Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/C12F4320609011F09ABA7A5BC4F9AE02.roa
File:                     C12F4320609011F09ABA7A5BC4F9AE02.roa (raw, json)
Hash identifier:          OCoEtmDtIPGbS49zEBAsfemLp6KGOYOXcMpWwFguUPw=
Subject key identifier:   57:21:8C:5A:A7:EE:CD:0E:92:C3:B9:9C:85:09:14:47:0B:C8:B1:8B
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       4BC2
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/C12F4320609011F09ABA7A5BC4F9AE02.roa
Signing time:             Mon 14 Jul 2025 08:58:48 +0000
ROA not before:           Mon 14 Jul 2025 08:58:48 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     152978
IP address blocks:        2001:df4:2e40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19394 (0x4bc2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Jul 14 08:58:48 2025 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=6874c6c8-c9b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:41:79:96:bb:ea:72:77:42:09:58:92:e6:52:
                    74:b9:03:ea:89:e7:db:eb:3d:a9:29:bf:63:3a:85:
                    27:b4:d7:06:ec:bb:42:f7:53:d5:82:5f:f6:41:3f:
                    34:a1:37:b2:34:a9:5b:cd:c0:f3:57:3f:ae:2d:02:
                    39:6d:51:b9:c2:32:84:c6:9b:3e:94:7d:98:57:9b:
                    aa:0d:72:83:a1:1e:3e:30:fa:49:fe:b2:16:2d:84:
                    63:a5:cd:84:b9:33:0f:b2:2e:27:a7:0c:a8:36:5d:
                    ee:bf:3e:82:f0:c6:2e:a4:92:21:3c:17:c8:0b:e5:
                    f1:be:c1:6b:7c:6a:fd:29:5a:94:7c:e6:03:b3:e9:
                    32:18:f1:59:ee:93:6e:54:bb:b4:f5:69:8f:06:5a:
                    1b:7e:84:26:af:91:53:29:86:4a:9c:d5:00:31:43:
                    21:81:28:61:74:28:10:52:4e:fb:1f:39:ce:21:84:
                    b7:ec:7e:0e:33:cd:b4:da:84:8e:35:e7:31:92:ca:
                    88:ae:a6:cf:28:7d:96:92:46:b8:20:7a:36:55:a5:
                    72:38:48:2b:0d:ea:af:ef:98:22:b4:17:8d:ce:a2:
                    43:24:35:40:b5:93:1a:e9:df:d2:a3:05:02:91:dd:
                    c2:59:a3:56:30:ff:24:79:89:57:74:2d:a0:93:ac:
                    d0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:21:8C:5A:A7:EE:CD:0E:92:C3:B9:9C:85:09:14:47:0B:C8:B1:8B
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/C12F4320609011F09ABA7A5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:2e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:0f:f2:7d:b9:4c:68:94:93:4c:da:ef:f2:2e:98:9f:35:2c:
         5e:39:65:4d:1f:6c:08:06:dc:c7:8d:bc:a2:c1:70:22:00:a7:
         fa:34:24:46:bf:4d:89:58:24:4e:1b:92:44:8d:42:e1:99:83:
         2e:c9:84:d3:67:f4:b0:5c:85:bd:60:25:b0:92:da:1f:6e:99:
         53:58:c6:b0:5b:1b:2b:8e:e6:d0:04:aa:ca:0f:41:a9:f6:4e:
         90:f2:7a:43:47:b0:ac:4c:19:dd:13:fe:58:5c:12:6c:a2:be:
         e2:46:0a:c3:0d:96:72:af:fa:4d:5e:92:19:e1:ee:4c:fb:00:
         01:a1:16:fc:c5:f0:93:a5:9d:83:70:33:3c:02:24:4c:18:7d:
         f1:03:9b:fa:ff:21:70:42:49:85:95:58:fb:32:5e:0a:b4:8d:
         04:41:3d:f7:51:ea:55:0c:b4:59:6e:ae:33:3d:ac:c7:99:62:
         c6:82:43:92:7f:f2:d0:d3:66:02:bf:74:79:62:6d:fd:36:df:
         ee:8e:8a:c4:44:81:dc:88:ba:5a:42:1c:06:1c:c0:69:45:d4:
         ee:77:bd:e1:c6:15:ed:21:ee:68:7d:df:aa:ab:7d:b9:26:30:
         2c:6a:92:17:33:15:cb:e0:04:2d:85:b4:c4:bc:f0:d8:8e:fb:
         3d:70:cf:50
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICS8IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwNzE0MDg1ODQ4WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc0YzZjOC1jOWIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx0F5lrvqcndCCViS5lJ0uQPqiefb6z2pKb9jOoUntNcG7LtC91PVgl/2QT80
oTeyNKlbzcDzVz+uLQI5bVG5wjKExps+lH2YV5uqDXKDoR4+MPpJ/rIWLYRjpc2E
uTMPsi4npwyoNl3uvz6C8MYupJIhPBfIC+XxvsFrfGr9KVqUfOYDs+kyGPFZ7pNu
VLu09WmPBlobfoQmr5FTKYZKnNUAMUMhgShhdCgQUk77HznOIYS37H4OM8202oSO
NecxksqIrqbPKH2Wkka4IHo2VaVyOEgrDeqv75gitBeNzqJDJDVAtZMa6d/SowUC
kd3CWaNWMP8keYlXdC2gk6zQywIDAQABo4ICmDCCApQwHQYDVR0OBBYEFFchjFqn
7s0OksO5nIUJFEcLyLGLMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvQzEyRjQzMjA2
MDkwMTFGMDlBQkE3QTVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ30LkAwDQYJKoZIhvcNAQELBQADggEBAFoP8n25TGiU
k0za7/IumJ81LF45ZU0fbAgG3MeNvKLBcCIAp/o0JEa/TYlYJE4bkkSNQuGZgy7J
hNNn9LBchb1gJbCS2h9umVNYxrBbGyuO5tAEqsoPQan2TpDyekNHsKxMGd0T/lhc
EmyivuJGCsMNlnKv+k1ekhnh7kz7AAGhFvzF8JOlnYNwMzwCJEwYffEDm/r/IXBC
SYWVWPsyXgq0jQRBPfdR6lUMtFlurjM9rMeZYsaCQ5J/8tDTZgK/dHlibf023+6O
isREgdyIulpCHAYcwGlF1O53veHGFe0h7mh936qrfbkmMCxqkhczFcvgBC2FtMS8
8NiO+z1wz1A=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:07:08 2025 by rpki-client