Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/E4C4FBB8200811F0AB28851DC4F9AE02.roa
File:                     E4C4FBB8200811F0AB28851DC4F9AE02.roa (raw, json)
Hash identifier:          O2oQyvWguzaYeNsrwBX/2BLJPDmDLHzJTdTHMhL++UY=
Subject key identifier:   18:BB:68:55:6B:2F:EE:05:7A:3A:FA:02:19:90:BC:BE:35:40:FE:5E
Certificate issuer:       /CN=A9140D69/serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
Certificate serial:       0322
Authority key identifier: 10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/E4C4FBB8200811F0AB28851DC4F9AE02.roa
Signing time:             Thu 09 Oct 2025 01:28:20 +0000
ROA not before:           Thu 09 Oct 2025 01:28:20 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     62610
IP address blocks:        103.237.101.0/24 maxlen: 24
                          103.237.102.0/23 maxlen: 23
                          163.53.244.0/24 maxlen: 24
                          163.53.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.crl
                          rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 03:27:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 802 (0x322)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9140D69, serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
        Validity
            Not Before: Oct  9 01:28:20 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68e70fb4-c7f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:26:71:27:58:07:0b:66:5d:a5:af:92:dc:44:
                    e6:57:cf:c7:c4:63:14:5c:1c:b9:9b:2a:7a:af:a9:
                    8e:e8:2e:91:a9:1a:30:60:76:26:b6:07:62:f6:7e:
                    8a:41:ae:fa:af:fd:bc:65:92:b7:11:08:ba:7e:c5:
                    21:a0:5b:83:46:22:2b:a0:f3:81:d6:f0:51:3e:d7:
                    83:19:3c:7a:8a:cb:65:ff:19:ed:01:bd:bc:66:7a:
                    dd:1b:24:56:6c:61:e1:92:e1:bb:0c:75:a9:11:f9:
                    7a:e0:46:39:7f:b1:27:38:2b:59:d7:70:80:0d:f4:
                    f6:fc:19:2b:f7:8d:df:0c:4a:47:2a:26:fa:b2:f2:
                    28:91:28:b2:8b:55:d1:7d:63:0e:e7:63:dd:ab:78:
                    23:e3:31:99:35:76:8c:8c:91:ac:0d:81:dd:76:37:
                    0c:c4:13:3f:75:c0:4c:97:d1:7d:c7:7f:8b:20:e5:
                    4a:5e:62:96:cb:64:87:e3:5f:61:58:43:b7:59:07:
                    b1:ae:d4:b2:b4:a3:0f:28:db:90:4f:82:87:44:c5:
                    03:6c:b6:3e:27:d1:9b:49:1d:38:c2:19:bf:ca:c3:
                    00:21:fe:4e:82:fe:6b:0b:80:59:f7:32:5e:53:30:
                    be:9e:b5:b8:81:82:f2:98:b1:f5:e9:31:9f:23:92:
                    3c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BB:68:55:6B:2F:EE:05:7A:3A:FA:02:19:90:BC:BE:35:40:FE:5E
            X509v3 Authority Key Identifier:
                keyid:10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/E4C4FBB8200811F0AB28851DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.237.101.0-103.237.103.255
                  163.53.244.0/24
                  163.53.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:5b:0b:85:67:73:a1:ed:88:30:56:2b:31:c4:58:62:05:6e:
         ce:fc:80:da:6f:68:30:1b:33:ed:5d:c7:47:90:0e:fe:02:c7:
         f9:e9:35:41:b2:0a:30:8c:f0:c1:86:33:19:2b:43:02:4b:a5:
         42:69:87:c4:bf:36:ea:65:7c:2b:ad:d6:3c:81:7e:f2:e7:ae:
         66:35:1f:1a:9f:7b:79:2d:8a:fe:10:24:96:c4:a1:9f:d8:bc:
         40:83:f3:4d:57:d9:e1:f1:a0:59:48:52:cc:90:ac:db:1d:62:
         3f:19:86:a6:3b:ab:a0:b3:77:79:d0:d1:cc:ea:d9:ab:72:bb:
         c2:24:a7:4b:1e:f0:48:12:fc:2f:ee:a8:80:97:c1:71:f2:5f:
         3e:19:b9:a4:56:c7:ba:3f:68:25:dd:82:b4:fb:e2:7b:87:89:
         ad:78:df:2d:7d:55:ec:0e:db:4c:b7:b7:be:38:fc:9f:19:6b:
         2f:9f:f3:71:41:fd:37:57:61:03:9a:6e:13:16:5e:bc:fb:5b:
         99:b4:d8:ec:10:4c:69:d2:82:b9:71:d7:de:9a:29:92:17:e7:
         82:5b:a0:07:d1:d8:23:80:e3:c8:f5:e5:11:85:f3:09:48:53:
         21:6e:c5:73:f3:b4:24:44:b8:16:e9:33:5c:e0:5f:67:e6:20:
         24:cc:22:f3
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAyIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDBENjkxMTAvBgNVBAUTKDEwM0ZBOEJERkZGQjlGMDU1NzA3MkM0NzMzMkI4MUE5
RTgwRUREMzUwHhcNMjUxMDA5MDEyODIwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU3MGZiNC1jN2Y0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwCZxJ1gHC2Zdpa+S3ETmV8/HxGMUXBy5myp6r6mO6C6RqRowYHYmtgdi9n6K
Qa76r/28ZZK3EQi6fsUhoFuDRiIroPOB1vBRPteDGTx6istl/xntAb28ZnrdGyRW
bGHhkuG7DHWpEfl64EY5f7EnOCtZ13CADfT2/Bkr943fDEpHKib6svIokSiyi1XR
fWMO52Pdq3gj4zGZNXaMjJGsDYHddjcMxBM/dcBMl9F9x3+LIOVKXmKWy2SH419h
WEO3WQexrtSytKMPKNuQT4KHRMUDbLY+J9GbSR04whm/ysMAIf5Ogv5rC4BZ9zJe
UzC+nrW4gYLymLH16TGfI5I8HwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFBi7aFVr
L+4Fejr6AhmQvL41QP5eMB8GA1UdIwQYMBaAFBA/qL3/+58FVwcsRzMrganoDt01
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MEQ2OS8wRTE3N0Q1QTA1
OEMxMUVEQURENjYwMTFDNEY5QUUwMi9FRC1vdmZfN253VlhCeXhITXl1QnFlZ08z
VFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VELW92Zl83bndWWEJ5eEhNeXVCcWVnTzNUVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDBENjkvMEUxNzdENUEwNThDMTFFREFERDY2MDExQzRGOUFFMDIvRTRDNEZCQjgy
MDA4MTFGMEFCMjg4NTFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAGftZQMEA2ftYAMEAKM19AMEAKM19zANBgkqhkiG9w0B
AQsFAAOCAQEAG1sLhWdzoe2IMFYrMcRYYgVuzvyA2m9oMBsz7V3HR5AO/gLH+ek1
QbIKMIzwwYYzGStDAkulQmmHxL826mV8K63WPIF+8ueuZjUfGp97eS2K/hAklsSh
n9i8QIPzTVfZ4fGgWUhSzJCs2x1iPxmGpjuroLN3edDRzOrZq3K7wiSnSx7wSBL8
L+6ogJfBcfJfPhm5pFbHuj9oJd2CtPvie4eJrXjfLX1V7A7bTLe3vjj8nxlrL5/z
cUH9N1dhA5puExZevPtbmbTY7BBMadKCuXHX3popkhfnglugB9HYI4DjyPXlEYXz
CUhTIW7Fc/O0JES4FukzXOBfZ+YgJMwi8w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:41:20 2025 by rpki-client