Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/AA15C0AEE84311EE8683D32CC4F9AE02.roa
File:                     AA15C0AEE84311EE8683D32CC4F9AE02.roa (raw, json)
Hash identifier:          gYHV3KOXPY5t1RxYeQj8LMR1j99M6/FvNYKxReKdcYI=
Subject key identifier:   36:FE:60:A0:94:95:BC:E3:CF:87:AA:FC:8D:41:75:9E:4F:5C:65:F3
Certificate issuer:       /CN=A91530ED/serialNumber=114DE4A6ADFE4FA18615C547715EBB4FF5946EF6
Certificate serial:       0191
Authority key identifier: 11:4D:E4:A6:AD:FE:4F:A1:86:15:C5:47:71:5E:BB:4F:F5:94:6E:F6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EU3kpq3-T6GGFcVHcV67T_WUbvY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/AA15C0AEE84311EE8683D32CC4F9AE02.roa
Signing time:             Fri 03 Oct 2025 03:59:42 +0000
ROA not before:           Fri 03 Oct 2025 03:59:42 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     151666
IP address blocks:        103.252.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/EU3kpq3-T6GGFcVHcV67T_WUbvY.crl
                          rsync://rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/EU3kpq3-T6GGFcVHcV67T_WUbvY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EU3kpq3-T6GGFcVHcV67T_WUbvY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 05:58:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401 (0x191)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91530ED, serialNumber=114DE4A6ADFE4FA18615C547715EBB4FF5946EF6
        Validity
            Not Before: Oct  3 03:59:42 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68df4a2d-5950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4d:04:b3:50:27:c7:78:b7:ac:29:06:6d:c9:
                    4c:a2:9b:4d:47:77:ef:da:30:34:ab:40:db:f6:11:
                    55:03:e1:f7:9d:47:ec:95:e9:84:4b:bd:c9:f6:eb:
                    cf:87:80:5e:f7:52:22:e4:50:a4:1b:8c:24:ae:dd:
                    53:8d:de:24:f1:a5:59:57:88:9b:9e:7c:03:d7:f6:
                    8c:9a:15:2b:e9:1c:c0:15:5b:70:14:5c:b4:79:18:
                    c3:45:77:65:84:4e:67:a3:3f:23:d8:81:3d:65:a2:
                    f8:a5:23:1f:ef:60:e8:5e:f4:a8:93:c8:f5:7a:6f:
                    8b:1f:df:85:02:8c:76:0f:c9:e1:67:18:90:bc:e3:
                    1c:f8:51:e0:f5:ab:83:a6:62:b0:a0:42:41:4c:5f:
                    ea:88:a3:19:b7:e0:62:a9:e7:07:2a:1f:21:ce:8d:
                    ce:1c:7b:ad:7e:f3:2c:65:44:ef:5a:c3:02:c2:40:
                    96:5b:85:2c:94:12:d6:19:61:4a:2e:22:ab:97:f1:
                    c6:4a:e1:9d:bb:b8:87:4d:5a:3d:cc:73:46:20:77:
                    90:a8:d3:f2:52:d9:a2:a9:e1:ee:3c:d3:60:89:67:
                    13:94:e9:61:32:c1:ef:aa:ad:8f:58:52:57:d9:8a:
                    01:d0:0b:cf:1f:fc:06:58:fc:ac:85:47:e0:d4:3e:
                    b4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FE:60:A0:94:95:BC:E3:CF:87:AA:FC:8D:41:75:9E:4F:5C:65:F3
            X509v3 Authority Key Identifier:
                keyid:11:4D:E4:A6:AD:FE:4F:A1:86:15:C5:47:71:5E:BB:4F:F5:94:6E:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/EU3kpq3-T6GGFcVHcV67T_WUbvY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EU3kpq3-T6GGFcVHcV67T_WUbvY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91530ED/4D8F8842400F11EEB6B3DB4AC4F9AE02/AA15C0AEE84311EE8683D32CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.252.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:48:78:a4:18:9c:ed:03:ab:a7:43:c1:c9:79:c9:8f:de:8d:
         b9:c5:96:90:c1:ab:e6:cc:8d:81:63:17:bc:72:dc:f4:e5:7a:
         f0:ca:1c:f1:b7:7e:21:86:bf:8e:dc:12:f0:93:7e:9b:12:f5:
         0f:0c:31:f3:98:be:2d:2d:67:59:1c:4c:50:34:74:f0:77:90:
         32:25:63:ba:77:65:76:17:98:d3:20:f9:46:96:4f:fc:a6:7e:
         c3:2c:d8:32:58:11:09:61:f9:25:b6:2b:5e:7c:38:10:bf:8c:
         c5:12:7c:7c:14:5e:e4:ea:49:8b:44:55:c7:11:17:34:86:69:
         9c:db:49:e8:6e:25:5e:53:ac:90:51:c2:16:2f:a5:23:2a:60:
         3e:a8:8b:42:aa:43:9c:bb:b3:00:ba:4c:0f:ec:1f:92:a4:ac:
         0b:a0:a8:70:26:f4:23:85:cb:3d:af:07:7c:02:99:8e:e9:43:
         bc:cc:cf:a4:ab:59:43:2f:12:ad:ca:17:6d:9a:38:43:a8:85:
         c7:bc:df:f6:b0:54:03:bc:dc:d5:f5:cf:30:8a:cb:ec:2b:af:
         21:43:42:e2:3c:37:7f:38:a2:39:36:23:02:02:da:d4:ca:a2:
         6a:6a:90:e4:fc:36:77:d1:9b:83:5e:a3:85:60:f0:2e:0d:eb:
         5c:f0:b2:ab
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAZEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTMwRUQxMTAvBgNVBAUTKDExNERFNEE2QURGRTRGQTE4NjE1QzU0NzcxNUVCQjRG
RjU5NDZFRjYwHhcNMjUxMDAzMDM1OTQyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRmNGEyZC01OTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr00Es1Anx3i3rCkGbclMoptNR3fv2jA0q0Db9hFVA+H3nUfslemES73J9uvP
h4Be91Ii5FCkG4wkrt1Tjd4k8aVZV4ibnnwD1/aMmhUr6RzAFVtwFFy0eRjDRXdl
hE5noz8j2IE9ZaL4pSMf72DoXvSok8j1em+LH9+FAox2D8nhZxiQvOMc+FHg9auD
pmKwoEJBTF/qiKMZt+BiqecHKh8hzo3OHHutfvMsZUTvWsMCwkCWW4UslBLWGWFK
LiKrl/HGSuGdu7iHTVo9zHNGIHeQqNPyUtmiqeHuPNNgiWcTlOlhMsHvqq2PWFJX
2YoB0AvPH/wGWPyshUfg1D603QIDAQABo4IClTCCApEwHQYDVR0OBBYEFDb+YKCU
lbzjz4eq/I1BdZ5PXGXzMB8GA1UdIwQYMBaAFBFN5Kat/k+hhhXFR3Feu0/1lG72
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzBFRC80RDhGODg0MjQw
MEYxMUVFQjZCM0RCNEFDNEY5QUUwMi9FVTNrcHEzLVQ2R0dGY1ZIY1Y2N1RfV1Vi
dlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VVM2twcTMtVDZHR0ZjVkhjVjY3VF9XVWJ2WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTMwRUQvNEQ4Rjg4NDI0MDBGMTFFRUI2QjNEQjRBQzRGOUFFMDIvQUExNUMwQUVF
ODQzMTFFRTg2ODNEMzJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn/PMwDQYJKoZIhvcNAQELBQADggEBAE9IeKQYnO0Dq6dD
wcl5yY/ejbnFlpDBq+bMjYFjF7xy3PTlevDKHPG3fiGGv47cEvCTfpsS9Q8MMfOY
vi0tZ1kcTFA0dPB3kDIlY7p3ZXYXmNMg+UaWT/ymfsMs2DJYEQlh+SW2K158OBC/
jMUSfHwUXuTqSYtEVccRFzSGaZzbSehuJV5TrJBRwhYvpSMqYD6oi0KqQ5y7swC6
TA/sH5KkrAugqHAm9COFyz2vB3wCmY7pQ7zMz6SrWUMvEq3KF22aOEOohce83/aw
VAO83NX1zzCKy+wrryFDQuI8N384ojk2IwIC2tTKompqkOT8NnfRm4Neo4Vg8C4N
61zwsqs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:40:13 2025 by rpki-client