Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/9C7048DC621711E9B8C69E15C4F9AE02.roa
File:                     9C7048DC621711E9B8C69E15C4F9AE02.roa (raw, json)
Hash identifier:          xRGejBtSvmSQiXiFTmSi8Viq6cXlkkmhK13khjlMJ6A=
Subject key identifier:   FF:54:F0:E1:DA:8A:F0:C7:0E:26:1F:29:9B:16:F6:BB:CF:80:F7:C2
Certificate issuer:       /CN=A91EC7F2/serialNumber=83BD47ADE302259C758C74C830B29E6F3A5773DB
Certificate serial:       1222
Authority key identifier: 83:BD:47:AD:E3:02:25:9C:75:8C:74:C8:30:B2:9E:6F:3A:57:73:DB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/9C7048DC621711E9B8C69E15C4F9AE02.roa
Signing time:             Tue 14 Oct 2025 18:16:16 +0000
ROA not before:           Tue 14 Oct 2025 18:16:15 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     132892
IP address blocks:        103.21.246.0/24 maxlen: 24
                          103.21.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.crl
                          rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 17:40:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4642 (0x1222)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EC7F2, serialNumber=83BD47ADE302259C758C74C830B29E6F3A5773DB
        Validity
            Not Before: Oct 14 18:16:15 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68ee936f-146e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a8:e0:80:3e:0a:15:11:cc:96:e7:35:ce:64:
                    8c:03:29:31:23:dd:3c:2a:0f:9f:8d:15:a0:71:c6:
                    78:24:f5:38:90:5c:df:fa:c9:ed:7c:b8:8f:3f:66:
                    33:b3:d9:75:31:0b:ba:53:f1:fe:ed:04:34:78:79:
                    ea:4e:d5:c1:b0:0e:6c:d0:78:24:c8:f3:5e:b8:e5:
                    1b:2a:2a:3a:02:04:cf:ea:49:02:d9:59:66:6a:df:
                    86:f1:a4:fa:f4:d3:92:de:a6:19:73:1c:1e:85:6c:
                    2c:92:eb:ae:cc:5d:f9:c3:4d:2b:89:2e:48:1a:99:
                    99:4c:b5:62:a6:de:55:bf:7e:10:df:b9:a6:ad:18:
                    8d:44:20:eb:5d:b7:df:a3:68:90:9a:39:7d:69:12:
                    81:20:89:c1:bb:a5:7d:1c:19:10:9f:73:ce:f6:17:
                    d7:fd:3e:9e:22:1e:e6:e1:3c:3b:17:89:da:d5:17:
                    35:29:b4:09:59:72:2c:25:fe:5e:c8:b5:23:23:d0:
                    f3:fa:fb:fa:44:e1:b4:ed:04:9c:f4:5b:6b:74:ed:
                    2c:67:5f:7c:33:ae:7f:97:f8:ef:be:76:e6:ce:37:
                    af:59:e7:29:b4:26:b9:55:d9:e3:eb:70:7c:74:5b:
                    e2:9f:a6:dd:03:d5:53:22:00:97:97:fa:c7:a2:74:
                    fc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:54:F0:E1:DA:8A:F0:C7:0E:26:1F:29:9B:16:F6:BB:CF:80:F7:C2
            X509v3 Authority Key Identifier:
                keyid:83:BD:47:AD:E3:02:25:9C:75:8C:74:C8:30:B2:9E:6F:3A:57:73:DB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/9C7048DC621711E9B8C69E15C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cc:68:21:ac:a0:3c:13:ba:3f:70:8c:56:df:d8:ee:1f:f6:9e:
         99:e5:0b:69:15:97:ae:dc:85:be:a9:dc:34:3b:8c:2f:10:e8:
         80:68:ec:d8:e0:93:92:49:6a:62:2c:f3:fa:92:ac:22:d5:97:
         df:09:41:13:44:d7:30:a4:e4:96:0c:8b:01:26:26:2b:c7:56:
         89:86:1f:15:41:53:86:4e:3e:06:75:8f:98:99:c8:d4:91:c7:
         d9:21:66:b0:35:f9:42:52:86:67:f7:0a:14:b0:73:a1:b4:20:
         41:49:c7:72:07:75:47:b7:23:65:13:50:86:3d:3e:41:77:73:
         fd:51:a7:a4:9d:aa:e7:43:94:58:d4:c1:ff:09:af:63:bf:27:
         2d:75:2b:99:49:4e:81:b2:91:a4:31:73:42:cd:f4:a1:d8:76:
         d8:4f:47:6d:48:8a:15:e1:05:d0:16:49:e6:ea:23:7b:81:ed:
         cc:9a:91:2e:8f:17:64:9b:f7:c0:4b:ce:f3:09:12:16:41:db:
         7a:1a:4c:3b:f0:d5:07:89:a4:4e:cd:ac:90:0f:fe:e0:28:2e:
         e8:0d:3e:8c:1a:1d:9a:aa:fe:66:79:5b:79:73:f6:bf:0b:ef:
         ef:3c:e8:d9:2b:85:70:8d:c7:8f:64:b0:5a:e0:85:a6:26:7a:
         e6:88:24:2b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEiIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUM3RjIxMTAvBgNVBAUTKDgzQkQ0N0FERTMwMjI1OUM3NThDNzRDODMwQjI5RTZG
M0E1NzczREIwHhcNMjUxMDE0MTgxNjE1WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVlOTM2Zi0xNDZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs6jggD4KFRHMluc1zmSMAykxI908Kg+fjRWgccZ4JPU4kFzf+sntfLiPP2Yz
s9l1MQu6U/H+7QQ0eHnqTtXBsA5s0HgkyPNeuOUbKio6AgTP6kkC2Vlmat+G8aT6
9NOS3qYZcxwehWwskuuuzF35w00riS5IGpmZTLVipt5Vv34Q37mmrRiNRCDrXbff
o2iQmjl9aRKBIInBu6V9HBkQn3PO9hfX/T6eIh7m4Tw7F4na1Rc1KbQJWXIsJf5e
yLUjI9Dz+vv6ROG07QSc9FtrdO0sZ198M65/l/jvvnbmzjevWecptCa5Vdnj63B8
dFvin6bdA9VTIgCXl/rHonT8DQIDAQABo4IClTCCApEwHQYDVR0OBBYEFP9U8OHa
ivDHDiYfKZsW9rvPgPfCMB8GA1UdIwQYMBaAFIO9R63jAiWcdYx0yDCynm86V3Pb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQzdGMi80OEVGRDE3Q0Yx
QTcxMUU4QUE2MTRGNTFDNEY5QUUwMi9nNzFIcmVNQ0paeDFqSFRJTUxLZWJ6cFhj
OXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c3MUhyZU1DSlp4MWpIVElNTEtlYnpwWGM5cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUM3RjIvNDhFRkQxN0NGMUE3MTFFOEFBNjE0RjUxQzRGOUFFMDIvOUM3MDQ4REM2
MjE3MTFFOUI4QzY5RTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnFfYwDQYJKoZIhvcNAQELBQADggEBAMxoIaygPBO6P3CM
Vt/Y7h/2npnlC2kVl67chb6p3DQ7jC8Q6IBo7Njgk5JJamIs8/qSrCLVl98JQRNE
1zCk5JYMiwEmJivHVomGHxVBU4ZOPgZ1j5iZyNSRx9khZrA1+UJShmf3ChSwc6G0
IEFJx3IHdUe3I2UTUIY9PkF3c/1Rp6SdqudDlFjUwf8Jr2O/Jy11K5lJToGykaQx
c0LN9KHYdthPR21IihXhBdAWSebqI3uB7cyakS6PF2Sb98BLzvMJEhZB23oaTDvw
1QeJpE7NrJAP/uAoLugNPowaHZqq/mZ5W3lz9r8L7+886NkrhXCNx49ksFrghaYm
euaIJCs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:41:22 2025 by rpki-client