Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
File:                     7D2A30D22CD111ECBE97C117C4F9AE02.roa (raw, json)
Hash identifier:          7kBxjCAjLqc2z/ikXd0m4qFuLdkWBpVLj18nN1YZMWg=
Subject key identifier:   96:48:33:64:94:D1:82:36:C6:17:A6:87:86:E4:FB:F6:A2:D1:69:CF
Certificate issuer:       /CN=A9185344/serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
Certificate serial:       34E7
Authority key identifier: 89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
Signing time:             Mon 06 Oct 2025 15:11:07 +0000
ROA not before:           Mon 06 Oct 2025 15:11:07 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     131284
IP address blocks:        103.13.64.0/24 maxlen: 24
                          103.13.65.0/24 maxlen: 24
                          103.13.66.0/24 maxlen: 24
                          103.13.67.0/24 maxlen: 24
                          137.59.120.0/24 maxlen: 24
                          137.59.121.0/24 maxlen: 24
                          137.59.122.0/24 maxlen: 24
                          137.59.123.0/24 maxlen: 24
                          180.222.136.0/21 maxlen: 21
                          180.222.136.0/24 maxlen: 24
                          180.222.137.0/24 maxlen: 24
                          180.222.138.0/24 maxlen: 24
                          180.222.139.0/24 maxlen: 24
                          180.222.140.0/24 maxlen: 24
                          180.222.141.0/24 maxlen: 24
                          180.222.142.0/24 maxlen: 24
                          180.222.143.0/24 maxlen: 24
                          203.171.96.0/22 maxlen: 23
                          203.171.96.0/24 maxlen: 24
                          203.171.97.0/24 maxlen: 24
                          203.171.98.0/24 maxlen: 24
                          203.171.99.0/24 maxlen: 24
                          203.171.100.0/24 maxlen: 24
                          203.171.101.0/24 maxlen: 24
                          203.171.102.0/23 maxlen: 24
                          203.171.104.0/22 maxlen: 24
                          203.171.108.0/22 maxlen: 24
                          203.171.112.0/22 maxlen: 24
                          203.171.116.0/22 maxlen: 24
                          203.171.120.0/22 maxlen: 24
                          203.171.124.0/24 maxlen: 24
                          203.171.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl
                          rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 15:13:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13543 (0x34e7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9185344, serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
        Validity
            Not Before: Oct  6 15:11:07 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68e3dc0b-df1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d2:37:5e:6c:35:81:a8:61:3c:7f:f9:c3:d9:
                    d0:cd:08:59:9d:34:1b:df:7c:cf:b7:27:1b:3b:54:
                    7e:8c:bc:7b:42:b8:a6:3e:46:2e:c3:85:fd:27:69:
                    d1:72:c4:3a:af:ed:26:e1:da:0d:fc:b1:60:f4:98:
                    54:47:ad:a2:5e:ba:c0:b6:75:56:76:31:4c:96:e9:
                    d7:28:fd:98:1f:5c:bd:1a:cb:09:06:c2:47:af:27:
                    a0:6f:af:b8:8b:ef:35:e4:41:e2:cb:4a:71:5f:cf:
                    07:b1:41:4e:89:0a:62:4c:76:bd:57:65:50:c3:cc:
                    50:a1:2d:0c:a1:6c:bf:40:6e:bb:2f:8f:37:b3:20:
                    94:ed:77:6f:d0:77:ed:fe:76:7b:7f:8b:e6:75:91:
                    dd:5e:9c:87:f5:1e:79:6b:d7:68:a9:35:fd:f9:58:
                    b2:f5:27:85:37:83:0f:4b:b3:4c:38:7d:85:ab:33:
                    35:b6:f2:2e:3c:67:69:d6:38:fb:8a:b8:b6:d3:40:
                    c0:e0:0a:f4:11:14:ca:94:a2:30:db:f2:23:5b:cf:
                    57:da:6a:8b:08:60:83:6c:ea:69:03:ff:ec:50:d1:
                    57:6e:ed:80:87:bc:4a:8f:93:bf:9e:b1:ca:1a:c5:
                    11:74:d5:18:76:53:bd:7e:7d:cf:87:97:cf:bd:ee:
                    ae:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:48:33:64:94:D1:82:36:C6:17:A6:87:86:E4:FB:F6:A2:D1:69:CF
            X509v3 Authority Key Identifier:
                keyid:89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.13.64.0/22
                  137.59.120.0/22
                  180.222.136.0/21
                  203.171.96.0-203.171.125.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:4e:bc:7c:3f:31:83:83:8f:ac:2e:32:ee:a8:cd:32:ec:18:
         ab:eb:ef:96:64:88:f8:a7:47:78:3d:08:15:a6:99:e6:b7:4f:
         4e:df:cb:04:4b:78:7f:41:14:2e:0b:b2:cf:98:ae:31:b1:0f:
         5e:5d:77:16:fc:35:51:00:f8:34:cb:53:45:de:60:61:d8:73:
         64:23:26:4c:d1:f6:79:0d:60:df:cb:8c:6d:6f:98:59:0e:b6:
         aa:dd:15:e3:c7:72:36:56:9c:10:25:2a:c2:af:1d:c3:b6:bc:
         f2:9d:a3:e7:05:78:9a:d0:ac:bc:93:fd:e0:d1:b7:a8:e1:78:
         ba:b6:87:ed:40:12:35:f0:e0:53:10:d8:9b:6e:5f:91:fe:6b:
         9b:48:93:99:b0:30:2b:77:b7:bc:59:21:dc:46:71:b4:5b:1c:
         a7:ea:ea:16:60:c8:bb:df:5c:e2:8a:ec:c9:a6:6c:74:a1:fb:
         b5:86:0b:71:c6:df:b8:33:6e:8c:67:f9:2e:c2:ea:78:80:01:
         7c:c6:a1:45:e0:c7:b9:82:f1:9e:b8:6b:2e:d4:31:51:29:a8:
         31:31:0a:b6:80:52:de:ce:c8:4e:91:99:69:4b:ae:05:48:d4:
         ab:6a:d3:34:ae:51:c8:fa:d9:0f:20:87:66:46:30:e1:e9:98:
         b7:79:b5:bd
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICNOcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODUzNDQxMTAvBgNVBAUTKDg5RkQyN0M1MDY3QjRDRjQxMjI5NkZFQkE2Q0U2RDgz
MTE4NTgwMEIwHhcNMjUxMDA2MTUxMTA3WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGUzZGMwYi1kZjFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtNI3Xmw1gahhPH/5w9nQzQhZnTQb33zPtycbO1R+jLx7QrimPkYuw4X9J2nR
csQ6r+0m4doN/LFg9JhUR62iXrrAtnVWdjFMlunXKP2YH1y9GssJBsJHryegb6+4
i+815EHiy0pxX88HsUFOiQpiTHa9V2VQw8xQoS0MoWy/QG67L483syCU7Xdv0Hft
/nZ7f4vmdZHdXpyH9R55a9doqTX9+Viy9SeFN4MPS7NMOH2FqzM1tvIuPGdp1jj7
iri200DA4Ar0ERTKlKIw2/IjW89X2mqLCGCDbOppA//sUNFXbu2Ah7xKj5O/nrHK
GsURdNUYdlO9fn3Ph5fPve6uewIDAQABo4ICrzCCAqswHQYDVR0OBBYEFJZIM2SU
0YI2xhemh4bk+/ai0WnPMB8GA1UdIwQYMBaAFIn9J8UGe0z0Eilv66bObYMRhYAL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NTM0NC81MTVDQUJFMDFE
QTExMUUyQjJDRDZEOTMwOEIwMkNEMi9pZjBueFFaN1RQUVNLV19ycHM1dGd4R0Zn
QXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lmMG54UVo3VFBRU0tXX3JwczV0Z3hHRmdBcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODUzNDQvNTE1Q0FCRTAxREExMTFFMkIyQ0Q2RDkzMDhCMDJDRDIvN0QyQTMwRDIy
Q0QxMTFFQ0JFOTdDMTE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAJnDUADBAKJO3gDBAO03ogwDAMEBcurYAMEAcurfDANBgkq
hkiG9w0BAQsFAAOCAQEAPk68fD8xg4OPrC4y7qjNMuwYq+vvlmSI+KdHeD0IFaaZ
5rdPTt/LBEt4f0EULguyz5iuMbEPXl13Fvw1UQD4NMtTRd5gYdhzZCMmTNH2eQ1g
38uMbW+YWQ62qt0V48dyNlacECUqwq8dw7a88p2j5wV4mtCsvJP94NG3qOF4uraH
7UASNfDgUxDYm25fkf5rm0iTmbAwK3e3vFkh3EZxtFscp+rqFmDIu99c4orsyaZs
dKH7tYYLccbfuDNujGf5LsLqeIABfMahReDHuYLxnrhrLtQxUSmoMTEKtoBS3s7I
TpGZaUuuBUjUq2rTNK5RyPrZDyCHZkYw4emYt3m1vQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:46:17 2025 by rpki-client