Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/3D546FCE4F0711EC960AFD0CC4F9AE02.roa
File:                     3D546FCE4F0711EC960AFD0CC4F9AE02.roa (raw, json)
Hash identifier:          roW5JwJ3oO/3SBHteb6ZmI8xvOq498IS1bxOQnc+LEg=
Subject key identifier:   AF:D4:30:2D:B9:FA:DA:B9:6B:53:FC:7D:00:63:6A:28:63:D0:F5:65
Certificate issuer:       /CN=A913D16D/serialNumber=F5C1E71FBB1A41D7980BE258D97C48739AAF82CA
Certificate serial:       04A5
Authority key identifier: F5:C1:E7:1F:BB:1A:41:D7:98:0B:E2:58:D9:7C:48:73:9A:AF:82:CA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9cHnH7saQdeYC-JY2XxIc5qvgso.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/3D546FCE4F0711EC960AFD0CC4F9AE02.roa
Signing time:             Mon 29 Sep 2025 00:27:25 +0000
ROA not before:           Mon 29 Sep 2025 00:27:25 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     142619
IP address blocks:        103.171.28.0/23 maxlen: 23
                          103.171.28.0/24 maxlen: 24
                          103.171.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/9cHnH7saQdeYC-JY2XxIc5qvgso.crl
                          rsync://rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/9cHnH7saQdeYC-JY2XxIc5qvgso.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9cHnH7saQdeYC-JY2XxIc5qvgso.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:46:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1189 (0x4a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913D16D, serialNumber=F5C1E71FBB1A41D7980BE258D97C48739AAF82CA
        Validity
            Not Before: Sep 29 00:27:25 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68d9d26d-c1ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:29:43:c5:7d:4c:8a:d1:e4:fd:75:aa:c3:f6:
                    c0:cc:b0:8d:0c:59:90:db:ce:22:85:7b:c9:57:ad:
                    54:f4:2f:81:d1:92:77:14:1d:0f:d4:6d:86:9d:31:
                    03:05:58:21:56:d4:36:56:3e:86:52:76:ee:65:18:
                    94:7e:13:60:86:0d:eb:02:66:ec:98:3b:e8:bc:d4:
                    6f:12:7f:76:6d:a8:53:d8:01:9c:80:f2:ec:b1:0a:
                    db:e0:ad:1f:d1:31:ee:58:57:01:c3:89:91:84:8e:
                    ae:f0:a3:db:cf:ce:d1:a6:82:f1:9a:81:f7:38:92:
                    f7:b0:06:cb:96:39:c3:02:70:b5:98:14:3e:f2:6e:
                    ef:ac:48:55:73:47:bc:62:38:84:bd:c6:f8:46:df:
                    74:81:b0:c2:81:0a:1b:6e:1b:16:ce:41:50:94:f0:
                    6d:18:49:47:b1:aa:49:04:09:a4:bf:04:ba:6a:0a:
                    08:b5:86:6b:6b:22:b6:62:0f:c2:d6:d3:49:9c:96:
                    9b:4a:b3:5e:d1:99:1d:a2:87:10:c2:0f:c1:a8:42:
                    40:84:74:6b:c6:60:40:f2:f6:43:af:4c:52:d6:7e:
                    e4:00:d1:00:09:aa:6f:37:12:6e:74:35:1b:a5:63:
                    cf:c6:12:1f:11:59:30:81:2d:72:b5:5e:ce:50:82:
                    81:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D4:30:2D:B9:FA:DA:B9:6B:53:FC:7D:00:63:6A:28:63:D0:F5:65
            X509v3 Authority Key Identifier:
                keyid:F5:C1:E7:1F:BB:1A:41:D7:98:0B:E2:58:D9:7C:48:73:9A:AF:82:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/9cHnH7saQdeYC-JY2XxIc5qvgso.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9cHnH7saQdeYC-JY2XxIc5qvgso.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913D16D/F04207A44F0211EC9D2D1E37C4F9AE02/3D546FCE4F0711EC960AFD0CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:5c:4e:e5:8b:57:d0:f7:bf:75:60:c5:6d:ea:85:31:c7:6e:
         65:4d:cd:db:60:4f:68:6c:91:07:39:8f:59:80:90:d8:81:31:
         22:3a:19:35:20:4f:0c:66:53:49:cd:02:fe:a2:d0:60:41:30:
         e9:19:6f:08:f6:b6:61:2a:07:7e:f2:e8:c6:51:0d:3e:0d:b8:
         f2:3d:39:c6:cb:bc:9d:8e:51:32:58:64:4a:ce:6e:88:16:0c:
         ea:49:b6:6e:ec:59:5f:f8:5d:c8:2c:14:46:06:47:a3:0e:7e:
         88:57:cd:e6:95:65:49:7b:f1:10:f8:46:6b:71:03:2d:5d:14:
         2a:c2:b9:96:2d:cd:2c:31:2c:a9:3b:13:47:1f:58:31:87:1c:
         c9:ef:a6:99:9f:d8:fd:4c:04:9b:a8:a6:41:45:fd:7d:cc:29:
         8c:5e:32:53:41:71:ab:46:cc:43:57:0c:60:4f:37:03:ee:a2:
         cd:a9:32:61:52:ea:9e:7e:9e:e6:1b:19:e1:f4:a9:f1:27:06:
         39:29:7e:ce:26:4e:d4:ff:ff:57:1d:75:85:24:dc:88:06:1d:
         59:04:15:5c:e6:4e:0b:84:a9:ca:f3:6f:f4:b4:a6:89:aa:5d:
         be:2f:5c:db:0c:16:68:54:da:d7:8d:47:c3:f0:c2:f2:b4:ce:
         9b:21:03:b8
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBKUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0QxNkQxMTAvBgNVBAUTKEY1QzFFNzFGQkIxQTQxRDc5ODBCRTI1OEQ5N0M0ODcz
OUFBRjgyQ0EwHhcNMjUwOTI5MDAyNzI1WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ5ZDI2ZC1jMWVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1ClDxX1MitHk/XWqw/bAzLCNDFmQ284ihXvJV61U9C+B0ZJ3FB0P1G2GnTED
BVghVtQ2Vj6GUnbuZRiUfhNghg3rAmbsmDvovNRvEn92bahT2AGcgPLssQrb4K0f
0THuWFcBw4mRhI6u8KPbz87RpoLxmoH3OJL3sAbLljnDAnC1mBQ+8m7vrEhVc0e8
YjiEvcb4Rt90gbDCgQobbhsWzkFQlPBtGElHsapJBAmkvwS6agoItYZrayK2Yg/C
1tNJnJabSrNe0ZkdoocQwg/BqEJAhHRrxmBA8vZDr0xS1n7kANEACapvNxJudDUb
pWPPxhIfEVkwgS1ytV7OUIKBVwIDAQABo4IClTCCApEwHQYDVR0OBBYEFK/UMC25
+tq5a1P8fQBjaihj0PVlMB8GA1UdIwQYMBaAFPXB5x+7GkHXmAviWNl8SHOar4LK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzRDE2RC9GMDQyMDdBNDRG
MDIxMUVDOUQyRDFFMzdDNEY5QUUwMi85Y0huSDdzYVFkZVlDLUpZMlh4SWM1cXZn
c28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzljSG5IN3NhUWRlWUMtSlkyWHhJYzVxdmdzby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0QxNkQvRjA0MjA3QTQ0RjAyMTFFQzlEMkQxRTM3QzRGOUFFMDIvM0Q1NDZGQ0U0
RjA3MTFFQzk2MEFGRDBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnqxwwDQYJKoZIhvcNAQELBQADggEBAEFcTuWLV9D3v3Vg
xW3qhTHHbmVNzdtgT2hskQc5j1mAkNiBMSI6GTUgTwxmU0nNAv6i0GBBMOkZbwj2
tmEqB37y6MZRDT4NuPI9OcbLvJ2OUTJYZErObogWDOpJtm7sWV/4XcgsFEYGR6MO
fohXzeaVZUl78RD4RmtxAy1dFCrCuZYtzSwxLKk7E0cfWDGHHMnvppmf2P1MBJuo
pkFF/X3MKYxeMlNBcatGzENXDGBPNwPuos2pMmFS6p5+nuYbGeH0qfEnBjkpfs4m
TtT//1cddYUk3IgGHVkEFVzmTguEqcrzb/S0pomqXb4vXNsMFmhU2teNR8PwwvK0
zpshA7g=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:40:43 2025 by rpki-client