fb:64:0d:6d:73:41:
                    6d:bc:66:9c:3a:7b:ee:12:9c:a1:48:3f:88:09:31:
                    53:c4:c4:69:ce:dd:5d:ea:af:7f:05:44:d4:ef:d6:
                    d4:f5:85:d9:03:5c:f4:95:5e:90:01:16:42:eb:e3:
                    62:f0:5c:72:3d:14:b2:d9:c9:c1:bd:4a:41:2a:81:
                    98:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E0:80:BC:5A:6B:0A:D7:2F:12:9F:5B:33:2B:49:7F:E7:AE:BC:6F
            X509v3 Authority Key Identifier:
                keyid:31:31:1C:FC:C1:40:1B:D6:D0:E6:B6:B3:91:67:B6:5C:21:09:21:14

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/MTEc_MFAG9bQ5razkWe2XCEJIRQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/MTEc_MFAG9bQ5razkWe2XCEJIRQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E3493/E52C14C09FFA11F0BAD50B61C4F9AE02/485C422CA5FF11F08004B67CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.65.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d2:14:b9:ae:08:b4:d6:f1:90:ab:52:27:4b:8d:98:ce:f3:f3:
         56:a0:9b:d3:cc:5a:22:76:c4:be:d9:ef:91:6d:c6:76:f1:45:
         52:f9:aa:9d:6b:b3:bf:ab:9d:eb:e1:b5:b9:86:d6:4b:c3:49:
         c0:fd:11:51:32:ae:08:60:bc:cc:37:41:08:eb:38:8c:b0:f0:
         7e:83:9c:72:86:28:0d:05:00:d9:d9:75:5d:c9:7a:bb:f5:d1:
         c6:ab:82:66:5e:50:2f:bc:a6:ab:37:9c:24:38:6d:05:53:88:
         80:e2:b8:d0:fb:b4:a3:1c:05:87:2f:6a:d1:00:75:45:69:52:
         4d:bf:d1:27:4f:f0:66:e9:32:dd:2f:36:0c:27:a2:6d:a1:20:
         b5:bd:3c:4c:67:d8:93:80:88:84:33:cf:00:76:2c:eb:fd:c7:
         dd:45:3d:00:d7:53:60:63:cc:45:36:42:47:13:d6:e5:c2:c0:
         a4:17:62:34:b3:fd:bc:8b:8f:ee:76:c1:f9:43:d2:c7:bd:1f:
         5e:1d:08:f5:f9:2c:7c:ed:39:ef:01:b0:c9:a9:d8:2b:df:e2:
         31:83:4d:16:3d:b7:e9:6e:11:28:49:9c:ec:74:2f:ab:59:bc:
         dd:e0:dd:c5:9b:64:e5:4c:82:10:b6:db:3e:d5:f6:0d:b3:03:
         4f:ed:66:5c
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBDzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
MzQ5MzExMC8GA1UEBRMoMzEzMTFDRkNDMTQwMUJENkQwRTZCNkIzOTE2N0I2NUMy
MTA5MjExNDAeFw0yNTEwMTAxNzMzNTBaFw0yNjAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4ZTk0MzdlLTU2ZDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAfKLPSH1iOlm2Wxb//71mhdTpmFWjkli7cDtSTAiYizg1oa5Wzvxy6tR/nM+v
Y0lQUQnM2Gt25bbwx+FBTuks5hIqnqrJBv0/6G+Hk8Ap3JChU+9xiilK3ACo/HcX
lYvCc5nZ0ucfmtBoUxQPx9xCLWNSCTau9cK8A8Em4SHiCiKtwvoRIpY4UJQnTesO
eTHBllZgNc/B8QBdZrVbTnYXEsr7rHizXMOnMG/lp2g7ua7eG8pU8085+M63Fftk
DW1zQW28Zpw6e+4SnKFIP4gJMVPExGnO3V3qr38FRNTv1tT1hdkDXPSVXpABFkLr
42LwXHI9FLLZycG9SkEqgZhjAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUdOCAvFpr
CtcvEp9bMytJf+euvG8wHwYDVR0jBBgwFoAUMTEc/MFAG9bQ5razkWe2XCEJIRQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUUzNDkzL0U1MkMxNEMwOUZG
QTExRjBCQUQ1MEI2MUM0RjlBRTAyL01URWNfTUZBRzliUTVyYXprV2UyWENFSklS
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvTVRFY19NRkFHOWJRNXJhemtXZTJYQ0VKSVJRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
MzQ5My9FNTJDMTRDMDlGRkExMUYwQkFENTBCNjFDNEY5QUUwMi80ODVDNDIyQ0E1
RkYxMUYwODAwNEI2N0NDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEBphBwDANBgkqhkiG9w0BAQsFAAOCAQEA0hS5rgi01vGQq1In
S42YzvPzVqCb08xaInbEvtnvkW3GdvFFUvmqnWuzv6ud6+G1uYbWS8NJwP0RUTKu
CGC8zDdBCOs4jLDwfoOccoYoDQUA2dl1Xcl6u/XRxquCZl5QL7ymqzecJDhtBVOI
gOK40Pu0oxwFhy9q0QB1RWlSTb/RJ0/wZuky3S82DCeibaEgtb08TGfYk4CIhDPP
AHYs6/3H3UU9ANdTYGPMRTZCRxPW5cLApBdiNLP9vIuP7nbB+UPSx70fXh0I9fks
fO057wGwyanYK9/iMYNNFj236W4RKEmc7HQvq1m83eDdxZtk5UyCELbbPtX2DbMD
T+1mXA==
-----END CERTIFICATE-----
Generated at Sat Oct 11 14:15:49 2025 by rpki-client