Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/D3A7743C19EA11EC9C11D95AC4F9AE02.roa
File:                     D3A7743C19EA11EC9C11D95AC4F9AE02.roa (raw, json)
Hash identifier:          g0hpjHR12ox9GBuE1AfrS2oF/EYCOY2rtHxfRiw2ckM=
Subject key identifier:   79:E7:D8:E0:F7:25:E5:A4:69:6F:0E:CD:5A:9C:3A:55:98:1F:E2:E0
Certificate issuer:       /CN=A9186B80/serialNumber=A8FC259A101EAB826EE8CBEA2A0BDA5CDECFDAF2
Certificate serial:       054A
Authority key identifier: A8:FC:25:9A:10:1E:AB:82:6E:E8:CB:EA:2A:0B:DA:5C:DE:CF:DA:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/D3A7743C19EA11EC9C11D95AC4F9AE02.roa
Signing time:             Sat 11 Oct 2025 01:55:23 +0000
ROA not before:           Sat 11 Oct 2025 01:55:23 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     14537
IP address blocks:        45.127.116.0/22 maxlen: 24
                          103.81.128.0/22 maxlen: 23
                          103.81.129.0/24 maxlen: 24
                          103.81.130.0/23 maxlen: 24
                          124.109.4.0/22 maxlen: 23
                          124.109.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.crl
                          rsync://rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:12:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1354 (0x54a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186B80, serialNumber=A8FC259A101EAB826EE8CBEA2A0BDA5CDECFDAF2
        Validity
            Not Before: Oct 11 01:55:23 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e9b90b-101a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:98:1d:2a:36:9d:22:6a:54:7e:61:e6:00:ce:
                    91:a3:9b:57:7c:c7:4c:8d:3a:44:4b:4e:ba:a2:44:
                    29:98:1e:e4:47:f8:c2:c5:05:43:45:44:3b:5d:ba:
                    4e:c2:70:73:bf:99:7c:d1:7f:92:fd:ee:ec:1e:3b:
                    e0:7c:49:9d:de:8f:8f:88:c3:d7:cd:3a:39:f3:f4:
                    1e:b7:76:ac:d8:fe:2d:dd:e7:52:64:22:51:ab:c6:
                    da:57:86:31:d3:7e:71:54:0f:58:12:77:fd:36:b0:
                    24:32:75:86:28:e0:8c:35:07:5e:6c:c2:f4:b4:32:
                    a4:13:24:28:72:7c:6e:04:e5:da:c2:de:c9:f4:fa:
                    a6:09:c1:77:cf:d0:97:7e:27:91:7c:51:61:d2:a9:
                    7a:18:7e:ee:e7:8a:a9:54:b8:05:10:f5:f9:bd:b9:
                    37:8f:9a:9e:ba:36:4b:73:0c:1e:47:9e:15:1e:af:
                    cc:c5:c9:c0:f9:6d:d7:e1:31:3b:4f:d5:cf:e3:77:
                    18:bb:e9:35:4e:fb:58:06:3b:59:48:dd:4f:9c:46:
                    d4:30:e0:ea:1e:48:d4:a2:90:07:fc:2f:85:0e:28:
                    9d:cb:3c:f9:f6:8e:f8:b1:7f:4e:fd:66:0c:fc:25:
                    ca:18:0c:61:52:e2:be:45:d0:de:40:13:fd:19:73:
                    b2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E7:D8:E0:F7:25:E5:A4:69:6F:0E:CD:5A:9C:3A:55:98:1F:E2:E0
            X509v3 Authority Key Identifier:
                keyid:A8:FC:25:9A:10:1E:AB:82:6E:E8:CB:EA:2A:0B:DA:5C:DE:CF:DA:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qPwlmhAeq4Ju6MvqKgvaXN7P2vI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186B80/B869805E123B11EC8A135F42C4F9AE02/D3A7743C19EA11EC9C11D95AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.127.116.0/22
                  103.81.128.0/22
                  124.109.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:4d:42:12:57:1b:89:1a:3a:c3:39:09:39:24:91:99:16:43:
         a9:ff:8c:cd:15:59:c3:fb:50:18:62:a6:98:3b:3f:c4:23:2e:
         e2:9c:9d:0c:8a:79:95:55:7d:7d:0e:68:7c:7e:c7:94:d4:96:
         2a:93:01:bb:e6:50:79:ab:ab:ea:b2:88:ea:e1:be:cc:c9:53:
         f7:90:71:67:96:67:0f:7a:ee:e7:03:f5:c7:3f:59:9f:31:52:
         29:77:b3:66:76:14:31:aa:8c:10:89:82:a6:0a:3a:00:5b:25:
         78:2c:b8:0a:90:57:dd:94:e5:e5:f1:f6:e7:63:f6:d4:69:e3:
         be:1d:56:ff:0c:52:c4:c6:c3:4a:0d:17:5d:3a:5a:df:38:15:
         16:71:a0:28:a3:32:2e:7f:da:ee:b6:7a:4d:4f:34:0a:ec:5b:
         95:fe:f5:87:4f:3c:81:09:81:fa:63:97:29:a6:d2:7f:f4:7c:
         86:27:1a:19:e7:46:89:77:37:50:b7:f7:32:2d:9d:9a:a7:cb:
         3c:48:2c:03:62:67:27:0f:4c:4d:ea:98:3a:f8:0a:f8:c3:79:
         32:a4:5c:4d:7b:a9:5f:bd:a7:e7:98:c8:1f:01:46:b0:a9:f3:
         b0:a9:e4:23:c5:cc:b9:08:a1:39:90:de:d7:32:b9:2d:5d:b1:
         34:0c:d1:3a
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBUowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODZCODAxMTAvBgNVBAUTKEE4RkMyNTlBMTAxRUFCODI2RUU4Q0JFQTJBMEJEQTVD
REVDRkRBRjIwHhcNMjUxMDExMDE1NTIzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5YjkwYi0xMDFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz5gdKjadImpUfmHmAM6Ro5tXfMdMjTpES066okQpmB7kR/jCxQVDRUQ7XbpO
wnBzv5l80X+S/e7sHjvgfEmd3o+PiMPXzTo58/Qet3as2P4t3edSZCJRq8baV4Yx
035xVA9YEnf9NrAkMnWGKOCMNQdebML0tDKkEyQocnxuBOXawt7J9PqmCcF3z9CX
fieRfFFh0ql6GH7u54qpVLgFEPX5vbk3j5qeujZLcwweR54VHq/MxcnA+W3X4TE7
T9XP43cYu+k1TvtYBjtZSN1PnEbUMODqHkjUopAH/C+FDiidyzz59o74sX9O/WYM
/CXKGAxhUuK+RdDeQBP9GXOyDwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFHnn2OD3
JeWkaW8OzVqcOlWYH+LgMB8GA1UdIwQYMBaAFKj8JZoQHquCbujL6ioL2lzez9ry
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NkI4MC9CODY5ODA1RTEy
M0IxMUVDOEExMzVGNDJDNEY5QUUwMi9xUHdsbWhBZXE0SnU2TXZxS2d2YVhON1Ay
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FQd2xtaEFlcTRKdTZNdnFLZ3ZhWE43UDJ2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODZCODAvQjg2OTgwNUUxMjNCMTFFQzhBMTM1RjQyQzRGOUFFMDIvRDNBNzc0M0Mx
OUVBMTFFQzlDMTFEOTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAItf3QDBAJnUYADBAJ8bQQwDQYJKoZIhvcNAQELBQADggEB
ANJNQhJXG4kaOsM5CTkkkZkWQ6n/jM0VWcP7UBhippg7P8QjLuKcnQyKeZVVfX0O
aHx+x5TUliqTAbvmUHmrq+qyiOrhvszJU/eQcWeWZw967ucD9cc/WZ8xUil3s2Z2
FDGqjBCJgqYKOgBbJXgsuAqQV92U5eXx9udj9tRp474dVv8MUsTGw0oNF106Wt84
FRZxoCijMi5/2u62ek1PNArsW5X+9YdPPIEJgfpjlymm0n/0fIYnGhnnRol3N1C3
9zItnZqnyzxILANiZycPTE3qmDr4CvjDeTKkXE17qV+9p+eYyB8BRrCp87Cp5CPF
zLkIoTmQ3tcyuS1dsTQM0To=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:06:08 2025 by rpki-client