Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/10CF1D82C0E311EE81F3E987C4F9AE02.roa
File:                     10CF1D82C0E311EE81F3E987C4F9AE02.roa (raw, json)
Hash identifier:          DWCg5lL0mEzrArVCwICSW9aYx94oeCmf91vXy2qE580=
Subject key identifier:   6F:BC:DD:5F:B5:C4:E2:AA:E5:80:D2:EB:BB:5F:00:7A:E4:F2:6A:FD
Certificate issuer:       /CN=A914A139/serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
Certificate serial:       0C0C
Authority key identifier: A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/10CF1D82C0E311EE81F3E987C4F9AE02.roa
Signing time:             Mon 06 Oct 2025 19:19:01 +0000
ROA not before:           Mon 06 Oct 2025 19:19:01 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     139325
IP address blocks:        103.141.64.0/23 maxlen: 24
                          2001:df0:f280::/48 maxlen: 48
                          2401:79e0:4000::/34 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.crl
                          rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 19:31:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3084 (0xc0c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A139, serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
        Validity
            Not Before: Oct  6 19:19:01 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68e41625-a240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ed:32:4a:e1:28:16:2b:c7:72:cb:5d:82:d3:
                    2f:3d:c7:9a:cc:d1:3d:39:91:38:02:6b:3a:0d:7f:
                    ca:7f:d4:4e:9b:07:79:5f:e0:a0:e4:5f:03:50:71:
                    45:88:67:c2:4d:3b:42:44:4d:33:87:c3:d3:04:12:
                    25:05:a2:4a:4e:de:d2:32:17:65:64:78:f7:5e:eb:
                    1e:d8:cf:32:42:4a:c6:14:ff:dd:d7:ea:78:03:73:
                    07:fd:19:85:71:5c:44:01:45:15:0f:88:a6:4b:a5:
                    12:f6:47:d3:cc:a9:b8:80:3d:c9:66:2d:cc:46:83:
                    f5:bb:02:02:b5:18:6e:1e:fa:8a:95:e7:18:16:cf:
                    58:ef:71:03:b8:2c:e5:4c:a6:c5:f3:f2:6d:2b:92:
                    c0:e5:80:5e:6b:50:cc:b6:66:a4:fc:c8:5a:01:48:
                    e4:c0:b7:64:4c:d5:19:9a:b5:78:a6:55:ec:ed:df:
                    25:8f:62:80:1f:04:65:0f:78:92:51:0b:79:76:7c:
                    6d:e8:ba:3b:6e:06:bd:d2:9b:ae:ec:6c:94:7b:a8:
                    0d:02:83:c3:3c:c8:bb:0e:dd:f9:96:e1:6a:a9:e3:
                    29:f5:8c:ac:d8:a7:52:02:27:26:b8:64:4e:59:70:
                    2d:96:0e:34:a8:9e:52:d6:c7:49:a5:1b:c7:21:5e:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BC:DD:5F:B5:C4:E2:AA:E5:80:D2:EB:BB:5F:00:7A:E4:F2:6A:FD
            X509v3 Authority Key Identifier:
                keyid:A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/10CF1D82C0E311EE81F3E987C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.64.0/23
                IPv6:
                  2001:df0:f280::/48
                  2401:79e0:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         6f:f0:84:cc:3f:fa:7c:4a:33:e3:64:37:30:f7:a5:a9:97:90:
         ec:32:6b:a6:2e:7b:c9:ec:35:75:c7:9d:d2:50:e0:6f:31:33:
         7f:31:cf:b3:a7:c1:35:e4:91:f2:cf:01:48:5f:06:d2:ff:29:
         c1:f3:e4:1f:9d:00:fc:91:08:3d:f8:a1:5b:2c:2a:05:22:71:
         83:d5:eb:69:3a:f1:98:5d:66:cd:ce:6d:2b:ed:e6:0b:09:22:
         28:b9:7f:a1:dd:b7:7e:88:15:21:74:a3:fd:52:69:69:c1:3a:
         35:07:25:38:9f:c5:d4:98:b0:7b:51:ec:0d:98:5b:3d:bb:66:
         37:0d:3a:89:07:67:1a:58:c3:0c:6e:53:ec:5d:fc:9b:e2:54:
         a1:14:ba:5c:a1:80:da:64:62:3d:66:95:9d:a9:60:e8:80:04:
         28:4d:23:52:db:9f:6a:35:d0:6e:f2:1a:c2:e6:18:23:c6:d7:
         e9:b3:d1:82:1b:1b:99:73:e9:f5:ea:fe:2a:29:4d:bd:2f:df:
         5f:94:19:b2:9b:d6:71:95:75:5c:35:c8:9b:fe:2e:2e:55:a5:
         b0:f8:55:de:6b:59:e6:2b:f3:d3:30:f0:2c:f3:ec:57:d2:39:
         c7:d8:18:e3:14:84:4c:6f:2f:03:be:b6:f2:31:c7:e8:26:01:
         98:f4:2f:c7
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgICDAwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEExMzkxMTAvBgNVBAUTKEEyNUVEOEExNDI3QUU5M0IyNEQzMERDQ0RGQTgzMjUz
OEI1MDA4QUQwHhcNMjUxMDA2MTkxOTAxWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU0MTYyNS1hMjQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvu0ySuEoFivHcstdgtMvPceazNE9OZE4Ams6DX/Kf9ROmwd5X+Cg5F8DUHFF
iGfCTTtCRE0zh8PTBBIlBaJKTt7SMhdlZHj3Xuse2M8yQkrGFP/d1+p4A3MH/RmF
cVxEAUUVD4imS6US9kfTzKm4gD3JZi3MRoP1uwICtRhuHvqKlecYFs9Y73EDuCzl
TKbF8/JtK5LA5YBea1DMtmak/MhaAUjkwLdkTNUZmrV4plXs7d8lj2KAHwRlD3iS
UQt5dnxt6Lo7bga90puu7GyUe6gNAoPDPMi7Dt35luFqqeMp9Yys2KdSAicmuGRO
WXAtlg40qJ5S1sdJpRvHIV5xkQIDAQABo4ICrjCCAqowHQYDVR0OBBYEFG+83V+1
xOKq5YDS67tfAHrk8mr9MB8GA1UdIwQYMBaAFKJe2KFCeuk7JNMNzN+oMlOLUAit
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTEzOS9FQkI5RUM2MDI0
Q0ExMUVBQUMyQUU1ODZDNEY5QUUwMi9vbDdZb1VKNjZUc2swdzNNMzZneVU0dFFD
SzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29sN1lvVUo2NlRzazB3M00zNmd5VTR0UUNLMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEExMzkvRUJCOUVDNjAyNENBMTFFQUFDMkFFNTg2QzRGOUFFMDIvMTBDRjFEODJD
MEUzMTFFRTgxRjNFOTg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOAYIKwYBBQUHAQcBAf8E
KTAnMAwEAgABMAYDBAFnjUAwFwQCAAIwEQMHACABDfDygAMGBiQBeeBAMA0GCSqG
SIb3DQEBCwUAA4IBAQBv8ITMP/p8SjPjZDcw96Wpl5DsMmumLnvJ7DV1x53SUOBv
MTN/Mc+zp8E15JHyzwFIXwbS/ynB8+QfnQD8kQg9+KFbLCoFInGD1etpOvGYXWbN
zm0r7eYLCSIouX+h3bd+iBUhdKP9UmlpwTo1ByU4n8XUmLB7UewNmFs9u2Y3DTqJ
B2caWMMMblPsXfyb4lShFLpcoYDaZGI9ZpWdqWDogAQoTSNS259qNdBu8hrC5hgj
xtfps9GCGxuZc+n16v4qKU29L99flBmym9ZxlXVcNcib/i4uVaWw+FXea1nmK/PT
MPAs8+xX0jnH2BjjFIRMby8DvrbyMcfoJgGY9C/H
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:11:21 2025 by rpki-client