Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/B6C75D94084711EEB760A583C4F9AE02.roa
File:                     B6C75D94084711EEB760A583C4F9AE02.roa (raw, json)
Hash identifier:          icToSW+2nAtZIrzG97Pd9Efc5u87mCmHdeSFSIaLz9w=
Subject key identifier:   D5:F4:6D:8B:17:B8:A1:8F:8A:4B:A4:89:8F:E2:1A:47:62:F8:B8:87
Certificate issuer:       /CN=A9178E49/serialNumber=2D3DFB5E2212B2905868B177167D548B0DFE3CF4
Certificate serial:       08E1
Authority key identifier: 2D:3D:FB:5E:22:12:B2:90:58:68:B1:77:16:7D:54:8B:0D:FE:3C:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LT37XiISspBYaLF3Fn1Uiw3-PPQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/B6C75D94084711EEB760A583C4F9AE02.roa
Signing time:             Wed 10 Sep 2025 21:02:05 +0000
ROA not before:           Wed 10 Sep 2025 21:02:05 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     139008
IP address blocks:        103.152.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/LT37XiISspBYaLF3Fn1Uiw3-PPQ.crl
                          rsync://rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/LT37XiISspBYaLF3Fn1Uiw3-PPQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LT37XiISspBYaLF3Fn1Uiw3-PPQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 21:17:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2273 (0x8e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9178E49, serialNumber=2D3DFB5E2212B2905868B177167D548B0DFE3CF4
        Validity
            Not Before: Sep 10 21:02:05 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68c1e74d-2475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ba:45:64:0e:f1:a0:32:16:4f:1e:18:ec:0a:
                    00:cd:63:fa:32:0d:89:81:1f:3c:f2:57:9f:2b:0a:
                    04:01:7b:27:8c:a0:05:1b:a0:14:53:41:e7:7c:48:
                    3a:40:13:58:ac:16:02:83:51:29:e4:58:09:67:27:
                    02:1a:45:ea:30:8a:44:a0:cf:19:98:31:25:9d:4a:
                    56:4b:08:be:c8:74:87:de:78:13:07:16:b2:dc:6f:
                    e1:f6:f5:04:04:6f:5f:1e:ca:45:82:9a:83:3a:8e:
                    50:e4:73:44:c5:66:92:e3:f5:b6:f9:cf:c9:93:42:
                    78:72:79:95:82:5f:0e:fb:17:30:af:94:94:e4:ab:
                    5c:fa:eb:cb:a5:cb:aa:59:9c:64:77:ad:58:b9:3b:
                    2e:e4:13:2c:32:0a:07:3b:7f:1f:31:53:dd:b9:5c:
                    9b:a9:0c:20:5b:c0:98:f6:6c:1d:9b:03:18:12:7a:
                    0b:9c:d8:96:34:7e:60:e3:e0:5d:2a:e3:eb:65:2e:
                    74:44:34:08:13:db:ef:5b:72:df:ff:51:17:8c:1d:
                    de:96:59:72:f1:13:c5:51:60:0b:7d:35:e6:68:49:
                    ae:68:b5:5e:55:52:dc:7b:11:32:e2:50:d7:a0:6e:
                    93:f6:2b:06:ec:63:e5:65:7c:40:77:76:e5:ba:16:
                    f8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F4:6D:8B:17:B8:A1:8F:8A:4B:A4:89:8F:E2:1A:47:62:F8:B8:87
            X509v3 Authority Key Identifier:
                keyid:2D:3D:FB:5E:22:12:B2:90:58:68:B1:77:16:7D:54:8B:0D:FE:3C:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/LT37XiISspBYaLF3Fn1Uiw3-PPQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LT37XiISspBYaLF3Fn1Uiw3-PPQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9178E49/3F020246BE1211EABB60A282C4F9AE02/B6C75D94084711EEB760A583C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:18:44:21:8f:9b:61:cf:cf:d0:20:b7:c4:32:94:6a:35:57:
         65:ae:fc:74:5b:4b:47:01:e4:e2:d5:dc:8c:75:ca:c6:08:db:
         da:09:c6:7f:92:25:11:df:1c:89:ed:b3:33:d9:e4:92:56:29:
         64:07:59:94:f3:b7:10:73:ee:64:dc:7a:19:38:a6:0c:0b:34:
         df:0d:f6:f0:a3:46:5d:a7:d5:7f:ad:76:48:3d:43:21:49:04:
         79:da:b9:d6:ee:2b:11:d3:e9:ab:45:7b:a2:0f:a7:63:b2:1f:
         b1:5c:e7:22:75:30:57:01:0e:46:f4:7c:78:aa:bd:66:48:5d:
         ab:0b:22:fd:93:61:cf:62:19:98:84:90:91:9c:d0:60:ab:64:
         44:70:e8:b8:3b:7d:5a:68:01:5a:c8:09:14:3b:81:29:c8:08:
         2a:c5:64:6d:2a:cc:e9:59:d3:82:f2:6d:35:57:78:87:a2:ef:
         50:af:bd:4e:90:65:b1:0b:99:5c:ed:06:65:ff:0e:5d:25:3d:
         87:5b:22:a8:34:d0:62:0b:6d:12:4a:71:b4:7d:ef:6a:bd:af:
         8d:ca:41:17:56:56:c3:de:0c:62:8f:1b:91:eb:60:c4:a8:41:
         6d:3b:f2:8b:6a:25:c2:e5:c9:bf:a1:24:9a:61:d9:9a:79:23:
         ae:62:8e:07
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCOEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzhFNDkxMTAvBgNVBAUTKDJEM0RGQjVFMjIxMkIyOTA1ODY4QjE3NzE2N0Q1NDhC
MERGRTNDRjQwHhcNMjUwOTEwMjEwMjA1WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGMxZTc0ZC0yNDc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuLpFZA7xoDIWTx4Y7AoAzWP6Mg2JgR888lefKwoEAXsnjKAFG6AUU0HnfEg6
QBNYrBYCg1Ep5FgJZycCGkXqMIpEoM8ZmDElnUpWSwi+yHSH3ngTBxay3G/h9vUE
BG9fHspFgpqDOo5Q5HNExWaS4/W2+c/Jk0J4cnmVgl8O+xcwr5SU5Ktc+uvLpcuq
WZxkd61YuTsu5BMsMgoHO38fMVPduVybqQwgW8CY9mwdmwMYEnoLnNiWNH5g4+Bd
KuPrZS50RDQIE9vvW3Lf/1EXjB3ellly8RPFUWALfTXmaEmuaLVeVVLcexEy4lDX
oG6T9isG7GPlZXxAd3bluhb4LQIDAQABo4IClTCCApEwHQYDVR0OBBYEFNX0bYsX
uKGPikukiY/iGkdi+LiHMB8GA1UdIwQYMBaAFC09+14iErKQWGixdxZ9VIsN/jz0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3OEU0OS8zRjAyMDI0NkJF
MTIxMUVBQkI2MEEyODJDNEY5QUUwMi9MVDM3WGlJU3NwQllhTEYzRm4xVWl3My1Q
UFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xUMzdYaUlTc3BCWWFMRjNGbjFVaXczLVBQUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzhFNDkvM0YwMjAyNDZCRTEyMTFFQUJCNjBBMjgyQzRGOUFFMDIvQjZDNzVEOTQw
ODQ3MTFFRUI3NjBBNTgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnmNQwDQYJKoZIhvcNAQELBQADggEBAKMYRCGPm2HPz9Ag
t8QylGo1V2Wu/HRbS0cB5OLV3Ix1ysYI29oJxn+SJRHfHIntszPZ5JJWKWQHWZTz
txBz7mTcehk4pgwLNN8N9vCjRl2n1X+tdkg9QyFJBHnaudbuKxHT6atFe6IPp2Oy
H7Fc5yJ1MFcBDkb0fHiqvWZIXasLIv2TYc9iGZiEkJGc0GCrZERw6Lg7fVpoAVrI
CRQ7gSnICCrFZG0qzOlZ04LybTVXeIei71CvvU6QZbELmVztBmX/Dl0lPYdbIqg0
0GILbRJKcbR972q9r43KQRdWVsPeDGKPG5HrYMSoQW078otqJcLlyb+hJJph2Zp5
I65ijgc=
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:57:08 2025 by rpki-client