Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/39952E50C6CB11ECB185E43EC4F9AE02.roa
File:                     39952E50C6CB11ECB185E43EC4F9AE02.roa (raw, json)
Hash identifier:          dkZcQ/A932iJ1dN4/qgrPfW8ADl8k2VS3zXyLTEFE+Q=
Subject key identifier:   3B:AF:26:8B:24:8E:52:87:E4:4D:E8:4A:A1:DE:4C:73:E1:CE:49:CC
Certificate issuer:       /CN=A9150E55/serialNumber=A01A0F06E310B38130131D7882970BF162DD0D66
Certificate serial:       037B
Authority key identifier: A0:1A:0F:06:E3:10:B3:81:30:13:1D:78:82:97:0B:F1:62:DD:0D:66
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oBoPBuMQs4EwEx14gpcL8WLdDWY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/39952E50C6CB11ECB185E43EC4F9AE02.roa
Signing time:             Sat 11 Oct 2025 03:27:20 +0000
ROA not before:           Sat 11 Oct 2025 03:27:20 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     132742
IP address blocks:        43.243.64.0/22 maxlen: 24
                          103.38.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/oBoPBuMQs4EwEx14gpcL8WLdDWY.crl
                          rsync://rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/oBoPBuMQs4EwEx14gpcL8WLdDWY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oBoPBuMQs4EwEx14gpcL8WLdDWY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 02:52:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891 (0x37b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9150E55, serialNumber=A01A0F06E310B38130131D7882970BF162DD0D66
        Validity
            Not Before: Oct 11 03:27:20 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68e9ce98-b5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:24:3c:ba:ea:fb:2e:5e:bf:f6:03:1f:02:3e:
                    4b:47:c5:79:ac:a1:29:b9:44:cd:38:5b:e2:86:d2:
                    a7:65:84:1e:79:14:4e:0e:08:93:3e:d7:b3:2a:49:
                    d5:57:6f:2f:dd:77:93:9c:13:de:df:49:33:de:4e:
                    f8:b9:8e:d9:12:f4:d4:96:cd:46:a4:9e:b8:53:8d:
                    1f:38:88:22:f7:ef:64:68:e9:bc:70:73:ce:a0:1d:
                    62:6a:52:69:88:2f:dc:3a:3d:65:ce:08:0d:03:a8:
                    4f:ee:b2:bf:ec:d4:11:5c:7e:12:c2:36:66:c1:f7:
                    69:b0:2e:1a:5d:9a:e0:ba:9c:e2:3b:72:19:9e:0d:
                    26:4b:aa:4c:05:ca:41:f9:e1:64:5a:05:5e:19:1a:
                    56:c4:2b:92:20:50:7b:2b:c5:ca:be:44:96:4b:70:
                    a6:dd:21:63:4d:c1:ed:c4:ea:8f:c3:6b:53:9a:38:
                    76:72:2b:e8:51:13:7e:19:52:22:9a:c3:4e:71:65:
                    11:b2:05:7b:c7:b8:8e:db:3d:a1:d7:a4:a7:da:1e:
                    55:a4:dd:64:58:f4:0c:f0:a8:85:3c:3f:ff:95:54:
                    a5:64:74:46:a6:28:e3:21:93:d8:ad:a9:c2:31:a1:
                    15:44:f0:21:d7:1c:b9:f4:70:a2:dd:5b:a2:22:9e:
                    43:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AF:26:8B:24:8E:52:87:E4:4D:E8:4A:A1:DE:4C:73:E1:CE:49:CC
            X509v3 Authority Key Identifier:
                keyid:A0:1A:0F:06:E3:10:B3:81:30:13:1D:78:82:97:0B:F1:62:DD:0D:66

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/oBoPBuMQs4EwEx14gpcL8WLdDWY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oBoPBuMQs4EwEx14gpcL8WLdDWY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9150E55/7D32A74EC60011EC87005C7DC4F9AE02/39952E50C6CB11ECB185E43EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.64.0/22
                  103.38.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:80:35:ce:0b:54:2d:38:7b:a6:0b:f0:20:7c:46:fe:5e:d6:
         86:37:df:31:e9:b3:bf:94:8f:c9:32:e2:91:ea:77:3c:cd:19:
         46:f1:97:34:47:52:a7:ac:dd:fb:08:da:0d:b4:2e:bd:f8:7e:
         1c:90:64:c2:0a:d0:82:a1:b6:e0:2d:fa:8a:2b:45:63:26:ca:
         ec:c1:48:39:e2:48:d4:be:b3:12:dd:86:87:70:a8:ba:24:d7:
         59:38:c3:87:c7:62:b6:49:76:44:eb:07:a3:d7:c7:05:1e:7c:
         25:c7:42:42:3f:7e:8a:cd:82:4a:c9:02:16:61:75:3c:14:55:
         9e:24:50:80:a8:21:57:50:10:2e:90:7c:75:54:5e:56:d0:c4:
         19:58:3e:5c:3e:ae:aa:5c:f2:5e:d3:16:0e:2e:20:8a:b3:07:
         94:8b:63:64:1c:5b:a1:e5:ba:8c:23:95:a5:1c:ae:fa:a4:db:
         7c:e5:18:6e:8c:e7:13:e9:dd:f1:c2:08:db:c1:6d:5d:59:90:
         30:a6:b6:6f:46:58:9d:7e:d6:dc:90:f2:ee:90:8f:b1:67:08:
         1c:a1:2c:71:40:9d:06:6b:ca:1a:53:17:14:31:6e:4d:a8:c0:
         cd:91:94:0e:fd:8f:30:ce:be:1a:ef:cb:b7:1d:c2:dd:b6:ab:
         09:bd:ef:5f
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA3swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTBFNTUxMTAvBgNVBAUTKEEwMUEwRjA2RTMxMEIzODEzMDEzMUQ3ODgyOTcwQkYx
NjJERDBENjYwHhcNMjUxMDExMDMyNzIwWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5Y2U5OC1iNWY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtiQ8uur7Ll6/9gMfAj5LR8V5rKEpuUTNOFvihtKnZYQeeRRODgiTPtezKknV
V28v3XeTnBPe30kz3k74uY7ZEvTUls1GpJ64U40fOIgi9+9kaOm8cHPOoB1ialJp
iC/cOj1lzggNA6hP7rK/7NQRXH4SwjZmwfdpsC4aXZrgupziO3IZng0mS6pMBcpB
+eFkWgVeGRpWxCuSIFB7K8XKvkSWS3Cm3SFjTcHtxOqPw2tTmjh2civoURN+GVIi
msNOcWURsgV7x7iO2z2h16Sn2h5VpN1kWPQM8KiFPD//lVSlZHRGpijjIZPYranC
MaEVRPAh1xy59HCi3VuiIp5DXwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFDuvJosk
jlKH5E3oSqHeTHPhzknMMB8GA1UdIwQYMBaAFKAaDwbjELOBMBMdeIKXC/Fi3Q1m
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MEU1NS83RDMyQTc0RUM2
MDAxMUVDODcwMDVDN0RDNEY5QUUwMi9vQm9QQnVNUXM0RXdFeDE0Z3BjTDhXTGRE
V1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29Cb1BCdU1RczRFd0V4MTRncGNMOFdMZERXWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTBFNTUvN0QzMkE3NEVDNjAwMTFFQzg3MDA1QzdEQzRGOUFFMDIvMzk5NTJFNTBD
NkNCMTFFQ0IxODVFNDNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr80ADBAJnJqgwDQYJKoZIhvcNAQELBQADggEBAHSANc4L
VC04e6YL8CB8Rv5e1oY33zHps7+Uj8ky4pHqdzzNGUbxlzRHUqes3fsI2g20Lr34
fhyQZMIK0IKhtuAt+oorRWMmyuzBSDniSNS+sxLdhodwqLok11k4w4fHYrZJdkTr
B6PXxwUefCXHQkI/forNgkrJAhZhdTwUVZ4kUICoIVdQEC6QfHVUXlbQxBlYPlw+
rqpc8l7TFg4uIIqzB5SLY2QcW6HluowjlaUcrvqk23zlGG6M5xPp3fHCCNvBbV1Z
kDCmtm9GWJ1+1tyQ8u6Qj7FnCByhLHFAnQZryhpTFxQxbk2owM2RlA79jzDOvhrv
y7cdwt22qwm9718=
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:31:39 2025 by rpki-client