Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/1CC78D4651B911F097C15C49C4F9AE02.roa
File:                     1CC78D4651B911F097C15C49C4F9AE02.roa (raw, json)
Hash identifier:          eTkkjeUWF+laUxu3hlPAVMSxjb/tJZE5KKWsck/tHH4=
Subject key identifier:   5E:7C:12:53:72:F0:0B:D0:54:6D:EB:89:CC:5D:9C:6F:A0:A8:66:40
Certificate issuer:       /CN=A91C0C9B/serialNumber=494202B031E9F427643157A06EFAA4C070C7F3ED
Certificate serial:       051F
Authority key identifier: 49:42:02:B0:31:E9:F4:27:64:31:57:A0:6E:FA:A4:C0:70:C7:F3:ED
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/1CC78D4651B911F097C15C49C4F9AE02.roa
Signing time:             Sat 11 Oct 2025 01:56:09 +0000
ROA not before:           Sat 11 Oct 2025 01:56:09 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        103.120.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.crl
                          rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:30:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1311 (0x51f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C0C9B, serialNumber=494202B031E9F427643157A06EFAA4C070C7F3ED
        Validity
            Not Before: Oct 11 01:56:09 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e9b938-5d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:02:da:e9:94:c0:4c:7e:21:7c:ae:e8:a3:d0:
                    db:45:0c:3b:e1:c9:c0:41:70:59:a9:8d:3c:20:91:
                    0e:c0:af:2a:60:e2:2f:ac:84:80:56:ac:77:c9:f9:
                    f5:2c:e5:f9:a7:25:4b:6f:79:58:6b:f4:04:1a:e4:
                    a1:c4:f5:69:d3:e7:49:83:a4:00:b4:ae:25:d3:d7:
                    1b:d6:07:96:c3:06:ec:4e:a8:84:88:5e:fa:62:ad:
                    5b:fd:ae:ff:9b:41:61:45:43:20:ad:34:27:d8:d3:
                    10:e7:a2:b1:f9:af:9d:b5:50:18:dd:d1:8b:3c:55:
                    45:0d:7f:bf:b4:c8:e2:e6:57:2e:77:8a:66:cd:86:
                    cc:c4:7d:08:79:67:b4:29:fa:32:8a:ec:4d:17:5e:
                    51:14:e4:43:20:da:95:3c:90:ad:46:20:6f:64:dc:
                    fa:4c:1f:ba:ef:79:c8:85:66:f8:4e:64:f8:1e:41:
                    61:3e:26:fc:f1:f8:d7:2e:85:d6:3c:46:59:4f:4c:
                    8d:8c:2b:ff:13:33:32:03:0f:58:0c:31:88:35:7a:
                    30:68:32:8c:3e:a6:f6:7b:a0:a6:6a:78:db:6c:03:
                    b1:26:d8:85:97:79:6e:7e:00:a4:34:8f:c7:ec:bd:
                    33:55:12:43:84:47:f2:c6:7d:e3:36:f8:1b:d6:99:
                    88:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7C:12:53:72:F0:0B:D0:54:6D:EB:89:CC:5D:9C:6F:A0:A8:66:40
            X509v3 Authority Key Identifier:
                keyid:49:42:02:B0:31:E9:F4:27:64:31:57:A0:6E:FA:A4:C0:70:C7:F3:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/1CC78D4651B911F097C15C49C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:03:d6:f6:34:30:0f:b6:69:bd:2e:a7:4c:20:53:3a:f4:0f:
         2c:b0:1a:b7:01:64:ec:e5:2f:7e:06:0a:42:df:f1:47:5e:dc:
         57:80:2f:96:90:fa:da:c6:3a:29:84:a6:cd:ed:77:58:e1:d3:
         9d:83:e7:43:2e:90:3e:d3:d1:0b:a9:d9:81:00:c5:9e:3a:0c:
         e9:c4:62:2e:a7:06:3f:d2:c9:03:bc:06:dc:f6:89:bd:b4:3d:
         0b:4b:4f:ca:07:c7:f5:06:ae:15:3d:d5:82:3a:5e:91:a6:9b:
         39:b2:c9:4c:4d:ac:1a:01:ba:9b:64:4f:71:59:c1:7c:9b:10:
         80:1f:85:c3:50:91:42:e8:a2:19:3c:ea:dd:a5:f1:06:72:3d:
         ab:cc:a9:f1:f0:9f:25:6e:79:ea:f8:26:03:5c:d5:e9:c6:0a:
         7a:81:dd:ab:15:76:fc:0d:ad:4f:7e:55:21:63:66:b8:26:a0:
         7f:2e:86:7d:36:78:4b:17:b5:0f:ba:2d:da:ed:19:9a:94:3f:
         84:87:db:8e:ae:a2:45:da:a6:38:60:13:c6:b0:90:f5:e7:e2:
         fb:f1:af:8f:bd:0b:b4:e6:ba:e1:88:63:7f:01:1e:48:b0:d7:
         cb:9e:62:b4:51:19:9b:ea:af:ec:98:59:ee:a1:f7:6e:be:4c:
         5d:fd:43:16
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBR8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBDOUIxMTAvBgNVBAUTKDQ5NDIwMkIwMzFFOUY0Mjc2NDMxNTdBMDZFRkFBNEMw
NzBDN0YzRUQwHhcNMjUxMDExMDE1NjA5WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5YjkzOC01ZDcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwQLa6ZTATH4hfK7oo9DbRQw74cnAQXBZqY08IJEOwK8qYOIvrISAVqx3yfn1
LOX5pyVLb3lYa/QEGuShxPVp0+dJg6QAtK4l09cb1geWwwbsTqiEiF76Yq1b/a7/
m0FhRUMgrTQn2NMQ56Kx+a+dtVAY3dGLPFVFDX+/tMji5lcud4pmzYbMxH0IeWe0
KfoyiuxNF15RFORDINqVPJCtRiBvZNz6TB+673nIhWb4TmT4HkFhPib88fjXLoXW
PEZZT0yNjCv/EzMyAw9YDDGINXowaDKMPqb2e6CmanjbbAOxJtiFl3lufgCkNI/H
7L0zVRJDhEfyxn3jNvgb1pmIgQIDAQABo4IClTCCApEwHQYDVR0OBBYEFF58ElNy
8AvQVG3ricxdnG+gqGZAMB8GA1UdIwQYMBaAFElCArAx6fQnZDFXoG76pMBwx/Pt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEM5Qi9BNDZFOTg5QTMy
MkIxMUVDOTdGOENGN0NDNEY5QUUwMi9TVUlDc0RIcDlDZGtNVmVnYnZxa3dIREg4
LTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NVSUNzREhwOUNka01WZWdidnFrd0hESDgtMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBDOUIvQTQ2RTk4OUEzMjJCMTFFQzk3RjhDRjdDQzRGOUFFMDIvMUNDNzhENDY1
MUI5MTFGMDk3QzE1QzQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABneIEwDQYJKoZIhvcNAQELBQADggEBAGsD1vY0MA+2ab0u
p0wgUzr0DyywGrcBZOzlL34GCkLf8Ude3FeAL5aQ+trGOimEps3td1jh052D50Mu
kD7T0Qup2YEAxZ46DOnEYi6nBj/SyQO8Btz2ib20PQtLT8oHx/UGrhU91YI6XpGm
mzmyyUxNrBoBuptkT3FZwXybEIAfhcNQkULoohk86t2l8QZyPavMqfHwnyVueer4
JgNc1enGCnqB3asVdvwNrU9+VSFjZrgmoH8uhn02eEsXtQ+6LdrtGZqUP4SH246u
okXapjhgE8awkPXn4vvxr4+9C7TmuuGIY38BHkiw18ueYrRRGZvqr+yYWe6h926+
TF39QxY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:13:32 2025 by rpki-client