Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/A042865C3DB211EE9EB40D3DC4F9AE02.roa
File:                     A042865C3DB211EE9EB40D3DC4F9AE02.roa (raw, json)
Hash identifier:          ZqfsDoVxPPlDBErW76OplgU+s6rrOgPc04UOswio6BA=
Subject key identifier:   C4:51:A9:4C:26:C3:84:DD:58:F2:52:59:AA:8F:0A:1A:12:2E:78:F6
Certificate issuer:       /CN=A91C0C9B/serialNumber=494202B031E9F427643157A06EFAA4C070C7F3ED
Certificate serial:       0520
Authority key identifier: 49:42:02:B0:31:E9:F4:27:64:31:57:A0:6E:FA:A4:C0:70:C7:F3:ED
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/A042865C3DB211EE9EB40D3DC4F9AE02.roa
Signing time:             Sat 11 Oct 2025 01:56:10 +0000
ROA not before:           Sat 11 Oct 2025 01:56:10 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     133752
IP address blocks:        103.134.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.crl
                          rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 01:30:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1312 (0x520)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C0C9B, serialNumber=494202B031E9F427643157A06EFAA4C070C7F3ED
        Validity
            Not Before: Oct 11 01:56:10 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e9b939-a69b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3c:71:4b:2a:3a:36:e4:2e:4f:11:64:0d:8a:
                    45:38:83:c4:02:10:d6:09:ab:32:22:80:10:a5:1f:
                    aa:86:d4:33:95:80:46:16:b3:96:23:e3:56:ce:6c:
                    a5:69:77:7c:00:cf:3a:24:98:07:58:89:f6:25:18:
                    e6:0f:8e:da:2a:c4:54:ae:52:29:81:01:89:2f:84:
                    2d:2e:35:9c:bf:fb:ed:1e:b6:7b:d9:c3:b9:bf:fc:
                    30:a6:54:99:f1:31:48:1c:06:5d:b1:55:8d:8f:6a:
                    4a:80:3c:a0:07:f0:e6:ea:18:b7:d2:9e:d3:fa:0f:
                    61:fb:d8:73:f7:9f:81:d5:0a:f0:31:f5:d9:31:3b:
                    8b:b3:c2:c8:1b:83:78:f5:84:d8:dd:5f:b8:ea:47:
                    b5:83:88:c2:f0:53:eb:11:ca:ad:2d:1d:a2:5e:fd:
                    98:8a:9b:05:c7:59:bb:e2:91:f2:80:44:0b:ae:84:
                    b7:5e:dc:03:34:9b:08:28:9f:7a:04:8f:73:69:b3:
                    69:6d:c8:53:12:22:79:98:2a:27:e2:ff:6f:7c:38:
                    5d:b0:9e:b6:c0:5b:0c:29:b0:6b:98:42:08:a7:9b:
                    77:8f:63:7b:4b:e4:ca:d9:2d:8b:d8:4b:fe:ae:41:
                    55:86:5a:63:d2:98:a8:79:fc:c3:c2:a3:cc:c1:91:
                    b0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:51:A9:4C:26:C3:84:DD:58:F2:52:59:AA:8F:0A:1A:12:2E:78:F6
            X509v3 Authority Key Identifier:
                keyid:49:42:02:B0:31:E9:F4:27:64:31:57:A0:6E:FA:A4:C0:70:C7:F3:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/SUICsDHp9CdkMVegbvqkwHDH8-0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SUICsDHp9CdkMVegbvqkwHDH8-0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0C9B/A46E989A322B11EC97F8CF7CC4F9AE02/A042865C3DB211EE9EB40D3DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.134.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e3:ee:6e:1b:8c:3c:33:9e:ee:a6:f0:b7:31:ce:d8:d1:86:
         9b:d2:ff:60:e1:d1:8a:f7:af:f9:09:a7:e4:e5:9c:c2:43:0e:
         84:59:82:92:bd:2c:2b:c3:95:23:3c:e4:3d:7f:84:84:1a:3b:
         98:d5:8e:07:f6:3c:1a:49:c0:01:b3:e4:49:fc:99:9d:a7:27:
         68:5e:6b:0c:9b:7b:69:e3:de:94:b7:c7:25:d6:4b:76:b1:11:
         8d:5f:37:d6:21:ae:4f:12:3a:35:b2:51:a0:64:5b:d5:79:79:
         02:62:5e:2b:7e:0a:90:07:de:4d:2d:3b:35:b1:2a:fc:47:9f:
         99:83:9e:2d:0a:d4:96:41:6d:d3:2c:0f:62:db:6e:0f:08:3f:
         dc:6b:5a:a2:ba:11:06:6d:ad:cc:c1:9c:4d:54:de:86:f5:86:
         b5:9c:99:ad:16:35:fb:fb:e2:6b:76:4a:c0:8e:71:43:9b:49:
         2d:3b:52:d0:9c:fb:0d:86:bc:e9:3b:90:88:65:13:f2:63:15:
         40:c5:77:28:55:7b:be:f3:5f:7a:d4:49:08:cc:b2:67:b6:82:
         71:ad:04:46:43:d7:24:77:6c:81:56:2c:5b:76:3e:16:7b:db:
         2b:cf:e0:86:a4:fb:ec:0f:46:23:16:2d:46:3b:c7:3e:f1:ce:
         c5:ff:ab:ee
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBSAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBDOUIxMTAvBgNVBAUTKDQ5NDIwMkIwMzFFOUY0Mjc2NDMxNTdBMDZFRkFBNEMw
NzBDN0YzRUQwHhcNMjUxMDExMDE1NjEwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5YjkzOS1hNjliMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwzxxSyo6NuQuTxFkDYpFOIPEAhDWCasyIoAQpR+qhtQzlYBGFrOWI+NWzmyl
aXd8AM86JJgHWIn2JRjmD47aKsRUrlIpgQGJL4QtLjWcv/vtHrZ72cO5v/wwplSZ
8TFIHAZdsVWNj2pKgDygB/Dm6hi30p7T+g9h+9hz95+B1QrwMfXZMTuLs8LIG4N4
9YTY3V+46ke1g4jC8FPrEcqtLR2iXv2YipsFx1m74pHygEQLroS3XtwDNJsIKJ96
BI9zabNpbchTEiJ5mCon4v9vfDhdsJ62wFsMKbBrmEIIp5t3j2N7S+TK2S2L2Ev+
rkFVhlpj0pioefzDwqPMwZGwZwIDAQABo4IClTCCApEwHQYDVR0OBBYEFMRRqUwm
w4TdWPJSWaqPChoSLnj2MB8GA1UdIwQYMBaAFElCArAx6fQnZDFXoG76pMBwx/Pt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEM5Qi9BNDZFOTg5QTMy
MkIxMUVDOTdGOENGN0NDNEY5QUUwMi9TVUlDc0RIcDlDZGtNVmVnYnZxa3dIREg4
LTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NVSUNzREhwOUNka01WZWdidnFrd0hESDgtMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBDOUIvQTQ2RTk4OUEzMjJCMTFFQzk3RjhDRjdDQzRGOUFFMDIvQTA0Mjg2NUMz
REIyMTFFRTlFQjQwRDNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnhkswDQYJKoZIhvcNAQELBQADggEBAIrj7m4bjDwznu6m
8LcxztjRhpvS/2Dh0Yr3r/kJp+TlnMJDDoRZgpK9LCvDlSM85D1/hIQaO5jVjgf2
PBpJwAGz5En8mZ2nJ2heawybe2nj3pS3xyXWS3axEY1fN9Yhrk8SOjWyUaBkW9V5
eQJiXit+CpAH3k0tOzWxKvxHn5mDni0K1JZBbdMsD2Lbbg8IP9xrWqK6EQZtrczB
nE1U3ob1hrWcma0WNfv74mt2SsCOcUObSS07UtCc+w2GvOk7kIhlE/JjFUDFdyhV
e77zX3rUSQjMsme2gnGtBEZD1yR3bIFWLFt2PhZ72yvP4Iak++wPRiMWLUY7xz7x
zsX/q+4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:59:53 2025 by rpki-client