Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/0FB823502CB011F0A2157E15C4F9AE02.roa
File:                     0FB823502CB011F0A2157E15C4F9AE02.roa (raw, json)
Hash identifier:          SNFqVWFy/zXpL+IO4VqM1BTZFXQSMMWQWnpzgvn2Vas=
Subject key identifier:   77:C6:4F:9F:DB:CD:E8:74:6A:87:A5:59:75:3B:F7:0E:C6:6E:C2:8F
Certificate issuer:       /CN=A91B61A7/serialNumber=BAEF78F78DC7CBF9B731270AAB1069F5E3433CBB
Certificate serial:       E7
Authority key identifier: BA:EF:78:F7:8D:C7:CB:F9:B7:31:27:0A:AB:10:69:F5:E3:43:3C:BB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/0FB823502CB011F0A2157E15C4F9AE02.roa
Signing time:             Sat 11 Oct 2025 09:03:13 +0000
ROA not before:           Sat 11 Oct 2025 09:03:13 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     26658
IP address blocks:        103.75.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.crl
                          rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 08:33:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 231 (0xe7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B61A7, serialNumber=BAEF78F78DC7CBF9B731270AAB1069F5E3433CBB
        Validity
            Not Before: Oct 11 09:03:13 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68ea1d51-e506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:74:a4:db:18:1d:e5:68:9a:34:ae:83:f8:e7:
                    e0:f8:1a:c7:f6:7c:c2:9a:1c:aa:8e:d7:4b:35:1a:
                    9d:ea:8c:c8:43:35:59:00:cc:32:be:98:ff:d3:57:
                    1b:2d:81:30:2b:f7:ef:bc:a9:64:fb:79:72:c6:75:
                    e9:b9:c5:87:51:ac:f6:f3:13:2a:79:1e:e3:30:83:
                    f1:a9:3a:42:db:a5:ce:64:6f:70:0c:25:79:36:2c:
                    1a:74:d1:29:f4:55:32:d5:b4:ff:34:d1:3e:48:32:
                    8c:2c:6f:c9:ca:f8:7c:17:84:a9:21:61:fd:d7:1d:
                    92:19:7e:dd:e6:de:10:54:28:f0:04:68:55:dc:fa:
                    5e:cd:b9:d7:51:6b:5c:86:30:36:a7:ac:f8:cf:19:
                    82:01:fd:dd:17:d5:f1:e3:90:e4:ea:1c:32:d2:81:
                    12:53:46:2e:0e:5b:d2:9f:d9:ef:3e:4c:1e:60:0c:
                    af:ec:fc:7d:1c:67:8b:eb:90:22:a4:54:bb:39:64:
                    75:43:8c:82:76:a0:0f:17:ec:00:32:15:16:76:13:
                    44:8e:b3:55:a7:02:58:35:b6:d6:20:a7:d0:19:46:
                    47:0e:5c:cc:9c:f8:f2:10:c4:a4:10:6b:9b:c1:26:
                    b0:a7:5b:57:e9:d3:07:64:3b:f1:53:55:51:7c:0a:
                    8d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C6:4F:9F:DB:CD:E8:74:6A:87:A5:59:75:3B:F7:0E:C6:6E:C2:8F
            X509v3 Authority Key Identifier:
                keyid:BA:EF:78:F7:8D:C7:CB:F9:B7:31:27:0A:AB:10:69:F5:E3:43:3C:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/uu94943Hy_m3MScKqxBp9eNDPLs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uu94943Hy_m3MScKqxBp9eNDPLs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B61A7/0F4992045BA111EF9A79E961C4F9AE02/0FB823502CB011F0A2157E15C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.75.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:ba:ea:84:26:ec:77:f9:d8:06:e1:8b:e6:85:e3:9f:9f:63:
         97:9d:f6:d9:41:1d:f6:b7:2a:1f:20:89:57:33:95:6e:c6:ec:
         7e:df:24:f6:a3:ed:09:06:3b:7b:0b:a1:22:b9:2c:60:ad:f1:
         0b:17:57:7e:62:6c:2a:28:8f:52:74:84:f4:7e:85:4c:c2:25:
         5d:ce:21:89:5c:4a:99:d0:db:3b:93:83:be:fa:66:76:1a:75:
         97:dd:2b:c6:35:2d:43:c8:93:06:86:06:77:79:8f:95:eb:ce:
         18:83:68:42:98:90:2a:a1:cb:18:29:c5:ad:cb:87:1d:31:b8:
         9c:ec:0f:b7:db:fc:01:54:f6:a1:ec:49:d4:00:aa:00:b9:05:
         0b:18:b5:13:bb:0c:2d:54:19:d3:c8:da:3f:9b:ec:fb:2b:9e:
         2e:ad:fe:95:61:cf:6f:05:98:89:46:58:a6:9e:d3:df:4e:72:
         11:29:ae:04:73:da:f7:a2:33:13:10:84:61:4d:dd:34:b4:0b:
         6d:67:d4:fa:a5:93:90:40:f5:de:be:99:92:af:9e:75:f5:0e:
         d9:4c:7d:2e:91:fc:ae:4e:9c:4f:cc:e1:33:45:3c:1b:08:24:
         8c:b7:7e:01:71:ef:ef:a3:a0:e7:6d:ee:b5:a8:a0:7e:6d:2d:
         19:23:86:ab
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAOcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjYxQTcxMTAvBgNVBAUTKEJBRUY3OEY3OERDN0NCRjlCNzMxMjcwQUFCMTA2OUY1
RTM0MzNDQkIwHhcNMjUxMDExMDkwMzEzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVhMWQ1MS1lNTA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAunSk2xgd5WiaNK6D+Ofg+BrH9nzCmhyqjtdLNRqd6ozIQzVZAMwyvpj/01cb
LYEwK/fvvKlk+3lyxnXpucWHUaz28xMqeR7jMIPxqTpC26XOZG9wDCV5NiwadNEp
9FUy1bT/NNE+SDKMLG/Jyvh8F4SpIWH91x2SGX7d5t4QVCjwBGhV3PpezbnXUWtc
hjA2p6z4zxmCAf3dF9Xx45Dk6hwy0oESU0YuDlvSn9nvPkweYAyv7Px9HGeL65Ai
pFS7OWR1Q4yCdqAPF+wAMhUWdhNEjrNVpwJYNbbWIKfQGUZHDlzMnPjyEMSkEGub
wSawp1tX6dMHZDvxU1VRfAqNewIDAQABo4IClTCCApEwHQYDVR0OBBYEFHfGT5/b
zeh0aoelWXU79w7GbsKPMB8GA1UdIwQYMBaAFLrvePeNx8v5tzEnCqsQafXjQzy7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNjFBNy8wRjQ5OTIwNDVC
QTExMUVGOUE3OUU5NjFDNEY5QUUwMi91dTk0OTQzSHlfbTNNU2NLcXhCcDllTkRQ
THMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3V1OTQ5NDNIeV9tM01TY0txeEJwOWVORFBMcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjYxQTcvMEY0OTkyMDQ1QkExMTFFRjlBNzlFOTYxQzRGOUFFMDIvMEZCODIzNTAy
Q0IwMTFGMEEyMTU3RTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnS/AwDQYJKoZIhvcNAQELBQADggEBAJ+66oQm7Hf52Abh
i+aF45+fY5ed9tlBHfa3Kh8giVczlW7G7H7fJPaj7QkGO3sLoSK5LGCt8QsXV35i
bCooj1J0hPR+hUzCJV3OIYlcSpnQ2zuTg776ZnYadZfdK8Y1LUPIkwaGBnd5j5Xr
zhiDaEKYkCqhyxgpxa3Lhx0xuJzsD7fb/AFU9qHsSdQAqgC5BQsYtRO7DC1UGdPI
2j+b7Psrni6t/pVhz28FmIlGWKae099OchEprgRz2veiMxMQhGFN3TS0C21n1Pql
k5BA9d6+mZKvnnX1DtlMfS6R/K5OnE/M4TNFPBsIJIy3fgFx7++joOdt7rWooH5t
LRkjhqs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:15:33 2025 by rpki-client