Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/204CB89672C011EC809A5933C4F9AE02.roa
File:                     204CB89672C011EC809A5933C4F9AE02.roa (raw, json)
Hash identifier:          FSPwgNEhxgo+ZEvd+XrJX3+bZfKJ3dVoRc7zxS/PsyU=
Subject key identifier:   ED:28:06:73:B9:EA:FA:56:45:D2:93:56:88:2A:9C:09:28:A8:91:ED
Certificate issuer:       /CN=A912AC33/serialNumber=C95CE9D1B6B31081C025D46A3A167FCFDFA72634
Certificate serial:       0451
Authority key identifier: C9:5C:E9:D1:B6:B3:10:81:C0:25:D4:6A:3A:16:7F:CF:DF:A7:26:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/204CB89672C011EC809A5933C4F9AE02.roa
Signing time:             Sun 21 Sep 2025 00:47:23 +0000
ROA not before:           Sun 21 Sep 2025 00:47:23 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     133114
IP address blocks:        103.47.154.0/24 maxlen: 24
                          103.47.155.0/24 maxlen: 24
                          103.241.150.0/24 maxlen: 24
                          103.241.151.0/24 maxlen: 24
                          2401:e280:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.crl
                          rsync://rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 02:06:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1105 (0x451)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912AC33, serialNumber=C95CE9D1B6B31081C025D46A3A167FCFDFA72634
        Validity
            Not Before: Sep 21 00:47:23 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68cf4b1b-0e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e5:5b:cb:de:bf:ef:b4:fb:33:45:27:9a:08:
                    e3:e9:98:5c:a1:d0:67:1d:2e:07:85:61:4b:19:62:
                    d2:9d:c3:2d:cd:64:55:65:28:f5:5d:af:51:f3:d5:
                    ce:72:54:2f:c9:61:71:3a:4b:78:5e:af:78:dc:e1:
                    3c:1d:87:2c:5b:c7:e8:00:6c:68:c7:8f:88:5a:4d:
                    1e:b9:fd:f6:d2:a3:68:11:3f:5a:1f:6a:f7:fc:af:
                    eb:c6:fb:0d:67:39:7a:f3:e2:77:c1:6f:87:ad:13:
                    60:70:04:3b:0e:f6:9a:28:40:12:e4:25:90:f7:12:
                    14:60:b4:ba:d8:e0:c2:2d:65:9c:16:e2:90:ca:3e:
                    f8:78:25:5f:0c:0a:17:b9:58:c7:b2:98:c6:9e:8b:
                    52:a3:4d:f5:cf:6b:1f:dc:55:a9:33:ac:1d:6a:5f:
                    ea:6e:d4:2a:20:ef:32:61:64:e0:6d:42:e5:5b:b8:
                    32:2c:5d:5d:a4:4e:dd:a1:fe:00:0d:a3:a1:c8:2f:
                    8a:39:f0:14:c9:8f:29:84:a6:ef:b8:d2:06:a1:28:
                    b2:d9:73:66:51:e3:eb:b4:f4:60:55:2c:85:a5:c2:
                    d3:05:b6:55:75:4e:60:ac:f8:a2:3b:3f:9b:98:06:
                    1e:d9:fd:df:f9:35:13:25:da:e9:b6:28:cf:68:3f:
                    7e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:28:06:73:B9:EA:FA:56:45:D2:93:56:88:2A:9C:09:28:A8:91:ED
            X509v3 Authority Key Identifier:
                keyid:C9:5C:E9:D1:B6:B3:10:81:C0:25:D4:6A:3A:16:7F:CF:DF:A7:26:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yVzp0bazEIHAJdRqOhZ_z9-nJjQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912AC33/04B3348872BC11EC86116D5EC4F9AE02/204CB89672C011EC809A5933C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.154.0/23
                  103.241.150.0/23
                IPv6:
                  2401:e280:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0c:46:21:a6:94:47:79:b7:8c:7a:eb:1a:7f:a7:1b:62:a6:85:
         c7:71:d0:9b:b3:5b:b1:fd:81:1c:f0:96:b2:88:bf:56:10:ba:
         8c:da:14:1d:0b:bd:2f:0a:c5:d7:54:a7:1c:eb:21:43:63:76:
         69:ea:c1:00:84:79:9d:6f:dd:11:a3:c5:76:66:e3:58:7c:74:
         91:38:ed:9b:61:60:f6:7d:9b:51:ed:78:26:32:d8:ad:15:f3:
         fa:87:e7:a3:3b:94:fb:9c:f1:4c:7a:f0:c7:79:8d:d7:7c:51:
         6b:89:44:24:84:c7:06:e4:43:0b:e7:89:87:6b:fb:70:92:05:
         8c:2b:cb:d1:58:46:a3:93:7f:29:d0:69:8d:09:5c:b1:d7:3e:
         89:aa:54:65:2c:9e:c2:5c:7a:30:03:6d:77:e8:c6:cd:24:08:
         b5:12:40:3a:ef:b3:85:fd:82:90:14:6d:01:7b:68:d5:8d:1c:
         2c:76:32:06:f9:3a:be:10:20:6a:ba:64:4e:cf:18:7a:22:7c:
         54:15:4e:5a:34:66:72:c6:2d:eb:cf:14:3d:6e:51:d1:99:e3:
         cf:de:36:73:17:72:47:51:8e:3e:46:9f:40:2c:85:8f:ac:34:
         d6:e9:66:d6:4c:f9:79:e0:64:d6:c5:52:eb:70:f2:00:9f:fe:
         22:41:7f:06
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgICBFEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkFDMzMxMTAvBgNVBAUTKEM5NUNFOUQxQjZCMzEwODFDMDI1RDQ2QTNBMTY3RkNG
REZBNzI2MzQwHhcNMjUwOTIxMDA0NzIzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNmNGIxYi0wZTU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAweVby96/77T7M0Unmgjj6ZhcodBnHS4HhWFLGWLSncMtzWRVZSj1Xa9R89XO
clQvyWFxOkt4Xq943OE8HYcsW8foAGxox4+IWk0euf320qNoET9aH2r3/K/rxvsN
Zzl68+J3wW+HrRNgcAQ7DvaaKEAS5CWQ9xIUYLS62ODCLWWcFuKQyj74eCVfDAoX
uVjHspjGnotSo031z2sf3FWpM6wdal/qbtQqIO8yYWTgbULlW7gyLF1dpE7dof4A
DaOhyC+KOfAUyY8phKbvuNIGoSiy2XNmUePrtPRgVSyFpcLTBbZVdU5grPiiOz+b
mAYe2f3f+TUTJdrptijPaD9+nQIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFO0oBnO5
6vpWRdKTVogqnAkoqJHtMB8GA1UdIwQYMBaAFMlc6dG2sxCBwCXUajoWf8/fpyY0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQUMzMy8wNEIzMzQ4ODcy
QkMxMUVDODYxMTZENUVDNEY5QUUwMi95VnpwMGJhekVJSEFKZFJxT2haX3o5LW5K
alEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lWenAwYmF6RUlIQUpkUnFPaFpfejktbkpqUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkFDMzMvMDRCMzM0ODg3MkJDMTFFQzg2MTE2RDVFQzRGOUFFMDIvMjA0Q0I4OTY3
MkMwMTFFQzgwOUE1OTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNQYIKwYBBQUHAQcBAf8E
JjAkMBIEAgABMAwDBAFnL5oDBAFn8ZYwDgQCAAIwCAMGBCQB4oAQMA0GCSqGSIb3
DQEBCwUAA4IBAQAMRiGmlEd5t4x66xp/pxtipoXHcdCbs1ux/YEc8JayiL9WELqM
2hQdC70vCsXXVKcc6yFDY3Zp6sEAhHmdb90Ro8V2ZuNYfHSROO2bYWD2fZtR7Xgm
MtitFfP6h+ejO5T7nPFMevDHeY3XfFFriUQkhMcG5EML54mHa/twkgWMK8vRWEaj
k38p0GmNCVyx1z6JqlRlLJ7CXHowA2136MbNJAi1EkA677OF/YKQFG0Be2jVjRws
djIG+Tq+ECBqumROzxh6InxUFU5aNGZyxi3rzxQ9blHRmePP3jZzF3JHUY4+Rp9A
LIWPrDTW6WbWTPl54GTWxVLrcPIAn/4iQX8G
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:15:18 2025 by rpki-client