Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/FC1D8B7A9C7C11ED96690F39C4F9AE02.roa
File:                     FC1D8B7A9C7C11ED96690F39C4F9AE02.roa (raw, json)
Hash identifier:          GaFDcUcEWV5tnryiYR88U/olXhGbw6GEBeuHpqFSkow=
Subject key identifier:   95:39:A9:AA:EB:DC:B0:22:F1:F2:BE:DA:49:3C:6F:AE:EE:93:CA:5C
Certificate issuer:       /CN=A918F7A1/serialNumber=83D60CF8DEA80226B80724BCDE6703D10D657FFE
Certificate serial:       01E9
Authority key identifier: 83:D6:0C:F8:DE:A8:02:26:B8:07:24:BC:DE:67:03:D1:0D:65:7F:FE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g9YM-N6oAia4ByS83mcD0Q1lf_4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/FC1D8B7A9C7C11ED96690F39C4F9AE02.roa
Signing time:             Sun 24 Aug 2025 23:34:43 +0000
ROA not before:           Sun 24 Aug 2025 23:34:43 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     142605
IP address blocks:        103.170.204.0/23 maxlen: 23
                          103.170.204.0/24 maxlen: 24
                          103.170.205.0/24 maxlen: 24
                          2001:df7:2780::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/g9YM-N6oAia4ByS83mcD0Q1lf_4.crl
                          rsync://rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/g9YM-N6oAia4ByS83mcD0Q1lf_4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g9YM-N6oAia4ByS83mcD0Q1lf_4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:54:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 489 (0x1e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918F7A1, serialNumber=83D60CF8DEA80226B80724BCDE6703D10D657FFE
        Validity
            Not Before: Aug 24 23:34:43 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68aba193-444e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e1:cc:b0:20:e1:d9:f6:a6:f0:0c:48:e1:38:
                    10:07:cd:88:c6:ac:fe:6a:eb:c2:1b:0a:e5:df:85:
                    d6:96:35:77:9e:cb:32:83:b7:5d:6a:1e:f3:34:ef:
                    c3:94:37:8b:fe:92:d8:18:db:a4:d1:1d:d0:28:4e:
                    ec:1f:08:67:7e:48:1a:b6:92:0b:4c:d3:49:b8:33:
                    bf:56:95:73:3c:8a:ad:4e:bb:e4:bc:d6:7e:5f:27:
                    76:69:50:19:41:75:8f:6b:25:83:e7:14:94:7f:c1:
                    9c:e8:9b:c9:4c:aa:22:16:2f:c9:46:7d:0a:62:c6:
                    14:ef:91:54:d0:8e:59:5d:ba:4c:45:89:eb:33:15:
                    69:91:ff:22:94:2d:0b:db:d2:62:3b:09:2e:6d:5e:
                    c3:89:8a:ed:df:8b:f5:81:ad:90:a6:41:9a:bf:c7:
                    b5:02:cd:80:d0:db:3a:fd:d4:b0:e4:09:f4:eb:d0:
                    18:3e:7d:65:c3:57:d2:66:27:77:c7:6e:a8:4c:c3:
                    70:33:30:a2:a8:9c:08:59:91:09:48:1f:89:e7:1c:
                    fb:ed:ef:38:6e:d3:51:b2:71:a9:39:d0:12:be:64:
                    f5:d4:99:8f:b4:9a:d4:a2:8d:a0:e9:7b:9d:3e:b9:
                    2a:7a:3d:a9:59:23:6d:3b:f9:c7:27:fd:3f:79:79:
                    96:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:39:A9:AA:EB:DC:B0:22:F1:F2:BE:DA:49:3C:6F:AE:EE:93:CA:5C
            X509v3 Authority Key Identifier:
                keyid:83:D6:0C:F8:DE:A8:02:26:B8:07:24:BC:DE:67:03:D1:0D:65:7F:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/g9YM-N6oAia4ByS83mcD0Q1lf_4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g9YM-N6oAia4ByS83mcD0Q1lf_4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918F7A1/91E8E284F43711EBB5D5691CC4F9AE02/FC1D8B7A9C7C11ED96690F39C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.170.204.0/23
                IPv6:
                  2001:df7:2780::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:e6:6f:b5:c8:70:9f:8c:8b:3b:01:6e:5e:07:b5:8d:68:5f:
         b2:83:43:6a:ee:00:85:22:89:a9:f8:f0:d7:6f:13:34:a8:e5:
         c9:d8:85:68:66:7c:e0:96:ff:8a:15:16:8e:c0:6c:12:2a:bc:
         bd:e3:a2:b7:8d:26:b5:2c:45:d0:87:68:b7:54:a7:4f:98:96:
         d7:f8:15:3f:bb:e0:7c:93:30:99:3c:cd:65:1b:a0:3e:1e:81:
         b7:21:92:e8:26:ec:fa:84:15:53:6c:20:d1:26:02:66:ec:a5:
         7a:b7:b4:36:a3:ea:ac:c4:c7:d2:fb:a1:9f:ab:c7:21:85:b7:
         db:2d:b9:66:35:bc:95:3f:74:06:18:5c:d8:60:71:c6:dc:e9:
         8b:9c:55:66:58:2c:69:27:aa:6c:1e:6e:19:61:2a:ec:b0:2c:
         fe:9d:4a:6c:cb:1c:a5:9c:a9:47:26:93:e3:d4:37:eb:8e:4d:
         2d:b9:47:a1:c5:bd:73:5a:9e:21:31:9a:c0:e8:c8:09:0d:23:
         87:ed:7a:88:4a:37:15:b5:ee:7a:f9:a3:41:2f:57:97:d5:65:
         50:4b:fa:9a:41:23:58:af:f5:45:97:a9:42:10:4f:90:9b:7a:
         6a:5f:f6:5a:e6:20:41:ed:7e:41:0e:4b:86:49:a4:26:1b:2e:
         16:15:7d:10
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAekwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEY3QTExMTAvBgNVBAUTKDgzRDYwQ0Y4REVBODAyMjZCODA3MjRCQ0RFNjcwM0Qx
MEQ2NTdGRkUwHhcNMjUwODI0MjMzNDQzWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGFiYTE5My00NDRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuOHMsCDh2fam8AxI4TgQB82Ixqz+auvCGwrl34XWljV3nssyg7ddah7zNO/D
lDeL/pLYGNuk0R3QKE7sHwhnfkgatpILTNNJuDO/VpVzPIqtTrvkvNZ+Xyd2aVAZ
QXWPayWD5xSUf8Gc6JvJTKoiFi/JRn0KYsYU75FU0I5ZXbpMRYnrMxVpkf8ilC0L
29JiOwkubV7DiYrt34v1ga2QpkGav8e1As2A0Ns6/dSw5An069AYPn1lw1fSZid3
x26oTMNwMzCiqJwIWZEJSB+J5xz77e84btNRsnGpOdASvmT11JmPtJrUoo2g6Xud
Prkqej2pWSNtO/nHJ/0/eXmW0wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJU5qarr
3LAi8fK+2kk8b67uk8pcMB8GA1UdIwQYMBaAFIPWDPjeqAImuAckvN5nA9ENZX/+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RjdBMS85MUU4RTI4NEY0
MzcxMUVCQjVENTY5MUNDNEY5QUUwMi9nOVlNLU42b0FpYTRCeVM4M21jRDBRMWxm
XzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c5WU0tTjZvQWlhNEJ5UzgzbWNEMFExbGZfNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEY3QTEvOTFFOEUyODRGNDM3MTFFQkI1RDU2OTFDQzRGOUFFMDIvRkMxRDhCN0E5
QzdDMTFFRDk2NjkwRjM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnqswwDwQCAAIwCQMHACABDfcngDANBgkqhkiG9w0BAQsF
AAOCAQEAEeZvtchwn4yLOwFuXge1jWhfsoNDau4AhSKJqfjw128TNKjlydiFaGZ8
4Jb/ihUWjsBsEiq8veOit40mtSxF0Idot1SnT5iW1/gVP7vgfJMwmTzNZRugPh6B
tyGS6Cbs+oQVU2wg0SYCZuylere0NqPqrMTH0vuhn6vHIYW32y25ZjW8lT90Bhhc
2GBxxtzpi5xVZlgsaSeqbB5uGWEq7LAs/p1KbMscpZypRyaT49Q3645NLblHocW9
c1qeITGawOjICQ0jh+16iEo3FbXuevmjQS9Xl9VlUEv6mkEjWK/1RZepQhBPkJt6
al/2WuYgQe1+QQ5LhkmkJhsuFhV9EA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:45:04 2025 by rpki-client