Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File:                     BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier:          fzQzGSAIs0EVXNYEuUhQCq5Xv3M4UYk0ENH+A/wJ0lg=
Subject key identifier:   F6:BD:28:97:B8:6F:90:F1:21:07:2E:D2:AE:60:93:85:B0:B7:74:6B
Certificate issuer:       /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial:       0148
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time:             Wed 03 Sep 2025 05:54:40 +0000
ROA not before:           Wed 03 Sep 2025 05:54:40 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     134835
IP address blocks:        45.120.156.0/24 maxlen: 24
                          45.120.157.0/24 maxlen: 24
                          45.120.159.0/24 maxlen: 24
                          45.125.164.0/24 maxlen: 24
                          45.125.165.0/24 maxlen: 24
                          45.125.166.0/24 maxlen: 24
                          45.125.167.0/24 maxlen: 24
                          103.56.217.0/24 maxlen: 24
                          103.56.219.0/24 maxlen: 24
                          103.194.41.0/24 maxlen: 24
                          103.194.42.0/24 maxlen: 24
                          103.194.43.0/24 maxlen: 24
                          103.200.96.0/24 maxlen: 24
                          103.200.97.0/24 maxlen: 24
                          103.204.172.0/24 maxlen: 24
                          103.204.173.0/24 maxlen: 24
                          103.204.174.0/24 maxlen: 24
                          103.204.175.0/24 maxlen: 24
                          122.128.96.0/24 maxlen: 24
                          122.128.97.0/24 maxlen: 24
                          122.128.99.0/24 maxlen: 24
                          2403:ad80:60::/45 maxlen: 45
                          2403:ad80:80::/45 maxlen: 45
                          2403:ad80:88::/45 maxlen: 45
                          2403:ad80:98::/45 maxlen: 45
                          2403:ad80:a0::/45 maxlen: 45
                          2403:ad80:3c00::/38 maxlen: 38
                          2403:ad80:4c00::/38 maxlen: 38
                          2403:ad80:5000::/38 maxlen: 38
                          2403:ad80:8100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
                          rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 07:32:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 328 (0x148)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919A777, serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
        Validity
            Not Before: Sep  3 05:54:40 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b7d81f-1408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:7d:40:67:53:34:21:da:56:f1:55:69:a1:9c:
                    d1:c1:80:14:b4:a6:89:41:c3:b2:dc:ed:e3:74:25:
                    6b:ea:c4:37:31:79:86:93:3e:12:b6:4e:50:c1:f2:
                    74:80:ec:66:84:54:15:1c:0c:c2:53:09:51:d7:8e:
                    c1:fe:fd:96:ad:3b:af:eb:5a:44:ae:8b:45:93:d1:
                    d2:78:b9:ce:7f:1e:78:2d:7a:05:15:49:39:ec:f3:
                    80:86:24:c2:77:80:6d:c5:13:ee:b7:f9:99:49:06:
                    1d:2e:34:e2:e7:37:2f:94:b9:1f:47:ac:b1:a8:25:
                    7c:2d:41:43:c0:30:7a:be:2d:17:cd:e6:1c:36:9f:
                    32:c1:5a:e7:46:08:ba:e2:53:36:1d:27:a7:a7:68:
                    15:fe:0a:b2:3a:b3:20:4e:0c:92:97:e0:6c:85:a3:
                    67:b8:81:4c:22:35:95:80:a1:6e:ca:55:e0:78:12:
                    3e:1a:ef:f8:69:6e:40:03:eb:6b:f7:12:a2:51:7f:
                    d3:5f:44:ce:b5:c1:80:a9:a2:39:76:db:36:a4:e8:
                    dc:9b:8b:dc:0f:08:c1:31:70:fa:8c:e0:1a:8f:46:
                    47:e9:75:70:ad:43:63:23:c0:e2:c8:74:54:cf:62:
                    66:c4:03:68:6e:f1:1b:a5:f0:1e:db:5e:2f:19:d8:
                    89:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:BD:28:97:B8:6F:90:F1:21:07:2E:D2:AE:60:93:85:B0:B7:74:6B
            X509v3 Authority Key Identifier:
                keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.120.156.0/23
                  45.120.159.0/24
                  45.125.164.0/22
                  103.56.217.0/24
                  103.56.219.0/24
                  103.194.41.0-103.194.43.255
                  103.200.96.0/23
                  103.204.172.0/22
                  122.128.96.0/23
                  122.128.99.0/24
                IPv6:
                  2403:ad80:60::/45
                  2403:ad80:80::/44
                  2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
                  2403:ad80:3c00::/38
                  2403:ad80:4c00::-2403:ad80:53ff:ffff:ffff:ffff:ffff:ffff
                  2403:ad80:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:60:e3:4c:46:0d:e1:e1:c1:59:91:1a:85:bd:8c:53:83:6a:
         88:a2:c4:16:75:f2:92:15:d9:6e:13:bd:07:d5:22:34:1a:a5:
         73:95:23:24:8e:64:f5:80:23:63:b4:57:8b:ab:f9:a6:3e:ff:
         d5:c9:6c:1f:b9:ca:8b:f4:e9:73:85:ac:81:6f:fe:32:48:12:
         3c:ee:98:fd:b5:df:03:10:b3:f8:ed:f2:5e:48:74:fd:e2:7a:
         ed:1b:62:3d:7e:f1:30:e7:95:eb:e3:7a:39:ae:da:f2:f5:28:
         d7:10:a5:d6:4a:8a:4e:8f:2e:e2:b2:11:35:41:67:dc:4a:01:
         c5:34:95:72:e3:c8:26:96:0c:c9:49:f1:cc:81:f8:9e:57:7f:
         8a:71:8e:9b:7e:1c:85:ad:30:fa:c7:75:fe:f9:44:c6:90:80:
         e0:b5:8f:9a:d5:79:85:e6:0a:eb:be:94:66:11:87:30:bb:3e:
         a3:09:fa:22:91:bc:43:d1:92:34:be:5d:75:88:b2:72:93:22:
         d2:6c:a3:28:c7:b7:5d:96:42:26:c2:2a:ef:3f:85:db:85:7d:
         fd:be:3f:2f:22:75:fb:27:d1:f0:ce:bc:c3:e7:a6:85:52:1a:
         f6:71:64:b0:c5:ea:b5:86:73:e0:69:b6:d8:84:aa:d7:4f:3a:
         4c:5c:0b:67
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICAUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjUwOTAzMDU1NDQwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI3ZDgxZi0xNDA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7H1AZ1M0IdpW8VVpoZzRwYAUtKaJQcOy3O3jdCVr6sQ3MXmGkz4Stk5QwfJ0
gOxmhFQVHAzCUwlR147B/v2WrTuv61pErotFk9HSeLnOfx54LXoFFUk57POAhiTC
d4BtxRPut/mZSQYdLjTi5zcvlLkfR6yxqCV8LUFDwDB6vi0XzeYcNp8ywVrnRgi6
4lM2HSenp2gV/gqyOrMgTgySl+BshaNnuIFMIjWVgKFuylXgeBI+Gu/4aW5AA+tr
9xKiUX/TX0TOtcGAqaI5dts2pOjcm4vcDwjBMXD6jOAaj0ZH6XVwrUNjI8DiyHRU
z2JmxANobvEbpfAe214vGdiJYwIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFPa9KJe4
b5DxIQcu0q5gk4Wwt3RrMB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMEoEAgABMEQDBAEteJwDBAAteJ8DBAItfaQDBABnONkDBABnONswDAME
AGfCKQMEAmfCKAMEAWfIYAMEAmfMrAMEAXqAYAMEAHqAYzBOBAIAAjBIAwcDJAOt
gABgAwcEJAOtgACAMBIDBwMkA62AAJgDBwMkA62AAKADBgIkA62APDAQAwYCJAOt
gEwDBgIkA62AUAMGACQDrYCBMA0GCSqGSIb3DQEBCwUAA4IBAQAdYONMRg3h4cFZ
kRqFvYxTg2qIosQWdfKSFdluE70H1SI0GqVzlSMkjmT1gCNjtFeLq/mmPv/VyWwf
ucqL9OlzhayBb/4ySBI87pj9td8DELP47fJeSHT94nrtG2I9fvEw55Xr43o5rtry
9SjXEKXWSopOjy7ishE1QWfcSgHFNJVy48gmlgzJSfHMgfieV3+KcY6bfhyFrTD6
x3X++UTGkIDgtY+a1XmF5grrvpRmEYcwuz6jCfoikbxD0ZI0vl11iLJykyLSbKMo
x7ddlkImwirvP4XbhX39vj8vInX7J9HwzrzD56aFUhr2cWSwxeq1hnPgabbYhKrX
TzpMXAtn
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:38:07 2025 by rpki-client