Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2C3ACDF20A0511F0AB42972BC4F9AE02.roa
File:                     2C3ACDF20A0511F0AB42972BC4F9AE02.roa (raw, json)
Hash identifier:          YtrQFlEo8ghMS6thjU+JRK9BVnaI4k9Yiyd6QIPRN+4=
Subject key identifier:   C9:87:98:DB:DF:45:01:D3:04:87:7C:54:C4:C2:8B:94:C7:5C:7D:F9
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       B79A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2C3ACDF20A0511F0AB42972BC4F9AE02.roa
Signing time:             Thu 08 May 2025 16:21:23 +0000
ROA not before:           Thu 08 May 2025 16:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147279
IP address blocks:        103.86.104.0/22 maxlen: 22
                          103.86.104.0/24 maxlen: 24
                          103.86.105.0/24 maxlen: 24
                          103.86.106.0/24 maxlen: 24
                          103.86.107.0/24 maxlen: 24
                          103.162.210.0/23 maxlen: 24
                          103.176.234.0/23 maxlen: 24
                          2001:df0:6100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 10 Jul 2025 03:15:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47002 (0xb79a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May  8 16:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=681cda03-0e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5d:25:64:a5:84:a5:e8:90:9d:63:4b:8c:80:
                    93:7c:5b:39:6c:14:84:d6:bb:8a:44:f8:1e:ad:4f:
                    86:3d:a7:b3:3f:c8:92:a7:cb:99:40:e8:c6:95:a7:
                    71:de:bc:b6:97:9c:ca:53:f2:0d:3d:e5:9b:e1:96:
                    f5:41:38:1e:bf:34:a2:e4:4b:2f:9f:dd:30:8a:62:
                    8d:5c:64:16:15:d0:46:1a:d0:d7:ce:b1:5a:c6:0f:
                    5f:85:5d:4d:e0:a9:92:09:ff:fa:4d:ff:38:b4:ac:
                    5c:36:6d:66:0c:d6:67:52:dd:ad:de:9a:99:d6:32:
                    6a:74:a7:13:16:b2:32:d0:b9:a5:0f:d1:22:a0:c2:
                    e0:4c:2e:88:38:da:9a:76:30:a2:0b:1a:25:d2:31:
                    4b:69:09:fd:83:56:d5:d7:1b:96:b5:b1:43:5f:95:
                    84:bd:0a:44:ff:16:2c:2f:83:de:19:74:6b:e5:ab:
                    fa:d2:9a:c6:6c:d9:22:d5:56:3e:c5:fd:ad:73:38:
                    9d:51:b4:43:c3:66:2e:a4:71:60:83:0e:44:a1:82:
                    03:f0:da:2b:1e:54:79:19:a8:a5:9d:ca:23:a0:e6:
                    33:6d:82:8a:90:8b:2d:5a:da:bb:40:62:dc:6f:60:
                    66:e6:5a:91:66:7b:68:eb:16:87:e5:d5:d1:9d:aa:
                    91:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:87:98:DB:DF:45:01:D3:04:87:7C:54:C4:C2:8B:94:C7:5C:7D:F9
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2C3ACDF20A0511F0AB42972BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.104.0/22
                  103.162.210.0/23
                  103.176.234.0/23
                IPv6:
                  2001:df0:6100::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:12:90:e6:49:e3:8a:2a:c4:01:0c:67:1b:05:c1:1b:08:0b:
         08:83:ce:9d:c0:67:30:b4:e9:af:e2:3e:d4:a5:5f:92:48:bd:
         31:90:93:95:95:59:09:73:ce:f1:d1:21:34:5f:1c:6c:a0:b9:
         8e:16:6f:88:d5:87:88:86:7a:b4:33:b4:38:0b:6a:86:b0:27:
         79:60:7c:6b:a9:64:c1:da:df:e5:ee:7b:3e:d4:2f:14:77:f4:
         20:93:e2:57:c5:27:69:07:72:d6:b6:57:70:ae:81:0d:09:71:
         e6:e8:f6:6c:70:46:24:3e:70:95:e6:57:4f:85:b6:98:bf:dd:
         06:30:50:0d:22:4d:1a:fb:f0:a2:ca:f6:ef:4a:f4:03:71:b6:
         bb:90:dc:db:9b:75:8e:c7:ca:24:2e:82:7a:83:3d:03:29:43:
         cd:0b:f9:51:7c:1e:51:ed:f5:bc:62:2c:98:2d:ee:13:81:81:
         34:d2:47:7b:13:4e:48:9c:cb:a2:3b:db:2e:07:a3:4b:7b:c3:
         1e:f3:b8:04:c6:37:48:d4:85:47:d3:bd:f5:4c:d0:af:0c:c2:
         ba:9f:59:47:ff:dd:3c:5e:4b:d0:ec:1d:e8:70:94:96:af:41:
         df:3b:9f:88:e8:ff:71:b4:57:53:0e:56:ab:05:ae:dd:aa:f6:
         b2:89:68:48
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIDALeaMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MjEyM1oXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2RhMDMtMGU1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVdJWSlhKXokJ1jS4yAk3xbOWwUhNa7ikT4Hq1Phj2nsz/IkqfLmUDoxpWn
cd68tpecylPyDT3lm+GW9UE4Hr80ouRLL5/dMIpijVxkFhXQRhrQ186xWsYPX4Vd
TeCpkgn/+k3/OLSsXDZtZgzWZ1Ldrd6amdYyanSnExayMtC5pQ/RIqDC4EwuiDja
mnYwogsaJdIxS2kJ/YNW1dcblrWxQ1+VhL0KRP8WLC+D3hl0a+Wr+tKaxmzZItVW
PsX9rXM4nVG0Q8NmLqRxYIMORKGCA/DaKx5UeRmopZ3KI6DmM22CipCLLVrau0Bi
3G9gZuZakWZ7aOsWh+XV0Z2qkeMCAwEAAaOCArIwggKuMB0GA1UdDgQWBBTJh5jb
30UB0wSHfFTEwouUx1x9+TAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzJDM0FDREYy
MEEwNTExRjBBQjQyOTcyQkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDwGCCsGAQUFBwEHAQH/
BC0wKzAYBAIAATASAwQCZ1ZoAwQBZ6LSAwQBZ7DqMA8EAgACMAkDBwAgAQ3wYQAw
DQYJKoZIhvcNAQELBQADggEBAHsSkOZJ44oqxAEMZxsFwRsICwiDzp3AZzC06a/i
PtSlX5JIvTGQk5WVWQlzzvHRITRfHGyguY4Wb4jVh4iGerQztDgLaoawJ3lgfGup
ZMHa3+Xuez7ULxR39CCT4lfFJ2kHcta2V3CugQ0Jcebo9mxwRiQ+cJXmV0+Ftpi/
3QYwUA0iTRr78KLK9u9K9ANxtruQ3NubdY7HyiQugnqDPQMpQ80L+VF8HlHt9bxi
LJgt7hOBgTTSR3sTTkicy6I72y4Ho0t7wx7zuATGN0jUhUfTvfVM0K8MwrqfWUf/
3TxeS9DsHehwlJavQd87n4jo/3G0V1MOVqsFrt2q9rKJaEg=
-----END CERTIFICATE-----
Generated at Thu Jul 3 07:57:18 2025 by rpki-client