Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/3BFEA04CB6A611EDAF611B68C4F9AE02.roa
File:                     3BFEA04CB6A611EDAF611B68C4F9AE02.roa (raw, json)
Hash identifier:          rjo+bi3dT0jsXGyAaC/7THKFQ/vbxvn37jUfycsRuPY=
Subject key identifier:   BD:0D:7B:17:56:45:17:36:21:96:BC:2B:26:5C:E9:36:0D:87:75:2E
Certificate issuer:       /CN=A9178AF2/serialNumber=1005CCD5E18230FBA9ADD3D27F85DA38F13E4172
Certificate serial:       03F9
Authority key identifier: 10:05:CC:D5:E1:82:30:FB:A9:AD:D3:D2:7F:85:DA:38:F1:3E:41:72
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EAXM1eGCMPuprdPSf4XaOPE-QXI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/3BFEA04CB6A611EDAF611B68C4F9AE02.roa
Signing time:             Sun 19 Oct 2025 09:44:24 +0000
ROA not before:           Sun 19 Oct 2025 09:44:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55933
IP address blocks:        45.113.80.0/24 maxlen: 24
                          45.113.81.0/24 maxlen: 24
                          103.24.0.0/22 maxlen: 24
                          103.229.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/EAXM1eGCMPuprdPSf4XaOPE-QXI.crl
                          rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/EAXM1eGCMPuprdPSf4XaOPE-QXI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EAXM1eGCMPuprdPSf4XaOPE-QXI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 10:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1017 (0x3f9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9178AF2, serialNumber=1005CCD5E18230FBA9ADD3D27F85DA38F13E4172
        Validity
            Not Before: Oct 19 09:44:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68f4b2f8-7f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:5a:e1:09:e4:85:b9:01:68:ad:03:e2:a9:e5:
                    42:11:46:ac:66:55:06:04:bd:c8:a4:fb:c7:a6:7f:
                    8f:58:bd:d0:11:c3:1c:b6:4f:70:ea:7b:00:2d:4d:
                    cc:f9:11:d8:2c:20:48:22:cf:d0:39:97:49:c9:54:
                    fb:b6:3f:b0:74:a3:b4:bb:32:cb:b0:46:06:63:79:
                    9d:8d:c3:69:f6:34:ca:7a:dc:6a:27:d1:19:ab:8f:
                    3e:28:c0:c9:5e:36:9d:b5:0f:93:00:9e:b2:80:c6:
                    b4:a4:74:bc:ce:1c:53:a5:c7:e7:3f:72:e6:93:cb:
                    38:71:c1:91:72:c7:4d:a2:e9:b8:5c:aa:f7:d2:39:
                    21:76:9f:aa:6d:54:c5:df:4b:b7:5e:76:78:21:dd:
                    c3:6e:96:89:c6:3c:be:2a:99:b8:c9:03:60:be:11:
                    54:37:d4:35:ae:11:1a:86:a0:f8:ad:46:fb:82:60:
                    f8:31:c2:b0:f8:a7:6b:b3:33:76:b6:25:72:ea:ac:
                    ec:b5:a7:ea:31:c7:d8:35:9c:5b:38:49:d6:19:cc:
                    d7:7a:62:7a:56:b4:b5:a4:33:f4:ac:a9:e1:c8:d3:
                    81:b4:1a:29:72:03:c2:71:4f:de:6d:6a:70:be:46:
                    06:a8:a5:76:18:f6:65:e5:11:e6:43:68:44:f7:3e:
                    67:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:0D:7B:17:56:45:17:36:21:96:BC:2B:26:5C:E9:36:0D:87:75:2E
            X509v3 Authority Key Identifier:
                keyid:10:05:CC:D5:E1:82:30:FB:A9:AD:D3:D2:7F:85:DA:38:F1:3E:41:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/EAXM1eGCMPuprdPSf4XaOPE-QXI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EAXM1eGCMPuprdPSf4XaOPE-QXI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/3BFEA04CB6A611EDAF611B68C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.113.80.0/23
                  103.24.0.0/22
                  103.229.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:75:c0:b3:d6:fa:52:bf:4e:fa:9e:88:60:30:31:41:85:27:
         c7:18:57:6f:55:24:21:4b:09:3b:e5:3d:d6:8e:d9:9e:04:dd:
         13:26:48:6a:8d:8c:42:50:75:de:b7:75:7a:ce:8f:24:ce:d8:
         97:e6:d4:f3:fa:a8:b4:8b:29:85:11:3b:0a:b9:9d:d6:03:34:
         9e:7d:5c:4e:97:d4:da:46:b3:8e:f0:9f:57:6e:cc:19:88:66:
         3b:66:ef:2f:6d:50:ca:f5:ad:ef:34:9e:4e:98:0b:b7:1e:35:
         ca:92:90:69:a5:ba:77:a0:6c:86:df:c7:70:01:e6:5d:70:77:
         40:4e:99:44:06:14:37:d7:bf:74:c3:c9:b3:d3:3c:fb:49:9c:
         b1:55:09:47:ee:c9:b8:b0:9c:ea:68:20:ac:56:ea:15:87:78:
         7e:ba:a8:ff:e4:ea:3f:89:5d:bd:91:66:af:dd:30:ab:97:b0:
         fe:30:f1:1d:f8:0b:4d:f8:f8:17:52:b4:9e:b0:bb:00:2f:7d:
         71:7a:5a:17:7d:25:5a:98:60:b5:f7:1a:62:a2:9e:65:b8:6c:
         a2:8c:6d:70:06:6b:bb:59:49:ec:3c:50:fc:7e:f9:40:d9:9e:
         af:fb:c4:f0:7e:cc:97:b7:ff:0b:e1:17:76:ed:a8:34:4d:85:
         33:af:80:fa
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICA/kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzhBRjIxMTAvBgNVBAUTKDEwMDVDQ0Q1RTE4MjMwRkJBOUFERDNEMjdGODVEQTM4
RjEzRTQxNzIwHhcNMjUxMDE5MDk0NDI0WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGY0YjJmOC03ZjM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA71rhCeSFuQForQPiqeVCEUasZlUGBL3IpPvHpn+PWL3QEcMctk9w6nsALU3M
+RHYLCBIIs/QOZdJyVT7tj+wdKO0uzLLsEYGY3mdjcNp9jTKetxqJ9EZq48+KMDJ
XjadtQ+TAJ6ygMa0pHS8zhxTpcfnP3Lmk8s4ccGRcsdNoum4XKr30jkhdp+qbVTF
30u3XnZ4Id3DbpaJxjy+Kpm4yQNgvhFUN9Q1rhEahqD4rUb7gmD4McKw+KdrszN2
tiVy6qzstafqMcfYNZxbOEnWGczXemJ6VrS1pDP0rKnhyNOBtBopcgPCcU/ebWpw
vkYGqKV2GPZl5RHmQ2hE9z5nsQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFL0NexdW
RRc2IZa8KyZc6TYNh3UuMB8GA1UdIwQYMBaAFBAFzNXhgjD7qa3T0n+F2jjxPkFy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3OEFGMi83M0M4ODc5MkUw
NjcxMUVDQjlEMkZGODFDNEY5QUUwMi9FQVhNMWVHQ01QdXByZFBTZjRYYU9QRS1R
WEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VBWE0xZUdDTVB1cHJkUFNmNFhhT1BFLVFYSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzhBRjIvNzNDODg3OTJFMDY3MTFFQ0I5RDJGRjgxQzRGOUFFMDIvM0JGRUEwNENC
NkE2MTFFREFGNjExQjY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAEtcVADBAJnGAADBABn5XcwDQYJKoZIhvcNAQELBQADggEB
AG51wLPW+lK/TvqeiGAwMUGFJ8cYV29VJCFLCTvlPdaO2Z4E3RMmSGqNjEJQdd63
dXrOjyTO2Jfm1PP6qLSLKYUROwq5ndYDNJ59XE6X1NpGs47wn1duzBmIZjtm7y9t
UMr1re80nk6YC7ceNcqSkGmlunegbIbfx3AB5l1wd0BOmUQGFDfXv3TDybPTPPtJ
nLFVCUfuybiwnOpoIKxW6hWHeH66qP/k6j+JXb2RZq/dMKuXsP4w8R34C034+BdS
tJ6wuwAvfXF6Whd9JVqYYLX3GmKinmW4bKKMbXAGa7tZSew8UPx++UDZnq/7xPB+
zJe3/wvhF3btqDRNhTOvgPo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:48:04 2025 by rpki-client