Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/E24736EC9D9011EC89314083C4F9AE02.roa
File:                     E24736EC9D9011EC89314083C4F9AE02.roa (raw, json)
Hash identifier:          PfaBGPnkUgsWEXBDryvUqr89XZWDUPWxeZUL3rzB4xI=
Subject key identifier:   63:96:7B:4F:C6:FE:2E:96:B1:9C:4D:1D:A7:44:2A:0C:83:23:4E:BA
Certificate issuer:       /CN=A91E4EF7/serialNumber=AAB524E595A530E12C13AA211C2EF26B69DD9C9B
Certificate serial:       1B69
Authority key identifier: AA:B5:24:E5:95:A5:30:E1:2C:13:AA:21:1C:2E:F2:6B:69:DD:9C:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/E24736EC9D9011EC89314083C4F9AE02.roa
Signing time:             Fri 10 Oct 2025 17:14:50 +0000
ROA not before:           Fri 10 Oct 2025 17:14:50 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     133326
IP address blocks:        103.38.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.crl
                          rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 16:34:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7017 (0x1b69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4EF7, serialNumber=AAB524E595A530E12C13AA211C2EF26B69DD9C9B
        Validity
            Not Before: Oct 10 17:14:50 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68e93f0a-30e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3d:ce:98:7d:c1:94:c3:b4:c3:71:18:aa:fc:
                    82:18:0f:c9:19:b4:ab:59:ce:6f:0e:5a:2a:3c:df:
                    19:e9:e2:60:df:2b:35:c5:96:31:4e:b3:43:37:ae:
                    9b:97:64:5b:c9:c7:99:27:c2:8e:2c:65:73:79:0c:
                    5c:a4:fe:7f:67:e1:58:b6:eb:db:8c:4e:20:a9:19:
                    3c:d1:fa:aa:55:ab:97:d6:b0:40:91:a9:f7:81:d1:
                    6a:7f:2c:a0:42:ab:70:a0:b1:e3:c5:d5:97:d7:a9:
                    8a:16:ac:f3:18:d5:5c:4d:f2:75:8f:0a:ce:35:36:
                    6a:b2:d8:9f:42:08:89:1c:64:de:76:26:e7:ee:98:
                    96:f7:68:a7:5b:d7:c0:a3:a9:2c:d0:ba:27:c3:db:
                    8e:df:ee:22:12:ea:ef:df:41:bc:66:93:c7:cc:c9:
                    0b:c5:e3:06:31:31:71:f2:b0:d2:9f:b0:74:b4:36:
                    8c:58:a8:35:81:de:91:c7:60:45:26:f2:26:50:f9:
                    4e:d6:d0:2c:23:8d:da:1c:21:21:90:43:52:b4:90:
                    94:e3:06:2a:b1:14:1c:34:d6:98:e4:2f:c9:b3:d1:
                    bb:ce:5e:d5:e9:e4:43:06:0b:55:d0:15:12:27:12:
                    33:ee:77:73:64:8f:74:5f:c4:96:8c:53:88:83:fd:
                    1a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:96:7B:4F:C6:FE:2E:96:B1:9C:4D:1D:A7:44:2A:0C:83:23:4E:BA
            X509v3 Authority Key Identifier:
                keyid:AA:B5:24:E5:95:A5:30:E1:2C:13:AA:21:1C:2E:F2:6B:69:DD:9C:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/E24736EC9D9011EC89314083C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.38.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:5c:a2:59:7b:f4:75:ff:a5:0b:a5:44:98:6d:17:62:31:2b:
         5e:de:fb:6f:5b:3d:19:05:dc:fe:b3:c3:0d:a4:6d:10:67:72:
         d8:1f:13:fc:f3:41:51:f7:bd:76:30:b1:bf:65:71:08:20:0c:
         48:ac:7f:69:4b:9a:ed:14:67:fb:1f:58:e4:7d:33:95:54:7a:
         c4:70:2d:8d:c6:62:c0:cd:c3:df:b6:e5:7c:a3:66:03:1c:36:
         7f:b7:90:60:0d:a0:c1:4d:90:e2:28:54:95:fe:38:74:ca:e5:
         18:2c:d8:47:0c:2c:18:73:04:f9:03:a5:91:1b:d5:60:97:d1:
         c8:56:f3:cc:7a:e5:74:ec:9d:76:4d:4d:72:0f:e9:af:4d:f5:
         be:75:88:39:df:2a:6c:0d:15:4b:7e:3d:3b:88:ed:b6:1e:80:
         98:9d:24:49:22:74:4a:39:e5:ab:79:64:cb:91:c6:50:00:44:
         10:50:31:2c:f8:d9:df:9d:0c:8c:82:20:4e:ff:14:37:5d:76:
         79:37:68:3a:1a:d8:30:33:08:81:19:fd:e8:76:b1:9b:34:51:
         3c:cd:3d:7a:b6:92:48:c4:25:a2:d0:ab:0f:7f:91:0f:32:13:
         80:54:b1:91:ba:d3:81:db:ef:06:95:00:7b:87:79:0b:db:db:
         bb:aa:c6:75
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICG2kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRFRjcxMTAvBgNVBAUTKEFBQjUyNEU1OTVBNTMwRTEyQzEzQUEyMTFDMkVGMjZC
NjlERDlDOUIwHhcNMjUxMDEwMTcxNDUwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU5M2YwYS0zMGUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5j3OmH3BlMO0w3EYqvyCGA/JGbSrWc5vDloqPN8Z6eJg3ys1xZYxTrNDN66b
l2RbyceZJ8KOLGVzeQxcpP5/Z+FYtuvbjE4gqRk80fqqVauX1rBAkan3gdFqfyyg
QqtwoLHjxdWX16mKFqzzGNVcTfJ1jwrONTZqstifQgiJHGTedibn7piW92inW9fA
o6ks0Lonw9uO3+4iEurv30G8ZpPHzMkLxeMGMTFx8rDSn7B0tDaMWKg1gd6Rx2BF
JvImUPlO1tAsI43aHCEhkENStJCU4wYqsRQcNNaY5C/Js9G7zl7V6eRDBgtV0BUS
JxIz7ndzZI90X8SWjFOIg/0aqwIDAQABo4IClTCCApEwHQYDVR0OBBYEFGOWe0/G
/i6WsZxNHadEKgyDI066MB8GA1UdIwQYMBaAFKq1JOWVpTDhLBOqIRwu8mtp3Zyb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEVGNy9DNDZGRDc3NDFC
OEYxMUU3QUM0QzcyMjlDNEY5QUUwMi9xclVrNVpXbE1PRXNFNm9oSEM3eWEybmRu
SnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FyVWs1WldsTU9Fc0U2b2hIQzd5YTJuZG5Kcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRFRjcvQzQ2RkQ3NzQxQjhGMTFFN0FDNEM3MjI5QzRGOUFFMDIvRTI0NzM2RUM5
RDkwMTFFQzg5MzE0MDgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnJngwDQYJKoZIhvcNAQELBQADggEBAAlcoll79HX/pQul
RJhtF2IxK17e+29bPRkF3P6zww2kbRBnctgfE/zzQVH3vXYwsb9lcQggDEisf2lL
mu0UZ/sfWOR9M5VUesRwLY3GYsDNw9+25XyjZgMcNn+3kGANoMFNkOIoVJX+OHTK
5Rgs2EcMLBhzBPkDpZEb1WCX0chW88x65XTsnXZNTXIP6a9N9b51iDnfKmwNFUt+
PTuI7bYegJidJEkidEo55at5ZMuRxlAARBBQMSz42d+dDIyCIE7/FDdddnk3aDoa
2DAzCIEZ/eh2sZs0UTzNPXq2kkjEJaLQqw9/kQ8yE4BUsZG604Hb7waVAHuHeQvb
27uqxnU=
-----END CERTIFICATE-----
Generated at Tue Oct 21 00:12:46 2025 by rpki-client