Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/7893F3DC0B8511F086B2C121C4F9AE02.roa
File:                     7893F3DC0B8511F086B2C121C4F9AE02.roa (raw, json)
Hash identifier:          muoRT5YVa+lZ9dmEo5amL/VfGYBrEqrfaPqq9DzwYGI=
Subject key identifier:   AC:0C:0F:F1:0F:4A:91:16:25:3B:D7:77:B7:7C:0D:19:66:19:AD:74
Certificate issuer:       /CN=A9159E90/serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
Certificate serial:       01BF
Authority key identifier: 59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/7893F3DC0B8511F086B2C121C4F9AE02.roa
Signing time:             Fri 17 Oct 2025 06:55:55 +0000
ROA not before:           Fri 17 Oct 2025 06:55:54 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        103.233.179.0/24 maxlen: 24
                          2001:df3:9a40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/WR4siXPGPwtQ7voTRGvLFexS5R8.crl
                          rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/WR4siXPGPwtQ7voTRGvLFexS5R8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 05:43:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 447 (0x1bf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9159E90, serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
        Validity
            Not Before: Oct 17 06:55:54 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68f1e87a-34cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:95:41:0d:6f:da:fb:bf:36:7a:88:0a:60:68:
                    e6:e6:14:31:3a:7f:79:bf:3a:cf:cd:3b:2c:ac:38:
                    04:a6:76:78:bf:2f:fd:0f:9e:0a:09:f2:ed:75:34:
                    0e:e1:0a:49:0e:27:ef:ff:27:fe:87:fa:c8:67:7f:
                    b1:f8:ec:2a:7e:b8:42:ab:c1:eb:77:69:ee:d3:d7:
                    45:3a:97:0c:e4:ae:24:55:d3:dd:19:db:b1:0c:f6:
                    1e:08:fb:31:6d:34:c1:05:6b:e6:8d:ac:39:30:3e:
                    bf:e2:fb:2d:41:81:21:b9:37:a2:a0:f9:e9:55:a8:
                    35:86:4a:f5:6c:73:71:2c:03:12:c4:63:87:f0:b9:
                    ff:ea:8a:ef:37:17:eb:9d:62:3e:7f:0c:72:49:ea:
                    54:be:e9:83:b9:c7:4f:87:fb:b7:5c:e9:b3:c9:ec:
                    a9:c6:81:88:6b:79:ea:9e:6f:e7:97:69:16:d3:02:
                    9a:e0:ab:05:6b:51:e3:91:d4:e4:ff:bb:13:2e:04:
                    40:5f:9b:66:2f:f6:76:71:44:b9:a2:7d:5b:a3:9b:
                    f3:4e:31:1f:80:52:f0:61:37:13:f3:57:97:ba:bf:
                    86:57:18:5c:66:d9:35:ba:74:da:75:81:31:67:3d:
                    51:ab:14:ff:bb:16:ae:41:05:74:84:15:4c:de:eb:
                    82:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:0C:0F:F1:0F:4A:91:16:25:3B:D7:77:B7:7C:0D:19:66:19:AD:74
            X509v3 Authority Key Identifier:
                keyid:59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/WR4siXPGPwtQ7voTRGvLFexS5R8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/7893F3DC0B8511F086B2C121C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.233.179.0/24
                IPv6:
                  2001:df3:9a40::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:03:58:a4:30:36:d6:d8:f8:f1:cd:7e:ff:8e:03:21:b3:09:
         fd:a9:e6:5d:1c:e6:cc:13:fc:fd:8c:81:e4:b1:d7:41:58:d6:
         5e:7c:f7:b9:dd:45:67:e5:80:a7:d7:4b:f0:4c:75:d0:54:31:
         b6:ce:9e:d5:b7:f2:ca:8d:53:7d:c0:12:2b:d3:b2:28:90:00:
         0b:3d:2f:31:33:07:43:61:d2:e2:78:51:14:1f:2c:2d:84:ed:
         90:f6:46:02:26:60:10:00:ea:6a:9d:43:b1:52:53:3c:1d:fc:
         e8:8b:ff:13:5a:c2:1c:f9:c2:aa:01:48:99:61:a9:75:bd:3b:
         67:54:3b:86:27:d4:a9:b1:ad:0c:51:90:4d:c8:46:48:20:dd:
         4e:c7:20:45:e9:01:b7:51:07:40:8c:de:5b:26:7b:8e:86:cf:
         35:3d:19:97:01:c3:aa:5b:33:1e:88:3c:81:1b:39:5d:78:fd:
         91:7b:09:76:be:4b:e9:c9:71:92:7f:63:53:a3:3b:bb:60:79:
         36:02:88:af:e1:58:d6:c0:f3:16:6c:54:9a:77:39:bc:27:55:
         e1:84:35:b1:d0:a0:fe:7b:86:bd:ec:db:1b:48:6d:73:38:9b:
         d6:ba:37:9a:ac:18:2c:bf:5e:78:55:90:71:85:1b:28:07:b3:
         71:80:3c:c8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAb8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTlFOTAxMTAvBgNVBAUTKDU5MUUyQzg5NzNDNjNGMEI1MEVFRkExMzQ0NkJDQjE1
RUM1MkU1MUYwHhcNMjUxMDE3MDY1NTU0WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxZTg3YS0zNGNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxpVBDW/a+782eogKYGjm5hQxOn95vzrPzTssrDgEpnZ4vy/9D54KCfLtdTQO
4QpJDifv/yf+h/rIZ3+x+OwqfrhCq8Hrd2nu09dFOpcM5K4kVdPdGduxDPYeCPsx
bTTBBWvmjaw5MD6/4vstQYEhuTeioPnpVag1hkr1bHNxLAMSxGOH8Ln/6orvNxfr
nWI+fwxySepUvumDucdPh/u3XOmzyeypxoGIa3nqnm/nl2kW0wKa4KsFa1HjkdTk
/7sTLgRAX5tmL/Z2cUS5on1bo5vzTjEfgFLwYTcT81eXur+GVxhcZtk1unTadYEx
Zz1RqxT/uxauQQV0hBVM3uuCiwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFKwMD/EP
SpEWJTvXd7d8DRlmGa10MB8GA1UdIwQYMBaAFFkeLIlzxj8LUO76E0RryxXsUuUf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OUU5MC9BNTcyQjY3QzFG
MzIxMUVFQjM2NERENTNDNEY5QUUwMi9XUjRzaVhQR1B3dFE3dm9UUkd2TEZleFM1
UjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dSNHNpWFBHUHd0UTd2b1RSR3ZMRmV4UzVSOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTlFOTAvQTU3MkI2N0MxRjMyMTFFRUIzNjRERDUzQzRGOUFFMDIvNzg5M0YzREMw
Qjg1MTFGMDg2QjJDMTIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABn6bMwDwQCAAIwCQMHACABDfOaQDANBgkqhkiG9w0BAQsF
AAOCAQEAlgNYpDA21tj48c1+/44DIbMJ/anmXRzmzBP8/YyB5LHXQVjWXnz3ud1F
Z+WAp9dL8Ex10FQxts6e1bfyyo1TfcASK9OyKJAACz0vMTMHQ2HS4nhRFB8sLYTt
kPZGAiZgEADqap1DsVJTPB386Iv/E1rCHPnCqgFImWGpdb07Z1Q7hifUqbGtDFGQ
TchGSCDdTscgRekBt1EHQIzeWyZ7jobPNT0ZlwHDqlszHog8gRs5XXj9kXsJdr5L
6clxkn9jU6M7u2B5NgKIr+FY1sDzFmxUmnc5vCdV4YQ1sdCg/nuGvezbG0htczib
1ro3mqwYLL9eeFWQcYUbKAezcYA8yA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:04:11 2025 by rpki-client