Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/524CFDB27C1111EFBFC7363AC4F9AE02.roa
File:                     524CFDB27C1111EFBFC7363AC4F9AE02.roa (raw, json)
Hash identifier:          VIsGtFyklvHcjOj0/gRqDSEzQyYi7iP+lc8ht5Jxi1o=
Subject key identifier:   AA:72:FE:BB:2D:73:69:6D:09:7E:45:A0:43:10:83:00:7A:93:09:C8
Certificate issuer:       /CN=A9137242/serialNumber=EAB24A90C6D046CD83FB5EF4A3C598E4EA9A168C
Certificate serial:       07DB
Authority key identifier: EA:B2:4A:90:C6:D0:46:CD:83:FB:5E:F4:A3:C5:98:E4:EA:9A:16:8C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6rJKkMbQRs2D-170o8WY5OqaFow.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/524CFDB27C1111EFBFC7363AC4F9AE02.roa
Signing time:             Sun 14 Sep 2025 18:27:50 +0000
ROA not before:           Sun 14 Sep 2025 18:27:50 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     138192
IP address blocks:        103.139.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/6rJKkMbQRs2D-170o8WY5OqaFow.crl
                          rsync://rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/6rJKkMbQRs2D-170o8WY5OqaFow.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6rJKkMbQRs2D-170o8WY5OqaFow.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 18:34:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2011 (0x7db)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137242, serialNumber=EAB24A90C6D046CD83FB5EF4A3C598E4EA9A168C
        Validity
            Not Before: Sep 14 18:27:50 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68c70926-721c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:62:5a:b2:f2:0f:4f:d6:51:c3:0b:b3:df:af:
                    f3:c6:52:22:0d:39:2e:7f:ae:31:37:64:0d:df:a4:
                    1f:b9:ec:39:fe:bf:a3:50:ff:c9:3a:22:9a:d7:9d:
                    61:66:1b:42:3d:ac:f7:e4:62:af:8d:f2:e0:e2:bd:
                    54:90:0a:c4:37:16:6f:d3:7f:9d:07:6c:57:a4:88:
                    3c:38:df:cf:58:b7:97:8e:f3:dc:52:dc:99:59:14:
                    40:af:c5:5b:78:04:ad:cd:6f:89:67:f8:2b:f9:9f:
                    9f:07:c2:db:f4:5d:48:d2:05:fb:16:69:ad:52:6c:
                    d3:45:10:ec:25:f4:95:9a:c4:9a:e6:cf:f3:2f:d3:
                    ac:5b:4a:f2:81:fd:50:0a:29:df:2d:fe:13:ca:ef:
                    a0:62:c9:03:56:56:24:2a:f0:54:29:a9:e0:b2:1d:
                    fb:e6:f5:b4:98:0f:1f:95:e1:75:7c:74:6e:f3:fe:
                    a9:0b:8c:b0:4a:86:46:c4:83:a2:9a:5d:22:23:85:
                    df:87:40:52:4d:03:24:ed:aa:c3:ad:80:52:a3:4f:
                    0b:31:3b:c7:1b:1f:0b:ec:3b:70:58:98:f5:af:3f:
                    bb:49:6b:7f:f3:89:c3:62:38:85:b1:2b:da:8a:cb:
                    43:09:be:f2:eb:35:ce:22:9a:28:e3:9a:07:14:5e:
                    f2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:72:FE:BB:2D:73:69:6D:09:7E:45:A0:43:10:83:00:7A:93:09:C8
            X509v3 Authority Key Identifier:
                keyid:EA:B2:4A:90:C6:D0:46:CD:83:FB:5E:F4:A3:C5:98:E4:EA:9A:16:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/6rJKkMbQRs2D-170o8WY5OqaFow.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6rJKkMbQRs2D-170o8WY5OqaFow.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137242/0B608796CA3411E9BC769055C4F9AE02/524CFDB27C1111EFBFC7363AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:6a:08:7e:90:c2:83:2d:56:71:a1:d1:e0:d6:be:97:d0:43:
         77:7d:e6:01:b4:da:ad:e5:89:b2:2c:e4:04:4e:7a:b7:cc:9c:
         ec:3a:8b:10:2e:c4:13:2d:4d:94:bb:0c:01:74:20:12:f8:3b:
         42:e1:c2:11:b0:6b:97:0f:e4:20:ac:d8:8a:33:d8:02:32:7e:
         ef:1f:56:60:dd:69:64:4c:e7:ae:17:63:69:83:33:37:53:14:
         2b:a0:ae:c9:40:bd:3c:ef:92:3d:3c:9a:57:d1:d5:fe:b0:1b:
         fb:6e:ae:2d:e4:f4:ba:a0:5e:f8:67:ff:5b:4b:88:44:8b:0b:
         61:b4:92:7e:0f:7a:23:36:9c:09:81:37:26:ca:97:09:44:6a:
         04:cc:a5:13:2e:9d:18:d9:9d:8f:1f:20:9e:fc:2b:7e:b1:27:
         62:d3:bf:c1:db:11:db:52:d8:b0:1a:c5:9d:e8:1e:86:fa:91:
         98:f7:68:ed:d6:ee:19:c8:f4:b4:5b:cf:84:08:49:55:c5:9a:
         37:73:39:d7:d5:1c:77:06:32:f0:d2:4d:73:88:80:4f:a6:dc:
         5d:62:ed:db:f2:41:f9:74:fd:a1:e4:ba:b6:e0:5f:1d:c0:b5:
         c3:e0:fd:ee:a0:df:da:69:d0:5b:b9:6e:70:de:c9:de:9c:77:
         e3:81:b8:3b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB9swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzcyNDIxMTAvBgNVBAUTKEVBQjI0QTkwQzZEMDQ2Q0Q4M0ZCNUVGNEEzQzU5OEU0
RUE5QTE2OEMwHhcNMjUwOTE0MTgyNzUwWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM3MDkyNi03MjFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzmJasvIPT9ZRwwuz36/zxlIiDTkuf64xN2QN36Qfuew5/r+jUP/JOiKa151h
ZhtCPaz35GKvjfLg4r1UkArENxZv03+dB2xXpIg8ON/PWLeXjvPcUtyZWRRAr8Vb
eAStzW+JZ/gr+Z+fB8Lb9F1I0gX7FmmtUmzTRRDsJfSVmsSa5s/zL9OsW0rygf1Q
CinfLf4Tyu+gYskDVlYkKvBUKangsh375vW0mA8fleF1fHRu8/6pC4ywSoZGxIOi
ml0iI4Xfh0BSTQMk7arDrYBSo08LMTvHGx8L7DtwWJj1rz+7SWt/84nDYjiFsSva
istDCb7y6zXOIpoo45oHFF7ypQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKpy/rst
c2ltCX5FoEMQgwB6kwnIMB8GA1UdIwQYMBaAFOqySpDG0EbNg/te9KPFmOTqmhaM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzNzI0Mi8wQjYwODc5NkNB
MzQxMUU5QkM3NjkwNTVDNEY5QUUwMi82ckpLa01iUVJzMkQtMTcwbzhXWTVPcWFG
b3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZySktrTWJRUnMyRC0xNzBvOFdZNU9xYUZvdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzcyNDIvMEI2MDg3OTZDQTM0MTFFOUJDNzY5MDU1QzRGOUFFMDIvNTI0Q0ZEQjI3
QzExMTFFRkJGQzczNjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABni5EwDQYJKoZIhvcNAQELBQADggEBAH9qCH6QwoMtVnGh
0eDWvpfQQ3d95gG02q3libIs5AROerfMnOw6ixAuxBMtTZS7DAF0IBL4O0LhwhGw
a5cP5CCs2Ioz2AIyfu8fVmDdaWRM564XY2mDMzdTFCugrslAvTzvkj08mlfR1f6w
G/turi3k9LqgXvhn/1tLiESLC2G0kn4PeiM2nAmBNybKlwlEagTMpRMunRjZnY8f
IJ78K36xJ2LTv8HbEdtS2LAaxZ3oHob6kZj3aO3W7hnI9LRbz4QISVXFmjdzOdfV
HHcGMvDSTXOIgE+m3F1i7dvyQfl0/aHkurbgXx3AtcPg/e6g39pp0Fu5bnDeyd6c
d+OBuDs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:44:56 2025 by rpki-client