Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/457D2B5A28DC11ED839D6243C4F9AE02.roa
File:                     457D2B5A28DC11ED839D6243C4F9AE02.roa (raw, json)
Hash identifier:          LDUnyOdS9OamILyV+DlZlg+xzQGvjMOiRA/W3kxK9fM=
Subject key identifier:   71:9E:1F:3D:93:4A:B4:DA:D8:42:63:57:64:BF:AB:29:4A:23:B9:22
Certificate issuer:       /CN=A91E2A61/serialNumber=2B517C6B79E3CEB0389D41ABC5ECE2107FEC53FB
Certificate serial:       0400
Authority key identifier: 2B:51:7C:6B:79:E3:CE:B0:38:9D:41:AB:C5:EC:E2:10:7F:EC:53:FB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K1F8a3njzrA4nUGrxeziEH_sU_s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/457D2B5A28DC11ED839D6243C4F9AE02.roa
Signing time:             Wed 15 Oct 2025 02:56:13 +0000
ROA not before:           Wed 15 Oct 2025 02:56:13 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     133861
IP address blocks:        43.255.28.0/24 maxlen: 24
                          43.255.29.0/24 maxlen: 24
                          43.255.30.0/24 maxlen: 24
                          43.255.31.0/24 maxlen: 24
                          103.74.192.0/24 maxlen: 24
                          103.74.193.0/24 maxlen: 24
                          103.74.194.0/24 maxlen: 24
                          103.74.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/K1F8a3njzrA4nUGrxeziEH_sU_s.crl
                          rsync://rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/K1F8a3njzrA4nUGrxeziEH_sU_s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K1F8a3njzrA4nUGrxeziEH_sU_s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 02:26:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1024 (0x400)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E2A61, serialNumber=2B517C6B79E3CEB0389D41ABC5ECE2107FEC53FB
        Validity
            Not Before: Oct 15 02:56:13 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68ef0d4d-32fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0b:6c:87:4f:ae:24:64:f3:b9:b2:46:a6:bb:
                    69:33:2f:47:cb:db:fd:63:44:6e:8b:63:b5:2c:e1:
                    9b:6f:d3:a3:a3:e6:c8:4e:93:dd:35:4d:93:c0:73:
                    05:ce:9b:34:fd:cd:c1:4d:93:87:c6:a0:31:28:b8:
                    6a:9b:25:a9:72:a0:df:cd:89:b2:27:01:b7:71:b9:
                    93:37:82:42:89:53:4e:ee:36:62:bc:3c:66:ae:2a:
                    58:ea:ff:7e:a8:ec:eb:c8:42:48:4a:56:59:50:f7:
                    72:a9:40:38:e1:60:00:9e:60:0c:95:25:d6:a6:44:
                    54:ce:82:78:3f:17:d8:03:28:82:dc:21:f7:50:80:
                    90:f7:88:7d:96:95:cb:8f:10:98:bf:42:94:a4:7b:
                    eb:cc:b9:5f:19:c9:1c:d4:52:1a:c2:b1:20:9f:89:
                    1f:4c:4a:2a:4a:2e:28:39:1f:a3:4a:15:4c:4e:62:
                    28:e3:f6:06:51:16:0f:93:aa:35:5f:11:f4:2d:a9:
                    76:2a:27:6a:ff:f3:44:62:40:35:a3:2c:24:41:4d:
                    ab:f8:0e:98:fd:51:05:cb:22:34:b9:04:7f:9b:e0:
                    df:2d:af:fb:f5:9d:55:42:f8:0d:c7:8e:41:64:f2:
                    9b:1f:9f:2b:a1:09:16:a0:d0:10:03:fb:4f:13:a7:
                    bd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9E:1F:3D:93:4A:B4:DA:D8:42:63:57:64:BF:AB:29:4A:23:B9:22
            X509v3 Authority Key Identifier:
                keyid:2B:51:7C:6B:79:E3:CE:B0:38:9D:41:AB:C5:EC:E2:10:7F:EC:53:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/K1F8a3njzrA4nUGrxeziEH_sU_s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K1F8a3njzrA4nUGrxeziEH_sU_s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E2A61/EDC08FE6960B11ECBBE4BE64C4F9AE02/457D2B5A28DC11ED839D6243C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.28.0/22
                  103.74.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:5e:d5:ab:81:9b:20:58:e9:55:3a:ac:c0:c8:c3:9c:d9:0c:
         52:16:1d:1f:5a:6a:ad:66:c8:71:17:2c:09:1d:47:cc:b4:95:
         43:61:a7:0b:db:e7:bb:32:5b:a1:93:20:43:ad:c0:9b:a6:ab:
         2d:49:a2:c8:70:ff:76:57:42:f8:31:af:77:43:08:d6:ad:24:
         7e:51:c2:1f:9a:bb:df:33:63:eb:4d:75:fc:9e:07:73:05:14:
         ed:35:2f:61:12:24:73:b0:ad:db:b0:d6:53:22:58:a3:0c:b7:
         d2:dc:83:52:f1:72:df:d2:fb:e9:8f:07:5e:b3:6c:29:20:e0:
         97:06:04:47:5d:f1:00:1e:17:99:8e:ea:22:71:d8:ac:36:3a:
         c3:d3:a8:f6:ba:56:6b:ea:4a:bf:32:02:af:fc:cd:02:d0:4a:
         9b:b7:da:e6:ba:e3:cc:ee:51:6c:82:b2:f9:f5:67:e1:45:64:
         e9:7b:a9:1f:ef:01:d0:70:26:eb:5c:00:49:96:09:ee:3f:79:
         1d:c4:e6:d7:4f:5c:c5:7b:9b:e9:5a:f4:80:53:a1:ce:9e:6f:
         01:61:6f:7d:52:d3:ea:d7:df:78:ae:38:96:19:54:ec:1c:6f:
         cc:b5:e3:bc:2b:0e:e4:4b:2c:60:18:a3:5c:ae:48:53:ab:34:
         b2:02:3c:60
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBAAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTJBNjExMTAvBgNVBAUTKDJCNTE3QzZCNzlFM0NFQjAzODlENDFBQkM1RUNFMjEw
N0ZFQzUzRkIwHhcNMjUxMDE1MDI1NjEzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVmMGQ0ZC0zMmZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAogtsh0+uJGTzubJGprtpMy9Hy9v9Y0Rui2O1LOGbb9Ojo+bITpPdNU2TwHMF
zps0/c3BTZOHxqAxKLhqmyWpcqDfzYmyJwG3cbmTN4JCiVNO7jZivDxmripY6v9+
qOzryEJISlZZUPdyqUA44WAAnmAMlSXWpkRUzoJ4PxfYAyiC3CH3UICQ94h9lpXL
jxCYv0KUpHvrzLlfGckc1FIawrEgn4kfTEoqSi4oOR+jShVMTmIo4/YGURYPk6o1
XxH0Lal2Kidq//NEYkA1oywkQU2r+A6Y/VEFyyI0uQR/m+DfLa/79Z1VQvgNx45B
ZPKbH58roQkWoNAQA/tPE6e9JQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFHGeHz2T
SrTa2EJjV2S/qylKI7kiMB8GA1UdIwQYMBaAFCtRfGt5486wOJ1Bq8Xs4hB/7FP7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMkE2MS9FREMwOEZFNjk2
MEIxMUVDQkJFNEJFNjRDNEY5QUUwMi9LMUY4YTNuanpyQTRuVUdyeGV6aUVIX3NV
X3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0sxRjhhM25qenJBNG5VR3J4ZXppRUhfc1Vfcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTJBNjEvRURDMDhGRTY5NjBCMTFFQ0JCRTRCRTY0QzRGOUFFMDIvNDU3RDJCNUEy
OERDMTFFRDgzOUQ2MjQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr/xwDBAJnSsAwDQYJKoZIhvcNAQELBQADggEBAJ9e1auB
myBY6VU6rMDIw5zZDFIWHR9aaq1myHEXLAkdR8y0lUNhpwvb57syW6GTIEOtwJum
qy1Joshw/3ZXQvgxr3dDCNatJH5Rwh+au98zY+tNdfyeB3MFFO01L2ESJHOwrduw
1lMiWKMMt9Lcg1Lxct/S++mPB16zbCkg4JcGBEdd8QAeF5mO6iJx2Kw2OsPTqPa6
VmvqSr8yAq/8zQLQSpu32ua648zuUWyCsvn1Z+FFZOl7qR/vAdBwJutcAEmWCe4/
eR3E5tdPXMV7m+la9IBToc6ebwFhb31S0+rX33iuOJYZVOwcb8y147wrDuRLLGAY
o1yuSFOrNLICPGA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:36:08 2025 by rpki-client