Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/34E6B680511A11F0B256FA65C4F9AE02.roa
File:                     34E6B680511A11F0B256FA65C4F9AE02.roa (raw, json)
Hash identifier:          /d3uj8OGj8i2eQo/4qG/XmqOKUxOa6VLTQJOMFvek38=
Subject key identifier:   B5:32:9D:17:A3:51:93:0B:EE:50:7B:14:E0:C1:53:3F:D6:7D:7D:CF
Certificate issuer:       /CN=A91C93EE/serialNumber=FC56E7E076F7FD0A84BECC9C3E229142A0901FEC
Certificate serial:       0C98
Authority key identifier: FC:56:E7:E0:76:F7:FD:0A:84:BE:CC:9C:3E:22:91:42:A0:90:1F:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/34E6B680511A11F0B256FA65C4F9AE02.roa
Signing time:             Tue 24 Jun 2025 16:42:25 +0000
ROA not before:           Tue 24 Jun 2025 16:42:25 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     139875
IP address blocks:        103.135.76.0/24 maxlen: 24
                          103.135.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.crl
                          rsync://rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Jul 2025 18:52:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3224 (0xc98)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C93EE, serialNumber=FC56E7E076F7FD0A84BECC9C3E229142A0901FEC
        Validity
            Not Before: Jun 24 16:42:25 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=685ad570-ca64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:26:61:54:6e:f2:c3:ec:a5:82:ff:db:3d:
                    39:04:9b:66:01:27:86:cc:3b:b0:c0:03:9d:31:7b:
                    49:df:4b:70:c4:18:a2:57:bf:eb:ee:cc:83:c0:38:
                    c4:7b:96:f0:5f:ee:c0:cc:0c:01:bb:14:6a:f6:33:
                    0e:bb:e7:52:d6:11:69:8d:ea:67:3f:2b:06:06:33:
                    1a:ee:35:91:b0:42:bf:df:72:e1:12:1e:35:bb:c1:
                    23:8f:1f:6c:ac:f7:87:cd:4e:8c:51:10:60:e1:f1:
                    8d:87:53:bd:f1:20:e7:f9:fb:df:1c:14:c3:2a:ec:
                    63:82:bc:40:e5:8c:9e:0f:62:b2:a4:cf:46:a5:f6:
                    49:c2:95:da:fd:e1:10:08:14:36:db:24:4a:ce:cf:
                    f8:f2:42:50:ba:92:d5:c7:da:0a:c2:7b:60:52:a4:
                    e7:0e:fd:77:ca:3b:aa:b2:93:9d:ef:c5:3c:6a:b5:
                    ec:39:05:a4:91:e4:cb:68:b7:cb:e5:61:5f:ce:98:
                    68:e5:34:ef:24:22:ea:e0:ec:95:e1:a2:1a:97:33:
                    ea:fe:3b:50:87:1c:0d:c8:e4:98:9c:c3:41:c5:23:
                    1c:36:3f:7c:ff:4d:b2:fe:0d:84:36:fb:3e:be:61:
                    50:93:55:86:64:fa:d6:42:47:8d:a6:3f:b1:16:83:
                    12:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:32:9D:17:A3:51:93:0B:EE:50:7B:14:E0:C1:53:3F:D6:7D:7D:CF
            X509v3 Authority Key Identifier:
                keyid:FC:56:E7:E0:76:F7:FD:0A:84:BE:CC:9C:3E:22:91:42:A0:90:1F:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_Fbn4Hb3_QqEvsycPiKRQqCQH-w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C93EE/6858F6880E0211EAA9B1DB65C4F9AE02/34E6B680511A11F0B256FA65C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.135.76.0/24
                  103.135.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:02:89:20:6a:6d:e6:48:fd:d2:c5:5b:05:40:ca:5e:36:49:
         57:6b:c3:4f:e9:3a:ab:f8:57:f3:21:71:da:4b:8f:ae:67:c8:
         4a:4c:fe:36:5e:34:11:cf:4d:f1:7b:db:b3:7a:92:c9:f8:cc:
         97:1c:2c:bb:8e:19:39:00:bd:6f:82:e7:6a:8f:8e:1a:89:89:
         b0:f3:9a:b1:22:77:13:f9:40:cd:80:21:bf:10:3e:f7:f6:c1:
         f9:f8:20:84:a6:a2:e4:46:f1:88:1f:87:dd:e7:6f:72:db:f5:
         f9:5e:f1:1d:da:a7:67:65:d5:2b:62:76:c5:35:be:e5:a0:be:
         fc:78:ea:f1:56:6d:f4:93:f1:89:ba:17:34:19:9f:1a:9f:00:
         f9:a5:2e:68:23:74:6b:ec:f9:4b:b2:7c:a1:9c:4c:7d:b0:4a:
         22:94:84:f1:45:48:75:c6:2e:52:89:3c:6b:b1:85:2a:60:95:
         b2:d9:a6:0c:74:09:6f:2f:e8:a1:56:9a:0b:91:d1:ba:95:f8:
         49:9e:a7:d9:58:d0:38:90:11:8f:06:b6:39:5f:f1:65:06:ab:
         0b:51:0a:af:3d:cd:9e:80:f2:0a:cc:b2:0a:5e:d0:a4:65:eb:
         ed:e4:a8:13:5c:51:3e:9f:a8:b8:65:0d:05:35:13:60:16:24:
         91:7c:60:24
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDJgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzkzRUUxMTAvBgNVBAUTKEZDNTZFN0UwNzZGN0ZEMEE4NEJFQ0M5QzNFMjI5MTQy
QTA5MDFGRUMwHhcNMjUwNjI0MTY0MjI1WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODVhZDU3MC1jYTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnUkmYVRu8sPspYL/2z05BJtmASeGzDuwwAOdMXtJ30twxBiiV7/r7syDwDjE
e5bwX+7AzAwBuxRq9jMOu+dS1hFpjepnPysGBjMa7jWRsEK/33LhEh41u8Ejjx9s
rPeHzU6MURBg4fGNh1O98SDn+fvfHBTDKuxjgrxA5YyeD2KypM9GpfZJwpXa/eEQ
CBQ22yRKzs/48kJQupLVx9oKwntgUqTnDv13yjuqspOd78U8arXsOQWkkeTLaLfL
5WFfzpho5TTvJCLq4OyV4aIalzPq/jtQhxwNyOSYnMNBxSMcNj98/02y/g2ENvs+
vmFQk1WGZPrWQkeNpj+xFoMS4wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLUynRej
UZML7lB7FODBUz/WfX3PMB8GA1UdIwQYMBaAFPxW5+B29/0KhL7MnD4ikUKgkB/s
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTNFRS82ODU4RjY4ODBF
MDIxMUVBQTlCMURCNjVDNEY5QUUwMi9fRmJuNEhiM19RcUV2c3ljUGlLUlFxQ1FI
LXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19GYm40SGIzX1FxRXZzeWNQaUtSUXFDUUgtdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzkzRUUvNjg1OEY2ODgwRTAyMTFFQUE5QjFEQjY1QzRGOUFFMDIvMzRFNkI2ODA1
MTFBMTFGMEIyNTZGQTY1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnh0wDBABnh04wDQYJKoZIhvcNAQELBQADggEBAB0CiSBq
beZI/dLFWwVAyl42SVdrw0/pOqv4V/MhcdpLj65nyEpM/jZeNBHPTfF727N6ksn4
zJccLLuOGTkAvW+C52qPjhqJibDzmrEidxP5QM2AIb8QPvf2wfn4IISmouRG8Ygf
h93nb3Lb9fle8R3ap2dl1StidsU1vuWgvvx46vFWbfST8Ym6FzQZnxqfAPmlLmgj
dGvs+UuyfKGcTH2wSiKUhPFFSHXGLlKJPGuxhSpglbLZpgx0CW8v6KFWmguR0bqV
+Emep9lY0DiQEY8Gtjlf8WUGqwtRCq89zZ6A8grMsgpe0KRl6+3kqBNcUT6fqLhl
DQU1E2AWJJF8YCQ=
-----END CERTIFICATE-----
Generated at Thu Jul 3 14:57:39 2025 by rpki-client