Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/67425BB07A7F11EFB5653840C4F9AE02.roa
File:                     67425BB07A7F11EFB5653840C4F9AE02.roa (raw, json)
Hash identifier:          VkPzYi2ZNs0vU05onLKrq1O6hJdtK/SNgO3aXYDbRas=
Subject key identifier:   1A:0E:C1:0F:87:72:C3:92:28:4B:F9:9E:D5:60:2F:95:ED:C4:F4:1D
Certificate issuer:       /CN=A9116DDB/serialNumber=0C769DA44982F61650362943E6DFEF951B9777FA
Certificate serial:       022E
Authority key identifier: 0C:76:9D:A4:49:82:F6:16:50:36:29:43:E6:DF:EF:95:1B:97:77:FA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DHadpEmC9hZQNilD5t_vlRuXd_o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/67425BB07A7F11EFB5653840C4F9AE02.roa
Signing time:             Wed 01 Oct 2025 03:30:16 +0000
ROA not before:           Wed 01 Oct 2025 03:30:16 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     17941
IP address blocks:        103.71.92.0/24 maxlen: 24
                          103.71.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/DHadpEmC9hZQNilD5t_vlRuXd_o.crl
                          rsync://rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/DHadpEmC9hZQNilD5t_vlRuXd_o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DHadpEmC9hZQNilD5t_vlRuXd_o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 04:58:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 558 (0x22e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9116DDB, serialNumber=0C769DA44982F61650362943E6DFEF951B9777FA
        Validity
            Not Before: Oct  1 03:30:16 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68dca048-1489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:54:31:10:64:1b:4f:a2:ad:e1:03:02:2e:84:
                    d5:1d:0c:7e:65:a7:95:1f:47:0a:92:98:76:c8:04:
                    99:98:bd:f6:c2:d6:62:48:a5:1c:33:fb:af:9a:c7:
                    d5:91:8c:91:12:9b:b3:40:a7:0b:c3:15:26:27:15:
                    11:9a:d3:37:81:a4:43:66:26:db:d6:50:47:e6:23:
                    66:a7:f3:57:8c:38:9b:97:de:ba:0c:55:48:ed:52:
                    f3:af:69:c2:c2:e2:67:c5:ff:2e:00:c0:c9:55:8a:
                    d4:87:96:92:62:2c:1e:a0:a2:d1:82:08:f2:bd:7f:
                    33:b3:03:b5:64:e3:c3:41:65:4f:c4:b4:87:51:9b:
                    0e:ed:24:87:6a:27:f1:f5:fb:8e:ca:0c:90:25:7f:
                    69:6e:04:64:c7:94:b4:d9:b2:db:98:06:35:23:b6:
                    6c:b4:16:a0:19:c7:93:57:d0:ba:bf:a4:ce:db:97:
                    71:9b:52:4a:a3:c8:10:32:4a:e9:10:b8:f3:99:46:
                    cf:56:b2:d9:0b:f0:5f:90:f9:96:9c:3f:c3:5b:8a:
                    38:4c:98:d7:cb:f7:44:2e:d6:4e:4c:e5:10:39:87:
                    b1:e0:a4:b9:bd:14:7b:fa:9c:aa:c6:26:42:94:bb:
                    e3:b7:25:82:8f:52:60:de:73:1a:c3:2b:92:a7:02:
                    e9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:0E:C1:0F:87:72:C3:92:28:4B:F9:9E:D5:60:2F:95:ED:C4:F4:1D
            X509v3 Authority Key Identifier:
                keyid:0C:76:9D:A4:49:82:F6:16:50:36:29:43:E6:DF:EF:95:1B:97:77:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/DHadpEmC9hZQNilD5t_vlRuXd_o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DHadpEmC9hZQNilD5t_vlRuXd_o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9116DDB/E1CDCDD2BE1B11EDA61ACD84C4F9AE02/67425BB07A7F11EFB5653840C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.71.92.0/24
                  103.71.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:3e:5c:eb:11:05:0b:57:60:c9:15:2e:83:2c:72:21:82:d3:
         0f:7e:fa:81:16:1b:d2:70:35:b2:f7:cb:eb:1f:be:b6:74:ad:
         3f:ba:ed:c3:85:2b:30:f4:07:03:d8:cc:e6:55:83:8b:0e:36:
         c5:31:7c:01:c8:2e:da:36:7d:ec:66:8c:d3:c1:a1:43:33:5f:
         e4:2b:f6:fa:94:9e:b2:28:e4:7c:ae:bb:fb:61:7d:56:1f:4f:
         ea:ae:9a:bc:c0:a3:e7:31:9e:68:aa:e9:c6:2c:49:13:95:5d:
         58:d2:ef:fd:4b:15:89:17:c5:2f:72:f6:b0:78:aa:43:34:c6:
         aa:c7:b6:38:a2:ff:e6:f7:b5:de:35:99:bc:eb:8b:ac:bd:da:
         79:0b:18:5e:1b:c3:a8:dd:99:39:73:d6:fe:9d:d7:4e:82:09:
         60:68:4f:d4:02:02:72:1c:96:69:3a:5b:3b:eb:4e:63:ec:24:
         dc:21:88:bc:bf:30:fc:51:e7:22:47:d0:8c:a2:c5:7f:c3:8e:
         71:4b:03:b2:92:a1:3e:20:bc:72:dd:9a:5b:88:b9:13:b6:d0:
         7d:70:2d:8a:38:db:53:85:c2:2b:a2:ef:ce:41:e6:3d:37:db:
         31:1e:1f:b3:43:5e:1c:f5:fb:25:64:80:7f:4c:1c:ce:0a:43:
         a8:55:aa:00
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAi4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTZEREIxMTAvBgNVBAUTKDBDNzY5REE0NDk4MkY2MTY1MDM2Mjk0M0U2REZFRjk1
MUI5Nzc3RkEwHhcNMjUxMDAxMDMzMDE2WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRjYTA0OC0xNDg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzVQxEGQbT6Kt4QMCLoTVHQx+ZaeVH0cKkph2yASZmL32wtZiSKUcM/uvmsfV
kYyREpuzQKcLwxUmJxURmtM3gaRDZibb1lBH5iNmp/NXjDibl966DFVI7VLzr2nC
wuJnxf8uAMDJVYrUh5aSYiweoKLRggjyvX8zswO1ZOPDQWVPxLSHUZsO7SSHaifx
9fuOygyQJX9pbgRkx5S02bLbmAY1I7ZstBagGceTV9C6v6TO25dxm1JKo8gQMkrp
ELjzmUbPVrLZC/BfkPmWnD/DW4o4TJjXy/dELtZOTOUQOYex4KS5vRR7+pyqxiZC
lLvjtyWCj1Jg3nMawyuSpwLpAwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBoOwQ+H
csOSKEv5ntVgL5XtxPQdMB8GA1UdIwQYMBaAFAx2naRJgvYWUDYpQ+bf75Ubl3f6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNkREQi9FMUNEQ0REMkJF
MUIxMUVEQTYxQUNEODRDNEY5QUUwMi9ESGFkcEVtQzloWlFOaWxENXRfdmxSdVhk
X28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0RIYWRwRW1DOWhaUU5pbEQ1dF92bFJ1WGRfby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTZEREIvRTFDRENERDJCRTFCMTFFREE2MUFDRDg0QzRGOUFFMDIvNjc0MjVCQjA3
QTdGMTFFRkI1NjUzODQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnR1wDBABnR14wDQYJKoZIhvcNAQELBQADggEBAKw+XOsR
BQtXYMkVLoMsciGC0w9++oEWG9JwNbL3y+sfvrZ0rT+67cOFKzD0BwPYzOZVg4sO
NsUxfAHILto2fexmjNPBoUMzX+Qr9vqUnrIo5Hyuu/thfVYfT+qumrzAo+cxnmiq
6cYsSROVXVjS7/1LFYkXxS9y9rB4qkM0xqrHtjii/+b3td41mbzri6y92nkLGF4b
w6jdmTlz1v6d106CCWBoT9QCAnIclmk6WzvrTmPsJNwhiLy/MPxR5yJH0IyixX/D
jnFLA7KSoT4gvHLdmluIuRO20H1wLYo421OFwiui785B5j032zEeH7NDXhz1+yVk
gH9MHM4KQ6hVqgA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:12:08 2025 by rpki-client