Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/2159B7B8A41F11F087C1F02CC4F9AE02.roa
File:                     2159B7B8A41F11F087C1F02CC4F9AE02.roa (raw, json)
Hash identifier:          o9+trdGZs9g/j9AiQD7kTRhw8blN1x7JWncUYHM5y3Y=
Subject key identifier:   F4:5B:4F:BF:82:67:A3:A2:E3:F9:94:27:23:32:5E:73:6B:1C:02:08
Certificate issuer:       /CN=A9160AEE/serialNumber=CC4240707410363735EBF6EFB194FB670F345F42
Certificate serial:       10
Authority key identifier: CC:42:40:70:74:10:36:37:35:EB:F6:EF:B1:94:FB:67:0F:34:5F:42
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/zEJAcHQQNjc16_bvsZT7Zw80X0I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/2159B7B8A41F11F087C1F02CC4F9AE02.roa
Signing time:             Thu 09 Oct 2025 07:29:51 +0000
ROA not before:           Thu 09 Oct 2025 07:29:51 +0000
ROA not after:            Sun 31 Jan 2027 00:00:00 +0000
asID:                     154285
IP address blocks:        138.252.18.0/23 maxlen: 23
                          138.252.18.0/24 maxlen: 24
                          138.252.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/zEJAcHQQNjc16_bvsZT7Zw80X0I.crl
                          rsync://rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/zEJAcHQQNjc16_bvsZT7Zw80X0I.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/zEJAcHQQNjc16_bvsZT7Zw80X0I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 11:55:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16 (0x10)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9160AEE, serialNumber=CC4240707410363735EBF6EFB194FB670F345F42
        Validity
            Not Before: Oct  9 07:29:51 2025 GMT
            Not After : Jan 31 00:00:00 2027 GMT
        Subject: CN=68e7646f-2acd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:59:72:9d:b6:df:24:54:93:4e:33:7f:f5:ec:
                    c9:ff:d3:bf:2b:51:14:a8:81:b9:38:09:0c:7d:5b:
                    a9:0a:a3:87:0c:50:4c:af:10:43:4b:8c:38:e6:14:
                    63:5f:9e:44:33:ed:15:81:8a:a4:bf:13:37:ed:84:
                    a6:8a:8d:1a:16:b7:ce:99:05:e7:dc:4f:11:f8:17:
                    84:2c:0e:47:67:dd:5a:9e:3e:15:03:68:65:2e:5c:
                    4c:7b:18:06:a0:21:f1:f9:0c:c5:c4:9b:45:bc:98:
                    0e:65:cf:61:82:76:71:25:16:bf:83:6b:74:1b:e3:
                    f8:39:e7:b8:47:2a:ea:dd:c7:e4:25:aa:c6:3d:d4:
                    2e:0b:99:e4:2f:0b:49:df:29:e8:d6:ee:46:cf:71:
                    92:5f:43:a8:f0:20:f0:70:8e:14:1c:11:95:e6:06:
                    d7:84:7f:d9:27:c4:54:f7:00:51:6c:91:09:6b:b3:
                    56:35:65:ff:96:fe:27:74:19:1e:5c:90:fe:0a:59:
                    44:7f:a9:45:35:31:4a:5a:63:ec:c4:52:4e:8e:1b:
                    be:36:48:f5:c9:f7:bf:b3:a4:9d:59:f9:0e:1e:f1:
                    cd:66:c8:10:d8:32:aa:c9:21:d8:6c:f0:14:44:9b:
                    7c:28:4b:51:a9:44:a4:3a:58:40:6a:9b:5b:b1:3c:
                    4c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:5B:4F:BF:82:67:A3:A2:E3:F9:94:27:23:32:5E:73:6B:1C:02:08
            X509v3 Authority Key Identifier:
                keyid:CC:42:40:70:74:10:36:37:35:EB:F6:EF:B1:94:FB:67:0F:34:5F:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/zEJAcHQQNjc16_bvsZT7Zw80X0I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/zEJAcHQQNjc16_bvsZT7Zw80X0I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9160AEE/188CAF06A3EC11F0B8E97F37C4F9AE02/2159B7B8A41F11F087C1F02CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:5b:70:96:e1:9a:a0:7c:3e:b7:46:83:36:56:2f:b6:cc:
         fc:cc:6f:64:d5:cd:f8:6d:c6:1a:95:c3:ea:e2:cc:ad:2b:36:
         9d:46:6e:fd:ab:9d:17:5a:d1:2c:60:b3:7e:f5:84:f2:3b:31:
         4d:54:aa:e2:fc:c7:57:99:b7:6e:48:d6:12:aa:99:70:60:98:
         ca:a8:4e:ef:82:7a:de:83:4f:d1:92:c7:03:ba:b9:c7:75:75:
         ad:5f:dd:49:9f:ca:87:8a:d5:2d:71:75:27:16:00:99:ed:8b:
         b2:70:fd:23:82:cf:60:76:3e:82:a5:c7:c5:9c:a2:16:c5:4c:
         18:fe:ec:39:2c:8e:fd:f1:3f:97:6c:19:5d:1b:4d:d7:91:a9:
         1f:61:90:83:2c:7d:bc:66:80:d6:7e:d8:0d:3a:8f:1c:f7:25:
         2d:00:5e:4c:f6:9c:65:69:2e:82:a5:cd:c7:8e:9d:74:c0:bc:
         cf:51:1b:e9:5d:c7:8d:bb:94:06:d2:34:c8:05:e3:15:32:ce:
         70:96:80:bc:bd:63:e2:95:9f:b9:be:a5:f6:bd:b8:4f:e3:98:
         40:f4:78:80:8f:df:73:5d:dd:c6:d9:f8:f5:49:0e:3d:3e:cc:
         ab:53:07:13:c1:d4:67:b5:e4:d6:d5:34:e5:b9:3d:6a:4b:87:
         2c:48:01:c2
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBEDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
MEFFRTExMC8GA1UEBRMoQ0M0MjQwNzA3NDEwMzYzNzM1RUJGNkVGQjE5NEZCNjcw
RjM0NUY0MjAeFw0yNTEwMDkwNzI5NTFaFw0yNzAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4ZTc2NDZmLTJhY2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDOWXKdtt8kVJNOM3/17Mn/078rURSogbk4CQx9W6kKo4cMUEyvEENLjDjmFGNf
nkQz7RWBiqS/EzfthKaKjRoWt86ZBefcTxH4F4QsDkdn3VqePhUDaGUuXEx7GAag
IfH5DMXEm0W8mA5lz2GCdnElFr+Da3Qb4/g557hHKurdx+QlqsY91C4LmeQvC0nf
KejW7kbPcZJfQ6jwIPBwjhQcEZXmBteEf9knxFT3AFFskQlrs1Y1Zf+W/id0GR5c
kP4KWUR/qUU1MUpaY+zEUk6OG742SPXJ97+zpJ1Z+Q4e8c1myBDYMqrJIdhs8BRE
m3woS1GpRKQ6WEBqm1uxPExzAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU9FtPv4Jn
o6Lj+ZQnIzJec2scAggwHwYDVR0jBBgwFoAUzEJAcHQQNjc16/bvsZT7Zw80X0Iw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTYwQUVFLzE4OENBRjA2QTNF
QzExRjBCOEU5N0YzN0M0RjlBRTAyL3pFSkFjSFFRTmpjMTZfYnZzWlQ3Wnc4MFgw
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvekVKQWNIUVFOamMxNl9idnNaVDdadzgwWDBJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
MEFFRS8xODhDQUYwNkEzRUMxMUYwQjhFOTdGMzdDNEY5QUUwMi8yMTU5QjdCOEE0
MUYxMUYwODdDMUYwMkNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAYr8EjANBgkqhkiG9w0BAQsFAAOCAQEAJR1bcJbhmqB8PrdG
gzZWL7bM/MxvZNXN+G3GGpXD6uLMrSs2nUZu/audF1rRLGCzfvWE8jsxTVSq4vzH
V5m3bkjWEqqZcGCYyqhO74J63oNP0ZLHA7q5x3V1rV/dSZ/Kh4rVLXF1JxYAme2L
snD9I4LPYHY+gqXHxZyiFsVMGP7sOSyO/fE/l2wZXRtN15GpH2GQgyx9vGaA1n7Y
DTqPHPclLQBeTPacZWkugqXNx46ddMC8z1Eb6V3HjbuUBtI0yAXjFTLOcJaAvL1j
4pWfub6l9r24T+OYQPR4gI/fc13dxtn49UkOPT7Mq1MHE8HUZ7Xk1tU05bk9akuH
LEgBwg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 07:09:19 2025 by rpki-client