Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/BD956DA243A811F0B2160F4CC4F9AE02.roa
File:                     BD956DA243A811F0B2160F4CC4F9AE02.roa (raw, json)
Hash identifier:          SmHvBDinpxX4tRTL3vvchcGUAjuudUTG+aS1hQP2/DQ=
Subject key identifier:   68:64:91:47:FE:5E:3E:DA:CF:76:41:9B:79:7B:49:CB:06:B0:AC:9A
Certificate issuer:       /CN=A9117CE3/serialNumber=C26F46FD9952B3AF3A7D715DE1BF3A61E25C798A
Certificate serial:       BD
Authority key identifier: C2:6F:46:FD:99:52:B3:AF:3A:7D:71:5D:E1:BF:3A:61:E2:5C:79:8A
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/wm9G_ZlSs686fXFd4b86YeJceYo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/BD956DA243A811F0B2160F4CC4F9AE02.roa
Signing time:             Sat 07 Jun 2025 14:09:21 +0000
ROA not before:           Sat 07 Jun 2025 14:09:21 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     135883
IP address blocks:        160.25.20.0/23 maxlen: 23
                          160.25.20.0/24 maxlen: 24
                          160.25.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/wm9G_ZlSs686fXFd4b86YeJceYo.crl
                          rsync://rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/wm9G_ZlSs686fXFd4b86YeJceYo.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/wm9G_ZlSs686fXFd4b86YeJceYo.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 04:58:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 189 (0xbd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9117CE3, serialNumber=C26F46FD9952B3AF3A7D715DE1BF3A61E25C798A
        Validity
            Not Before: Jun  7 14:09:21 2025 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=68444811-d822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c4:70:90:6a:d3:e2:18:e8:4b:5c:f7:ed:09:
                    1e:79:68:7b:ed:ca:54:24:2b:ad:92:f3:08:c6:52:
                    fd:5d:8f:f4:a6:bb:c4:8f:0a:aa:d6:48:6a:55:17:
                    b5:d9:eb:ff:27:69:98:7b:5f:4f:77:5c:83:8a:64:
                    73:20:d7:8e:71:95:5c:80:14:1e:9d:a0:29:68:ec:
                    2b:6b:df:99:ca:de:da:c0:b6:44:ec:bf:67:57:75:
                    58:cf:71:f9:09:b0:28:5a:aa:2a:d2:22:6b:f0:23:
                    9c:9e:fe:1c:65:14:4f:6f:9c:ca:bf:3e:c0:b3:46:
                    f0:a5:7d:cc:d0:7d:1e:9e:a3:bb:b5:ed:90:62:91:
                    e2:7a:75:e1:4e:aa:bf:bc:a6:52:ba:16:9a:5e:c9:
                    d8:c7:7c:e2:0e:9b:97:e4:ba:82:9e:57:db:af:42:
                    6d:44:d6:f9:51:29:ef:a0:a6:cd:3e:b5:25:d7:5f:
                    4c:6a:f2:4b:98:b4:9d:24:91:a5:4f:d6:99:3a:f3:
                    43:f0:20:bf:57:44:0e:49:69:88:f1:b2:66:1a:4d:
                    59:e2:73:83:92:c7:d3:49:ba:77:83:a9:cb:d2:e4:
                    3f:f7:be:56:13:5a:bb:69:48:9f:36:ef:4b:fd:00:
                    dd:0b:7f:14:71:25:cc:a2:2c:a4:27:73:23:3e:ac:
                    9c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:64:91:47:FE:5E:3E:DA:CF:76:41:9B:79:7B:49:CB:06:B0:AC:9A
            X509v3 Authority Key Identifier:
                keyid:C2:6F:46:FD:99:52:B3:AF:3A:7D:71:5D:E1:BF:3A:61:E2:5C:79:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/wm9G_ZlSs686fXFd4b86YeJceYo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/wm9G_ZlSs686fXFd4b86YeJceYo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9117CE3/A90CAFC4346511EFB9C0764FC4F9AE02/BD956DA243A811F0B2160F4CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ce:e4:b2:a6:40:f0:98:75:68:d5:b0:4f:78:f1:cd:70:61:
         00:c5:2f:42:22:4d:0e:43:49:f4:f2:d4:7c:21:48:29:25:41:
         45:e8:f2:c8:c3:b6:fb:03:ea:1f:a9:b6:f7:87:bb:e8:62:40:
         c3:31:14:d3:e4:ec:17:4d:01:1e:5c:34:69:19:67:44:58:2a:
         4b:a3:d3:c1:be:83:69:34:9f:48:34:eb:ff:36:cd:f3:b4:49:
         57:83:9e:8a:1f:53:50:ca:fa:dd:ca:66:16:af:d9:5f:27:7f:
         c1:1a:b4:bf:f8:ee:45:76:8c:a1:ec:98:12:8b:f4:15:95:97:
         eb:4a:f6:86:8c:a1:98:bf:7d:0d:bb:cd:77:d4:aa:34:16:5a:
         a5:d7:c0:ee:e3:35:76:12:a9:af:76:d1:68:8e:3d:5a:ef:a2:
         a3:00:ea:4a:29:e5:a6:57:6a:48:85:63:aa:82:c3:95:d8:a1:
         b0:b2:48:c6:e5:69:53:73:2d:b5:a2:1b:30:65:a0:e4:b0:36:
         b8:26:fd:06:de:fb:09:61:e3:cd:85:36:85:3a:b6:32:97:cf:
         70:42:6c:c1:8c:56:67:55:fe:fd:83:43:15:f0:d0:74:00:2d:
         c4:9f:e6:fc:b2:67:67:f6:43:5f:4a:e2:fc:06:bc:9b:96:ba:
         b6:a6:72:13
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAL0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTdDRTMxMTAvBgNVBAUTKEMyNkY0NkZEOTk1MkIzQUYzQTdENzE1REUxQkYzQTYx
RTI1Qzc5OEEwHhcNMjUwNjA3MTQwOTIxWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQ0NDgxMS1kODIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArMRwkGrT4hjoS1z37QkeeWh77cpUJCutkvMIxlL9XY/0prvEjwqq1khqVRe1
2ev/J2mYe19Pd1yDimRzINeOcZVcgBQenaApaOwra9+Zyt7awLZE7L9nV3VYz3H5
CbAoWqoq0iJr8COcnv4cZRRPb5zKvz7As0bwpX3M0H0enqO7te2QYpHienXhTqq/
vKZSuhaaXsnYx3ziDpuX5LqCnlfbr0JtRNb5USnvoKbNPrUl119MavJLmLSdJJGl
T9aZOvND8CC/V0QOSWmI8bJmGk1Z4nODksfTSbp3g6nL0uQ/975WE1q7aUifNu9L
/QDdC38UcSXMoiykJ3MjPqychQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGhkkUf+
Xj7az3ZBm3l7ScsGsKyaMB8GA1UdIwQYMBaAFMJvRv2ZUrOvOn1xXeG/OmHiXHmK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExN0NFMy9BOTBDQUZDNDM0
NjUxMUVGQjlDMDc2NEZDNEY5QUUwMi93bTlHX1psU3M2ODZmWEZkNGI4NlllSmNl
WW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3dtOUdfWmxTczY4NmZYRmQ0Yjg2WWVKY2VZby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTdDRTMvQTkwQ0FGQzQzNDY1MTFFRkI5QzA3NjRGQzRGOUFFMDIvQkQ5NTZEQTI0
M0E4MTFGMEIyMTYwRjRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGgGRQwDQYJKoZIhvcNAQELBQADggEBABPO5LKmQPCYdWjV
sE948c1wYQDFL0IiTQ5DSfTy1HwhSCklQUXo8sjDtvsD6h+ptveHu+hiQMMxFNPk
7BdNAR5cNGkZZ0RYKkuj08G+g2k0n0g06/82zfO0SVeDnoofU1DK+t3KZhav2V8n
f8EatL/47kV2jKHsmBKL9BWVl+tK9oaMoZi/fQ27zXfUqjQWWqXXwO7jNXYSqa92
0WiOPVrvoqMA6kop5aZXakiFY6qCw5XYobCySMblaVNzLbWiGzBloOSwNrgm/Qbe
+wlh482FNoU6tjKXz3BCbMGMVmdV/v2DQxXw0HQALcSf5vyyZ2f2Q19K4vwGvJuW
uramchM=
-----END CERTIFICATE-----
Generated at Tue Jun 10 03:30:47 2025 by rpki-client