Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/583FA34E672E11EEB31AC02CC4F9AE02.roa
File:                     583FA34E672E11EEB31AC02CC4F9AE02.roa (raw, json)
Hash identifier:          Er3/MAuCzoGUHkL9sYAa/oK9eluVmQp9z5pkVAw9cAM=
Subject key identifier:   81:75:F8:26:83:8A:BD:CA:22:B0:57:54:D2:4F:5B:40:18:33:FA:A7
Certificate issuer:       /CN=A91C064C/serialNumber=AFC3174767E4EAFC4DEE0F4925A1C65CDC59FA2A
Certificate serial:       017A
Authority key identifier: AF:C3:17:47:67:E4:EA:FC:4D:EE:0F:49:25:A1:C6:5C:DC:59:FA:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r8MXR2fk6vxN7g9JJaHGXNxZ-io.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/583FA34E672E11EEB31AC02CC4F9AE02.roa
Signing time:             Wed 01 Oct 2025 05:01:28 +0000
ROA not before:           Wed 01 Oct 2025 05:01:28 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        103.10.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/r8MXR2fk6vxN7g9JJaHGXNxZ-io.crl
                          rsync://rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/r8MXR2fk6vxN7g9JJaHGXNxZ-io.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r8MXR2fk6vxN7g9JJaHGXNxZ-io.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 06:20:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 378 (0x17a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C064C, serialNumber=AFC3174767E4EAFC4DEE0F4925A1C65CDC59FA2A
        Validity
            Not Before: Oct  1 05:01:28 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68dcb5a8-0f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:ba:42:7b:81:71:ca:8a:8c:c8:73:35:37:dd:
                    ee:98:16:b1:18:35:86:e7:3c:49:63:96:00:50:f6:
                    34:2e:22:71:4f:6c:d9:a7:f3:e5:f4:99:b0:7d:0d:
                    12:cf:92:7a:87:74:f2:7b:2c:07:18:af:a2:5e:90:
                    e9:2c:37:dc:e9:e1:37:26:b6:1a:9e:fc:da:0d:05:
                    bc:be:1b:0e:38:53:04:ee:0b:32:04:14:dc:91:03:
                    97:fe:42:04:16:a3:c5:10:bd:93:9c:91:6a:5a:90:
                    d2:b4:52:62:c0:ba:8d:48:56:ff:83:44:df:ca:58:
                    2d:d7:6b:3a:a3:e5:00:7b:00:92:c8:60:7a:8b:c4:
                    80:79:1f:f4:14:26:07:e7:77:31:aa:0d:d8:e3:eb:
                    6d:73:78:64:e2:54:fb:48:34:cd:26:b9:d9:58:43:
                    49:a9:e9:da:ab:f5:69:2c:88:5a:f4:5c:ce:e6:a3:
                    9c:af:b3:34:c2:3d:9f:f6:c2:a3:1e:ef:fe:4b:17:
                    5b:9e:30:c6:0e:8f:e1:d8:bb:4a:bf:62:fc:03:50:
                    0b:ee:0a:87:c3:20:98:e4:20:eb:58:a0:4b:dc:f4:
                    b9:25:e3:c2:43:71:60:36:9f:29:03:b4:21:d6:c7:
                    c4:4c:26:c4:e9:47:90:77:70:20:0b:ce:2c:dc:23:
                    91:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:75:F8:26:83:8A:BD:CA:22:B0:57:54:D2:4F:5B:40:18:33:FA:A7
            X509v3 Authority Key Identifier:
                keyid:AF:C3:17:47:67:E4:EA:FC:4D:EE:0F:49:25:A1:C6:5C:DC:59:FA:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/r8MXR2fk6vxN7g9JJaHGXNxZ-io.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r8MXR2fk6vxN7g9JJaHGXNxZ-io.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C064C/683C9D98672D11EE9C809F12C4F9AE02/583FA34E672E11EEB31AC02CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.10.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:83:f1:47:16:ec:b1:1d:ff:91:3a:ed:1d:c5:e2:6e:1b:21:
         52:1b:83:1a:c6:88:52:29:46:85:d4:c6:39:b3:45:89:38:ec:
         3b:e9:11:05:e9:e7:34:02:19:3b:8a:11:40:8f:49:d6:35:23:
         45:b9:c8:60:b6:29:40:c5:da:51:5b:fd:e5:e4:f5:58:96:b8:
         8d:b1:c7:f7:61:3f:35:5f:55:d6:36:10:d9:ce:db:83:ec:ca:
         7b:7f:7b:f6:53:fd:37:a5:69:66:cf:26:3d:7b:d0:39:14:52:
         d8:e3:a8:a2:d6:4d:16:c0:30:55:37:93:f5:94:89:cc:ad:92:
         b8:22:16:6c:e1:2c:a2:e7:e2:72:5d:ec:e9:e2:6a:2a:9f:39:
         fb:24:86:a4:ce:0b:3d:93:58:e9:80:5f:c1:53:c2:23:56:d3:
         01:6d:24:d8:ae:11:58:c6:aa:8b:8b:ee:2c:a3:dd:a2:ff:ab:
         6f:fe:67:8d:64:44:ff:99:6e:a5:3d:63:10:6f:b1:f8:31:4f:
         c4:ff:76:a5:35:32:7b:86:67:60:fd:fa:b0:55:f8:eb:72:2d:
         92:85:6c:79:bd:9f:e7:bd:c3:c5:a8:20:72:00:c5:e8:93:95:
         4e:a6:81:ba:aa:e6:c4:9d:6e:88:cc:ee:45:e6:68:b6:ff:26:
         c3:b0:33:ba
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAXowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzA2NEMxMTAvBgNVBAUTKEFGQzMxNzQ3NjdFNEVBRkM0REVFMEY0OTI1QTFDNjVD
REM1OUZBMkEwHhcNMjUxMDAxMDUwMTI4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRjYjVhOC0wZjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8LpCe4FxyoqMyHM1N93umBaxGDWG5zxJY5YAUPY0LiJxT2zZp/Pl9JmwfQ0S
z5J6h3TyeywHGK+iXpDpLDfc6eE3JrYanvzaDQW8vhsOOFME7gsyBBTckQOX/kIE
FqPFEL2TnJFqWpDStFJiwLqNSFb/g0Tfylgt12s6o+UAewCSyGB6i8SAeR/0FCYH
53cxqg3Y4+ttc3hk4lT7SDTNJrnZWENJqenaq/VpLIha9FzO5qOcr7M0wj2f9sKj
Hu/+SxdbnjDGDo/h2LtKv2L8A1AL7gqHwyCY5CDrWKBL3PS5JePCQ3FgNp8pA7Qh
1sfETCbE6UeQd3AgC84s3CORUQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIF1+CaD
ir3KIrBXVNJPW0AYM/qnMB8GA1UdIwQYMBaAFK/DF0dn5Or8Te4PSSWhxlzcWfoq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMDY0Qy82ODNDOUQ5ODY3
MkQxMUVFOUM4MDlGMTJDNEY5QUUwMi9yOE1YUjJmazZ2eE43ZzlKSmFIR1hOeFot
aW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3I4TVhSMmZrNnZ4TjdnOUpKYUhHWE54Wi1pby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzA2NEMvNjgzQzlEOTg2NzJEMTFFRTlDODA5RjEyQzRGOUFFMDIvNTgzRkEzNEU2
NzJFMTFFRUIzMUFDMDJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnCmwwDQYJKoZIhvcNAQELBQADggEBAMSD8UcW7LEd/5E6
7R3F4m4bIVIbgxrGiFIpRoXUxjmzRYk47DvpEQXp5zQCGTuKEUCPSdY1I0W5yGC2
KUDF2lFb/eXk9ViWuI2xx/dhPzVfVdY2ENnO24Psynt/e/ZT/TelaWbPJj170DkU
UtjjqKLWTRbAMFU3k/WUicytkrgiFmzhLKLn4nJd7OniaiqfOfskhqTOCz2TWOmA
X8FTwiNW0wFtJNiuEVjGqouL7iyj3aL/q2/+Z41kRP+ZbqU9YxBvsfgxT8T/dqU1
MnuGZ2D9+rBV+OtyLZKFbHm9n+e9w8WoIHIAxeiTlU6mgbqq5sSdbojM7kXmaLb/
JsOwM7o=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:58:17 2025 by rpki-client