Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/A45471ACC4ED11EE8A67C739C4F9AE02.roa
File:                     A45471ACC4ED11EE8A67C739C4F9AE02.roa (raw, json)
Hash identifier:          hJIP3vaCxaXSerzNVIz2IckZKnqrBprCPLaUe55Jaxk=
Subject key identifier:   62:B6:FD:F4:07:B6:09:E6:D8:10:FD:C6:CB:F9:7B:5D:F6:FF:37:23
Certificate issuer:       /CN=A91EDB37/serialNumber=95FEBE93A33A3394BD1F60DCBBDDB9FDE072B7F3
Certificate serial:       073F
Authority key identifier: 95:FE:BE:93:A3:3A:33:94:BD:1F:60:DC:BB:DD:B9:FD:E0:72:B7:F3
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/A45471ACC4ED11EE8A67C739C4F9AE02.roa
Signing time:             Thu 24 Jul 2025 22:34:38 +0000
ROA not before:           Thu 24 Jul 2025 22:34:38 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     24429
IP address blocks:        156.59.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.crl
                          rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 31 Jul 2025 22:34:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1855 (0x73f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EDB37, serialNumber=95FEBE93A33A3394BD1F60DCBBDDB9FDE072B7F3
        Validity
            Not Before: Jul 24 22:34:38 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6882b4fe-0f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ea:4d:c7:d6:d6:ad:38:ff:09:9e:a9:76:f5:
                    84:9e:4f:33:39:63:7f:37:77:69:40:d6:c1:9c:c6:
                    60:a3:83:97:ed:3e:5e:8a:4f:d6:dd:0c:04:6d:d2:
                    fe:70:f9:4a:06:9e:3d:05:1c:66:20:f1:17:f0:12:
                    88:27:ba:5e:44:51:01:39:d4:a8:a5:37:b1:b4:95:
                    b6:79:53:01:11:45:d7:30:2e:be:29:86:92:5e:ae:
                    6a:3f:51:a3:3c:e8:53:c8:21:48:d8:d2:da:8e:34:
                    23:70:88:3a:4c:ce:cf:bd:16:96:4d:89:91:96:e7:
                    ba:83:2b:06:63:46:47:b4:5a:22:e7:71:09:04:55:
                    24:1c:f1:4a:2b:40:f1:d4:2d:46:06:54:05:d6:e6:
                    0d:8d:ed:86:30:1d:d7:87:38:44:88:51:fc:a3:a0:
                    49:f6:a5:0f:c2:38:5c:50:e5:d2:4a:a4:82:68:66:
                    55:f4:50:ee:cb:9b:07:35:0f:50:46:76:53:08:68:
                    be:2f:c5:03:6c:85:6a:c0:a7:fe:7f:88:86:8e:ca:
                    ba:18:ec:3d:c6:74:b0:4c:89:72:cd:2e:c1:58:d1:
                    23:fb:59:93:7d:ba:c3:94:08:b7:75:de:25:59:50:
                    4b:68:27:a6:11:4b:29:ee:bf:7b:74:40:e9:37:9d:
                    22:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B6:FD:F4:07:B6:09:E6:D8:10:FD:C6:CB:F9:7B:5D:F6:FF:37:23
            X509v3 Authority Key Identifier:
                keyid:95:FE:BE:93:A3:3A:33:94:BD:1F:60:DC:BB:DD:B9:FD:E0:72:B7:F3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/A45471ACC4ED11EE8A67C739C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.59.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a4:98:ab:92:a4:59:bd:5d:b7:01:70:7e:d2:b2:e4:36:3f:
         35:e9:e7:11:6c:33:1c:69:76:38:22:9a:b5:9a:b6:31:9f:82:
         30:46:11:fa:1a:75:9d:85:c8:6b:f4:94:d5:5c:56:14:94:33:
         52:f6:fa:78:23:79:de:a2:bd:54:6c:28:50:5c:3b:0c:ba:bb:
         4b:3e:dd:1d:f3:b8:37:bc:de:65:3c:cf:59:1e:ea:a1:c2:de:
         82:20:ef:4c:aa:8e:53:31:c0:9d:77:0b:28:16:e0:38:14:88:
         71:5e:87:09:61:ee:e1:4c:7c:1d:11:58:79:eb:53:2e:b9:4c:
         3a:16:e4:b9:17:a6:b9:a5:a3:57:c7:4f:77:38:58:dd:b0:28:
         c6:ef:88:01:33:d7:b7:8b:60:88:19:5e:57:89:ce:8d:80:4c:
         8f:ea:12:f8:1d:e5:9c:f4:48:83:2c:87:2c:a2:96:1d:ec:a1:
         ec:8b:ea:9a:9d:82:61:ae:15:17:99:42:cf:6c:d1:70:8c:26:
         e7:e7:8e:41:8b:77:b1:c1:28:c4:11:9a:27:b7:11:b9:2e:56:
         b0:a1:7a:96:f5:52:0b:07:75:f9:c4:6c:7d:a6:17:15:be:75:
         a9:71:d4:cc:dc:7f:02:63:4f:e6:bc:cc:83:d1:e0:dc:7b:21:
         d7:29:c7:69
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBz8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RURCMzcxMTAvBgNVBAUTKDk1RkVCRTkzQTMzQTMzOTRCRDFGNjBEQ0JCRERCOUZE
RTA3MkI3RjMwHhcNMjUwNzI0MjIzNDM4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgyYjRmZS0wZjYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxepNx9bWrTj/CZ6pdvWEnk8zOWN/N3dpQNbBnMZgo4OX7T5eik/W3QwEbdL+
cPlKBp49BRxmIPEX8BKIJ7peRFEBOdSopTextJW2eVMBEUXXMC6+KYaSXq5qP1Gj
POhTyCFI2NLajjQjcIg6TM7PvRaWTYmRlue6gysGY0ZHtFoi53EJBFUkHPFKK0Dx
1C1GBlQF1uYNje2GMB3XhzhEiFH8o6BJ9qUPwjhcUOXSSqSCaGZV9FDuy5sHNQ9Q
RnZTCGi+L8UDbIVqwKf+f4iGjsq6GOw9xnSwTIlyzS7BWNEj+1mTfbrDlAi3dd4l
WVBLaCemEUsp7r97dEDpN50iaQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGK2/fQH
tgnm2BD9xsv5e132/zcjMB8GA1UdIwQYMBaAFJX+vpOjOjOUvR9g3Lvduf3gcrfz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFREIzNy80REU2MzVFMDc4
QTAxMUVCOTUwRDMxNzVDNEY5QUUwMi9sZjYtazZNNk01UzlIMkRjdTkyNV9lQnl0
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2xmNi1rNk02TTVTOUgyRGN1OTI1X2VCeXRfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RURCMzcvNERFNjM1RTA3OEEwMTFFQjk1MEQzMTc1QzRGOUFFMDIvQTQ1NDcxQUND
NEVEMTFFRThBNjdDNzM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACcO2wwDQYJKoZIhvcNAQELBQADggEBADekmKuSpFm9XbcB
cH7SsuQ2PzXp5xFsMxxpdjgimrWatjGfgjBGEfoadZ2FyGv0lNVcVhSUM1L2+ngj
ed6ivVRsKFBcOwy6u0s+3R3zuDe83mU8z1ke6qHC3oIg70yqjlMxwJ13CygW4DgU
iHFehwlh7uFMfB0RWHnrUy65TDoW5LkXprmlo1fHT3c4WN2wKMbviAEz17eLYIgZ
XleJzo2ATI/qEvgd5Zz0SIMshyyilh3soeyL6pqdgmGuFReZQs9s0XCMJufnjkGL
d7HBKMQRmie3EbkuVrChepb1UgsHdfnEbH2mFxW+dalx1MzcfwJjT+a8zIPR4Nx7
Idcpx2k=
-----END CERTIFICATE-----
Generated at Fri Jul 25 13:31:40 2025 by rpki-client