Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/E941D4F2A4FD11F090BC8576C4F9AE02.roa
File:                     E941D4F2A4FD11F090BC8576C4F9AE02.roa (raw, json)
Hash identifier:          duEUr4kKsrDJuBz+0GVZgBqKhdqXHVgsZ+uYpS7Bds4=
Subject key identifier:   7A:C8:1E:9E:8D:B6:B1:62:0A:99:47:B5:F0:08:C8:1F:7B:08:EA:3A
Certificate issuer:       /CN=A911F753/serialNumber=2D49B3AE6DA18B63464A3177AB32101942E6A51A
Certificate serial:       A6
Authority key identifier: 2D:49:B3:AE:6D:A1:8B:63:46:4A:31:77:AB:32:10:19:42:E6:A5:1A
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LUmzrm2hi2NGSjF3qzIQGULmpRo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/E941D4F2A4FD11F090BC8576C4F9AE02.roa
Signing time:             Thu 09 Oct 2025 10:51:30 +0000
ROA not before:           Thu 09 Oct 2025 10:51:30 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     214571
IP address blocks:        160.250.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/LUmzrm2hi2NGSjF3qzIQGULmpRo.crl
                          rsync://rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/LUmzrm2hi2NGSjF3qzIQGULmpRo.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LUmzrm2hi2NGSjF3qzIQGULmpRo.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 09:45:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166 (0xa6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911F753, serialNumber=2D49B3AE6DA18B63464A3177AB32101942E6A51A
        Validity
            Not Before: Oct  9 10:51:30 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=68e793b1-7d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:59:f5:c3:67:5e:a9:fd:af:13:29:42:75:2d:
                    e7:97:f2:54:36:2e:71:54:d6:7c:45:dd:17:2f:8d:
                    cb:dc:e7:94:d3:2c:48:8b:b2:fa:53:76:6b:00:64:
                    8b:d1:7b:56:16:7e:b2:34:e3:88:56:f0:b9:b4:89:
                    d2:84:25:72:dd:28:06:b0:1b:15:43:1b:15:26:bd:
                    41:86:a5:9e:a7:c9:2c:7e:b4:1a:f4:13:c6:90:5d:
                    04:2a:15:9f:67:58:90:e8:d9:a6:33:72:15:26:ba:
                    b6:1d:72:c2:5b:10:99:b0:fc:03:f8:04:4b:34:00:
                    c1:4c:13:0c:bb:17:3c:78:1d:d3:72:af:db:59:55:
                    34:63:85:5e:e5:6b:42:d3:8d:2e:1d:c5:15:4d:ab:
                    8e:42:52:fa:81:41:71:6f:58:4f:ae:73:db:3d:81:
                    96:6e:b4:ed:a5:2d:1e:85:b1:7c:c8:4e:43:4f:9c:
                    b6:2c:7c:99:3b:ee:31:32:be:7d:62:9d:91:f1:03:
                    59:7d:74:79:97:ba:87:22:28:77:d4:76:d1:76:5c:
                    c7:c9:a9:9a:15:c7:80:f6:e8:4a:d1:eb:b5:ef:fc:
                    6c:63:0d:3d:0a:1b:60:8f:2f:6a:cb:1c:43:41:06:
                    63:62:1a:5a:13:ae:cb:ee:0a:c7:0d:17:a6:ed:bf:
                    a2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C8:1E:9E:8D:B6:B1:62:0A:99:47:B5:F0:08:C8:1F:7B:08:EA:3A
            X509v3 Authority Key Identifier:
                keyid:2D:49:B3:AE:6D:A1:8B:63:46:4A:31:77:AB:32:10:19:42:E6:A5:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/LUmzrm2hi2NGSjF3qzIQGULmpRo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LUmzrm2hi2NGSjF3qzIQGULmpRo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911F753/7809DA02BC0D11EF9B4AD649C4F9AE02/E941D4F2A4FD11F090BC8576C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:45:c9:cb:a6:8a:a9:52:64:fc:7b:c9:b2:fe:e5:e9:d2:75:
         32:93:e2:b1:10:15:19:c0:c7:a4:27:d9:53:91:e1:c3:2f:37:
         d8:01:bd:9d:4b:ee:46:57:d6:7e:67:07:e2:8a:27:55:ba:14:
         5e:a8:6d:57:45:02:0b:55:b5:c8:af:92:f7:e7:85:ad:a4:d8:
         7b:ff:73:47:a1:06:a4:44:89:d1:b4:92:13:e6:52:12:cd:ab:
         64:78:22:ec:d4:bf:06:48:7f:5a:7f:dd:49:f8:7d:e6:dd:85:
         52:a6:d9:54:4c:9b:ef:2c:f2:c6:d1:65:b5:44:06:72:50:24:
         d7:d0:a7:49:69:c4:b9:63:0b:22:bc:c2:8e:c8:74:4f:63:7a:
         ad:47:bb:a9:0c:7b:e6:c0:3a:63:11:da:10:25:99:8c:41:35:
         9d:43:26:49:15:0f:bd:9b:07:8b:69:83:c9:cb:41:90:41:d8:
         34:82:f8:98:bc:27:8f:3b:ba:42:62:44:98:11:28:1c:b7:70:
         c5:c3:59:d4:d3:eb:78:3d:7e:63:b7:a4:a9:cf:27:31:87:e7:
         40:a1:cc:1f:97:23:73:e2:58:64:3b:dc:4e:8d:bb:02:63:f6:
         2a:a5:5b:75:7e:2e:1e:1f:73:cb:e3:b4:f4:80:86:72:53:49:
         2d:bf:ef:0a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAKYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUY3NTMxMTAvBgNVBAUTKDJENDlCM0FFNkRBMThCNjM0NjRBMzE3N0FCMzIxMDE5
NDJFNkE1MUEwHhcNMjUxMDA5MTA1MTMwWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU3OTNiMS03ZDJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwFn1w2deqf2vEylCdS3nl/JUNi5xVNZ8Rd0XL43L3OeU0yxIi7L6U3ZrAGSL
0XtWFn6yNOOIVvC5tInShCVy3SgGsBsVQxsVJr1BhqWep8ksfrQa9BPGkF0EKhWf
Z1iQ6NmmM3IVJrq2HXLCWxCZsPwD+ARLNADBTBMMuxc8eB3Tcq/bWVU0Y4Ve5WtC
040uHcUVTauOQlL6gUFxb1hPrnPbPYGWbrTtpS0ehbF8yE5DT5y2LHyZO+4xMr59
Yp2R8QNZfXR5l7qHIih31HbRdlzHyamaFceA9uhK0eu17/xsYw09Chtgjy9qyxxD
QQZjYhpaE67L7grHDRem7b+iAQIDAQABo4IClTCCApEwHQYDVR0OBBYEFHrIHp6N
trFiCplHtfAIyB97COo6MB8GA1UdIwQYMBaAFC1Js65toYtjRkoxd6syEBlC5qUa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRjc1My83ODA5REEwMkJD
MEQxMUVGOUI0QUQ2NDlDNEY5QUUwMi9MVW16cm0yaGkyTkdTakYzcXpJUUdVTG1w
Um8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0xVbXpybTJoaTJOR1NqRjNxeklRR1VMbXBSby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUY3NTMvNzgwOURBMDJCQzBEMTFFRjlCNEFENjQ5QzRGOUFFMDIvRTk0MUQ0RjJB
NEZEMTFGMDkwQkM4NTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACg+uAwDQYJKoZIhvcNAQELBQADggEBAC1FycumiqlSZPx7
ybL+5enSdTKT4rEQFRnAx6Qn2VOR4cMvN9gBvZ1L7kZX1n5nB+KKJ1W6FF6obVdF
AgtVtcivkvfnha2k2Hv/c0ehBqREidG0khPmUhLNq2R4IuzUvwZIf1p/3Un4febd
hVKm2VRMm+8s8sbRZbVEBnJQJNfQp0lpxLljCyK8wo7IdE9jeq1Hu6kMe+bAOmMR
2hAlmYxBNZ1DJkkVD72bB4tpg8nLQZBB2DSC+Ji8J487ukJiRJgRKBy3cMXDWdTT
63g9fmO3pKnPJzGH50ChzB+XI3PiWGQ73E6NuwJj9iqlW3V+Lh4fc8vjtPSAhnJT
SS2/7wo=
-----END CERTIFICATE-----
Generated at Sun Oct 19 07:09:18 2025 by rpki-client