Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/4841ECEC51B311F0B1DF6B79C4F9AE02.roa
File:                     4841ECEC51B311F0B1DF6B79C4F9AE02.roa (raw, json)
Hash identifier:          JZr7RpDfdse4Xe8vB5lgnYHUsW8MDPG1sBv8IKth7Jg=
Subject key identifier:   D4:08:98:F0:4A:A5:B3:10:69:84:A1:E8:B1:2E:A7:8B:33:FD:81:46
Certificate issuer:       /CN=A916807A/serialNumber=729E2F9C1D87C214735078CFD21C638E07157B5D
Certificate serial:       025A
Authority key identifier: 72:9E:2F:9C:1D:87:C2:14:73:50:78:CF:D2:1C:63:8E:07:15:7B:5D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/4841ECEC51B311F0B1DF6B79C4F9AE02.roa
Signing time:             Wed 25 Jun 2025 10:58:10 +0000
ROA not before:           Wed 25 Jun 2025 10:58:10 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     834
IP address blocks:        103.4.100.0/24 maxlen: 24
                          103.4.101.0/24 maxlen: 24
                          202.155.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.crl
                          rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 10 Jul 2025 02:23:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 602 (0x25a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916807A, serialNumber=729E2F9C1D87C214735078CFD21C638E07157B5D
        Validity
            Not Before: Jun 25 10:58:10 2025 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=685bd642-222d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:cf:a3:9b:ab:a7:da:0c:01:da:68:31:2e:42:
                    71:ff:c3:6c:0a:c8:24:0c:ae:20:10:2a:71:34:59:
                    51:d6:58:d1:09:d8:5e:96:9a:9c:6d:84:48:eb:c5:
                    81:0a:f4:7e:3e:9a:59:c3:1b:a1:65:a6:e3:d2:04:
                    49:eb:cb:2d:87:36:49:57:00:3e:22:1b:d1:5b:93:
                    31:39:e6:78:6d:8c:ec:c0:47:bf:37:ae:82:9b:cb:
                    2d:d8:87:c4:81:46:9d:e0:1e:93:77:e3:bb:b4:b0:
                    7b:58:4e:93:08:9f:b7:c6:42:d9:e4:8f:b4:57:78:
                    ce:18:a5:25:38:a0:d4:a9:47:21:65:0d:e5:ba:8a:
                    0d:6e:61:e4:ab:f1:b3:16:77:fa:54:20:67:e3:56:
                    d6:b2:c0:67:fe:51:37:98:32:38:9a:33:f9:82:8a:
                    59:3c:09:43:1b:c6:d5:75:4d:03:b0:e0:42:ab:57:
                    15:33:6f:96:ba:85:e8:c2:69:43:8f:46:a9:ee:c9:
                    31:81:71:40:f7:eb:f5:22:c7:41:9c:40:ce:d1:c2:
                    d0:6b:fa:f9:1f:fe:ea:ab:9e:dc:83:58:dd:da:37:
                    95:c8:21:b8:b9:d8:cd:7d:98:ff:88:8b:a8:ce:ae:
                    4a:ea:8d:5f:20:74:c1:a3:bf:d7:34:45:bc:9c:a1:
                    9b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:08:98:F0:4A:A5:B3:10:69:84:A1:E8:B1:2E:A7:8B:33:FD:81:46
            X509v3 Authority Key Identifier:
                keyid:72:9E:2F:9C:1D:87:C2:14:73:50:78:CF:D2:1C:63:8E:07:15:7B:5D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/4841ECEC51B311F0B1DF6B79C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.4.100.0/23
                  202.155.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:36:fa:c6:07:e0:33:94:dc:d3:0a:e1:e6:30:69:c9:b8:ec:
         51:7a:c4:e1:2e:b8:92:91:c2:a9:36:9c:4b:45:5c:93:30:eb:
         64:b6:e2:c1:96:09:26:1e:4b:05:32:41:29:66:d5:f6:40:e7:
         ce:35:65:a6:f3:93:75:5a:73:a3:9e:3a:60:7f:a5:3a:05:78:
         ed:20:b4:2e:1e:0c:2d:5a:77:18:4a:3d:36:6c:89:d1:f4:b5:
         22:b7:81:58:2e:e7:19:7a:01:1e:b0:38:99:38:80:52:10:4c:
         a2:1b:69:f5:55:d0:39:0e:dd:a2:27:6b:67:93:1c:68:5c:f4:
         47:9d:8a:ee:dd:b9:3b:f4:3e:8a:54:99:38:5b:8e:aa:b0:3a:
         1e:2a:f8:e0:57:b8:67:d1:cd:65:68:2e:4d:db:7e:47:86:87:
         5a:1b:03:e1:ea:23:7d:76:a8:7f:4c:43:3a:24:6b:9a:50:83:
         3b:79:8f:e3:d6:36:12:30:8f:31:a4:5f:e0:45:b8:c3:0e:a2:
         64:ce:e2:d5:a6:a1:fb:e2:30:58:00:4c:ab:d2:37:bf:a2:41:
         8a:1b:84:3f:b5:c7:48:27:6b:71:38:7e:53:4e:a5:df:3d:2b:
         22:a6:dd:39:70:d0:8d:0d:42:03:8a:25:d6:87:c8:b6:ef:ed:
         cc:ed:17:b3
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAlowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjgwN0ExMTAvBgNVBAUTKDcyOUUyRjlDMUQ4N0MyMTQ3MzUwNzhDRkQyMUM2MzhF
MDcxNTdCNUQwHhcNMjUwNjI1MTA1ODEwWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODViZDY0Mi0yMjJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5s+jm6un2gwB2mgxLkJx/8NsCsgkDK4gECpxNFlR1ljRCdhelpqcbYRI68WB
CvR+PppZwxuhZabj0gRJ68sthzZJVwA+IhvRW5MxOeZ4bYzswEe/N66Cm8st2IfE
gUad4B6Td+O7tLB7WE6TCJ+3xkLZ5I+0V3jOGKUlOKDUqUchZQ3luooNbmHkq/Gz
Fnf6VCBn41bWssBn/lE3mDI4mjP5gopZPAlDG8bVdU0DsOBCq1cVM2+WuoXowmlD
j0ap7skxgXFA9+v1IsdBnEDO0cLQa/r5H/7qq57cg1jd2jeVyCG4udjNfZj/iIuo
zq5K6o1fIHTBo7/XNEW8nKGbPwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFNQImPBK
pbMQaYSh6LEup4sz/YFGMB8GA1UdIwQYMBaAFHKeL5wdh8IUc1B4z9IcY44HFXtd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2ODA3QS8wMjYzQUI0ODNF
ODgxMUVEQTYxQTlCMkFDNEY5QUUwMi9jcDR2bkIySHdoUnpVSGpQMGh4ampnY1Zl
MTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NwNHZuQjJId2hSelVIalAwaHhqamdjVmUxMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjgwN0EvMDI2M0FCNDgzRTg4MTFFREE2MUE5QjJBQzRGOUFFMDIvNDg0MUVDRUM1
MUIzMTFGMEIxREY2Qjc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnBGQDBALKm3wwDQYJKoZIhvcNAQELBQADggEBAKI2+sYH
4DOU3NMK4eYwacm47FF6xOEuuJKRwqk2nEtFXJMw62S24sGWCSYeSwUyQSlm1fZA
5841Zabzk3Vac6OeOmB/pToFeO0gtC4eDC1adxhKPTZsidH0tSK3gVgu5xl6AR6w
OJk4gFIQTKIbafVV0DkO3aIna2eTHGhc9Eediu7duTv0PopUmThbjqqwOh4q+OBX
uGfRzWVoLk3bfkeGh1obA+HqI312qH9MQzoka5pQgzt5j+PWNhIwjzGkX+BFuMMO
omTO4tWmofviMFgATKvSN7+iQYobhD+1x0gna3E4flNOpd89KyKm3Tlw0I0NQgOK
JdaHyLbv7cztF7M=
-----END CERTIFICATE-----
Generated at Thu Jul 3 09:19:30 2025 by rpki-client