Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/1476769294D811EEBF18DD48C4F9AE02.roa
File:                     1476769294D811EEBF18DD48C4F9AE02.roa (raw, json)
Hash identifier:          AapK3LGFAkeFn2PK+/+FmpVMvtnYOyNzBgYEzrDjFvU=
Subject key identifier:   24:D4:7C:68:F6:72:6E:56:33:21:C2:6D:45:EF:2C:F4:8F:18:E7:70
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       4D8A
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/1476769294D811EEBF18DD48C4F9AE02.roa
Signing time:             Thu 28 Aug 2025 14:55:20 +0000
ROA not before:           Thu 28 Aug 2025 14:55:20 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     150856
IP address blocks:        103.234.32.0/23 maxlen: 24
                          2401:1420::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 14:36:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19850 (0x4d8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Aug 28 14:55:20 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68b06dd8-13fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:55:fd:7b:d6:f7:20:46:d8:7e:83:4c:e1:5c:
                    69:7a:d7:1f:6c:30:d1:a8:c5:43:9d:63:56:cf:d4:
                    5f:b8:4d:5b:32:74:76:7b:fb:d7:6f:ee:0e:5c:f5:
                    02:2f:c4:85:80:91:f1:15:0b:11:5a:fa:b2:79:51:
                    65:c3:99:c6:c6:51:db:5e:9a:9d:4c:5b:1a:90:60:
                    af:47:f0:11:b5:cb:0b:ad:01:1b:5c:7f:d8:04:a5:
                    d9:d1:60:4d:e0:7b:0f:7d:51:53:86:31:d6:a7:10:
                    0d:83:40:13:10:76:a4:ca:dc:77:ae:02:a7:7b:24:
                    f3:a6:3a:0d:6b:3e:46:0f:95:f5:0b:5c:61:d1:a1:
                    bb:cc:a7:71:b2:1a:4a:54:7d:e3:93:9a:53:00:5d:
                    a8:b0:72:7a:1e:6f:4a:26:05:86:ba:98:bf:20:25:
                    e0:81:4d:4d:7a:8a:e1:d1:f5:4f:7c:c7:5f:57:60:
                    85:8a:8f:ed:a3:e5:e7:93:0b:64:3d:75:39:0c:82:
                    a3:28:20:fc:75:11:4e:5a:61:77:8e:9a:f6:49:c6:
                    63:94:bf:89:50:fe:86:cb:ff:cb:11:63:cc:9e:0d:
                    d1:63:d6:90:77:a7:17:6e:d7:0e:be:e1:7c:3a:6f:
                    de:42:e5:8d:c1:60:97:95:d5:1d:e1:e4:a2:da:4a:
                    da:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D4:7C:68:F6:72:6E:56:33:21:C2:6D:45:EF:2C:F4:8F:18:E7:70
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/1476769294D811EEBF18DD48C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.234.32.0/23
                IPv6:
                  2401:1420::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:ca:a6:3c:3f:53:72:03:d3:0c:20:60:61:3d:cb:9a:8b:02:
         0a:62:d4:d6:ab:29:c0:9d:08:a2:38:fd:13:14:11:dc:fc:18:
         b9:88:e7:25:87:00:5c:50:1a:10:de:d5:6e:b9:28:24:ee:c8:
         d0:60:0f:ec:5a:af:de:65:f6:b6:82:df:d6:d8:ad:3e:f5:e8:
         19:bd:f8:b4:6e:7c:43:54:b2:89:13:fb:a8:25:1b:1c:f1:95:
         9e:19:bb:bc:73:22:2c:3b:fe:d2:90:23:26:43:9c:5b:f7:9b:
         88:72:04:4c:26:14:ff:8c:e3:39:09:f4:67:ef:a2:ef:24:a1:
         f7:85:52:b7:fe:60:09:d7:d9:00:2d:99:93:47:23:62:79:0e:
         42:0b:f0:97:1d:47:cb:a3:ef:ec:fc:db:1a:ed:2c:48:3f:2d:
         e4:6b:e4:62:49:b2:b4:b7:a2:ca:29:cd:00:30:fb:13:e5:fa:
         71:90:79:82:b1:e6:6d:5a:2c:94:98:c1:48:20:38:96:28:60:
         a5:d5:2d:3a:5c:cf:03:52:3d:e5:c9:34:b9:9d:d8:49:2b:00:
         d5:8c:29:a5:6b:85:3a:4e:69:69:da:55:9b:62:47:4e:5a:c1:
         da:29:0a:d3:9f:2b:78:1e:73:3e:31:cc:29:8b:87:10:0f:c1:
         33:a7:41:61
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICTYowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwODI4MTQ1NTIwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIwNmRkOC0xM2ZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4FX9e9b3IEbYfoNM4VxpetcfbDDRqMVDnWNWz9RfuE1bMnR2e/vXb+4OXPUC
L8SFgJHxFQsRWvqyeVFlw5nGxlHbXpqdTFsakGCvR/ARtcsLrQEbXH/YBKXZ0WBN
4HsPfVFThjHWpxANg0ATEHakytx3rgKneyTzpjoNaz5GD5X1C1xh0aG7zKdxshpK
VH3jk5pTAF2osHJ6Hm9KJgWGupi/ICXggU1Neorh0fVPfMdfV2CFio/to+Xnkwtk
PXU5DIKjKCD8dRFOWmF3jpr2ScZjlL+JUP6Gy//LEWPMng3RY9aQd6cXbtcOvuF8
Om/eQuWNwWCXldUd4eSi2kraxwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFCTUfGj2
cm5WMyHCbUXvLPSPGOdwMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvMTQ3Njc2OTI5
NEQ4MTFFRUJGMThERDQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFn6iAwDwQCAAIwCQMHACQBFCAAADANBgkqhkiG9w0BAQsF
AAOCAQEANMqmPD9TcgPTDCBgYT3LmosCCmLU1qspwJ0Iojj9ExQR3PwYuYjnJYcA
XFAaEN7VbrkoJO7I0GAP7Fqv3mX2toLf1titPvXoGb34tG58Q1SyiRP7qCUbHPGV
nhm7vHMiLDv+0pAjJkOcW/ebiHIETCYU/4zjOQn0Z++i7ySh94VSt/5gCdfZAC2Z
k0cjYnkOQgvwlx1Hy6Pv7PzbGu0sSD8t5GvkYkmytLeiyinNADD7E+X6cZB5grHm
bVoslJjBSCA4lihgpdUtOlzPA1I95ck0uZ3YSSsA1YwppWuFOk5padpVm2JHTlrB
2ikK058reB5zPjHMKYuHEA/BM6dBYQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:22:02 2025 by rpki-client