Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/7CB2221C91E111F09C322980C4F9AE02.roa
File:                     7CB2221C91E111F09C322980C4F9AE02.roa (raw, json)
Hash identifier:          Jm69XnxkSt8CaD8B4M7m2OfdxuyjH53yi3Y2n3LjPoQ=
Subject key identifier:   37:AF:C1:32:17:74:19:82:C6:BE:C9:3D:61:74:AF:1A:10:53:26:76
Certificate issuer:       /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial:       1368
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/7CB2221C91E111F09C322980C4F9AE02.roa
Signing time:             Mon 15 Sep 2025 03:10:10 +0000
ROA not before:           Mon 15 Sep 2025 03:10:09 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        203.117.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
                          rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 17:42:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4968 (0x1368)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91402DC, serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
        Validity
            Not Before: Sep 15 03:10:09 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68c78391-7c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6b:6b:80:0e:6e:d0:00:ef:f7:d7:de:d5:71:
                    2b:6d:3a:c7:d4:c7:b0:cc:7c:39:81:40:33:25:09:
                    42:87:aa:52:41:1f:3f:15:11:e2:9a:bd:ca:8c:24:
                    61:dd:30:3a:00:f4:a1:55:80:c1:41:0f:03:82:e2:
                    4d:71:f2:75:b7:4c:fc:86:08:73:f0:9d:df:07:e5:
                    24:16:e1:68:40:ba:96:0a:3b:0c:f5:c1:78:c6:7e:
                    7b:e0:b2:a3:46:1b:91:e9:4c:cd:55:36:6d:7c:6a:
                    16:7f:77:6b:13:98:cd:d3:e5:dd:97:32:57:6a:f8:
                    92:de:c3:8e:02:c5:a7:24:32:c2:a4:4a:98:c1:7b:
                    93:dc:40:30:85:17:61:95:97:17:3a:75:5a:17:ba:
                    35:a9:86:6e:c4:e6:6a:ec:f1:84:65:01:07:26:8e:
                    44:5d:18:f9:ad:a9:99:10:f1:a8:06:47:64:35:fa:
                    7d:4a:31:5d:5c:31:ac:b4:b0:41:72:b8:39:50:87:
                    82:4c:9d:19:33:6a:a6:60:fd:03:f0:66:b7:82:9f:
                    1f:83:d1:ab:6e:ea:39:05:37:b2:8c:50:e8:bb:4e:
                    21:41:1e:6d:36:08:37:25:61:4b:da:66:e6:8e:4d:
                    bd:f5:d7:96:47:86:33:0a:7a:98:ff:09:43:2e:12:
                    a0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:AF:C1:32:17:74:19:82:C6:BE:C9:3D:61:74:AF:1A:10:53:26:76
            X509v3 Authority Key Identifier:
                keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/7CB2221C91E111F09C322980C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.117.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:17:d1:d7:9e:3b:77:43:a7:49:7f:67:59:de:20:e0:de:86:
         c3:c6:c3:a1:bf:66:44:44:3b:0c:55:85:d7:a5:af:3c:e9:f4:
         33:7a:05:4e:ce:95:3c:18:c8:c0:ad:03:e9:df:af:c5:ac:af:
         18:e4:a9:33:a8:60:89:9b:86:4b:0b:37:dd:a8:48:2f:4f:99:
         4f:61:9b:08:44:01:b2:bd:a6:42:16:f6:0c:3d:0e:59:ad:16:
         75:3a:a6:50:e9:e6:df:01:df:a8:0f:ce:87:ac:5e:fc:1d:e1:
         00:94:dc:9a:f5:68:9b:25:30:bd:a4:70:a5:22:b8:ed:e5:10:
         84:c8:af:4d:17:2c:70:5e:eb:d0:ca:80:17:bd:71:05:c2:c6:
         f7:60:cc:12:94:c7:86:a1:6f:25:af:a0:cd:bc:0f:77:b1:0a:
         ce:bd:b9:90:95:9c:34:0a:e1:4c:6a:f1:22:c9:60:84:19:67:
         56:71:56:51:84:97:88:89:53:42:e8:c0:75:f2:8b:e4:b7:a3:
         8a:20:85:9f:d1:f3:1c:e7:32:40:63:a3:80:8a:50:b0:ad:1d:
         44:a1:f8:64:3d:57:98:83:03:1b:62:24:31:03:0c:05:b7:89:
         56:29:55:12:84:d4:3d:40:a6:a3:a3:81:15:9c:89:77:42:2a:
         ff:0f:2d:13
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICE2gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjUwOTE1MDMxMDA5WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM3ODM5MS03YzA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4mtrgA5u0ADv99fe1XErbTrH1MewzHw5gUAzJQlCh6pSQR8/FRHimr3KjCRh
3TA6APShVYDBQQ8DguJNcfJ1t0z8hghz8J3fB+UkFuFoQLqWCjsM9cF4xn574LKj
RhuR6UzNVTZtfGoWf3drE5jN0+XdlzJXaviS3sOOAsWnJDLCpEqYwXuT3EAwhRdh
lZcXOnVaF7o1qYZuxOZq7PGEZQEHJo5EXRj5ramZEPGoBkdkNfp9SjFdXDGstLBB
crg5UIeCTJ0ZM2qmYP0D8Ga3gp8fg9Grbuo5BTeyjFDou04hQR5tNgg3JWFL2mbm
jk299deWR4YzCnqY/wlDLhKggQIDAQABo4IClTCCApEwHQYDVR0OBBYEFDevwTIX
dBmCxr7JPWF0rxoQUyZ2MB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvN0NCMjIyMUM5
MUUxMTFGMDlDMzIyOTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLdTUwDQYJKoZIhvcNAQELBQADggEBAKoX0deeO3dDp0l/
Z1neIODehsPGw6G/ZkREOwxVhdelrzzp9DN6BU7OlTwYyMCtA+nfr8WsrxjkqTOo
YImbhksLN92oSC9PmU9hmwhEAbK9pkIW9gw9DlmtFnU6plDp5t8B36gPzoesXvwd
4QCU3Jr1aJslML2kcKUiuO3lEITIr00XLHBe69DKgBe9cQXCxvdgzBKUx4ahbyWv
oM28D3exCs69uZCVnDQK4Uxq8SLJYIQZZ1ZxVlGEl4iJU0LowHXyi+S3o4oghZ/R
8xznMkBjo4CKULCtHUSh+GQ9V5iDAxtiJDEDDAW3iVYpVRKE1D1ApqOjgRWciXdC
Kv8PLRM=
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:10:14 2025 by rpki-client