Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/F88154843B9D11F091B39D67C4F9AE02.roa
File:                     F88154843B9D11F091B39D67C4F9AE02.roa (raw, json)
Hash identifier:          nNxkYkRl2gKLDvZBsXppHYQmBwtDL7vgL/l44dOoypk=
Subject key identifier:   01:9E:A3:D7:9A:FB:4B:84:56:AF:77:FE:B0:B6:19:31:86:CB:1D:9C
Certificate issuer:       /CN=A91F6C10/serialNumber=E2B0DFA690D2C7EAC43636756E437B7C2626F4BB
Certificate serial:       04
Authority key identifier: E2:B0:DF:A6:90:D2:C7:EA:C4:36:36:75:6E:43:7B:7C:26:26:F4:BB
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/F88154843B9D11F091B39D67C4F9AE02.roa
Signing time:             Wed 28 May 2025 08:30:11 +0000
ROA not before:           Wed 28 May 2025 08:30:11 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     399861
IP address blocks:        161.248.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.crl
                          rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 07:06:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F6C10, serialNumber=E2B0DFA690D2C7EAC43636756E437B7C2626F4BB
        Validity
            Not Before: May 28 08:30:11 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=6836c993-2992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:15:26:43:69:ea:c8:a9:0c:30:5c:cf:80:7e:
                    81:76:ed:35:7e:0b:f0:35:83:bf:a0:2a:28:b9:58:
                    f3:10:51:45:58:ee:64:de:3a:15:b9:f4:47:3c:1d:
                    0e:2b:41:a6:36:75:17:a0:fe:bb:94:75:d9:12:28:
                    d8:42:bc:08:64:d4:41:cb:ae:71:01:32:e9:64:53:
                    25:00:a6:db:b5:10:3a:1b:93:a6:ce:6b:f2:1e:52:
                    be:81:0a:cf:7e:6d:09:e6:58:97:f5:2d:08:97:4e:
                    fa:10:31:81:c6:4d:ea:25:72:09:eb:14:bb:ed:20:
                    a2:d2:f4:15:b2:61:04:32:b6:e2:85:55:f1:26:f8:
                    d0:4a:a6:96:c1:bc:ce:74:30:8c:28:3b:df:ab:04:
                    30:eb:33:1c:42:85:6e:87:69:fa:23:e0:0c:eb:3f:
                    c2:d5:70:43:0e:8e:57:bd:35:61:b1:2b:e1:fb:e3:
                    e8:f4:8a:e5:75:29:fe:c7:0e:c2:22:a5:05:19:00:
                    7f:2a:9e:77:1d:4e:f5:ba:93:27:21:c7:16:2d:6e:
                    53:be:ea:b7:9c:ae:9d:4e:ac:b3:1f:6a:bf:9e:3a:
                    dc:d1:8e:10:b4:86:b2:a6:75:86:fb:f9:29:d4:2a:
                    99:d5:8b:b4:b4:58:b0:45:06:2e:a0:08:7b:98:9c:
                    c8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:9E:A3:D7:9A:FB:4B:84:56:AF:77:FE:B0:B6:19:31:86:CB:1D:9C
            X509v3 Authority Key Identifier:
                keyid:E2:B0:DF:A6:90:D2:C7:EA:C4:36:36:75:6E:43:7B:7C:26:26:F4:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/F88154843B9D11F091B39D67C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:f5:e0:a5:18:20:33:5f:80:28:29:5e:80:0e:19:d6:60:34:
         43:95:7e:8b:ec:e9:da:e1:7b:1b:78:bc:66:23:6c:06:bd:b0:
         8b:0b:1e:18:3e:8b:06:1f:42:3d:90:a8:2e:54:c5:6e:8f:89:
         16:3e:4d:5c:35:a8:fa:2c:30:e7:8c:19:db:0e:ba:ef:3d:c2:
         67:89:b0:7a:89:b1:88:aa:0a:01:a8:08:e8:ee:c4:5b:4c:ff:
         01:ae:62:f9:8a:05:bf:75:cd:3d:4a:3e:db:44:dc:4b:e5:a9:
         3e:b7:27:bc:8f:6a:ad:3d:ad:f1:b8:6a:7e:5c:a4:46:d5:bf:
         cd:c2:72:c4:04:25:04:2c:d8:d1:68:6f:b1:2b:1d:16:ec:bb:
         dc:ae:0d:41:38:a2:c9:31:d5:be:f7:e7:24:0b:57:ee:14:4e:
         64:b5:82:59:9b:e2:96:54:50:02:0b:df:2a:42:2f:c2:83:1d:
         ac:5e:27:74:a6:4d:05:7c:d4:2a:a7:23:25:a6:11:f5:66:47:
         dc:b3:fb:75:a6:24:b9:05:dc:7e:48:e4:5b:9e:66:6a:5a:e6:
         17:40:ad:7e:ca:26:aa:e3:85:56:c7:3b:07:e8:2a:3c:ab:bd:
         ef:92:d7:d0:b1:67:30:ca:d6:44:4e:de:6c:d4:22:fb:1e:58:
         a4:5b:93:51
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
NkMxMDExMC8GA1UEBRMoRTJCMERGQTY5MEQyQzdFQUM0MzYzNjc1NkU0MzdCN0My
NjI2RjRCQjAeFw0yNTA1MjgwODMwMTFaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4MzZjOTkzLTI5OTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDzFSZDaerIqQwwXM+AfoF27TV+C/A1g7+gKii5WPMQUUVY7mTeOhW59Ec8HQ4r
QaY2dReg/ruUddkSKNhCvAhk1EHLrnEBMulkUyUAptu1EDobk6bOa/IeUr6BCs9+
bQnmWJf1LQiXTvoQMYHGTeolcgnrFLvtIKLS9BWyYQQytuKFVfEm+NBKppbBvM50
MIwoO9+rBDDrMxxChW6Hafoj4AzrP8LVcEMOjle9NWGxK+H74+j0iuV1Kf7HDsIi
pQUZAH8qnncdTvW6kychxxYtblO+6recrp1OrLMfar+eOtzRjhC0hrKmdYb7+SnU
KpnVi7S0WLBFBi6gCHuYnMj3AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUAZ6j15r7
S4RWr3f+sLYZMYbLHZwwHwYDVR0jBBgwFoAU4rDfppDSx+rENjZ1bkN7fCYm9Lsw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY2QzEwLzBFOTQwNUJBM0I5
RDExRjA5MDFDQjI2MkM0RjlBRTAyLzRyRGZwcERTeC1yRU5qWjFia043ZkNZbTlM
cy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvNHJEZnBwRFN4LXJFTmpaMWJrTjdmQ1ltOUxzLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
NkMxMC8wRTk0MDVCQTNCOUQxMUYwOTAxQ0IyNjJDNEY5QUUwMi9GODgxNTQ4NDNC
OUQxMUYwOTFCMzlENjdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaH4WDANBgkqhkiG9w0BAQsFAAOCAQEAHfXgpRggM1+AKCle
gA4Z1mA0Q5V+i+zp2uF7G3i8ZiNsBr2wiwseGD6LBh9CPZCoLlTFbo+JFj5NXDWo
+iww54wZ2w667z3CZ4mweomxiKoKAagI6O7EW0z/Aa5i+YoFv3XNPUo+20TcS+Wp
PrcnvI9qrT2t8bhqflykRtW/zcJyxAQlBCzY0WhvsSsdFuy73K4NQTiiyTHVvvfn
JAtX7hROZLWCWZvillRQAgvfKkIvwoMdrF4ndKZNBXzUKqcjJaYR9WZH3LP7daYk
uQXcfkjkW55malrmF0CtfsomquOFVsc7B+gqPKu975LX0LFnMMrWRE7ebNQi+x5Y
pFuTUQ==
-----END CERTIFICATE-----
Generated at Wed Jun 11 07:24:30 2025 by rpki-client