Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/CEA08B0A7B7411F0B30B5E4FC4F9AE02.roa
File:                     CEA08B0A7B7411F0B30B5E4FC4F9AE02.roa (raw, json)
Hash identifier:          C44/AtE3Ze2iBhnia/62NjBLNjDmkSHhne0xCs9WJQ8=
Subject key identifier:   0B:5F:95:A8:FF:EC:C9:03:23:F7:B3:BF:48:10:A3:B7:3A:4D:9D:F0
Certificate issuer:       /CN=A91E8AF2/serialNumber=7CD958A007F4F0E56E4A8D24576688622BAB7221
Certificate serial:       0177
Authority key identifier: 7C:D9:58:A0:07:F4:F0:E5:6E:4A:8D:24:57:66:88:62:2B:AB:72:21
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fNlYoAf08OVuSo0kV2aIYiurciE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/CEA08B0A7B7411F0B30B5E4FC4F9AE02.roa
Signing time:             Wed 15 Oct 2025 07:01:37 +0000
ROA not before:           Wed 15 Oct 2025 07:01:37 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     151984
IP address blocks:        103.252.120.0/23 maxlen: 23
                          103.252.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/fNlYoAf08OVuSo0kV2aIYiurciE.crl
                          rsync://rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/fNlYoAf08OVuSo0kV2aIYiurciE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fNlYoAf08OVuSo0kV2aIYiurciE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 06:35:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 375 (0x177)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E8AF2, serialNumber=7CD958A007F4F0E56E4A8D24576688622BAB7221
        Validity
            Not Before: Oct 15 07:01:37 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68ef46d1-c332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:95:d8:a1:51:68:5a:08:c4:82:1e:ea:13:b4:
                    5c:8b:5a:0c:f0:4e:03:38:50:b8:a4:d5:bb:5d:71:
                    ad:93:85:26:38:af:0b:6e:9a:99:37:37:18:28:e1:
                    4c:08:5b:e9:b1:9e:00:41:a4:2c:9b:fb:ae:9f:c0:
                    f4:02:55:20:e8:9a:13:1f:cf:81:8d:94:29:17:48:
                    3f:95:70:c4:26:09:b0:75:fd:32:31:04:77:0b:e1:
                    7b:8d:f4:36:1d:f9:8b:05:b8:be:cc:26:05:46:58:
                    d7:d5:46:ff:8a:ec:da:a3:af:ea:7c:c8:ad:e8:e9:
                    27:fa:f7:15:66:3d:3e:4f:db:19:02:16:f3:3c:cc:
                    1b:3a:98:66:cc:de:a5:89:5a:00:56:d8:b8:81:06:
                    61:08:63:97:08:a4:77:d2:0e:83:74:76:7b:2a:c1:
                    cf:a6:02:e2:5f:cc:7b:e5:e2:14:a5:5d:c5:04:ad:
                    47:15:c2:75:63:16:3d:6d:64:75:66:f4:56:cc:e7:
                    fc:92:91:b0:7f:ab:00:bd:d6:e5:c8:b2:07:05:d6:
                    05:ad:ab:5b:b9:1d:85:e9:1b:8f:49:58:fa:58:34:
                    71:c9:d0:51:a1:7e:74:ce:b3:a1:eb:8a:1e:9a:2f:
                    77:86:aa:bd:ee:34:3c:c8:2f:9e:49:b0:5a:aa:85:
                    2c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:5F:95:A8:FF:EC:C9:03:23:F7:B3:BF:48:10:A3:B7:3A:4D:9D:F0
            X509v3 Authority Key Identifier:
                keyid:7C:D9:58:A0:07:F4:F0:E5:6E:4A:8D:24:57:66:88:62:2B:AB:72:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/fNlYoAf08OVuSo0kV2aIYiurciE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fNlYoAf08OVuSo0kV2aIYiurciE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E8AF2/5732C838844C11EEB1F2CA29C4F9AE02/CEA08B0A7B7411F0B30B5E4FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.252.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:43:06:d1:22:3d:32:90:3d:bf:a5:00:4b:58:52:dd:d2:29:
         f7:34:33:8c:d5:40:c9:d0:d3:f5:68:30:ab:44:d8:33:dc:e4:
         90:52:ae:35:8b:59:e5:df:57:fa:4f:17:53:83:3a:ef:48:e1:
         f7:9d:9d:1e:e7:a9:a6:06:3e:d0:41:59:af:94:2a:4f:b0:bc:
         2c:97:b3:e2:ce:cb:9e:14:c4:e2:0f:fa:1e:f8:00:ca:bf:93:
         36:af:fb:7f:65:7d:de:dc:2a:65:be:49:e9:0a:1a:a9:0b:8d:
         e4:48:98:92:59:12:6a:77:20:16:8a:48:e1:c0:fa:63:ec:d1:
         17:ab:ef:e9:e4:52:57:dd:95:18:1d:2e:5c:3f:c1:26:74:e1:
         fd:ae:a6:59:f6:c8:f0:ab:46:7f:e3:7a:13:6c:07:7d:f9:0a:
         d1:91:db:55:08:59:05:8b:a5:36:7a:08:87:3c:55:d3:65:a3:
         15:9c:ef:cd:67:dc:af:f6:da:d0:0c:0b:c2:2c:75:d1:21:48:
         94:f2:f4:65:af:d4:3c:94:16:c5:54:69:4b:25:5f:2f:b0:df:
         af:be:01:62:52:c2:f4:ba:bc:d8:40:26:09:0d:83:11:4e:5c:
         eb:43:91:c1:e8:bb:9b:b9:c9:76:aa:65:8a:55:0b:8c:07:70:
         81:95:3e:a7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAXcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RThBRjIxMTAvBgNVBAUTKDdDRDk1OEEwMDdGNEYwRTU2RTRBOEQyNDU3NjY4ODYy
MkJBQjcyMjEwHhcNMjUxMDE1MDcwMTM3WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVmNDZkMS1jMzMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwZXYoVFoWgjEgh7qE7Rci1oM8E4DOFC4pNW7XXGtk4UmOK8LbpqZNzcYKOFM
CFvpsZ4AQaQsm/uun8D0AlUg6JoTH8+BjZQpF0g/lXDEJgmwdf0yMQR3C+F7jfQ2
HfmLBbi+zCYFRljX1Ub/iuzao6/qfMit6Okn+vcVZj0+T9sZAhbzPMwbOphmzN6l
iVoAVti4gQZhCGOXCKR30g6DdHZ7KsHPpgLiX8x75eIUpV3FBK1HFcJ1YxY9bWR1
ZvRWzOf8kpGwf6sAvdblyLIHBdYFratbuR2F6RuPSVj6WDRxydBRoX50zrOh64oe
mi93hqq97jQ8yC+eSbBaqoUsCwIDAQABo4IClTCCApEwHQYDVR0OBBYEFAtflaj/
7MkDI/ezv0gQo7c6TZ3wMB8GA1UdIwQYMBaAFHzZWKAH9PDlbkqNJFdmiGIrq3Ih
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFOEFGMi81NzMyQzgzODg0
NEMxMUVFQjFGMkNBMjlDNEY5QUUwMi9mTmxZb0FmMDhPVnVTbzBrVjJhSVlpdXJj
aUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZObFlvQWYwOE9WdVNvMGtWMmFJWWl1cmNpRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RThBRjIvNTczMkM4Mzg4NDRDMTFFRUIxRjJDQTI5QzRGOUFFMDIvQ0VBMDhCMEE3
Qjc0MTFGMEIzMEI1RTRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFn/HgwDQYJKoZIhvcNAQELBQADggEBAHZDBtEiPTKQPb+l
AEtYUt3SKfc0M4zVQMnQ0/VoMKtE2DPc5JBSrjWLWeXfV/pPF1ODOu9I4fednR7n
qaYGPtBBWa+UKk+wvCyXs+LOy54UxOIP+h74AMq/kzav+39lfd7cKmW+SekKGqkL
jeRImJJZEmp3IBaKSOHA+mPs0Rer7+nkUlfdlRgdLlw/wSZ04f2upln2yPCrRn/j
ehNsB335CtGR21UIWQWLpTZ6CIc8VdNloxWc781n3K/22tAMC8IsddEhSJTy9GWv
1DyUFsVUaUslXy+w36++AWJSwvS6vNhAJgkNgxFOXOtDkcHou5u5yXaqZYpVC4wH
cIGVPqc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:40:18 2025 by rpki-client