Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/6523917E508911F0A97F9A28C4F9AE02.roa
File:                     6523917E508911F0A97F9A28C4F9AE02.roa (raw, json)
Hash identifier:          DurC24jDEySwBvnHLWPC4SxsoJWd0wHtB7dUrheJ8l4=
Subject key identifier:   7B:FD:1D:9F:A1:0C:08:4A:7C:47:62:CC:62:56:94:8A:46:70:FA:0E
Certificate issuer:       /CN=A918F8B1/serialNumber=B5B3FC3E760877EF4F8D8E843BDD68CE0F405530
Certificate serial:       0E3F
Authority key identifier: B5:B3:FC:3E:76:08:77:EF:4F:8D:8E:84:3B:DD:68:CE:0F:40:55:30
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tbP8PnYId-9PjY6EO91ozg9AVTA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/6523917E508911F0A97F9A28C4F9AE02.roa
Signing time:             Wed 24 Sep 2025 04:50:17 +0000
ROA not before:           Wed 24 Sep 2025 04:50:17 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     138624
IP address blocks:        103.134.225.0/24 maxlen: 24
                          103.158.243.0/24 maxlen: 24
                          2001:df7:d500::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/tbP8PnYId-9PjY6EO91ozg9AVTA.crl
                          rsync://rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/tbP8PnYId-9PjY6EO91ozg9AVTA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tbP8PnYId-9PjY6EO91ozg9AVTA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 18:29:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3647 (0xe3f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918F8B1, serialNumber=B5B3FC3E760877EF4F8D8E843BDD68CE0F405530
        Validity
            Not Before: Sep 24 04:50:17 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=68d37889-4933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e1:3e:18:33:9e:70:2f:ce:e2:5e:10:bf:d3:
                    41:69:5c:c2:49:18:a1:bc:74:95:e2:5b:1a:c2:5d:
                    ef:e1:a5:d8:a5:6e:4c:ee:43:45:28:ac:c6:ee:0c:
                    fb:90:10:ad:47:6e:2d:97:c8:a2:e4:38:96:c0:21:
                    dc:a1:31:ac:f0:10:b7:c1:3d:12:40:34:e4:e2:e5:
                    90:3d:dd:96:3f:50:e5:bc:bf:1a:70:0a:80:eb:3f:
                    a4:de:c0:52:29:1f:a7:09:3c:b1:d6:cd:8c:7f:a2:
                    b1:0a:c8:9d:6f:a1:eb:6c:d6:44:7f:7b:9d:5c:45:
                    21:4b:ab:c6:b0:1a:78:dc:ec:45:68:21:1f:a4:a5:
                    fb:f8:8e:0d:b3:d7:12:3f:74:3e:39:57:b5:44:96:
                    4a:2e:7b:e6:bb:4f:a5:9d:af:77:00:98:a0:07:1a:
                    6c:45:c7:7d:9f:e3:e4:71:2c:50:e8:78:77:d3:eb:
                    ec:83:0f:f7:65:8b:fb:50:c8:30:e6:3b:b1:93:7a:
                    ec:23:2e:e1:1c:80:d5:de:b3:3f:63:14:f0:da:3e:
                    be:75:ad:a7:95:89:25:15:fe:46:96:6b:0a:39:87:
                    56:82:49:e8:e3:e4:e1:dd:90:48:e1:ce:11:f0:52:
                    eb:54:0c:c1:84:19:59:05:4c:d1:db:39:a7:5b:0d:
                    33:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FD:1D:9F:A1:0C:08:4A:7C:47:62:CC:62:56:94:8A:46:70:FA:0E
            X509v3 Authority Key Identifier:
                keyid:B5:B3:FC:3E:76:08:77:EF:4F:8D:8E:84:3B:DD:68:CE:0F:40:55:30

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/tbP8PnYId-9PjY6EO91ozg9AVTA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tbP8PnYId-9PjY6EO91ozg9AVTA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918F8B1/7D54A0CAB58611E9AA5F4D65C4F9AE02/6523917E508911F0A97F9A28C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.134.225.0/24
                  103.158.243.0/24
                IPv6:
                  2001:df7:d500::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:c1:fc:56:08:52:db:ac:05:f8:64:40:04:1f:de:da:0a:3e:
         e9:a5:10:bb:63:5b:00:6f:2c:cd:4a:54:77:b2:71:54:ef:a1:
         67:45:32:90:61:24:ca:76:b3:07:6f:d4:33:47:e2:9e:3f:74:
         5e:1d:c1:0e:64:b8:ab:c1:c7:f9:b9:c3:25:c6:3b:d6:75:2f:
         7d:8c:af:ed:14:82:b1:bf:b2:50:a0:30:6a:f7:ce:f3:03:04:
         37:e7:a4:da:d3:b1:3a:00:48:bb:57:82:c1:91:67:49:52:bc:
         df:9d:21:c4:90:d5:7a:09:d6:79:13:72:64:3f:66:28:f2:d4:
         d6:6b:b2:97:e4:5f:2d:c0:99:a6:8a:03:78:c6:48:8e:90:6b:
         fb:c7:bd:69:74:2e:72:a0:40:6d:9a:64:68:b9:9b:70:32:98:
         58:bc:eb:21:63:6e:e0:94:96:f7:97:b6:46:96:dc:e9:9c:49:
         09:16:b8:25:b5:aa:17:02:7e:86:87:96:b9:83:51:18:52:11:
         7e:44:01:a5:bc:1b:09:98:f9:26:21:38:bd:67:60:54:61:2e:
         95:db:86:db:9b:9e:84:a8:62:db:67:d1:0c:5e:99:94:a9:22:
         64:44:76:96:da:9e:6f:26:f7:78:56:1d:0c:52:67:d7:2d:b4:
         98:9e:e5:ef
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICDj8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEY4QjExMTAvBgNVBAUTKEI1QjNGQzNFNzYwODc3RUY0RjhEOEU4NDNCREQ2OENF
MEY0MDU1MzAwHhcNMjUwOTI0MDQ1MDE3WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQzNzg4OS00OTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0OE+GDOecC/O4l4Qv9NBaVzCSRihvHSV4lsawl3v4aXYpW5M7kNFKKzG7gz7
kBCtR24tl8ii5DiWwCHcoTGs8BC3wT0SQDTk4uWQPd2WP1DlvL8acAqA6z+k3sBS
KR+nCTyx1s2Mf6KxCsidb6HrbNZEf3udXEUhS6vGsBp43OxFaCEfpKX7+I4Ns9cS
P3Q+OVe1RJZKLnvmu0+lna93AJigBxpsRcd9n+PkcSxQ6Hh30+vsgw/3ZYv7UMgw
5juxk3rsIy7hHIDV3rM/YxTw2j6+da2nlYklFf5GlmsKOYdWgkno4+Th3ZBI4c4R
8FLrVAzBhBlZBUzR2zmnWw0zyQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFHv9HZ+h
DAhKfEdizGJWlIpGcPoOMB8GA1UdIwQYMBaAFLWz/D52CHfvT42OhDvdaM4PQFUw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RjhCMS83RDU0QTBDQUI1
ODYxMUU5QUE1RjRENjVDNEY5QUUwMi90YlA4UG5ZSWQtOVBqWTZFTzkxb3pnOUFW
VEEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RiUDhQbllJZC05UGpZNkVPOTFvemc5QVZUQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEY4QjEvN0Q1NEEwQ0FCNTg2MTFFOUFBNUY0RDY1QzRGOUFFMDIvNjUyMzkxN0U1
MDg5MTFGMEE5N0Y5QTI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnhuEDBABnnvMwDwQCAAIwCQMHACABDffVADANBgkqhkiG
9w0BAQsFAAOCAQEAPMH8VghS26wF+GRABB/e2go+6aUQu2NbAG8szUpUd7JxVO+h
Z0UykGEkynazB2/UM0finj90Xh3BDmS4q8HH+bnDJcY71nUvfYyv7RSCsb+yUKAw
avfO8wMEN+ek2tOxOgBIu1eCwZFnSVK8350hxJDVegnWeRNyZD9mKPLU1muyl+Rf
LcCZpooDeMZIjpBr+8e9aXQucqBAbZpkaLmbcDKYWLzrIWNu4JSW95e2Rpbc6ZxJ
CRa4JbWqFwJ+hoeWuYNRGFIRfkQBpbwbCZj5JiE4vWdgVGEulduG25uehKhi22fR
DF6ZlKkiZER2ltqebyb3eFYdDFJn1y20mJ7l7w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:32:21 2025 by rpki-client