Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5BEF6A4A245B11ED90A2B55DC4F9AE02.roa
File:                     5BEF6A4A245B11ED90A2B55DC4F9AE02.roa (raw, json)
Hash identifier:          /WvdEdVznek03D8vAefldeswKtwvg/+TyZaIQ78VFqY=
Subject key identifier:   60:24:47:96:87:65:A4:37:5A:0A:C4:CF:2F:E6:6D:7D:80:F7:BC:69
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       4E6E
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5BEF6A4A245B11ED90A2B55DC4F9AE02.roa
Signing time:             Mon 15 Sep 2025 02:45:44 +0000
ROA not before:           Mon 15 Sep 2025 02:45:44 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     149117
IP address blocks:        103.82.28.0/22 maxlen: 22
                          103.190.202.0/23 maxlen: 23
                          103.227.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 14:35:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20078 (0x4e6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Sep 15 02:45:44 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68c77dd7-bc80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:bf:5c:0b:0f:15:d3:cc:ee:e4:8d:56:0b:e4:
                    34:c5:c1:ce:a7:c9:7e:f6:bd:43:6e:3d:52:04:b6:
                    73:3e:ea:de:47:94:68:88:1d:86:e9:49:cd:a9:d8:
                    de:9d:e5:6c:29:61:bc:44:07:0d:a8:13:7e:24:e8:
                    dd:4a:77:04:14:4f:51:dd:4a:f8:7b:7a:6a:a8:a8:
                    b4:e9:37:06:f2:2c:f9:69:17:ec:fd:b5:c0:5b:6d:
                    90:0d:d5:54:fc:d3:36:23:9e:b0:54:d5:b9:3e:33:
                    2c:ee:8c:12:2f:7a:09:a9:e1:b3:99:20:0e:bc:c7:
                    63:f7:02:55:7e:83:dc:ea:61:a5:be:64:db:b7:21:
                    f7:3e:f3:bd:17:88:f6:ef:ce:35:7f:ca:7b:b0:2a:
                    66:db:d0:23:47:6c:45:09:44:2d:54:6c:16:67:96:
                    bc:29:92:c0:69:b6:c9:9d:ba:73:be:e8:ed:86:d2:
                    b4:80:b1:95:e3:66:32:49:54:fe:72:1c:98:89:bf:
                    8e:ee:d0:9e:fc:48:97:03:82:4c:e9:b0:49:f4:07:
                    c2:c4:70:58:b1:30:f8:00:a6:a1:4e:37:ce:f6:34:
                    75:53:9e:e6:43:ca:5e:da:c5:b9:4b:d1:84:e8:54:
                    6b:66:42:c2:5f:58:6a:65:0f:ee:2d:c4:11:e7:b8:
                    f4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:24:47:96:87:65:A4:37:5A:0A:C4:CF:2F:E6:6D:7D:80:F7:BC:69
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5BEF6A4A245B11ED90A2B55DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.82.28.0/22
                  103.190.202.0/23
                  103.227.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:c6:7b:f1:ce:2e:35:1a:6f:1e:e3:89:e4:1d:e6:a2:d6:09:
         2a:7f:05:d8:f6:30:d7:d8:db:5d:2e:71:91:7e:a7:4e:31:0a:
         6e:4a:16:71:51:ca:b1:48:9d:f9:11:5e:f9:c7:88:8b:41:2d:
         a2:1a:3f:0d:f6:25:2c:13:d6:f1:4a:ce:0b:48:c6:b9:4b:e1:
         93:89:32:1b:a7:bc:4d:fa:97:0e:d7:44:4a:dd:ed:50:cc:ed:
         1f:24:ab:1e:c9:09:fe:ca:cb:30:28:d6:bd:88:e5:8a:6e:36:
         f6:ad:b4:df:70:de:a0:dd:d8:39:13:c2:46:fa:f2:08:b1:9e:
         81:d6:7d:a5:f4:94:c5:08:e1:d1:ea:03:13:13:51:8d:4f:9a:
         f3:9f:5f:69:b8:b6:55:c8:6c:a4:8d:0e:66:17:ad:26:83:43:
         71:82:df:48:22:53:45:47:0c:8a:86:e4:9e:29:c6:6c:ea:e7:
         e4:1d:1e:2f:46:f8:db:be:be:32:c4:63:19:d4:8b:3e:f5:69:
         8d:05:4b:b6:8e:23:ba:a6:99:ef:29:db:ca:41:5a:fa:ed:d7:
         2c:b0:96:03:88:cc:79:7f:70:53:53:85:51:49:e3:04:7d:2b:
         4b:d8:c9:08:a2:22:3a:db:62:f6:de:de:c0:dd:a9:98:41:97:
         61:2c:14:e0
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICTm4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwOTE1MDI0NTQ0WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM3N2RkNy1iYzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8r9cCw8V08zu5I1WC+Q0xcHOp8l+9r1Dbj1SBLZzPureR5RoiB2G6UnNqdje
neVsKWG8RAcNqBN+JOjdSncEFE9R3Ur4e3pqqKi06TcG8iz5aRfs/bXAW22QDdVU
/NM2I56wVNW5PjMs7owSL3oJqeGzmSAOvMdj9wJVfoPc6mGlvmTbtyH3PvO9F4j2
7841f8p7sCpm29AjR2xFCUQtVGwWZ5a8KZLAabbJnbpzvujthtK0gLGV42YySVT+
chyYib+O7tCe/EiXA4JM6bBJ9AfCxHBYsTD4AKahTjfO9jR1U57mQ8pe2sW5S9GE
6FRrZkLCX1hqZQ/uLcQR57j0pQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFGAkR5aH
ZaQ3WgrEzy/mbX2A97xpMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNUJFRjZBNEEy
NDVCMTFFRDkwQTJCNTVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJnUhwDBAFnvsoDBAJn43AwDQYJKoZIhvcNAQELBQADggEB
AHHGe/HOLjUabx7jieQd5qLWCSp/Bdj2MNfY210ucZF+p04xCm5KFnFRyrFInfkR
XvnHiItBLaIaPw32JSwT1vFKzgtIxrlL4ZOJMhunvE36lw7XRErd7VDM7R8kqx7J
Cf7KyzAo1r2I5YpuNvattN9w3qDd2DkTwkb68gixnoHWfaX0lMUI4dHqAxMTUY1P
mvOfX2m4tlXIbKSNDmYXrSaDQ3GC30giU0VHDIqG5J4pxmzq5+QdHi9G+Nu+vjLE
YxnUiz71aY0FS7aOI7qmme8p28pBWvrt1yywlgOIzHl/cFNThVFJ4wR9K0vYyQii
IjrbYvbe3sDdqZhBl2EsFOA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:03:14 2025 by rpki-client