Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/14B312EC3AE711EDBF700472C4F9AE02.roa
File:                     14B312EC3AE711EDBF700472C4F9AE02.roa (raw, json)
Hash identifier:          hpkK6ksOTaD7mDbT56x2zJ1eza3vKxeFROPXP1u/0+Q=
Subject key identifier:   B0:49:9D:E3:7C:30:1B:0D:8F:59:82:E6:83:D9:53:0E:E8:A0:8C:A3
Certificate issuer:       /CN=A91FD47F/serialNumber=37603DB2E072C0A8FD71138E254099F4CAD8C16F
Certificate serial:       0277
Authority key identifier: 37:60:3D:B2:E0:72:C0:A8:FD:71:13:8E:25:40:99:F4:CA:D8:C1:6F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N2A9suBywKj9cROOJUCZ9MrYwW8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/14B312EC3AE711EDBF700472C4F9AE02.roa
Signing time:             Wed 01 Oct 2025 02:28:43 +0000
ROA not before:           Wed 01 Oct 2025 02:28:43 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        103.99.4.0/24 maxlen: 24
                          103.99.6.0/24 maxlen: 24
                          103.196.140.0/24 maxlen: 24
                          103.196.141.0/24 maxlen: 24
                          103.196.142.0/24 maxlen: 24
                          103.196.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/N2A9suBywKj9cROOJUCZ9MrYwW8.crl
                          rsync://rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/N2A9suBywKj9cROOJUCZ9MrYwW8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N2A9suBywKj9cROOJUCZ9MrYwW8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 03:57:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 631 (0x277)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FD47F, serialNumber=37603DB2E072C0A8FD71138E254099F4CAD8C16F
        Validity
            Not Before: Oct  1 02:28:43 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68dc91db-35de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:32:6b:6d:af:1e:00:f2:ad:5d:28:a6:e7:
                    20:f5:3e:ad:d6:8b:7d:54:47:8e:da:b6:83:dd:9c:
                    80:82:2a:10:2e:e4:90:1c:ed:5a:ee:75:11:a4:7b:
                    59:14:49:2f:73:b7:04:c0:4f:50:64:26:48:cc:a6:
                    af:44:58:11:af:12:56:67:cf:54:a6:99:5e:f2:b9:
                    16:30:30:c9:35:d5:e5:5d:3f:e2:8e:94:1e:b3:eb:
                    c9:5d:b5:bf:72:e6:22:71:8d:6a:db:55:2c:cc:5a:
                    20:1a:73:67:10:aa:8a:b1:90:a0:a0:9a:9f:3f:82:
                    03:28:15:20:79:67:34:66:3e:0f:c6:34:b2:50:bb:
                    13:a4:42:2b:0d:25:66:31:69:2f:f2:2f:22:85:48:
                    53:04:95:9a:f8:57:0d:c6:18:24:d4:c3:fe:4f:e7:
                    e6:d7:5b:11:a2:f5:7f:51:89:83:af:27:3e:8e:27:
                    40:5b:de:fe:e2:a2:b3:40:e1:5a:b9:f3:aa:d6:83:
                    90:e9:f9:0a:49:98:75:67:94:c1:a9:f1:6d:d1:b0:
                    c6:dc:d1:fe:f5:4e:ab:f2:04:8c:de:14:59:86:98:
                    8e:58:f5:25:1f:b3:e9:4c:05:0a:70:b1:14:28:9c:
                    88:ec:61:1d:20:39:21:96:84:74:e9:b2:3e:aa:7b:
                    82:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:49:9D:E3:7C:30:1B:0D:8F:59:82:E6:83:D9:53:0E:E8:A0:8C:A3
            X509v3 Authority Key Identifier:
                keyid:37:60:3D:B2:E0:72:C0:A8:FD:71:13:8E:25:40:99:F4:CA:D8:C1:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/N2A9suBywKj9cROOJUCZ9MrYwW8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N2A9suBywKj9cROOJUCZ9MrYwW8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FD47F/D5CE626A346111ED9DEE8E7AC4F9AE02/14B312EC3AE711EDBF700472C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.99.4.0/24
                  103.99.6.0/24
                  103.196.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:9b:0b:d8:0e:ca:ab:91:4d:62:41:c8:63:4e:f4:28:ea:c0:
         ce:8b:83:a0:59:67:ac:45:79:16:fa:a1:33:d6:29:39:97:23:
         83:e2:84:c3:61:71:20:67:cd:0f:41:70:64:cd:f2:91:ec:7a:
         4f:0c:de:7b:c8:c0:68:76:e6:3c:75:4d:63:f0:30:be:25:ff:
         93:ed:72:59:fa:70:97:98:81:81:92:7b:8b:46:5f:7a:03:e3:
         83:d6:d7:aa:f0:c0:98:4c:f6:a5:75:51:11:dc:03:ad:60:20:
         00:17:9e:f3:5c:9b:e5:6d:53:09:0c:ab:55:04:b8:18:c5:53:
         6a:20:8a:24:63:0e:b4:ee:a8:91:c5:f5:2b:cc:b2:a3:04:4a:
         87:6f:30:00:3d:c3:97:63:77:86:73:af:79:ca:59:eb:c1:97:
         df:c1:79:61:0d:f9:18:e0:c2:e6:3a:ec:ca:1e:01:b2:b3:a9:
         f4:7b:96:de:ee:d5:4f:22:d8:df:11:49:f0:ec:af:d9:ba:52:
         ed:a6:11:b8:11:d5:7c:e2:7c:92:18:33:93:10:cf:a3:08:2f:
         10:3c:1e:43:5b:54:21:52:b9:d8:6b:b0:4f:0c:8c:9a:2b:99:
         fe:e1:98:91:f3:4b:70:67:1b:63:91:0c:e2:94:e6:17:5d:8e:
         4c:60:60:99
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICAncwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkQ0N0YxMTAvBgNVBAUTKDM3NjAzREIyRTA3MkMwQThGRDcxMTM4RTI1NDA5OUY0
Q0FEOEMxNkYwHhcNMjUxMDAxMDIyODQzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRjOTFkYi0zNWRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsMQya22vHgDyrV0opucg9T6t1ot9VEeO2raD3ZyAgioQLuSQHO1a7nURpHtZ
FEkvc7cEwE9QZCZIzKavRFgRrxJWZ89Upple8rkWMDDJNdXlXT/ijpQes+vJXbW/
cuYicY1q21UszFogGnNnEKqKsZCgoJqfP4IDKBUgeWc0Zj4PxjSyULsTpEIrDSVm
MWkv8i8ihUhTBJWa+FcNxhgk1MP+T+fm11sRovV/UYmDryc+jidAW97+4qKzQOFa
ufOq1oOQ6fkKSZh1Z5TBqfFt0bDG3NH+9U6r8gSM3hRZhpiOWPUlH7PpTAUKcLEU
KJyI7GEdIDkhloR06bI+qnuCvwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFLBJneN8
MBsNj1mC5oPZUw7ooIyjMB8GA1UdIwQYMBaAFDdgPbLgcsCo/XETjiVAmfTK2MFv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRDQ3Ri9ENUNFNjI2QTM0
NjExMUVEOURFRThFN0FDNEY5QUUwMi9OMkE5c3VCeXdLajljUk9PSlVDWjlNcll3
VzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL04yQTlzdUJ5d0tqOWNST09KVUNaOU1yWXdXOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkQ0N0YvRDVDRTYyNkEzNDYxMTFFRDlERUU4RTdBQzRGOUFFMDIvMTRCMzEyRUMz
QUU3MTFFREJGNzAwNDcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABnYwQDBABnYwYDBAJnxIwwDQYJKoZIhvcNAQELBQADggEB
AEebC9gOyquRTWJByGNO9CjqwM6Lg6BZZ6xFeRb6oTPWKTmXI4PihMNhcSBnzQ9B
cGTN8pHsek8M3nvIwGh25jx1TWPwML4l/5Ptcln6cJeYgYGSe4tGX3oD44PW16rw
wJhM9qV1URHcA61gIAAXnvNcm+VtUwkMq1UEuBjFU2ogiiRjDrTuqJHF9SvMsqME
SodvMAA9w5djd4Zzr3nKWevBl9/BeWEN+RjgwuY67MoeAbKzqfR7lt7u1U8i2N8R
SfDsr9m6Uu2mEbgR1XzifJIYM5MQz6MILxA8HkNbVCFSudhrsE8MjJormf7hmJHz
S3BnG2ORDOKU5hddjkxgYJk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:16:50 2025 by rpki-client