Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/C08B939607D911EDA41A0B25C4F9AE02.roa
File:                     C08B939607D911EDA41A0B25C4F9AE02.roa (raw, json)
Hash identifier:          bKJMqVVKRvZ4SvMBFN3lmqToCrhVtOKwpkwkSKOCPAY=
Subject key identifier:   55:71:A1:35:B2:8D:FF:A0:F4:1D:21:A1:40:50:51:F8:25:23:F2:4B
Certificate issuer:       /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Certificate serial:       058B
Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/C08B939607D911EDA41A0B25C4F9AE02.roa
Signing time:             Thu 11 Sep 2025 00:06:47 +0000
ROA not before:           Thu 11 Sep 2025 00:06:47 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     59117
IP address blocks:        103.204.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
                          rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:09:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1419 (0x58b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
        Validity
            Not Before: Sep 11 00:06:47 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68c21297-7cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f9:49:ef:e1:76:ef:85:23:90:e1:2d:36:2f:
                    17:25:aa:b6:86:ec:59:50:5a:3d:dd:2f:0d:be:72:
                    70:59:32:85:c7:75:1e:b4:ae:da:21:26:6d:83:46:
                    08:0a:80:e0:73:09:ca:76:6b:bc:b3:9d:29:b1:d9:
                    26:3d:1d:35:ac:44:5e:ed:7f:d4:0e:6c:2b:c1:62:
                    cf:b2:9c:7b:97:61:67:de:f0:ba:5b:8a:b3:e2:52:
                    2a:9a:6a:df:3e:a8:55:5d:56:0e:4e:3e:d8:6c:f8:
                    d4:04:f0:9c:f1:3c:b0:37:94:55:32:6a:aa:7b:ba:
                    32:c4:e2:fd:a2:a0:69:f6:1c:6a:d3:bb:67:fc:4b:
                    a6:34:6a:be:a9:04:cf:1a:10:95:5c:cc:6c:e1:c6:
                    09:2e:5e:5a:21:2f:91:b2:54:c4:af:40:73:71:a3:
                    8a:f6:17:38:6c:3a:9c:a2:c2:4e:ed:ce:46:9c:36:
                    ea:2c:df:63:e7:08:25:77:06:cc:6d:b4:9b:d8:ed:
                    92:3b:c0:35:50:e5:6d:c2:55:c2:c6:2c:bd:71:a8:
                    a2:6d:1b:91:83:61:72:13:1d:c8:c9:ce:1f:74:36:
                    2c:b8:94:b7:2e:5d:29:50:d0:52:4f:b9:7c:17:3b:
                    8c:3f:1e:5d:42:cf:73:1f:a2:1e:15:2c:4f:c7:75:
                    52:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:71:A1:35:B2:8D:FF:A0:F4:1D:21:A1:40:50:51:F8:25:23:F2:4B
            X509v3 Authority Key Identifier:
                keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/C08B939607D911EDA41A0B25C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:3e:35:a1:03:d2:44:93:24:01:03:57:f8:50:3e:1c:10:84:
         65:2a:10:91:28:f5:6b:f8:88:e8:55:ed:12:f9:6d:ae:fc:a5:
         38:e3:dd:1d:e2:f2:69:51:f2:0f:ab:9e:b2:43:49:14:7a:40:
         13:12:9a:6b:29:eb:0d:ee:ab:d4:6c:ef:c4:4f:c9:90:d8:2a:
         8a:53:9d:ae:59:09:4e:d6:53:62:ff:75:0a:e6:bc:ef:46:d3:
         c2:8e:fc:c8:b3:f9:80:73:16:3c:75:ac:48:bb:32:8d:37:7b:
         b8:72:e3:6b:71:a4:95:08:92:9a:a8:27:48:c8:40:f9:c2:92:
         d6:cf:1c:a1:17:fd:a7:bf:b3:3c:75:3b:81:e6:90:91:f8:73:
         29:ac:68:1f:22:42:ac:0e:d6:80:c0:48:53:96:a0:d1:4c:04:
         f2:45:c5:56:c5:76:0b:24:85:bf:14:0c:5d:cc:b5:4f:ce:ea:
         75:08:0b:69:92:9c:9b:73:43:4b:50:3b:99:4e:69:96:45:a5:
         19:51:8c:bd:b4:e8:ba:5b:33:b1:05:bb:3b:e2:f7:d9:e8:a9:
         a8:41:ea:32:b6:8a:98:75:54:d9:6c:58:4d:96:41:90:bb:db:
         ad:54:79:98:8a:54:24:4a:1b:61:c9:ff:eb:16:d5:db:7a:8d:
         87:a1:83:6a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBYswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0
MjQ5NjI5MUQwHhcNMjUwOTExMDAwNjQ3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGMyMTI5Ny03Y2FkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp/lJ7+F274UjkOEtNi8XJaq2huxZUFo93S8NvnJwWTKFx3UetK7aISZtg0YI
CoDgcwnKdmu8s50psdkmPR01rERe7X/UDmwrwWLPspx7l2Fn3vC6W4qz4lIqmmrf
PqhVXVYOTj7YbPjUBPCc8TywN5RVMmqqe7oyxOL9oqBp9hxq07tn/EumNGq+qQTP
GhCVXMxs4cYJLl5aIS+RslTEr0BzcaOK9hc4bDqcosJO7c5GnDbqLN9j5wgldwbM
bbSb2O2SO8A1UOVtwlXCxiy9caiibRuRg2FyEx3Iyc4fdDYsuJS3Ll0pUNBST7l8
FzuMPx5dQs9zH6IeFSxPx3VSVwIDAQABo4IClTCCApEwHQYDVR0OBBYEFFVxoTWy
jf+g9B0hoUBQUfglI/JLMB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC
RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL
UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvQzA4QjkzOTYw
N0Q5MTFFREE0MUEwQjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnzA0wDQYJKoZIhvcNAQELBQADggEBAJs+NaED0kSTJAED
V/hQPhwQhGUqEJEo9Wv4iOhV7RL5ba78pTjj3R3i8mlR8g+rnrJDSRR6QBMSmmsp
6w3uq9Rs78RPyZDYKopTna5ZCU7WU2L/dQrmvO9G08KO/Miz+YBzFjx1rEi7Mo03
e7hy42txpJUIkpqoJ0jIQPnCktbPHKEX/ae/szx1O4HmkJH4cymsaB8iQqwO1oDA
SFOWoNFMBPJFxVbFdgskhb8UDF3MtU/O6nUIC2mSnJtzQ0tQO5lOaZZFpRlRjL20
6LpbM7EFuzvi99noqahB6jK2iph1VNlsWE2WQZC7261UeZiKVCRKG2HJ/+sW1dt6
jYehg2o=
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:11:10 2025 by rpki-client