Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/256273EE355011EEBCB7D945C4F9AE02.roa
File:                     256273EE355011EEBCB7D945C4F9AE02.roa (raw, json)
Hash identifier:          04Cy+y4IVlv3nSRQiE3T4udS3Y09bNADoSP454aG6f4=
Subject key identifier:   E1:2F:C5:0F:F7:E6:81:55:97:23:24:14:21:A8:DF:38:1C:E1:C5:0C
Certificate issuer:       /CN=A919EF67/serialNumber=F8D693A26964CD3C5A199D2C26ED22647A20E77E
Certificate serial:       0260
Authority key identifier: F8:D6:93:A2:69:64:CD:3C:5A:19:9D:2C:26:ED:22:64:7A:20:E7:7E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NaTomlkzTxaGZ0sJu0iZHog534.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/256273EE355011EEBCB7D945C4F9AE02.roa
Signing time:             Fri 17 Oct 2025 04:38:01 +0000
ROA not before:           Fri 17 Oct 2025 04:38:01 +0000
ROA not after:            Sun 31 Jan 2027 00:00:00 +0000
asID:                     150371
IP address blocks:        103.19.48.0/24 maxlen: 24
                          103.19.49.0/24 maxlen: 24
                          2001:df3:3f40::/48 maxlen: 48
                          2402:2fa0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/-NaTomlkzTxaGZ0sJu0iZHog534.crl
                          rsync://rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/-NaTomlkzTxaGZ0sJu0iZHog534.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NaTomlkzTxaGZ0sJu0iZHog534.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 04:05:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 608 (0x260)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919EF67, serialNumber=F8D693A26964CD3C5A199D2C26ED22647A20E77E
        Validity
            Not Before: Oct 17 04:38:01 2025 GMT
            Not After : Jan 31 00:00:00 2027 GMT
        Subject: CN=68f1c828-3881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:81:1f:46:8a:0a:22:59:a4:31:4d:7b:81:8c:
                    87:29:3a:60:55:09:3c:b1:79:88:41:62:54:41:1d:
                    fe:25:07:32:c4:ee:4a:f9:97:36:4b:36:92:78:94:
                    c0:9e:a2:f7:9c:31:4d:1c:66:6b:cf:0d:37:c1:a2:
                    57:33:ac:f0:ae:1e:1b:5e:fb:d2:e3:3a:d6:45:7c:
                    ee:29:01:3a:39:ff:71:7f:36:47:a5:fa:55:64:20:
                    09:c3:46:ab:78:03:9f:cd:74:3c:b8:91:71:3c:8c:
                    b8:4f:20:8b:60:19:ad:d0:1f:63:b1:be:18:28:0b:
                    5d:bf:c9:1d:31:00:73:c2:3c:a4:d1:ac:57:c4:a2:
                    25:6d:7f:c8:ad:48:97:3a:4f:2c:59:71:25:ad:55:
                    82:9c:11:ee:94:dc:4a:f1:42:37:7e:a0:d5:ef:4b:
                    15:16:df:fd:6f:4b:e1:0d:50:72:09:16:13:6b:47:
                    ca:db:8e:82:14:71:0e:4e:ce:81:a6:45:f3:e6:8f:
                    ff:70:cb:b4:09:ca:0d:a8:07:91:0c:9e:d0:6d:c3:
                    b5:2c:ea:eb:f1:99:38:4e:5e:19:c6:ed:69:d2:92:
                    61:14:db:ff:87:f4:9f:fe:df:a0:6c:fa:af:8a:d2:
                    d0:a0:4b:f9:ad:1d:9b:bf:ee:95:61:71:11:7d:4d:
                    88:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2F:C5:0F:F7:E6:81:55:97:23:24:14:21:A8:DF:38:1C:E1:C5:0C
            X509v3 Authority Key Identifier:
                keyid:F8:D6:93:A2:69:64:CD:3C:5A:19:9D:2C:26:ED:22:64:7A:20:E7:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/-NaTomlkzTxaGZ0sJu0iZHog534.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NaTomlkzTxaGZ0sJu0iZHog534.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919EF67/12CE58C04BCB11EDBBE5925EC4F9AE02/256273EE355011EEBCB7D945C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.19.48.0/23
                IPv6:
                  2001:df3:3f40::/48
                  2402:2fa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:94:8e:fa:75:8f:31:b2:68:29:65:9c:9c:f4:bf:9f:fc:7f:
         56:77:fd:4e:f5:84:1e:e4:f7:6e:5d:3b:c1:0b:d6:b4:0a:54:
         d6:11:01:c9:47:64:64:b1:ef:b0:9e:1d:f3:e2:18:84:08:9f:
         e5:5d:95:15:ae:61:b6:bc:1b:3c:fd:02:74:a2:c0:8c:bc:17:
         8c:13:2e:13:95:26:db:ee:e8:a4:a1:02:c0:2c:19:17:e2:62:
         50:e8:1f:a9:7d:11:78:7c:3b:c7:30:05:00:8e:14:56:bf:5c:
         51:68:f8:bc:ef:60:a4:6d:b2:c5:39:e3:b5:1e:65:89:8a:4e:
         69:e2:01:c1:bf:b5:e8:90:1f:93:fb:9d:73:eb:f5:7f:0e:07:
         be:ce:2b:42:e4:71:b3:49:eb:98:8e:4c:7c:a7:ac:29:db:29:
         98:5a:49:02:f6:11:a8:1d:07:79:45:99:f7:5a:b1:ee:4a:70:
         db:07:74:98:32:df:bd:ef:2a:5e:64:f9:5a:df:cd:2a:99:39:
         97:4c:3d:18:c8:dc:f0:9e:bc:5d:1f:0f:2b:58:2a:02:72:30:
         86:a9:af:fb:97:bd:81:a8:f0:40:c5:b7:37:d4:08:6b:42:f5:
         83:30:68:36:82:c5:e6:c9:d3:e6:91:de:4c:0a:5b:54:b8:62:
         aa:b5:85:1b
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICAmAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUVGNjcxMTAvBgNVBAUTKEY4RDY5M0EyNjk2NENEM0M1QTE5OUQyQzI2RUQyMjY0
N0EyMEU3N0UwHhcNMjUxMDE3MDQzODAxWhcNMjcwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxYzgyOC0zODgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqYEfRooKIlmkMU17gYyHKTpgVQk8sXmIQWJUQR3+JQcyxO5K+Zc2SzaSeJTA
nqL3nDFNHGZrzw03waJXM6zwrh4bXvvS4zrWRXzuKQE6Of9xfzZHpfpVZCAJw0ar
eAOfzXQ8uJFxPIy4TyCLYBmt0B9jsb4YKAtdv8kdMQBzwjyk0axXxKIlbX/IrUiX
Ok8sWXElrVWCnBHulNxK8UI3fqDV70sVFt/9b0vhDVByCRYTa0fK246CFHEOTs6B
pkXz5o//cMu0CcoNqAeRDJ7QbcO1LOrr8Zk4Tl4Zxu1p0pJhFNv/h/Sf/t+gbPqv
itLQoEv5rR2bv+6VYXERfU2I8wIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFOEvxQ/3
5oFVlyMkFCGo3zgc4cUMMB8GA1UdIwQYMBaAFPjWk6JpZM08WhmdLCbtImR6IOd+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RUY2Ny8xMkNFNThDMDRC
Q0IxMUVEQkJFNTkyNUVDNEY5QUUwMi8tTmFUb21sa3pUeGFHWjBzSnUwaVpIb2c1
MzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1OYVRvbWxrelR4YUdaMHNKdTBpWkhvZzUzNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUVGNjcvMTJDRTU4QzA0QkNCMTFFREJCRTU5MjVFQzRGOUFFMDIvMjU2MjczRUUz
NTUwMTFFRUJDQjdEOTQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMAwEAgABMAYDBAFnEzAwFgQCAAIwEAMHACABDfM/QAMFACQCL6AwDQYJKoZI
hvcNAQELBQADggEBADyUjvp1jzGyaCllnJz0v5/8f1Z3/U71hB7k925dO8EL1rQK
VNYRAclHZGSx77CeHfPiGIQIn+VdlRWuYba8Gzz9AnSiwIy8F4wTLhOVJtvu6KSh
AsAsGRfiYlDoH6l9EXh8O8cwBQCOFFa/XFFo+LzvYKRtssU547UeZYmKTmniAcG/
teiQH5P7nXPr9X8OB77OK0LkcbNJ65iOTHynrCnbKZhaSQL2EagdB3lFmfdase5K
cNsHdJgy373vKl5k+VrfzSqZOZdMPRjI3PCevF0fDytYKgJyMIapr/uXvYGo8EDF
tzfUCGtC9YMwaDaCxebJ0+aR3kwKW1S4Yqq1hRs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:12:16 2025 by rpki-client