Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/AC63C4A4A62E11ECBDD6843FC4F9AE02.roa
File:                     AC63C4A4A62E11ECBDD6843FC4F9AE02.roa (raw, json)
Hash identifier:          P1PBDp8Fe8uxDGasJiZSyCCWpfZTEWdvREcVTBxnWew=
Subject key identifier:   B1:95:5A:8F:B6:97:2A:F4:14:75:90:03:40:54:E2:46:46:58:7D:66
Certificate issuer:       /CN=A91A3FFF/serialNumber=DA3F4FFF5D464689D38988F5FB22F65550B3EFF8
Certificate serial:       04B0
Authority key identifier: DA:3F:4F:FF:5D:46:46:89:D3:89:88:F5:FB:22:F6:55:50:B3:EF:F8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2j9P_11GRonTiYj1-yL2VVCz7_g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/AC63C4A4A62E11ECBDD6843FC4F9AE02.roa
Signing time:             Sat 27 Sep 2025 00:27:38 +0000
ROA not before:           Sat 27 Sep 2025 00:27:38 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     138186
IP address blocks:        103.173.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/2j9P_11GRonTiYj1-yL2VVCz7_g.crl
                          rsync://rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/2j9P_11GRonTiYj1-yL2VVCz7_g.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2j9P_11GRonTiYj1-yL2VVCz7_g.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:45:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1200 (0x4b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A3FFF, serialNumber=DA3F4FFF5D464689D38988F5FB22F65550B3EFF8
        Validity
            Not Before: Sep 27 00:27:38 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68d72f7a-3765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:10:55:fc:1e:27:23:c8:e3:e0:8f:5d:e0:27:
                    47:1f:7c:dd:4e:c2:5a:da:78:c4:45:18:9e:76:81:
                    02:7a:1f:5e:53:c6:47:86:cc:a4:de:b7:b9:a2:7b:
                    dc:7d:4f:86:8b:4b:7d:1a:e9:42:0b:d8:9d:2e:91:
                    33:dd:92:d3:6f:a3:93:77:85:4b:a6:cb:70:e5:58:
                    f0:e3:1e:0d:53:87:81:fe:f7:2b:7c:23:fe:86:50:
                    9f:2d:32:40:ad:ee:17:84:b4:ca:43:25:76:7e:4b:
                    7f:db:d7:dc:06:fc:ff:c2:0a:41:a4:d4:e9:70:36:
                    3c:12:56:4e:38:e1:94:d4:e7:7c:ca:3f:b4:4e:9b:
                    2f:6a:f8:15:5f:af:bb:c1:55:1c:38:d9:9a:15:13:
                    ac:b0:57:a4:9f:54:19:90:1e:9e:07:5c:b4:f3:df:
                    b1:64:7f:39:c5:1c:66:98:77:4b:d9:1b:6a:2c:b3:
                    e2:dc:cb:1a:0c:c7:7b:96:eb:f2:7c:05:6a:30:a4:
                    32:47:ce:f8:56:39:04:2d:f6:57:cb:9c:22:0b:4b:
                    5e:df:44:fb:86:68:92:88:01:2d:01:e9:4e:91:27:
                    98:c5:69:10:79:c0:a8:8f:c8:e5:e2:de:6b:34:27:
                    67:31:e2:a2:7f:14:14:72:5e:97:04:aa:03:7c:8c:
                    ae:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:95:5A:8F:B6:97:2A:F4:14:75:90:03:40:54:E2:46:46:58:7D:66
            X509v3 Authority Key Identifier:
                keyid:DA:3F:4F:FF:5D:46:46:89:D3:89:88:F5:FB:22:F6:55:50:B3:EF:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/2j9P_11GRonTiYj1-yL2VVCz7_g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2j9P_11GRonTiYj1-yL2VVCz7_g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A3FFF/82AD377A4DAB11EC9214F521C4F9AE02/AC63C4A4A62E11ECBDD6843FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.173.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:fc:3a:2d:70:a1:b6:fd:ba:45:d5:ea:48:10:2d:0f:01:8d:
         12:34:0d:0b:73:6f:5e:ce:9b:54:33:d8:e1:2a:51:f3:31:55:
         68:79:d5:95:85:3e:5a:02:1d:3c:10:af:f4:14:75:45:bb:21:
         d8:a9:43:a7:8b:34:38:4c:4f:53:8c:83:ae:25:04:57:53:1d:
         41:a1:56:b6:a0:ce:22:87:00:94:2b:a5:c7:93:f7:82:43:2f:
         e4:78:49:02:b2:31:4d:84:a3:2f:00:d5:df:4f:99:e0:ab:d4:
         8e:b9:3e:4d:9a:3a:80:a6:1a:1b:ac:69:d0:d2:21:89:3b:b2:
         2a:d9:03:f6:cb:34:bd:d2:53:5b:a3:0d:4a:9f:f6:a2:98:c5:
         c5:f0:d6:d0:3f:02:e7:9f:c6:b3:0b:f7:fd:2b:45:d4:76:04:
         71:77:01:8b:4e:b4:4e:15:3b:9a:31:c8:b1:21:b6:a5:e0:ef:
         08:eb:f1:c6:e1:46:38:2a:a1:91:1c:52:46:72:a4:4e:0a:7b:
         6e:d5:d1:de:17:b5:e2:a3:5a:ae:b0:32:36:3c:f1:5e:67:2f:
         d5:22:c4:f9:6c:a4:a0:e8:0e:86:35:45:32:49:e4:4e:17:10:
         ee:6b:f5:7e:0d:6f:63:1d:4a:9e:cf:b0:5e:e4:cb:71:0f:46:
         67:b7:c1:b6
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBLAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTNGRkYxMTAvBgNVBAUTKERBM0Y0RkZGNUQ0NjQ2ODlEMzg5ODhGNUZCMjJGNjU1
NTBCM0VGRjgwHhcNMjUwOTI3MDAyNzM4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ3MmY3YS0zNzY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0xBV/B4nI8jj4I9d4CdHH3zdTsJa2njERRiedoECeh9eU8ZHhsyk3re5onvc
fU+Gi0t9GulCC9idLpEz3ZLTb6OTd4VLpstw5Vjw4x4NU4eB/vcrfCP+hlCfLTJA
re4XhLTKQyV2fkt/29fcBvz/wgpBpNTpcDY8ElZOOOGU1Od8yj+0TpsvavgVX6+7
wVUcONmaFROssFekn1QZkB6eB1y089+xZH85xRxmmHdL2RtqLLPi3MsaDMd7luvy
fAVqMKQyR874VjkELfZXy5wiC0te30T7hmiSiAEtAelOkSeYxWkQecCoj8jl4t5r
NCdnMeKifxQUcl6XBKoDfIyudwIDAQABo4IClTCCApEwHQYDVR0OBBYEFLGVWo+2
lyr0FHWQA0BU4kZGWH1mMB8GA1UdIwQYMBaAFNo/T/9dRkaJ04mI9fsi9lVQs+/4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBM0ZGRi84MkFEMzc3QTRE
QUIxMUVDOTIxNEY1MjFDNEY5QUUwMi8yajlQXzExR1JvblRpWWoxLXlMMlZWQ3o3
X2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJqOVBfMTFHUm9uVGlZajEteUwyVlZDejdfZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTNGRkYvODJBRDM3N0E0REFCMTFFQzkyMTRGNTIxQzRGOUFFMDIvQUM2M0M0QTRB
NjJFMTFFQ0JERDY4NDNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnrbAwDQYJKoZIhvcNAQELBQADggEBAEz8Oi1wobb9ukXV
6kgQLQ8BjRI0DQtzb17Om1Qz2OEqUfMxVWh51ZWFPloCHTwQr/QUdUW7IdipQ6eL
NDhMT1OMg64lBFdTHUGhVragziKHAJQrpceT94JDL+R4SQKyMU2Eoy8A1d9PmeCr
1I65Pk2aOoCmGhusadDSIYk7sirZA/bLNL3SU1ujDUqf9qKYxcXw1tA/AuefxrML
9/0rRdR2BHF3AYtOtE4VO5oxyLEhtqXg7wjr8cbhRjgqoZEcUkZypE4Ke27V0d4X
teKjWq6wMjY88V5nL9UixPlspKDoDoY1RTJJ5E4XEO5r9X4Nb2MdSp7PsF7ky3EP
Rme3wbY=
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:57:43 2025 by rpki-client