Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/0D7DDD3A9D0B11EAAD024D44C4F9AE02.roa
File:                     0D7DDD3A9D0B11EAAD024D44C4F9AE02.roa (raw, json)
Hash identifier:          /SULS2LlTq1Mk/GpibPOoterpHPYahPoFF8fj6LRRMc=
Subject key identifier:   80:57:22:18:80:2E:E5:33:91:DA:1E:8E:C5:FE:04:0C:C8:8C:FE:CC
Certificate issuer:       /CN=A913A7CB/serialNumber=59861AECCF0D45DB24A87EA8847BF19991FEFAF6
Certificate serial:       0984
Authority key identifier: 59:86:1A:EC:CF:0D:45:DB:24:A8:7E:A8:84:7B:F1:99:91:FE:FA:F6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WYYa7M8NRdskqH6ohHvxmZH--vY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/0D7DDD3A9D0B11EAAD024D44C4F9AE02.roa
Signing time:             Tue 14 Oct 2025 21:20:15 +0000
ROA not before:           Tue 14 Oct 2025 21:20:15 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     137056
IP address blocks:        103.103.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/WYYa7M8NRdskqH6ohHvxmZH--vY.crl
                          rsync://rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/WYYa7M8NRdskqH6ohHvxmZH--vY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WYYa7M8NRdskqH6ohHvxmZH--vY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 21:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2436 (0x984)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913A7CB, serialNumber=59861AECCF0D45DB24A87EA8847BF19991FEFAF6
        Validity
            Not Before: Oct 14 21:20:15 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68eebe8f-7da8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c8:85:c3:4c:7f:d5:ad:cc:34:4f:f6:15:51:
                    28:e6:3f:66:9e:70:09:18:8c:73:e3:6c:70:8e:fb:
                    08:06:c3:7c:77:58:3b:86:bc:11:ee:bf:52:9d:ea:
                    71:0e:d1:63:96:a0:88:ad:56:4f:84:b7:6d:a5:9f:
                    ba:17:5e:13:f1:c5:b8:d1:b7:81:5f:26:9b:f9:59:
                    3e:09:cb:72:f5:60:7e:e2:d7:6d:87:e1:20:30:d3:
                    8c:b7:69:3e:26:f0:aa:26:e2:41:81:8f:0b:02:37:
                    90:0c:f8:ea:3e:83:05:3e:a1:5c:84:5f:d2:1a:72:
                    41:69:af:6a:36:db:b5:86:93:ad:fd:d4:01:cb:14:
                    d8:4d:28:be:d7:6b:73:47:32:ee:5e:c3:9b:fb:de:
                    60:cf:b5:db:fd:d1:ac:7a:11:13:22:ba:29:76:00:
                    a7:00:b9:f9:7e:41:3b:76:df:d1:01:0b:d9:ca:72:
                    f7:26:0b:ff:7a:f4:fd:dd:80:c2:d3:1d:fc:18:b9:
                    67:be:b2:86:17:69:f2:26:a5:c3:15:20:c7:bc:80:
                    28:40:58:5b:42:1f:2a:ed:09:ca:e5:91:1e:20:53:
                    6b:cb:97:c0:90:dc:5a:06:8c:ce:60:f8:59:42:21:
                    5c:27:00:df:42:f5:a6:74:3f:aa:72:81:5f:b3:15:
                    f9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:57:22:18:80:2E:E5:33:91:DA:1E:8E:C5:FE:04:0C:C8:8C:FE:CC
            X509v3 Authority Key Identifier:
                keyid:59:86:1A:EC:CF:0D:45:DB:24:A8:7E:A8:84:7B:F1:99:91:FE:FA:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/WYYa7M8NRdskqH6ohHvxmZH--vY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WYYa7M8NRdskqH6ohHvxmZH--vY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913A7CB/062482B09D0A11EA801CB243C4F9AE02/0D7DDD3A9D0B11EAAD024D44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.103.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2f:59:0d:9b:7e:2c:84:4f:30:10:67:bf:54:65:cc:a7:8a:
         2d:31:be:90:33:09:dd:27:26:e2:11:1f:a2:91:89:78:02:31:
         d4:17:85:38:3a:38:76:ba:2c:e8:bc:a1:a7:4d:7e:77:8a:bd:
         9b:8d:87:c9:a3:03:dd:e7:6b:8e:1c:d4:ea:bc:d4:84:37:4b:
         cf:e7:04:d5:18:a8:a2:06:1b:2a:60:d4:29:eb:0c:7c:c3:9a:
         a3:4e:c8:77:53:8e:c7:56:10:f0:50:0b:87:de:f5:e6:c3:14:
         51:4a:22:a6:ca:7a:bf:05:f8:d5:58:88:b9:1b:d6:4a:0c:4f:
         bf:75:df:64:b7:6f:63:37:58:82:0e:c1:57:7b:79:e6:a6:94:
         b0:3e:fc:41:2e:5a:6d:b9:63:be:09:af:79:29:71:bd:9b:42:
         b9:8e:c2:b5:b2:c8:5c:66:8b:fb:fe:a5:8c:9f:3e:06:71:5d:
         04:f8:59:a6:0f:e3:82:0c:b5:21:3e:4f:42:a5:03:ee:6d:bc:
         cc:0c:e4:ef:ac:ac:5a:bb:76:45:55:24:5f:58:fe:0a:e5:32:
         c7:5f:37:2b:f1:c1:c7:d4:8c:f4:49:16:d0:10:e4:b4:e9:a2:
         e6:a2:25:98:b3:b1:c7:b2:8d:d3:64:42:6f:0a:c7:a2:ba:bf:
         41:39:10:b4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCYQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0E3Q0IxMTAvBgNVBAUTKDU5ODYxQUVDQ0YwRDQ1REIyNEE4N0VBODg0N0JGMTk5
OTFGRUZBRjYwHhcNMjUxMDE0MjEyMDE1WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVlYmU4Zi03ZGE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArciFw0x/1a3MNE/2FVEo5j9mnnAJGIxz42xwjvsIBsN8d1g7hrwR7r9Snepx
DtFjlqCIrVZPhLdtpZ+6F14T8cW40beBXyab+Vk+Ccty9WB+4tdth+EgMNOMt2k+
JvCqJuJBgY8LAjeQDPjqPoMFPqFchF/SGnJBaa9qNtu1hpOt/dQByxTYTSi+12tz
RzLuXsOb+95gz7Xb/dGsehETIropdgCnALn5fkE7dt/RAQvZynL3Jgv/evT93YDC
0x38GLlnvrKGF2nyJqXDFSDHvIAoQFhbQh8q7QnK5ZEeIFNry5fAkNxaBozOYPhZ
QiFcJwDfQvWmdD+qcoFfsxX5YQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIBXIhiA
LuUzkdoejsX+BAzIjP7MMB8GA1UdIwQYMBaAFFmGGuzPDUXbJKh+qIR78ZmR/vr2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQTdDQi8wNjI0ODJCMDlE
MEExMUVBODAxQ0IyNDNDNEY5QUUwMi9XWVlhN004TlJkc2txSDZvaEh2eG1aSC0t
dlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dZWWE3TThOUmRza3FINm9oSHZ4bVpILS12WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0E3Q0IvMDYyNDgyQjA5RDBBMTFFQTgwMUNCMjQzQzRGOUFFMDIvMEQ3REREM0E5
RDBCMTFFQUFEMDI0RDQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnZ0IwDQYJKoZIhvcNAQELBQADggEBAG0vWQ2bfiyETzAQ
Z79UZcynii0xvpAzCd0nJuIRH6KRiXgCMdQXhTg6OHa6LOi8oadNfneKvZuNh8mj
A93na44c1Oq81IQ3S8/nBNUYqKIGGypg1CnrDHzDmqNOyHdTjsdWEPBQC4fe9ebD
FFFKIqbKer8F+NVYiLkb1koMT79132S3b2M3WIIOwVd7eeamlLA+/EEuWm25Y74J
r3kpcb2bQrmOwrWyyFxmi/v+pYyfPgZxXQT4WaYP44IMtSE+T0KlA+5tvMwM5O+s
rFq7dkVVJF9Y/grlMsdfNyvxwcfUjPRJFtAQ5LTpouaiJZizsceyjdNkQm8Kx6K6
v0E5ELQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:43:22 2025 by rpki-client