Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/E0A5F584DFAC11EE8C281B42C4F9AE02.roa
File:                     E0A5F584DFAC11EE8C281B42C4F9AE02.roa (raw, json)
Hash identifier:          QC4EhNSXvJgfmvNa3iGuDkLhBq1A6Ut/uA6vL0hAWZ8=
Subject key identifier:   43:11:B8:B0:0F:20:9D:1B:6B:DD:12:19:E7:4A:BB:C6:91:D8:9C:DE
Certificate issuer:       /CN=A919DB2F/serialNumber=F9C3638059F864E84AE3BF50DAAC079C68463EA7
Certificate serial:       056E
Authority key identifier: F9:C3:63:80:59:F8:64:E8:4A:E3:BF:50:DA:AC:07:9C:68:46:3E:A7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-cNjgFn4ZOhK479Q2qwHnGhGPqc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/E0A5F584DFAC11EE8C281B42C4F9AE02.roa
Signing time:             Fri 19 Sep 2025 00:06:10 +0000
ROA not before:           Fri 19 Sep 2025 00:06:10 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     5068
IP address blocks:        103.172.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/-cNjgFn4ZOhK479Q2qwHnGhGPqc.crl
                          rsync://rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/-cNjgFn4ZOhK479Q2qwHnGhGPqc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-cNjgFn4ZOhK479Q2qwHnGhGPqc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:08:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1390 (0x56e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919DB2F, serialNumber=F9C3638059F864E84AE3BF50DAAC079C68463EA7
        Validity
            Not Before: Sep 19 00:06:10 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68cc9e72-69a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:5f:67:cd:e1:a1:8c:a8:43:a2:ec:1b:d4:e8:
                    b4:69:44:4c:ce:11:f1:db:f6:76:7a:33:a0:fc:35:
                    47:4b:c8:35:36:e2:78:47:16:0e:14:b8:a5:ee:fb:
                    fa:cc:0c:69:cd:84:be:f6:45:4d:1b:7b:58:f9:3c:
                    22:d0:aa:7c:d2:ce:4b:96:a0:a6:ca:c5:e2:52:52:
                    e0:27:e4:90:5c:70:e7:b1:2d:cd:a5:76:75:10:68:
                    c7:99:66:1c:2b:37:06:32:58:40:22:21:51:43:df:
                    51:45:f1:b8:28:13:cc:c1:65:b0:44:05:c3:77:39:
                    ca:48:ef:bd:cc:20:f2:96:ba:cd:39:b2:94:dc:1d:
                    f2:5e:dc:1a:a5:3d:87:04:0e:3b:38:0e:da:c8:13:
                    70:e1:e4:82:d7:c0:71:c3:e5:5c:3b:a9:33:c5:0b:
                    ec:2f:67:6c:33:6f:c5:07:d9:ea:67:ac:72:95:3d:
                    a3:08:ce:4c:6e:2e:db:ed:76:69:df:e4:50:45:49:
                    a9:d3:16:c0:30:27:b4:11:90:ae:73:c5:0f:55:d7:
                    d9:38:bf:10:b4:a6:03:d7:69:cc:93:fc:dc:c9:8f:
                    61:ba:58:bf:41:8f:e5:00:5c:8e:f2:1d:89:bd:4b:
                    c8:d8:20:3e:b2:48:0a:5c:60:04:e9:11:6d:72:4e:
                    e2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:11:B8:B0:0F:20:9D:1B:6B:DD:12:19:E7:4A:BB:C6:91:D8:9C:DE
            X509v3 Authority Key Identifier:
                keyid:F9:C3:63:80:59:F8:64:E8:4A:E3:BF:50:DA:AC:07:9C:68:46:3E:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/-cNjgFn4ZOhK479Q2qwHnGhGPqc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-cNjgFn4ZOhK479Q2qwHnGhGPqc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919DB2F/EF59CEC40ADA11EC95F5F678C4F9AE02/E0A5F584DFAC11EE8C281B42C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e5:5b:1f:4a:78:a3:96:79:bb:e5:db:69:f3:c9:23:97:41:
         22:db:9b:aa:99:fb:13:b7:54:19:ef:e7:7b:00:85:40:28:b4:
         7a:11:23:d5:47:16:cb:ec:19:f1:33:a8:82:91:4b:72:11:4c:
         0b:9c:26:da:d9:55:8d:c8:8b:c4:7e:3c:30:e4:61:fe:bd:5c:
         89:9d:dc:37:97:e9:e9:9d:3f:96:eb:23:4f:e2:67:cc:1c:a9:
         fd:fe:fe:fa:70:32:18:1d:8a:f8:e2:9c:5d:ea:8d:23:0a:d4:
         f4:fe:46:ec:f6:7f:dc:98:18:c2:52:0c:ee:31:a2:cd:1b:4b:
         87:68:0a:f2:52:2a:40:30:7c:13:68:ab:23:ef:ed:8c:50:9b:
         15:b0:3e:44:96:2c:23:95:bc:59:b8:8a:6f:91:f1:28:03:69:
         94:a9:83:ab:5b:15:55:8d:71:a1:97:be:24:4c:04:d3:b0:1b:
         74:f9:01:b4:d5:58:9b:a4:89:60:af:5a:a9:6c:e4:f5:41:b3:
         9c:f2:38:70:a3:c5:d1:cf:a6:f0:a3:f1:79:42:8a:c6:5a:34:
         10:8f:6c:13:44:34:8b:0d:dd:94:9a:05:ef:14:59:5e:61:b5:
         a3:99:44:eb:f8:1d:7f:e5:1b:6c:09:f9:d8:4b:4b:82:ca:0c:
         1b:8a:04:22
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBW4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OURCMkYxMTAvBgNVBAUTKEY5QzM2MzgwNTlGODY0RTg0QUUzQkY1MERBQUMwNzlD
Njg0NjNFQTcwHhcNMjUwOTE5MDAwNjEwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNjOWU3Mi02OWE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+19nzeGhjKhDouwb1Oi0aURMzhHx2/Z2ejOg/DVHS8g1NuJ4RxYOFLil7vv6
zAxpzYS+9kVNG3tY+Twi0Kp80s5LlqCmysXiUlLgJ+SQXHDnsS3NpXZ1EGjHmWYc
KzcGMlhAIiFRQ99RRfG4KBPMwWWwRAXDdznKSO+9zCDylrrNObKU3B3yXtwapT2H
BA47OA7ayBNw4eSC18Bxw+VcO6kzxQvsL2dsM2/FB9nqZ6xylT2jCM5Mbi7b7XZp
3+RQRUmp0xbAMCe0EZCuc8UPVdfZOL8QtKYD12nMk/zcyY9huli/QY/lAFyO8h2J
vUvI2CA+skgKXGAE6RFtck7iRQIDAQABo4IClTCCApEwHQYDVR0OBBYEFEMRuLAP
IJ0ba90SGedKu8aR2JzeMB8GA1UdIwQYMBaAFPnDY4BZ+GToSuO/UNqsB5xoRj6n
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5REIyRi9FRjU5Q0VDNDBB
REExMUVDOTVGNUY2NzhDNEY5QUUwMi8tY05qZ0ZuNFpPaEs0NzlRMnF3SG5HaEdQ
cWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1jTmpnRm40Wk9oSzQ3OVEycXdIbkdoR1BxYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OURCMkYvRUY1OUNFQzQwQURBMTFFQzk1RjVGNjc4QzRGOUFFMDIvRTBBNUY1ODRE
RkFDMTFFRThDMjgxQjQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnrFAwDQYJKoZIhvcNAQELBQADggEBAHflWx9KeKOWebvl
22nzySOXQSLbm6qZ+xO3VBnv53sAhUAotHoRI9VHFsvsGfEzqIKRS3IRTAucJtrZ
VY3Ii8R+PDDkYf69XImd3DeX6emdP5brI0/iZ8wcqf3+/vpwMhgdivjinF3qjSMK
1PT+Ruz2f9yYGMJSDO4xos0bS4doCvJSKkAwfBNoqyPv7YxQmxWwPkSWLCOVvFm4
im+R8SgDaZSpg6tbFVWNcaGXviRMBNOwG3T5AbTVWJukiWCvWqls5PVBs5zyOHCj
xdHPpvCj8XlCisZaNBCPbBNENIsN3ZSaBe8UWV5htaOZROv4HX/lG2wJ+dhLS4LK
DBuKBCI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:06:07 2025 by rpki-client