Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/687D7178B85D11EBB2E17F26C4F9AE02.roa
File:                     687D7178B85D11EBB2E17F26C4F9AE02.roa (raw, json)
Hash identifier:          +tI56XBeGW4f/ZvoEb+YONcyvmeUooJFS+xtnAK+AuY=
Subject key identifier:   6D:AA:84:64:0E:0A:F5:EA:1C:92:35:67:91:B6:56:F2:1D:25:50:99
Certificate issuer:       /CN=A9158028/serialNumber=809EFF1F7819B81751F177AB5AFED82BCC32A569
Certificate serial:       065A
Authority key identifier: 80:9E:FF:1F:78:19:B8:17:51:F1:77:AB:5A:FE:D8:2B:CC:32:A5:69
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gJ7_H3gZuBdR8XerWv7YK8wypWk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/687D7178B85D11EBB2E17F26C4F9AE02.roa
Signing time:             Sat 04 Oct 2025 22:54:07 +0000
ROA not before:           Sat 04 Oct 2025 22:54:07 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     132296
IP address blocks:        103.72.72.0/22 maxlen: 22
                          103.72.72.0/24 maxlen: 24
                          103.72.73.0/24 maxlen: 24
                          103.72.74.0/24 maxlen: 24
                          103.72.75.0/24 maxlen: 24
                          103.233.140.0/23 maxlen: 23
                          103.233.140.0/24 maxlen: 24
                          103.233.141.0/24 maxlen: 24
                          103.248.202.0/23 maxlen: 24
                          2406:b580::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/gJ7_H3gZuBdR8XerWv7YK8wypWk.crl
                          rsync://rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/gJ7_H3gZuBdR8XerWv7YK8wypWk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gJ7_H3gZuBdR8XerWv7YK8wypWk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:10:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1626 (0x65a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9158028, serialNumber=809EFF1F7819B81751F177AB5AFED82BCC32A569
        Validity
            Not Before: Oct  4 22:54:07 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e1a58f-de3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:aa:19:58:92:7c:34:14:4a:1d:f6:18:5e:
                    ba:f1:0c:d9:6b:fa:0a:6a:29:5f:a9:e7:04:aa:07:
                    17:9e:b5:13:03:c8:f7:61:81:d1:07:41:a2:6e:32:
                    ac:49:7d:06:02:1c:c0:c9:1e:99:ff:db:c4:fb:b6:
                    ab:87:22:5c:d2:68:4c:81:03:64:96:9f:38:b8:4a:
                    13:3e:e5:3b:2d:ee:fc:8f:74:e3:89:82:7a:2e:b2:
                    47:03:e6:f1:bc:4a:36:7f:08:7b:3b:99:88:bb:1a:
                    a0:21:d3:43:e2:c3:ba:f3:77:3f:0b:bc:03:53:6c:
                    48:3f:65:7d:d6:58:40:64:5d:1c:f9:84:c6:91:b6:
                    03:67:2e:7d:fc:e2:4a:e1:e9:16:f3:81:c4:a6:ec:
                    fc:23:b6:89:36:5c:9d:28:2e:6e:f7:6e:da:8a:7d:
                    66:b7:ea:27:ab:41:e2:2f:7c:b6:f2:0d:6d:cf:54:
                    5e:32:93:62:56:cb:15:a5:ca:28:eb:b6:05:ae:aa:
                    c5:30:18:5e:67:55:4f:55:26:5e:da:65:43:33:04:
                    a9:ad:a8:14:05:8d:5d:87:c9:d7:57:aa:49:32:d2:
                    a0:80:5b:2b:b5:0b:1c:06:46:1e:8a:77:84:6a:58:
                    85:4c:5a:4b:ed:b4:a4:1d:f1:81:c9:73:71:12:cb:
                    f9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:AA:84:64:0E:0A:F5:EA:1C:92:35:67:91:B6:56:F2:1D:25:50:99
            X509v3 Authority Key Identifier:
                keyid:80:9E:FF:1F:78:19:B8:17:51:F1:77:AB:5A:FE:D8:2B:CC:32:A5:69

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/gJ7_H3gZuBdR8XerWv7YK8wypWk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gJ7_H3gZuBdR8XerWv7YK8wypWk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158028/8A4ADEE4A11F11EB9339D50AC4F9AE02/687D7178B85D11EBB2E17F26C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.72.72.0/22
                  103.233.140.0/23
                  103.248.202.0/23
                IPv6:
                  2406:b580::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:86:7a:57:f4:03:90:2f:06:66:88:c3:bf:f8:2e:ce:21:21:
         07:87:e9:dc:26:08:82:df:03:55:12:16:35:46:7b:1d:ea:d6:
         db:2c:08:67:10:c8:78:dc:6b:ef:87:b0:d1:92:7d:99:43:a0:
         1b:ea:b2:9a:b5:41:b3:50:57:b3:41:db:78:b3:1a:ac:4a:ec:
         ca:63:29:b5:9e:6d:d1:13:54:e1:ab:52:e1:e3:3b:09:ea:a2:
         7d:4e:61:fb:2f:84:50:9b:c3:1f:50:1e:4d:21:e1:8e:5e:28:
         61:ff:dc:99:30:5c:5a:c8:23:51:7f:25:76:ac:74:24:54:77:
         c9:a5:b4:d7:6a:22:06:a5:81:48:40:7a:45:30:e7:5f:ff:f8:
         67:b5:e4:0c:7d:ba:8c:68:f8:15:ad:28:12:9a:eb:90:4d:38:
         31:4a:4f:23:d3:97:27:e7:75:f5:6a:15:5c:61:51:8e:8d:72:
         a7:75:8c:41:7b:1a:dc:78:f2:b8:5f:5c:f1:35:b5:ca:0e:cf:
         ce:e9:72:76:b9:e0:48:31:c9:8d:33:cc:0d:39:fb:0f:18:fa:
         19:9e:ee:7e:b7:d1:4e:9f:d5:44:ff:26:2d:08:16:95:01:74:
         c1:bc:34:0e:0d:ff:d3:86:e2:55:c1:d3:a0:73:17:b4:43:23:
         5b:4e:c4:88
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICBlowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTgwMjgxMTAvBgNVBAUTKDgwOUVGRjFGNzgxOUI4MTc1MUYxNzdBQjVBRkVEODJC
Q0MzMkE1NjkwHhcNMjUxMDA0MjI1NDA3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGUxYTU4Zi1kZTNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs1GqGViSfDQUSh32GF668QzZa/oKailfqecEqgcXnrUTA8j3YYHRB0GibjKs
SX0GAhzAyR6Z/9vE+7arhyJc0mhMgQNklp84uEoTPuU7Le78j3TjiYJ6LrJHA+bx
vEo2fwh7O5mIuxqgIdND4sO683c/C7wDU2xIP2V91lhAZF0c+YTGkbYDZy59/OJK
4ekW84HEpuz8I7aJNlydKC5u927ain1mt+onq0HiL3y28g1tz1ReMpNiVssVpcoo
67YFrqrFMBheZ1VPVSZe2mVDMwSpragUBY1dh8nXV6pJMtKggFsrtQscBkYeineE
aliFTFpL7bSkHfGByXNxEsv58QIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFG2qhGQO
CvXqHJI1Z5G2VvIdJVCZMB8GA1UdIwQYMBaAFICe/x94GbgXUfF3q1r+2CvMMqVp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1ODAyOC84QTRBREVFNEEx
MUYxMUVCOTMzOUQ1MEFDNEY5QUUwMi9nSjdfSDNnWnVCZFI4WGVyV3Y3WUs4d3lw
V2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dKN19IM2dadUJkUjhYZXJXdjdZSzh3eXBXay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTgwMjgvOEE0QURFRTRBMTFGMTFFQjkzMzlENTBBQzRGOUFFMDIvNjg3RDcxNzhC
ODVEMTFFQkIyRTE3RjI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJnSEgDBAFn6YwDBAFn+MowDQQCAAIwBwMFACQGtYAwDQYJ
KoZIhvcNAQELBQADggEBAFyGelf0A5AvBmaIw7/4Ls4hIQeH6dwmCILfA1USFjVG
ex3q1tssCGcQyHjca++HsNGSfZlDoBvqspq1QbNQV7NB23izGqxK7MpjKbWebdET
VOGrUuHjOwnqon1OYfsvhFCbwx9QHk0h4Y5eKGH/3JkwXFrII1F/JXasdCRUd8ml
tNdqIgalgUhAekUw51//+Ge15Ax9uoxo+BWtKBKa65BNODFKTyPTlyfndfVqFVxh
UY6Ncqd1jEF7Gtx48rhfXPE1tcoOz87pcna54EgxyY0zzA05+w8Y+hme7n630U6f
1UT/Ji0IFpUBdMG8NA4N/9OG4lXB06BzF7RDI1tOxIg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:32:10 2025 by rpki-client