Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
File:                     3003C4BA7C7711EEB9E0BE15C4F9AE02.roa (raw, json)
Hash identifier:          vtLAm7IVt53zIg8Nc5apkEjvAOJhd3yNQjgM+aQMRxs=
Subject key identifier:   4F:0C:44:23:2A:93:73:E8:D0:CD:C1:C8:54:FE:FA:2D:9D:F0:C9:7D
Certificate issuer:       /CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Certificate serial:       05CF
Authority key identifier: C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
Signing time:             Wed 18 Jun 2025 18:54:52 +0000
ROA not before:           Wed 18 Jun 2025 18:54:52 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     13150
IP address blocks:        103.203.220.0/24 maxlen: 24
                          103.203.221.0/24 maxlen: 24
                          103.203.222.0/24 maxlen: 24
                          103.203.223.0/24 maxlen: 24
                          113.30.128.0/24 maxlen: 24
                          123.253.152.0/24 maxlen: 24
                          123.253.153.0/24 maxlen: 24
                          123.253.154.0/24 maxlen: 24
                          123.253.155.0/24 maxlen: 24
                          150.195.208.0/24 maxlen: 24
                          150.195.209.0/24 maxlen: 24
                          150.195.210.0/24 maxlen: 24
                          150.195.211.0/24 maxlen: 24
                          150.195.212.0/24 maxlen: 24
                          150.195.214.0/24 maxlen: 24
                          150.195.217.0/24 maxlen: 24
                          150.195.218.0/24 maxlen: 24
                          150.195.219.0/24 maxlen: 24
                          150.195.220.0/24 maxlen: 24
                          150.195.221.0/24 maxlen: 24
                          150.195.222.0/24 maxlen: 24
                          150.195.223.0/24 maxlen: 24
                          202.75.242.0/24 maxlen: 24
                          202.75.243.0/24 maxlen: 24
                          202.75.244.0/24 maxlen: 24
                          202.75.246.0/24 maxlen: 24
                          202.75.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
                          rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Jul 2025 23:30:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1487 (0x5cf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4D3D, serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
        Validity
            Not Before: Jun 18 18:54:52 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=68530b7c-5310
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:78:cc:04:8b:65:65:a6:11:e1:8a:5c:8b:51:
                    7b:1c:ea:6a:d5:4d:9e:3d:77:26:a0:94:72:31:38:
                    8d:93:2e:f9:e4:22:68:76:96:4e:65:d7:58:7a:3f:
                    f5:f9:9e:50:a5:58:d4:97:c0:c5:0c:5c:ca:d3:f7:
                    4d:ec:cf:76:24:7a:dc:b7:28:68:de:2d:ca:88:73:
                    81:1b:6e:33:09:33:45:1f:f2:e3:21:08:90:4b:2b:
                    05:87:67:4c:fa:0e:f1:3a:06:0b:4c:f2:93:f4:86:
                    03:ad:28:6a:7f:e5:df:5c:66:17:8d:d9:5f:8a:32:
                    11:04:55:77:fd:64:e6:37:e8:a0:33:b9:7c:26:eb:
                    65:67:8c:82:35:b5:80:72:61:6b:70:7e:47:48:c7:
                    ed:21:84:6a:94:b8:06:c8:a4:36:cc:27:0c:88:a2:
                    0f:27:06:22:02:e8:6f:47:8d:b9:bc:87:02:8b:e4:
                    3b:1a:68:92:72:ff:06:ec:d3:1b:2c:1c:f6:d7:7a:
                    5a:37:ea:f1:92:03:87:58:e2:d1:d5:80:3e:e6:20:
                    ff:9f:dc:e7:98:ff:23:4d:26:9f:44:89:0d:91:fb:
                    77:ec:e4:ba:2f:0e:f9:fd:38:77:c2:36:6d:18:e5:
                    11:c3:2d:ae:73:3f:b3:bb:81:93:13:4d:ad:6c:f7:
                    8f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0C:44:23:2A:93:73:E8:D0:CD:C1:C8:54:FE:FA:2D:9D:F0:C9:7D
            X509v3 Authority Key Identifier:
                keyid:C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.203.220.0/22
                  113.30.128.0/24
                  123.253.152.0/22
                  150.195.208.0-150.195.212.255
                  150.195.214.0/24
                  150.195.217.0-150.195.223.255
                  202.75.242.0-202.75.244.255
                  202.75.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:08:e8:de:7f:26:52:ea:5f:4d:d7:3c:df:1d:8a:ba:fe:0b:
         78:c7:3e:e6:73:f7:a7:7e:2a:a0:cb:b9:41:9e:43:46:16:ca:
         0b:ff:41:40:48:c9:46:d3:db:5d:86:a8:13:d8:aa:15:ed:53:
         1b:78:aa:ec:3a:13:c0:93:f5:86:4e:a7:0b:1a:d3:c9:94:0d:
         c1:7b:f5:2b:c8:78:be:c7:4e:2a:2f:ee:49:3f:0f:40:1a:88:
         c4:5d:c6:42:0b:ce:d8:0a:d8:b1:2c:a4:ec:0f:ef:36:7c:d0:
         72:17:f8:1d:ed:f0:c4:f2:21:3f:ef:33:cc:83:5a:a6:b1:ad:
         29:62:b1:cb:d5:55:5f:21:43:74:66:74:19:8e:f6:04:e1:ac:
         1f:87:72:c8:77:ab:2f:f7:f3:0e:cb:27:7c:f1:70:16:9e:87:
         06:cc:f5:04:29:e6:55:7e:10:98:4c:59:fa:d4:a6:81:0e:46:
         16:04:72:f0:6b:1f:13:95:b9:04:a2:57:0f:b0:90:50:9c:0c:
         4a:34:aa:1a:cc:d4:a6:ca:6d:7b:95:04:c4:b2:13:41:2b:df:
         a5:e8:5d:a2:91:26:62:03:ba:35:ec:37:98:53:50:99:53:27:
         f1:0c:55:ef:26:10:a4:ec:36:6d:a8:59:ca:1e:47:4a:3d:5d:
         22:db:fd:15
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgICBc8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTREM0QxMTAvBgNVBAUTKEM4MDcwRkQwNjFBODUxRkY4QUVERTBERTBDMzYwN0VF
Qjk4RkY3MDEwHhcNMjUwNjE4MTg1NDUyWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODUzMGI3Yy01MzEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuHjMBItlZaYR4Ypci1F7HOpq1U2ePXcmoJRyMTiNky755CJodpZOZddYej/1
+Z5QpVjUl8DFDFzK0/dN7M92JHrctyho3i3KiHOBG24zCTNFH/LjIQiQSysFh2dM
+g7xOgYLTPKT9IYDrShqf+XfXGYXjdlfijIRBFV3/WTmN+igM7l8JutlZ4yCNbWA
cmFrcH5HSMftIYRqlLgGyKQ2zCcMiKIPJwYiAuhvR425vIcCi+Q7GmiScv8G7NMb
LBz213paN+rxkgOHWOLR1YA+5iD/n9znmP8jTSafRIkNkft37OS6Lw75/Th3wjZt
GOURwy2ucz+zu4GTE02tbPePPQIDAQABo4IC1zCCAtMwHQYDVR0OBBYEFE8MRCMq
k3Po0M3ByFT++i2d8Ml9MB8GA1UdIwQYMBaAFMgHD9BhqFH/iu3g3gw2B+65j/cB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEQzRC9CMDIwMkQzMkQ4
QjkxMUVCQUJDMUY0ODVDNEY5QUUwMi95QWNQMEdHb1VmLUs3ZURlRERZSDdybVA5
d0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lBY1AwR0dvVWYtSzdlRGVERFlIN3JtUDl3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTREM0QvQjAyMDJEMzJEOEI5MTFFQkFCQzFGNDg1QzRGOUFFMDIvMzAwM0M0QkE3
Qzc3MTFFRUI5RTBCRTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYQYIKwYBBQUHAQcBAf8E
UjBQME4EAgABMEgDBAJny9wDBABxHoADBAJ7/ZgwDAMEBJbD0AMEAJbD1AMEAJbD
1jAMAwQAlsPZAwQFlsPAMAwDBAHKS/IDBADKS/QDBAHKS/YwDQYJKoZIhvcNAQEL
BQADggEBAFII6N5/JlLqX03XPN8dirr+C3jHPuZz96d+KqDLuUGeQ0YWygv/QUBI
yUbT212GqBPYqhXtUxt4quw6E8CT9YZOpwsa08mUDcF79SvIeL7HTiov7kk/D0Aa
iMRdxkILztgK2LEspOwP7zZ80HIX+B3t8MTyIT/vM8yDWqaxrSliscvVVV8hQ3Rm
dBmO9gThrB+Hcsh3qy/38w7LJ3zxcBaehwbM9QQp5lV+EJhMWfrUpoEORhYEcvBr
HxOVuQSiVw+wkFCcDEo0qhrM1KbKbXuVBMSyE0Er36XoXaKRJmIDujXsN5hTUJlT
J/EMVe8mEKTsNm2oWcoeR0o9XSLb/RU=
-----END CERTIFICATE-----
Generated at Thu Jul 3 07:57:15 2025 by rpki-client