Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/3423CAAA91A811ED97B3DB55C4F9AE02.roa
File:                     3423CAAA91A811ED97B3DB55C4F9AE02.roa (raw, json)
Hash identifier:          uvO6HQukwYrPh3gWNmwuzQaBlS53E3Kz5eOoB+lqzW8=
Subject key identifier:   76:E3:8D:54:1C:03:6C:E4:D5:43:9B:49:D9:37:C0:AB:F0:0B:28:71
Certificate issuer:       /CN=A91D6444/serialNumber=8D7D43B6FCB966E8E1A6583BDA07250157AC310F
Certificate serial:       0208
Authority key identifier: 8D:7D:43:B6:FC:B9:66:E8:E1:A6:58:3B:DA:07:25:01:57:AC:31:0F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jX1Dtvy5Zujhplg72gclAVesMQ8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/3423CAAA91A811ED97B3DB55C4F9AE02.roa
Signing time:             Wed 01 Oct 2025 03:00:22 +0000
ROA not before:           Wed 01 Oct 2025 03:00:22 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     17906
IP address blocks:        203.11.224.0/21 maxlen: 24
                          203.11.232.0/21 maxlen: 24
                          203.11.240.0/21 maxlen: 24
                          203.11.248.0/21 maxlen: 24
                          203.22.32.0/20 maxlen: 24
                          203.22.48.0/20 maxlen: 21
                          203.22.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/jX1Dtvy5Zujhplg72gclAVesMQ8.crl
                          rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/jX1Dtvy5Zujhplg72gclAVesMQ8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jX1Dtvy5Zujhplg72gclAVesMQ8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 04:40:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 520 (0x208)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D6444, serialNumber=8D7D43B6FCB966E8E1A6583BDA07250157AC310F
        Validity
            Not Before: Oct  1 03:00:22 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68dc9946-b6f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:15:28:a8:d7:94:06:23:96:44:47:09:82:3a:
                    ec:f6:07:8e:56:07:87:f4:d5:02:43:c9:3c:16:63:
                    ca:2f:41:5c:ec:a6:35:ff:7d:6b:77:9b:5b:1e:e9:
                    b3:f5:89:09:d1:51:d3:b6:45:53:ed:00:9f:6c:62:
                    62:de:67:89:94:43:28:a6:61:aa:16:96:3f:4c:67:
                    ba:30:d1:ee:96:42:2d:69:9a:2a:2a:d1:b4:67:c7:
                    5a:40:92:5d:4a:21:d5:46:2c:10:d9:85:ea:ec:06:
                    59:13:5a:7e:9d:17:fb:01:ed:ba:13:fc:f3:31:d3:
                    a8:56:ae:40:49:00:80:66:46:e9:ab:5c:3d:3f:68:
                    78:93:b2:a0:5d:66:84:2b:01:90:7b:5a:56:af:09:
                    40:70:38:c8:5e:c2:b3:8b:cc:79:e6:f5:52:00:64:
                    4d:28:f4:72:50:f2:fb:24:7e:69:25:b9:d1:70:4b:
                    44:b1:6c:04:5f:3e:d9:c9:8c:34:aa:87:36:01:2f:
                    48:2f:ad:f9:43:c2:0c:c7:6a:59:23:d9:b5:ae:2c:
                    c6:f9:48:64:6a:4e:89:48:89:f6:60:90:f5:05:d1:
                    55:d4:93:c5:30:e6:ca:d3:62:2f:fc:80:62:a7:f7:
                    60:5b:1e:19:b4:68:42:eb:58:25:fe:a4:e2:f3:dc:
                    bc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E3:8D:54:1C:03:6C:E4:D5:43:9B:49:D9:37:C0:AB:F0:0B:28:71
            X509v3 Authority Key Identifier:
                keyid:8D:7D:43:B6:FC:B9:66:E8:E1:A6:58:3B:DA:07:25:01:57:AC:31:0F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/jX1Dtvy5Zujhplg72gclAVesMQ8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jX1Dtvy5Zujhplg72gclAVesMQ8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/3423CAAA91A811ED97B3DB55C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.11.224.0/19
                  203.22.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2d:5c:51:29:dd:10:12:54:93:ef:16:ae:41:13:88:a6:3e:ac:
         8d:2f:bb:73:fe:a2:f0:5e:9c:76:86:52:89:dc:1c:52:78:ef:
         19:78:31:be:79:21:85:78:6c:a6:4a:04:c7:ee:aa:1d:29:e7:
         ea:04:36:dc:cc:52:45:52:8e:25:5e:bc:e1:42:c3:9b:53:07:
         4b:30:c6:e9:2f:c1:7f:14:84:17:64:2f:3f:96:c2:7a:65:df:
         8d:c2:37:b2:a3:f5:cc:f8:70:84:54:fe:da:af:02:ee:fa:85:
         c6:5d:f7:8e:4f:ae:b7:1e:94:41:8b:4b:53:af:af:6d:c7:07:
         b6:36:ef:0b:fc:26:50:26:59:0e:4e:44:b4:3a:6d:cb:b5:09:
         53:64:b9:b4:c5:bf:bf:94:1e:b5:ce:95:2a:14:a7:23:79:09:
         4f:85:81:5b:f4:e3:51:1b:6e:ad:49:ac:ad:60:ca:92:43:ff:
         89:f1:8c:df:89:63:44:9f:47:31:bd:1d:d9:6c:71:30:d5:fa:
         71:97:0a:57:4d:d5:cd:16:45:0f:63:38:87:d0:e3:8d:8d:9c:
         5c:82:59:51:e8:76:81:50:85:b1:78:74:09:de:b7:08:d1:df:
         9f:79:e8:13:6d:6e:70:79:d2:7c:53:5e:f4:40:28:e1:f7:67:
         f6:48:9c:c7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAggwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDY0NDQxMTAvBgNVBAUTKDhEN0Q0M0I2RkNCOTY2RThFMUE2NTgzQkRBMDcyNTAx
NTdBQzMxMEYwHhcNMjUxMDAxMDMwMDIyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRjOTk0Ni1iNmY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArRUoqNeUBiOWREcJgjrs9geOVgeH9NUCQ8k8FmPKL0Fc7KY1/31rd5tbHumz
9YkJ0VHTtkVT7QCfbGJi3meJlEMopmGqFpY/TGe6MNHulkItaZoqKtG0Z8daQJJd
SiHVRiwQ2YXq7AZZE1p+nRf7Ae26E/zzMdOoVq5ASQCAZkbpq1w9P2h4k7KgXWaE
KwGQe1pWrwlAcDjIXsKzi8x55vVSAGRNKPRyUPL7JH5pJbnRcEtEsWwEXz7ZyYw0
qoc2AS9IL635Q8IMx2pZI9m1rizG+Uhkak6JSIn2YJD1BdFV1JPFMObK02Iv/IBi
p/dgWx4ZtGhC61gl/qTi89y8WQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFHbjjVQc
A2zk1UObSdk3wKvwCyhxMB8GA1UdIwQYMBaAFI19Q7b8uWbo4aZYO9oHJQFXrDEP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENjQ0NC9EQ0M3NkY3NDkw
QkIxMUVEQjVCNUZGNTdDNEY5QUUwMi9qWDFEdHZ5NVp1amhwbGc3MmdjbEFWZXNN
UTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pYMUR0dnk1WnVqaHBsZzcyZ2NsQVZlc01ROC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDY0NDQvRENDNzZGNzQ5MEJCMTFFREI1QjVGRjU3QzRGOUFFMDIvMzQyM0NBQUE5
MUE4MTFFRDk3QjNEQjU1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAXLC+ADBAXLFiAwDQYJKoZIhvcNAQELBQADggEBAC1cUSnd
EBJUk+8WrkETiKY+rI0vu3P+ovBenHaGUoncHFJ47xl4Mb55IYV4bKZKBMfuqh0p
5+oENtzMUkVSjiVevOFCw5tTB0swxukvwX8UhBdkLz+Wwnpl343CN7Kj9cz4cIRU
/tqvAu76hcZd945PrrcelEGLS1Ovr23HB7Y27wv8JlAmWQ5ORLQ6bcu1CVNkubTF
v7+UHrXOlSoUpyN5CU+FgVv041Ebbq1JrK1gypJD/4nxjN+JY0SfRzG9HdlscTDV
+nGXCldN1c0WRQ9jOIfQ442NnFyCWVHodoFQhbF4dAnetwjR35956BNtbnB50nxT
XvRAKOH3Z/ZInMc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:43:49 2025 by rpki-client