Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/BFEEB5E4309D11ECABBBBF25C4F9AE02.roa
File:                     BFEEB5E4309D11ECABBBBF25C4F9AE02.roa (raw, json)
Hash identifier:          prBekR9LUayidaAK9GSYWyVHKMLahKIDTDQ64hhVlAo=
Subject key identifier:   05:CE:7A:77:00:C7:6C:E8:25:73:3C:4E:D1:D6:8E:2D:2F:78:42:4D
Certificate issuer:       /CN=A91F61DD/serialNumber=15D60D60D6A4F50091099A72E0D05EEF3EAF76E9
Certificate serial:       04E6
Authority key identifier: 15:D6:0D:60:D6:A4:F5:00:91:09:9A:72:E0:D0:5E:EF:3E:AF:76:E9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FdYNYNak9QCRCZpy4NBe7z6vduk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/BFEEB5E4309D11ECABBBBF25C4F9AE02.roa
Signing time:             Sat 23 Aug 2025 00:04:59 +0000
ROA not before:           Sat 23 Aug 2025 00:04:59 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     147174
IP address blocks:        103.171.20.0/23 maxlen: 23
                          103.171.20.0/24 maxlen: 24
                          103.171.21.0/24 maxlen: 24
                          2407:bcc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/FdYNYNak9QCRCZpy4NBe7z6vduk.crl
                          rsync://rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/FdYNYNak9QCRCZpy4NBe7z6vduk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FdYNYNak9QCRCZpy4NBe7z6vduk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Aug 2025 00:05:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1254 (0x4e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F61DD, serialNumber=15D60D60D6A4F50091099A72E0D05EEF3EAF76E9
        Validity
            Not Before: Aug 23 00:04:59 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68a905ab-67ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ee:72:82:e9:97:c0:41:2e:63:88:34:95:c4:
                    d1:1c:f5:55:e4:aa:89:8e:2a:b1:81:83:a8:a3:ba:
                    88:70:8e:83:08:62:38:65:96:f4:5f:8d:7b:01:d6:
                    a6:d7:b5:33:43:bd:60:d0:34:d9:dd:a3:b8:6c:ee:
                    ef:b4:8c:65:49:20:18:34:bb:d6:ef:17:13:e0:d4:
                    a3:0e:b0:11:3d:81:da:bc:d6:8b:5b:e0:28:b7:3b:
                    74:b6:61:46:63:6f:64:1a:a1:ac:41:b8:06:22:8f:
                    1f:0a:e7:bc:b3:2a:03:f4:4f:78:51:46:90:52:dc:
                    ab:0a:17:de:a6:45:16:f6:ff:41:d7:52:28:12:2f:
                    4a:e3:3d:3b:e1:0b:6a:60:09:4b:14:ee:8b:ba:27:
                    46:f4:9d:f5:37:23:52:17:dc:c4:0b:63:d8:55:4a:
                    79:75:70:1a:4c:62:2a:4e:62:11:da:5f:e6:df:33:
                    a3:55:32:bf:4a:73:9d:74:ba:a4:35:59:54:ad:a4:
                    0c:8b:2d:35:b6:5f:57:5c:ae:ab:15:c0:b2:dd:5c:
                    6e:9c:ae:be:f6:89:b7:41:63:47:3b:73:e8:59:d6:
                    22:39:42:36:8f:24:86:86:71:50:b1:f9:d2:c4:c4:
                    20:5c:3f:4a:6b:a7:1e:01:24:aa:99:45:b5:0a:e7:
                    83:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:CE:7A:77:00:C7:6C:E8:25:73:3C:4E:D1:D6:8E:2D:2F:78:42:4D
            X509v3 Authority Key Identifier:
                keyid:15:D6:0D:60:D6:A4:F5:00:91:09:9A:72:E0:D0:5E:EF:3E:AF:76:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/FdYNYNak9QCRCZpy4NBe7z6vduk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FdYNYNak9QCRCZpy4NBe7z6vduk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F61DD/7C78E2BC309311ECAB68433FC4F9AE02/BFEEB5E4309D11ECABBBBF25C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.20.0/23
                IPv6:
                  2407:bcc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:79:3a:eb:7a:52:7b:ed:85:61:18:d4:ed:6e:92:6f:0c:01:
         5f:1a:da:d7:04:80:08:07:1d:18:9a:45:4e:8d:7a:2b:40:97:
         25:1e:93:fa:e3:50:cc:08:3c:ac:2d:15:6f:1c:4c:f6:11:d5:
         32:68:a3:05:25:1a:91:6c:72:a7:e9:8b:84:09:2d:f4:41:9a:
         87:d4:d5:22:82:0b:18:44:86:8e:3e:37:ab:20:04:1a:ff:69:
         b9:5f:28:1d:e9:47:83:09:6b:a3:ca:af:9d:5e:0e:fa:1b:92:
         ae:b6:61:c7:e1:b6:54:fd:cf:87:1b:70:61:3f:c9:a2:db:fe:
         89:2e:df:62:01:38:8d:74:db:83:27:9f:46:6f:19:b5:5a:67:
         2a:15:5c:68:2c:98:ae:6b:1b:d1:9a:6b:07:cd:1a:6a:d1:02:
         4b:fe:b8:5e:24:20:d1:a4:85:5a:74:3f:05:37:1c:e2:c0:01:
         d4:0d:b0:fd:5c:4c:34:03:65:0c:1b:2b:22:71:ea:93:96:56:
         45:81:5e:41:cb:15:41:0e:3a:0e:be:c1:c9:d8:f8:0e:0f:38:
         6f:45:d5:9d:2c:c2:a3:29:4e:77:d2:ea:b1:ef:41:a9:ac:5d:
         4d:58:da:32:31:ce:1c:04:85:4d:3b:60:71:8d:e3:84:d7:3e:
         3e:e3:5e:64
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICBOYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjYxREQxMTAvBgNVBAUTKDE1RDYwRDYwRDZBNEY1MDA5MTA5OUE3MkUwRDA1RUVG
M0VBRjc2RTkwHhcNMjUwODIzMDAwNDU5WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGE5MDVhYi02N2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv+5ygumXwEEuY4g0lcTRHPVV5KqJjiqxgYOoo7qIcI6DCGI4ZZb0X417Adam
17UzQ71g0DTZ3aO4bO7vtIxlSSAYNLvW7xcT4NSjDrARPYHavNaLW+Aotzt0tmFG
Y29kGqGsQbgGIo8fCue8syoD9E94UUaQUtyrChfepkUW9v9B11IoEi9K4z074Qtq
YAlLFO6LuidG9J31NyNSF9zEC2PYVUp5dXAaTGIqTmIR2l/m3zOjVTK/SnOddLqk
NVlUraQMiy01tl9XXK6rFcCy3VxunK6+9om3QWNHO3PoWdYiOUI2jySGhnFQsfnS
xMQgXD9Ka6ceASSqmUW1CueDjwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFAXOencA
x2zoJXM8TtHWji0veEJNMB8GA1UdIwQYMBaAFBXWDWDWpPUAkQmacuDQXu8+r3bp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjFERC83Qzc4RTJCQzMw
OTMxMUVDQUI2ODQzM0ZDNEY5QUUwMi9GZFlOWU5hazlRQ1JDWnB5NE5CZTd6NnZk
dWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZkWU5ZTmFrOVFDUkNacHk0TkJlN3o2dmR1ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjYxREQvN0M3OEUyQkMzMDkzMTFFQ0FCNjg0MzNGQzRGOUFFMDIvQkZFRUI1RTQz
MDlEMTFFQ0FCQkJCRjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnqxQwDQQCAAIwBwMFACQHvMAwDQYJKoZIhvcNAQELBQAD
ggEBABV5Out6UnvthWEY1O1ukm8MAV8a2tcEgAgHHRiaRU6NeitAlyUek/rjUMwI
PKwtFW8cTPYR1TJoowUlGpFscqfpi4QJLfRBmofU1SKCCxhEho4+N6sgBBr/ablf
KB3pR4MJa6PKr51eDvobkq62YcfhtlT9z4cbcGE/yaLb/oku32IBOI1024Mnn0Zv
GbVaZyoVXGgsmK5rG9GaawfNGmrRAkv+uF4kINGkhVp0PwU3HOLAAdQNsP1cTDQD
ZQwbKyJx6pOWVkWBXkHLFUEOOg6+wcnY+A4POG9F1Z0swqMpTnfS6rHvQamsXU1Y
2jIxzhwEhU07YHGN44TXPj7jXmQ=
-----END CERTIFICATE-----
Generated at Sun Aug 24 03:29:42 2025 by rpki-client