Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/3D60B6FCFA5E11EFB84AF068C4F9AE02.roa
File:                     3D60B6FCFA5E11EFB84AF068C4F9AE02.roa (raw, json)
Hash identifier:          yLFkoGvAUsdVN5oxAs3J8MXs+0h1YiH2nhkES11B0AE=
Subject key identifier:   4F:67:8A:D8:78:15:9C:28:E4:AB:13:9C:85:17:07:78:B3:DD:D2:25
Certificate issuer:       /CN=A91F9B6C/serialNumber=4767B693BD8462EEAFA83D9E803C9D286B621DC8
Certificate serial:       66
Authority key identifier: 47:67:B6:93:BD:84:62:EE:AF:A8:3D:9E:80:3C:9D:28:6B:62:1D:C8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R2e2k72EYu6vqD2egDydKGtiHcg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/3D60B6FCFA5E11EFB84AF068C4F9AE02.roa
Signing time:             Tue 09 Sep 2025 07:14:14 +0000
ROA not before:           Tue 09 Sep 2025 07:14:14 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     58437
IP address blocks:        103.29.250.0/24 maxlen: 24
                          103.29.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/R2e2k72EYu6vqD2egDydKGtiHcg.crl
                          rsync://rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/R2e2k72EYu6vqD2egDydKGtiHcg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R2e2k72EYu6vqD2egDydKGtiHcg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 10:08:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 102 (0x66)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F9B6C, serialNumber=4767B693BD8462EEAFA83D9E803C9D286B621DC8
        Validity
            Not Before: Sep  9 07:14:14 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68bfd3c6-aff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:34:da:19:7c:92:7b:c2:08:1f:7e:42:f2:7d:
                    04:e3:ec:99:f2:fa:e3:ad:9e:d0:c9:49:24:d5:63:
                    29:c8:42:17:26:c5:1c:41:19:e9:e6:ad:ee:09:89:
                    b4:cb:b4:57:cb:48:e2:79:7d:36:b6:0d:6e:a9:b2:
                    19:46:70:c5:e0:e3:d0:34:b6:36:e0:3b:30:71:27:
                    c0:38:ac:88:80:40:8d:1b:97:8b:aa:20:6a:38:c6:
                    67:fb:57:57:e9:83:73:84:c8:82:23:63:4b:58:0d:
                    2e:17:f7:22:15:fc:bb:1a:a4:0c:28:59:9f:fd:ff:
                    66:46:19:74:ad:10:ac:98:b0:af:be:15:ce:09:be:
                    cb:f3:aa:c3:9a:a4:3a:33:a7:e8:f2:a4:a0:27:ef:
                    89:3f:19:ea:68:5c:7f:00:04:e6:87:21:17:d6:a9:
                    c8:81:e8:50:d0:9c:dd:a9:d4:a6:41:6c:f0:e1:83:
                    28:28:81:e0:3e:c2:25:89:bc:07:74:f1:2d:fe:3d:
                    55:1a:fd:24:25:1c:ad:1f:b6:7c:1f:a4:6a:56:8e:
                    3d:4b:dd:cb:c0:94:74:06:86:9c:97:f9:26:24:9f:
                    83:01:e9:0c:50:c1:85:be:a3:45:e9:81:78:87:2c:
                    6a:a7:74:5e:89:10:ea:7e:37:e4:26:9a:63:4f:65:
                    cb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:67:8A:D8:78:15:9C:28:E4:AB:13:9C:85:17:07:78:B3:DD:D2:25
            X509v3 Authority Key Identifier:
                keyid:47:67:B6:93:BD:84:62:EE:AF:A8:3D:9E:80:3C:9D:28:6B:62:1D:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/R2e2k72EYu6vqD2egDydKGtiHcg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R2e2k72EYu6vqD2egDydKGtiHcg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F9B6C/D7DB0A08FA5D11EFAE374D68C4F9AE02/3D60B6FCFA5E11EFB84AF068C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.29.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:0f:54:67:9b:31:37:ef:5a:ee:fc:15:21:7f:d1:f5:be:b9:
         37:73:55:c6:a2:e1:57:9c:4d:13:6a:5e:b0:a6:97:48:f8:cf:
         30:16:6d:eb:39:40:84:60:12:fc:be:b2:41:da:4e:2a:3f:bf:
         db:ad:4f:bb:d9:e4:33:b2:88:58:ca:15:38:6b:30:ac:3a:28:
         0a:a1:d2:ff:a7:ed:fc:9c:88:06:ff:a8:e6:61:71:50:e1:3a:
         45:f7:b7:1d:e2:da:ba:27:44:5a:e2:e4:37:d9:81:be:7b:f4:
         3e:4e:c2:1d:30:2c:98:9b:e7:89:29:ff:53:3b:8b:06:73:de:
         ad:50:70:2a:44:85:8f:ed:4b:28:a3:26:67:06:e1:99:74:0b:
         be:92:ca:17:a7:c1:1d:db:aa:d3:3e:6a:a5:be:7f:b9:14:d0:
         d0:32:93:79:79:37:18:82:16:99:76:a7:15:97:36:c9:a1:1b:
         28:8d:ac:48:b5:ce:46:9a:ad:ed:0f:34:d9:c4:db:99:f3:07:
         3c:0c:af:ed:d8:6a:73:6b:6e:9c:4e:3c:1f:89:64:1b:3a:93:
         22:1c:f8:ac:8e:84:06:24:f0:89:e5:a8:d8:ec:6a:f8:0e:81:
         17:db:65:71:a6:b7:0b:2e:11:7f:58:d4:29:e1:56:86:3a:f3:
         c5:cd:fb:f8
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBZjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
OUI2QzExMC8GA1UEBRMoNDc2N0I2OTNCRDg0NjJFRUFGQTgzRDlFODAzQzlEMjg2
QjYyMURDODAeFw0yNTA5MDkwNzE0MTRaFw0yNjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4YmZkM2M2LWFmZjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC7NNoZfJJ7wggffkLyfQTj7Jny+uOtntDJSSTVYynIQhcmxRxBGenmre4JibTL
tFfLSOJ5fTa2DW6pshlGcMXg49A0tjbgOzBxJ8A4rIiAQI0bl4uqIGo4xmf7V1fp
g3OEyIIjY0tYDS4X9yIV/LsapAwoWZ/9/2ZGGXStEKyYsK++Fc4JvsvzqsOapDoz
p+jypKAn74k/GepoXH8ABOaHIRfWqciB6FDQnN2p1KZBbPDhgygogeA+wiWJvAd0
8S3+PVUa/SQlHK0ftnwfpGpWjj1L3cvAlHQGhpyX+SYkn4MB6QxQwYW+o0XpgXiH
LGqndF6JEOp+N+QmmmNPZcshAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUT2eK2HgV
nCjkqxOchRcHeLPd0iUwHwYDVR0jBBgwFoAUR2e2k72EYu6vqD2egDydKGtiHcgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY5QjZDL0Q3REIwQTA4RkE1
RDExRUZBRTM3NEQ2OEM0RjlBRTAyL1IyZTJrNzJFWXU2dnFEMmVnRHlkS0d0aUhj
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUjJlMms3MkVZdTZ2cUQyZWdEeWRLR3RpSGNnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
OUI2Qy9EN0RCMEEwOEZBNUQxMUVGQUUzNzRENjhDNEY5QUUwMi8zRDYwQjZGQ0ZB
NUUxMUVGQjg0QUYwNjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWcd+jANBgkqhkiG9w0BAQsFAAOCAQEAdg9UZ5sxN+9a7vwV
IX/R9b65N3NVxqLhV5xNE2pesKaXSPjPMBZt6zlAhGAS/L6yQdpOKj+/261Pu9nk
M7KIWMoVOGswrDooCqHS/6ft/JyIBv+o5mFxUOE6Rfe3HeLauidEWuLkN9mBvnv0
Pk7CHTAsmJvniSn/UzuLBnPerVBwKkSFj+1LKKMmZwbhmXQLvpLKF6fBHduq0z5q
pb5/uRTQ0DKTeXk3GIIWmXanFZc2yaEbKI2sSLXORpqt7Q802cTbmfMHPAyv7dhq
c2tunE48H4lkGzqTIhz4rI6EBiTwieWo2Oxq+A6BF9tlcaa3Cy4Rf1jUKeFWhjrz
xc37+A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:59:01 2025 by rpki-client