Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/8620180E00EE11EDBC60AA4FC4F9AE02.roa
File:                     8620180E00EE11EDBC60AA4FC4F9AE02.roa (raw, json)
Hash identifier:          JbvkFmhuxDHhlpgsWGCnfVlPsQAl6R0NvFJ7QoU6lmA=
Subject key identifier:   05:B3:3D:3B:61:C2:62:E9:8B:13:A6:5F:82:D1:5C:1F:F4:0B:79:E5
Certificate issuer:       /CN=A917314A/serialNumber=272CAE5F21C8BF6B6B4915AF0004C7EFCFC7DB3D
Certificate serial:       02E3
Authority key identifier: 27:2C:AE:5F:21:C8:BF:6B:6B:49:15:AF:00:04:C7:EF:CF:C7:DB:3D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JyyuXyHIv2trSRWvAATH78_H2z0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/8620180E00EE11EDBC60AA4FC4F9AE02.roa
Signing time:             Wed 17 Sep 2025 02:08:33 +0000
ROA not before:           Wed 17 Sep 2025 02:08:33 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     150111
IP address blocks:        103.23.95.0/24 maxlen: 24
                          103.190.199.0/24 maxlen: 24
                          2001:df0:f1c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/JyyuXyHIv2trSRWvAATH78_H2z0.crl
                          rsync://rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/JyyuXyHIv2trSRWvAATH78_H2z0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JyyuXyHIv2trSRWvAATH78_H2z0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 03:22:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 739 (0x2e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917314A, serialNumber=272CAE5F21C8BF6B6B4915AF0004C7EFCFC7DB3D
        Validity
            Not Before: Sep 17 02:08:33 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68ca1820-a474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:3f:55:1c:82:d9:28:ad:29:65:31:61:52:
                    83:28:98:b5:70:ab:60:02:59:38:a7:18:28:47:60:
                    81:82:99:33:87:b0:4b:9f:b1:02:ab:68:fb:22:92:
                    eb:bc:b5:57:61:07:0c:c1:ed:e2:4c:4b:60:83:c6:
                    3e:0d:e5:f1:c8:1e:5d:a5:ec:00:35:3f:7c:76:8b:
                    2a:38:ba:00:c9:c6:00:fc:ed:02:9c:d8:81:55:c7:
                    6e:bf:fa:d9:c5:3e:75:57:fa:c5:78:3d:69:71:41:
                    a4:c1:7b:0a:2f:5f:f6:57:cf:cd:59:33:79:ed:a3:
                    3a:73:aa:d8:57:ea:82:32:87:e4:10:91:95:af:0c:
                    17:d1:4a:f5:01:88:cc:47:3d:0d:ae:a3:1e:8e:38:
                    43:80:2c:e4:fb:06:e8:49:0d:13:04:f5:98:7b:d9:
                    32:41:18:68:15:18:4e:72:22:47:b1:0a:48:68:8d:
                    a6:35:07:d6:c8:06:5f:53:be:22:90:dc:51:a8:19:
                    42:32:c6:16:10:00:bb:3f:c3:54:8a:0e:d9:68:c7:
                    c3:75:5c:ba:97:14:54:04:6a:2b:1c:3e:3a:c7:00:
                    c5:29:aa:46:b6:dc:5f:3b:40:a0:cc:69:74:0d:e3:
                    62:7b:2e:43:d4:68:5c:fd:cd:6f:1e:c3:78:ee:93:
                    a6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B3:3D:3B:61:C2:62:E9:8B:13:A6:5F:82:D1:5C:1F:F4:0B:79:E5
            X509v3 Authority Key Identifier:
                keyid:27:2C:AE:5F:21:C8:BF:6B:6B:49:15:AF:00:04:C7:EF:CF:C7:DB:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/JyyuXyHIv2trSRWvAATH78_H2z0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JyyuXyHIv2trSRWvAATH78_H2z0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917314A/5EF8A91600EA11ED9C0CB332C4F9AE02/8620180E00EE11EDBC60AA4FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.23.95.0/24
                  103.190.199.0/24
                IPv6:
                  2001:df0:f1c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:1f:fd:f3:c8:d9:3b:22:0b:88:10:13:58:ce:3e:c0:8b:2d:
         49:57:ec:8b:e6:d5:06:c5:1c:8b:11:e3:c4:ba:50:98:84:4a:
         97:b1:4f:33:12:74:b2:f9:7a:de:0a:74:c5:02:13:4e:48:1e:
         f8:f4:2f:02:8b:14:11:c7:d6:88:95:39:76:80:a7:48:8d:f6:
         e6:c1:c4:d1:9f:49:e1:ab:1a:f0:70:1c:50:a0:94:b7:b1:83:
         4a:9e:08:4e:96:95:58:97:6c:fd:3f:80:61:3b:fb:0d:20:f3:
         a6:60:a9:2a:31:a1:d7:46:36:a2:77:cc:45:b3:b8:26:11:da:
         49:2a:52:6b:23:11:ed:f5:d5:d5:fe:1e:9f:a5:61:c7:c8:9a:
         ee:17:a7:cf:d3:a9:fc:45:d5:4e:5a:42:27:03:36:0c:b7:d0:
         c6:32:4c:08:c4:d0:97:33:a1:0a:c4:28:e8:fb:40:2d:08:f1:
         4c:59:4b:ae:f5:44:1c:bb:a6:b0:30:b3:0b:4c:53:80:2f:1a:
         c6:e5:f9:26:2a:ee:e7:92:6f:6e:6d:51:99:63:9c:09:b4:bd:
         84:dd:3b:f1:12:38:d1:de:94:f6:d2:43:40:ad:05:fe:ce:f2:
         29:64:f9:7b:30:eb:c3:38:25:b6:5a:5c:28:98:9e:b0:10:24:
         8f:e7:d5:7a
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICAuMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzMxNEExMTAvBgNVBAUTKDI3MkNBRTVGMjFDOEJGNkI2QjQ5MTVBRjAwMDRDN0VG
Q0ZDN0RCM0QwHhcNMjUwOTE3MDIwODMzWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNhMTgyMC1hNDc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtTw/VRyC2SitKWUxYVKDKJi1cKtgAlk4pxgoR2CBgpkzh7BLn7ECq2j7IpLr
vLVXYQcMwe3iTEtgg8Y+DeXxyB5dpewANT98dosqOLoAycYA/O0CnNiBVcduv/rZ
xT51V/rFeD1pcUGkwXsKL1/2V8/NWTN57aM6c6rYV+qCMofkEJGVrwwX0Ur1AYjM
Rz0NrqMejjhDgCzk+wboSQ0TBPWYe9kyQRhoFRhOciJHsQpIaI2mNQfWyAZfU74i
kNxRqBlCMsYWEAC7P8NUig7ZaMfDdVy6lxRUBGorHD46xwDFKapGttxfO0CgzGl0
DeNiey5D1Ghc/c1vHsN47pOm3wIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFAWzPTth
wmLpixOmX4LRXB/0C3nlMB8GA1UdIwQYMBaAFCcsrl8hyL9ra0kVrwAEx+/Px9s9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MzE0QS81RUY4QTkxNjAw
RUExMUVEOUMwQ0IzMzJDNEY5QUUwMi9KeXl1WHlISXYydHJTUld2QUFUSDc4X0gy
ejAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0p5eXVYeUhJdjJ0clNSV3ZBQVRINzhfSDJ6MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzMxNEEvNUVGOEE5MTYwMEVBMTFFRDlDMENCMzMyQzRGOUFFMDIvODYyMDE4MEUw
MEVFMTFFREJDNjBBQTRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnF18DBABnvscwDwQCAAIwCQMHACABDfDxwDANBgkqhkiG
9w0BAQsFAAOCAQEAlh/988jZOyILiBATWM4+wIstSVfsi+bVBsUcixHjxLpQmIRK
l7FPMxJ0svl63gp0xQITTkge+PQvAosUEcfWiJU5doCnSI325sHE0Z9J4asa8HAc
UKCUt7GDSp4ITpaVWJds/T+AYTv7DSDzpmCpKjGh10Y2onfMRbO4JhHaSSpSayMR
7fXV1f4en6Vhx8ia7henz9Op/EXVTlpCJwM2DLfQxjJMCMTQlzOhCsQo6PtALQjx
TFlLrvVEHLumsDCzC0xTgC8axuX5Jiru55Jvbm1RmWOcCbS9hN078RI40d6U9tJD
QK0F/s7yKWT5ezDrwzgltlpcKJiesBAkj+fVeg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:45:05 2025 by rpki-client