Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/17BB4C20F17E11EAA3CC597BC4F9AE02.roa
File:                     17BB4C20F17E11EAA3CC597BC4F9AE02.roa (raw, json)
Hash identifier:          sb92Yiu1DkaA/Jlw4YPyCeHs7T2hutc7NkpwUwObZxY=
Subject key identifier:   D0:B9:1B:DC:DA:13:83:C0:FC:A9:10:DC:37:70:19:D9:B8:DF:63:72
Certificate issuer:       /CN=A91EB45A/serialNumber=C1422A0C4CFF248D517358EBDF7B4E802BACC0E7
Certificate serial:       34D3
Authority key identifier: C1:42:2A:0C:4C:FF:24:8D:51:73:58:EB:DF:7B:4E:80:2B:AC:C0:E7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wUIqDEz_JI1Rc1jr33tOgCuswOc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/17BB4C20F17E11EAA3CC597BC4F9AE02.roa
Signing time:             Thu 18 Sep 2025 15:21:14 +0000
ROA not before:           Thu 18 Sep 2025 15:21:14 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     45945
IP address blocks:        43.245.124.0/22 maxlen: 22
                          43.245.124.0/24 maxlen: 24
                          43.245.125.0/24 maxlen: 24
                          43.245.126.0/24 maxlen: 24
                          43.245.127.0/24 maxlen: 24
                          103.1.148.0/22 maxlen: 22
                          103.1.148.0/24 maxlen: 24
                          103.1.149.0/24 maxlen: 24
                          103.1.150.0/24 maxlen: 24
                          103.1.151.0/24 maxlen: 24
                          124.150.140.0/22 maxlen: 22
                          124.150.140.0/24 maxlen: 24
                          124.150.141.0/24 maxlen: 24
                          124.150.142.0/24 maxlen: 24
                          124.150.143.0/24 maxlen: 24
                          2401:fd00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/wUIqDEz_JI1Rc1jr33tOgCuswOc.crl
                          rsync://rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/wUIqDEz_JI1Rc1jr33tOgCuswOc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wUIqDEz_JI1Rc1jr33tOgCuswOc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 15:13:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13523 (0x34d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB45A, serialNumber=C1422A0C4CFF248D517358EBDF7B4E802BACC0E7
        Validity
            Not Before: Sep 18 15:21:14 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68cc236a-b71a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9d:11:af:82:8f:a2:aa:41:af:98:da:ce:29:
                    c7:24:2c:17:f2:b5:a6:95:f8:81:9d:b0:e8:a7:12:
                    25:de:14:f8:3c:15:71:4c:f0:de:e2:6b:4d:e6:9c:
                    b6:13:27:62:10:91:2b:11:a9:66:80:3a:46:5a:c9:
                    b8:46:3b:34:2e:5b:3b:4f:7a:d8:53:3a:a3:b4:06:
                    85:bd:24:50:97:0b:d6:05:84:7a:23:71:f2:4a:a6:
                    98:7c:86:3f:af:dc:23:25:5c:49:34:b8:3e:ee:5c:
                    e6:3f:4a:da:cf:12:92:22:cc:15:a3:fe:81:a3:59:
                    ff:7e:50:68:0d:83:f9:b8:65:22:7a:be:d3:e5:3c:
                    23:8e:71:38:34:94:24:1c:25:31:3f:d2:7d:be:3a:
                    4e:cf:c0:d1:fb:8d:ac:8f:ee:7d:8e:5b:52:b6:66:
                    92:be:85:29:b7:aa:39:c1:c7:9e:aa:b5:76:ef:1e:
                    01:e1:fb:64:d5:b7:bd:a2:72:58:b3:7a:68:61:08:
                    6a:5a:5b:71:4f:60:ae:7a:1c:e7:5d:b9:fb:29:85:
                    98:53:20:5b:34:7c:f8:e4:bb:9c:b1:52:b3:77:ca:
                    f0:ad:7a:a4:fc:9f:1b:46:79:71:8b:0b:7b:8c:19:
                    2b:e7:68:d5:a8:11:4d:4f:a5:3e:c9:ac:b6:80:b9:
                    a1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B9:1B:DC:DA:13:83:C0:FC:A9:10:DC:37:70:19:D9:B8:DF:63:72
            X509v3 Authority Key Identifier:
                keyid:C1:42:2A:0C:4C:FF:24:8D:51:73:58:EB:DF:7B:4E:80:2B:AC:C0:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/wUIqDEz_JI1Rc1jr33tOgCuswOc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wUIqDEz_JI1Rc1jr33tOgCuswOc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB45A/1E448A481DA111E29F56079308B02CD2/17BB4C20F17E11EAA3CC597BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.245.124.0/22
                  103.1.148.0/22
                  124.150.140.0/22
                IPv6:
                  2401:fd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:58:72:fd:33:11:6f:07:f1:84:2f:12:f4:e9:22:c2:4a:d5:
         10:d6:13:fc:82:24:cd:fd:4f:c6:ee:00:a4:8b:fd:33:54:55:
         07:a6:2e:af:f4:29:60:ed:08:48:5b:98:73:f5:fa:f5:2e:3f:
         82:6e:b0:5c:c5:cd:83:ef:81:b4:61:6e:b3:fe:e7:7e:d1:95:
         b7:dc:33:94:b5:4f:b7:64:61:f3:62:d9:6f:13:d6:06:74:63:
         05:72:47:7f:f6:7f:42:a5:b0:c3:6a:9d:ef:db:7b:3e:e3:47:
         45:ca:83:5d:87:7f:ea:5b:e2:f1:54:4b:7b:49:06:69:71:0f:
         cd:ef:4a:b0:15:25:76:7f:a2:16:40:9c:8c:de:57:97:cf:c4:
         f0:44:79:dc:2e:85:af:ed:78:d3:19:b1:5a:55:62:39:61:a3:
         82:89:2f:da:5d:14:5e:32:54:d2:64:96:aa:cb:d5:d6:15:c8:
         3a:d8:cc:e2:82:a8:f4:17:c0:02:16:e0:57:30:4a:7e:90:48:
         a1:20:cc:d9:7d:20:69:43:a4:34:fb:8f:54:92:93:29:38:c3:
         07:ec:8d:e8:e6:d9:a7:c3:85:ec:a7:20:4f:c4:8e:49:67:41:
         7a:50:25:77:78:1a:d9:21:04:ca:98:42:37:e3:18:9e:50:f5:
         3a:c4:70:1d
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICNNMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUI0NUExMTAvBgNVBAUTKEMxNDIyQTBDNENGRjI0OEQ1MTczNThFQkRGN0I0RTgw
MkJBQ0MwRTcwHhcNMjUwOTE4MTUyMTE0WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNjMjM2YS1iNzFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArp0Rr4KPoqpBr5jazinHJCwX8rWmlfiBnbDopxIl3hT4PBVxTPDe4mtN5py2
EydiEJErEalmgDpGWsm4Rjs0Lls7T3rYUzqjtAaFvSRQlwvWBYR6I3HySqaYfIY/
r9wjJVxJNLg+7lzmP0razxKSIswVo/6Bo1n/flBoDYP5uGUier7T5TwjjnE4NJQk
HCUxP9J9vjpOz8DR+42sj+59jltStmaSvoUpt6o5wceeqrV27x4B4ftk1be9onJY
s3poYQhqWltxT2CuehznXbn7KYWYUyBbNHz45LucsVKzd8rwrXqk/J8bRnlxiwt7
jBkr52jVqBFNT6U+yay2gLmhjwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFNC5G9za
E4PA/KkQ3DdwGdm432NyMB8GA1UdIwQYMBaAFMFCKgxM/ySNUXNY6997ToArrMDn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjQ1QS8xRTQ0OEE0ODFE
QTExMUUyOUY1NjA3OTMwOEIwMkNEMi93VUlxREV6X0pJMVJjMWpyMzN0T2dDdXN3
T2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dVSXFERXpfSkkxUmMxanIzM3RPZ0N1c3dPYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUI0NUEvMUU0NDhBNDgxREExMTFFMjlGNTYwNzkzMDhCMDJDRDIvMTdCQjRDMjBG
MTdFMTFFQUEzQ0M1OTdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIr9XwDBAJnAZQDBAJ8lowwDQQCAAIwBwMFACQB/QAwDQYJ
KoZIhvcNAQELBQADggEBAJtYcv0zEW8H8YQvEvTpIsJK1RDWE/yCJM39T8buAKSL
/TNUVQemLq/0KWDtCEhbmHP1+vUuP4JusFzFzYPvgbRhbrP+537RlbfcM5S1T7dk
YfNi2W8T1gZ0YwVyR3/2f0KlsMNqne/bez7jR0XKg12Hf+pb4vFUS3tJBmlxD83v
SrAVJXZ/ohZAnIzeV5fPxPBEedwuha/teNMZsVpVYjlho4KJL9pdFF4yVNJklqrL
1dYVyDrYzOKCqPQXwAIW4FcwSn6QSKEgzNl9IGlDpDT7j1SSkyk4wwfsjejm2afD
heynIE/EjklnQXpQJXd4GtkhBMqYQjfjGJ5Q9TrEcB0=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:58:58 2025 by rpki-client