Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/4C66C2B497F711EF8863DA4BC4F9AE02.roa
File:                     4C66C2B497F711EF8863DA4BC4F9AE02.roa (raw, json)
Hash identifier:          f+64klJ8Ej7Y0HJMhZpydCMagyfzgIplKxtwq1IHTM0=
Subject key identifier:   0A:16:84:CC:53:BE:62:A9:E0:F3:12:46:B0:6B:AE:2E:FD:4B:31:F6
Certificate issuer:       /CN=A9140C62/serialNumber=48B1E8E3F2BC5429F8C679955D64D2249445E365
Certificate serial:       01E3
Authority key identifier: 48:B1:E8:E3:F2:BC:54:29:F8:C6:79:95:5D:64:D2:24:94:45:E3:65
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SLHo4_K8VCn4xnmVXWTSJJRF42U.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/4C66C2B497F711EF8863DA4BC4F9AE02.roa
Signing time:             Sat 13 Sep 2025 03:09:14 +0000
ROA not before:           Sat 13 Sep 2025 03:09:14 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     139880
IP address blocks:        103.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/SLHo4_K8VCn4xnmVXWTSJJRF42U.crl
                          rsync://rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/SLHo4_K8VCn4xnmVXWTSJJRF42U.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SLHo4_K8VCn4xnmVXWTSJJRF42U.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 05:10:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 483 (0x1e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9140C62, serialNumber=48B1E8E3F2BC5429F8C679955D64D2249445E365
        Validity
            Not Before: Sep 13 03:09:14 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68c4e05a-5749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:de:6c:d7:c8:2b:e3:f2:89:1d:81:59:98:ad:
                    bd:d3:2f:4d:92:0d:29:ee:53:66:c9:b1:06:2d:1c:
                    b6:76:96:77:9d:88:9b:78:8d:de:99:26:60:53:b7:
                    21:b2:13:f0:0a:e6:0b:a9:c4:3d:23:f8:09:c1:9f:
                    08:65:4e:c4:97:18:6b:fc:ac:5e:13:b1:20:36:29:
                    cf:c3:00:c8:be:0b:6f:c5:09:53:af:55:98:3e:fa:
                    08:07:6b:51:33:02:00:6a:72:13:2f:c0:76:8b:51:
                    20:b1:b7:88:b2:c7:e1:36:27:af:3d:3d:56:ec:02:
                    15:0e:11:53:51:d6:18:76:63:8a:63:a0:62:d3:83:
                    3a:4e:a5:18:f1:25:9a:28:74:5d:5e:ce:9e:bd:6d:
                    26:97:b6:d6:7e:b3:fb:3a:09:4a:ae:f0:0f:8a:b5:
                    76:c8:14:df:49:ef:93:17:e8:ba:8a:03:ed:53:f4:
                    08:f0:f4:d4:f2:ae:1e:ab:bf:8e:88:b1:cf:91:7a:
                    6e:d8:e4:9b:4d:d8:9a:11:7c:ba:86:9f:16:5d:72:
                    cf:da:9d:50:72:e8:44:b6:0a:7e:18:71:bd:fb:f7:
                    27:14:99:5f:76:c3:15:9b:e1:11:9c:6c:b7:4b:b8:
                    b5:e8:d1:58:2d:62:71:8b:67:3e:65:33:83:16:76:
                    54:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:16:84:CC:53:BE:62:A9:E0:F3:12:46:B0:6B:AE:2E:FD:4B:31:F6
            X509v3 Authority Key Identifier:
                keyid:48:B1:E8:E3:F2:BC:54:29:F8:C6:79:95:5D:64:D2:24:94:45:E3:65

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/SLHo4_K8VCn4xnmVXWTSJJRF42U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SLHo4_K8VCn4xnmVXWTSJJRF42U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9140C62/6482C370D42B11ED847A1938C4F9AE02/4C66C2B497F711EF8863DA4BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:f1:85:3a:a8:aa:73:8b:09:1c:57:2e:ea:79:02:6c:f6:69:
         65:91:70:99:d2:c2:7e:b9:e8:e9:83:ea:77:f4:39:2b:72:7c:
         68:56:50:95:48:5d:83:b1:71:e3:71:cb:f9:e8:a8:7b:20:6d:
         b9:2e:9d:8a:ad:7c:e4:37:f5:51:7c:f0:20:b7:c2:f1:b8:48:
         53:24:d2:43:97:ed:7d:f4:e4:a7:1b:c7:3e:ce:ac:83:33:33:
         90:d6:55:3f:06:e8:f2:a9:58:ee:95:db:a4:94:c6:2c:08:af:
         6e:ff:3b:46:26:bd:43:8a:19:8a:4c:e9:33:b5:6c:d4:8b:b7:
         a9:01:41:53:94:e5:7d:b0:f8:f9:e3:75:c9:60:35:0d:a1:f5:
         44:eb:ee:1d:09:b2:7b:3a:22:ed:d1:d0:31:62:09:5a:cc:38:
         32:13:9b:9e:e0:1c:29:b2:c9:80:9a:e8:be:68:89:ae:01:0b:
         72:dc:f8:d3:1a:fa:99:c3:24:28:2c:86:55:30:c0:52:55:1c:
         51:c5:1a:e9:cb:21:64:bd:bc:25:d8:54:42:fa:8a:a4:6a:e0:
         be:65:9e:6e:f6:ec:e1:4d:61:e5:5f:63:b0:4e:55:3c:d5:3c:
         e3:4d:75:9f:47:26:f2:5a:61:af:7a:92:8f:22:b3:c0:d1:6d:
         8e:49:b9:16
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAeMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDBDNjIxMTAvBgNVBAUTKDQ4QjFFOEUzRjJCQzU0MjlGOEM2Nzk5NTVENjREMjI0
OTQ0NUUzNjUwHhcNMjUwOTEzMDMwOTE0WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM0ZTA1YS01NzQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1t5s18gr4/KJHYFZmK290y9Nkg0p7lNmybEGLRy2dpZ3nYibeI3emSZgU7ch
shPwCuYLqcQ9I/gJwZ8IZU7Elxhr/KxeE7EgNinPwwDIvgtvxQlTr1WYPvoIB2tR
MwIAanITL8B2i1EgsbeIssfhNievPT1W7AIVDhFTUdYYdmOKY6Bi04M6TqUY8SWa
KHRdXs6evW0ml7bWfrP7OglKrvAPirV2yBTfSe+TF+i6igPtU/QI8PTU8q4eq7+O
iLHPkXpu2OSbTdiaEXy6hp8WXXLP2p1QcuhEtgp+GHG9+/cnFJlfdsMVm+ERnGy3
S7i16NFYLWJxi2c+ZTODFnZU7wIDAQABo4IClTCCApEwHQYDVR0OBBYEFAoWhMxT
vmKp4PMSRrBrri79SzH2MB8GA1UdIwQYMBaAFEix6OPyvFQp+MZ5lV1k0iSUReNl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MEM2Mi82NDgyQzM3MEQ0
MkIxMUVEODQ3QTE5MzhDNEY5QUUwMi9TTEhvNF9LOFZDbjR4bm1WWFdUU0pKUkY0
MlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NMSG80X0s4VkNuNHhubVZYV1RTSkpSRjQyVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDBDNjIvNjQ4MkMzNzBENDJCMTFFRDg0N0ExOTM4QzRGOUFFMDIvNEM2NkMyQjQ5
N0Y3MTFFRjg4NjNEQTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn0YEwDQYJKoZIhvcNAQELBQADggEBAF7xhTqoqnOLCRxX
Lup5Amz2aWWRcJnSwn656OmD6nf0OStyfGhWUJVIXYOxceNxy/noqHsgbbkunYqt
fOQ39VF88CC3wvG4SFMk0kOX7X305Kcbxz7OrIMzM5DWVT8G6PKpWO6V26SUxiwI
r27/O0YmvUOKGYpM6TO1bNSLt6kBQVOU5X2w+PnjdclgNQ2h9UTr7h0Jsns6Iu3R
0DFiCVrMODITm57gHCmyyYCa6L5oia4BC3Lc+NMa+pnDJCgshlUwwFJVHFHFGunL
IWS9vCXYVEL6iqRq4L5lnm727OFNYeVfY7BOVTzVPONNdZ9HJvJaYa96ko8is8DR
bY5JuRY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:01:25 2025 by rpki-client