Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/2C257150DBCA11EF920CC12BC4F9AE02.roa
File:                     2C257150DBCA11EF920CC12BC4F9AE02.roa (raw, json)
Hash identifier:          IATepVmo1KvC0hGjJmst1dGBkl9Ds09b6R3QzisHd5Q=
Subject key identifier:   DE:BB:7B:4C:5E:AD:82:A5:6C:9B:3D:57:E8:AB:9A:95:14:9E:35:CD
Certificate issuer:       /CN=A912527F/serialNumber=379BD4E7732F1A8D1C3B222DB7773C1C15419F42
Certificate serial:       02AA
Authority key identifier: 37:9B:D4:E7:73:2F:1A:8D:1C:3B:22:2D:B7:77:3C:1C:15:41:9F:42
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N5vU53MvGo0cOyItt3c8HBVBn0I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/2C257150DBCA11EF920CC12BC4F9AE02.roa
Signing time:             Thu 11 Sep 2025 02:09:03 +0000
ROA not before:           Thu 11 Sep 2025 02:09:03 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     150315
IP address blocks:        103.153.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/N5vU53MvGo0cOyItt3c8HBVBn0I.crl
                          rsync://rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/N5vU53MvGo0cOyItt3c8HBVBn0I.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N5vU53MvGo0cOyItt3c8HBVBn0I.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 03:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 682 (0x2aa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912527F, serialNumber=379BD4E7732F1A8D1C3B222DB7773C1C15419F42
        Validity
            Not Before: Sep 11 02:09:03 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68c22f3f-2758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c2:7e:d2:95:30:f2:e1:ee:cf:4f:9f:05:53:
                    08:98:9d:39:51:24:95:cf:0e:e4:d4:c8:6a:c0:2a:
                    86:e4:e7:da:c0:cb:5d:14:de:9e:30:ac:cb:3b:21:
                    90:93:d1:54:cd:6c:f6:3f:55:36:62:50:53:c7:09:
                    a0:4f:01:72:f7:e0:4c:9e:66:bf:52:53:5a:03:81:
                    4f:c7:b6:73:e4:fa:97:0f:87:0f:8d:8b:12:c3:a0:
                    7d:29:1d:d4:4f:77:fd:31:2c:1a:73:ba:cc:70:bc:
                    19:34:eb:aa:b3:4d:b5:3a:bd:7a:7b:ab:c6:19:32:
                    f8:7f:5c:be:c1:76:a8:fa:61:08:bd:f2:55:8f:74:
                    30:7b:08:1f:5e:a9:4a:27:54:6a:ba:d9:45:87:8e:
                    4c:bf:ac:05:75:a6:64:af:40:f6:59:82:32:d7:da:
                    1a:b3:2f:b5:db:af:d7:58:01:01:50:72:ad:56:bf:
                    7a:2c:44:1d:29:d2:8b:37:ad:63:ea:c2:f0:80:e0:
                    c1:18:4b:97:40:48:9c:fb:31:f0:4c:ae:81:c0:fe:
                    42:b0:ad:e0:e7:7c:cf:a9:df:35:79:c1:fc:38:b1:
                    93:83:1d:7e:13:df:15:43:c9:f4:98:38:6b:25:8d:
                    3d:43:75:6d:eb:33:2d:67:52:0e:2d:58:4b:3b:14:
                    8a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BB:7B:4C:5E:AD:82:A5:6C:9B:3D:57:E8:AB:9A:95:14:9E:35:CD
            X509v3 Authority Key Identifier:
                keyid:37:9B:D4:E7:73:2F:1A:8D:1C:3B:22:2D:B7:77:3C:1C:15:41:9F:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/N5vU53MvGo0cOyItt3c8HBVBn0I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N5vU53MvGo0cOyItt3c8HBVBn0I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912527F/BCFDAFCC10DD11ED80AA2485C4F9AE02/2C257150DBCA11EF920CC12BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c3:e0:75:8c:b8:bc:fc:71:7a:97:f7:c3:97:59:08:f4:80:
         4f:24:d2:c7:07:d8:34:57:34:b5:a8:73:1a:35:76:fb:de:f4:
         a0:63:80:18:82:14:cd:13:3d:a2:f8:19:0f:86:5b:dc:87:ba:
         5b:7d:0e:ce:6a:bf:9c:a7:0f:7b:78:86:dd:d3:93:6e:e2:f3:
         09:71:06:a3:80:13:f8:5f:be:60:b3:92:5e:fe:9b:c1:07:54:
         42:38:41:98:fe:46:74:97:ef:2b:0f:5e:59:71:34:7e:c2:ce:
         54:ec:ee:fb:f0:80:9f:61:10:9e:65:5a:b5:66:b2:65:6b:d8:
         72:c4:51:4b:5d:be:e7:73:e7:86:3d:6f:3e:36:68:7d:5e:27:
         3e:89:6b:3e:5d:31:e3:15:97:c6:f4:82:03:55:ad:fb:ad:3b:
         28:a8:70:18:91:63:e5:37:85:fd:58:8b:1a:f3:f2:ec:7e:df:
         6b:2e:64:c9:d8:c0:0b:4c:a9:33:f2:e2:ae:4d:57:88:b9:60:
         be:f5:9b:c3:67:53:43:f5:6a:8c:d6:90:83:d2:59:d5:b1:44:
         e0:d4:5d:9d:30:e3:ff:3d:8e:90:c0:ad:d0:42:f8:04:1e:42:
         b8:9a:54:d8:08:ed:b4:e8:b8:9f:82:3a:a0:6c:88:be:12:40:
         f5:58:6e:5a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAqowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjUyN0YxMTAvBgNVBAUTKDM3OUJENEU3NzMyRjFBOEQxQzNCMjIyREI3NzczQzFD
MTU0MTlGNDIwHhcNMjUwOTExMDIwOTAzWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGMyMmYzZi0yNzU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwMJ+0pUw8uHuz0+fBVMImJ05USSVzw7k1MhqwCqG5OfawMtdFN6eMKzLOyGQ
k9FUzWz2P1U2YlBTxwmgTwFy9+BMnma/UlNaA4FPx7Zz5PqXD4cPjYsSw6B9KR3U
T3f9MSwac7rMcLwZNOuqs021Or16e6vGGTL4f1y+wXao+mEIvfJVj3QwewgfXqlK
J1RqutlFh45Mv6wFdaZkr0D2WYIy19oasy+126/XWAEBUHKtVr96LEQdKdKLN61j
6sLwgODBGEuXQEic+zHwTK6BwP5CsK3g53zPqd81ecH8OLGTgx1+E98VQ8n0mDhr
JY09Q3Vt6zMtZ1IOLVhLOxSKAwIDAQABo4IClTCCApEwHQYDVR0OBBYEFN67e0xe
rYKlbJs9V+irmpUUnjXNMB8GA1UdIwQYMBaAFDeb1OdzLxqNHDsiLbd3PBwVQZ9C
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNTI3Ri9CQ0ZEQUZDQzEw
REQxMUVEODBBQTI0ODVDNEY5QUUwMi9ONXZVNTNNdkdvMGNPeUl0dDNjOEhCVkJu
MEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL041dlU1M012R28wY095SXR0M2M4SEJWQm4wSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjUyN0YvQkNGREFGQ0MxMEREMTFFRDgwQUEyNDg1QzRGOUFFMDIvMkMyNTcxNTBE
QkNBMTFFRjkyMENDMTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnmXUwDQYJKoZIhvcNAQELBQADggEBAIfD4HWMuLz8cXqX
98OXWQj0gE8k0scH2DRXNLWocxo1dvve9KBjgBiCFM0TPaL4GQ+GW9yHult9Ds5q
v5ynD3t4ht3Tk27i8wlxBqOAE/hfvmCzkl7+m8EHVEI4QZj+RnSX7ysPXllxNH7C
zlTs7vvwgJ9hEJ5lWrVmsmVr2HLEUUtdvudz54Y9bz42aH1eJz6Jaz5dMeMVl8b0
ggNVrfutOyiocBiRY+U3hf1Yixrz8ux+32suZMnYwAtMqTPy4q5NV4i5YL71m8Nn
U0P1aozWkIPSWdWxRODUXZ0w4/89jpDArdBC+AQeQriaVNgI7bTouJ+COqBsiL4S
QPVYblo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:16:34 2025 by rpki-client