Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/2F9A7A1648FC11EBBAE0991CC4F9AE02.roa
File:                     2F9A7A1648FC11EBBAE0991CC4F9AE02.roa (raw, json)
Hash identifier:          AkhO60SNFyTg9WciYKqi3vhEF3h9kd5WtxlSK6krnU0=
Subject key identifier:   22:9C:D0:E1:47:CA:34:9A:F0:7F:52:38:8F:CA:A1:80:E0:50:24:CA
Certificate issuer:       /CN=A917A84A/serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
Certificate serial:       1D85
Authority key identifier: 8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/2F9A7A1648FC11EBBAE0991CC4F9AE02.roa
Signing time:             Wed 24 Sep 2025 16:34:40 +0000
ROA not before:           Wed 24 Sep 2025 16:34:40 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     17557
IP address blocks:        113.203.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.crl
                          rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:29:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7557 (0x1d85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917A84A, serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
        Validity
            Not Before: Sep 24 16:34:40 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68d41d9f-6deb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:87:e7:63:49:c8:43:3b:d8:02:aa:5d:9b:ad:
                    10:95:25:f4:e4:f0:e1:3f:ba:a3:d9:e9:bc:d8:7f:
                    7c:d3:7a:61:30:c7:cc:77:c2:0d:b5:b1:2c:a1:68:
                    cc:43:37:79:a3:2b:29:1f:30:76:f6:3d:da:9a:0e:
                    de:a7:88:02:ff:54:10:c0:f7:be:e2:2c:54:a2:29:
                    2c:20:10:b5:3e:22:51:90:3b:7b:af:ff:37:fa:62:
                    4d:9e:67:d0:c7:bb:63:1b:ad:8b:3d:57:32:77:ac:
                    82:85:e4:21:35:18:50:e9:54:77:ea:8b:2f:c2:d4:
                    ad:b3:53:be:7c:af:fb:12:8d:ae:98:54:47:fc:8d:
                    1d:d5:d2:f9:d3:45:07:4d:b8:ac:1e:cc:22:83:82:
                    08:65:cf:c6:c4:c9:98:bc:ba:12:58:8b:88:f3:de:
                    b3:14:47:cc:82:7e:11:16:64:ad:a5:f4:b4:9b:e5:
                    42:0a:8c:e8:a2:99:53:90:42:05:3a:f2:a3:66:a5:
                    45:bc:7a:0f:a8:be:61:48:d9:3c:88:a2:b9:2f:09:
                    90:67:85:cb:51:22:22:3d:e4:5d:16:06:b1:e6:22:
                    5b:44:7f:8a:70:c9:13:ba:10:eb:14:9b:13:04:61:
                    fa:14:2d:32:c1:8d:b3:c7:91:95:1a:6b:fb:81:9a:
                    b2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9C:D0:E1:47:CA:34:9A:F0:7F:52:38:8F:CA:A1:80:E0:50:24:CA
            X509v3 Authority Key Identifier:
                keyid:8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/2F9A7A1648FC11EBBAE0991CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.203.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:5b:ee:11:cf:c0:ac:2a:5f:88:f0:4b:79:e0:38:09:6e:e7:
         ce:84:c3:51:fa:ad:3a:54:4f:6a:14:a7:ce:00:08:d0:09:a2:
         5a:58:04:46:8e:53:6c:d4:76:d5:52:c7:03:57:c1:5c:74:1a:
         26:e2:dc:45:f8:17:5f:cb:be:67:5e:e4:18:90:b1:2b:00:d9:
         e7:ff:51:5a:90:66:78:5a:ff:23:bc:8c:b8:91:b3:1a:90:a9:
         b4:8a:7e:60:ba:ed:b4:e5:4f:f0:12:b3:9a:2a:85:78:59:7b:
         bc:5e:48:6d:11:8a:65:a9:b3:19:a0:df:ec:02:8e:c3:de:ae:
         9c:6a:fe:43:a5:aa:be:00:3d:8d:19:ce:7d:03:b1:47:d5:18:
         bc:e7:c0:8c:7a:d3:b3:f7:fd:86:1c:8f:dc:72:b7:8a:72:35:
         3d:77:55:fc:88:ee:c8:ff:9b:ba:5a:23:e7:0c:c4:fd:c4:da:
         d5:99:d3:26:1f:79:d2:e5:36:f4:46:c8:24:5d:23:cc:a4:f5:
         0a:60:53:22:3a:4a:18:f4:91:98:96:2c:c3:88:d0:24:d6:a6:
         a4:7a:1b:92:e4:05:45:32:5e:a4:e2:8f:80:56:5e:ba:a3:7a:
         00:3b:f2:87:8b:b1:2e:f6:12:0a:81:28:00:e0:6a:df:42:71:
         eb:32:20:1c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICHYUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0E4NEExMTAvBgNVBAUTKDhBMUExMEVCOEZCQTQ1QzIxNTJDQTg5NTZGNDMyRjlB
ODEzOTYwM0EwHhcNMjUwOTI0MTYzNDQwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ0MWQ5Zi02ZGViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyofnY0nIQzvYAqpdm60QlSX05PDhP7qj2em82H9803phMMfMd8INtbEsoWjM
Qzd5oyspHzB29j3amg7ep4gC/1QQwPe+4ixUoiksIBC1PiJRkDt7r/83+mJNnmfQ
x7tjG62LPVcyd6yCheQhNRhQ6VR36osvwtSts1O+fK/7Eo2umFRH/I0d1dL500UH
TbisHswig4IIZc/GxMmYvLoSWIuI896zFEfMgn4RFmStpfS0m+VCCozooplTkEIF
OvKjZqVFvHoPqL5hSNk8iKK5LwmQZ4XLUSIiPeRdFgax5iJbRH+KcMkTuhDrFJsT
BGH6FC0ywY2zx5GVGmv7gZqynQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCKc0OFH
yjSa8H9SOI/KoYDgUCTKMB8GA1UdIwQYMBaAFIoaEOuPukXCFSyolW9DL5qBOWA6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QTg0QS8xODA1MTkxQUUx
RUYxMUU2OUQzNjUwMUJDNEY5QUUwMi9paG9RNjQtNlJjSVZMS2lWYjBNdm1vRTVZ
RG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lob1E2NC02UmNJVkxLaVZiME12bW9FNVlEby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0E4NEEvMTgwNTE5MUFFMUVGMTFFNjlEMzY1MDFCQzRGOUFFMDIvMkY5QTdBMTY0
OEZDMTFFQkJBRTA5OTFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABxy84wDQYJKoZIhvcNAQELBQADggEBAB9b7hHPwKwqX4jw
S3ngOAlu586Ew1H6rTpUT2oUp84ACNAJolpYBEaOU2zUdtVSxwNXwVx0Gibi3EX4
F1/Lvmde5BiQsSsA2ef/UVqQZnha/yO8jLiRsxqQqbSKfmC67bTlT/ASs5oqhXhZ
e7xeSG0RimWpsxmg3+wCjsPerpxq/kOlqr4APY0Zzn0DsUfVGLznwIx607P3/YYc
j9xyt4pyNT13VfyI7sj/m7paI+cMxP3E2tWZ0yYfedLlNvRGyCRdI8yk9QpgUyI6
Shj0kZiWLMOI0CTWpqR6G5LkBUUyXqTij4BWXrqjegA78oeLsS72EgqBKADgat9C
cesyIBw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:17:15 2025 by rpki-client