Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/E76F99C60FDB11ED9718606AC4F9AE02.roa
File:                     E76F99C60FDB11ED9718606AC4F9AE02.roa (raw, json)
Hash identifier:          riNoIvtWdxVoKQ9Hd90PcsdQLqUKwJvQFD9UQqXSKds=
Subject key identifier:   75:3E:CF:CC:DA:37:E4:2D:A7:16:CE:0C:ED:CC:53:EF:7E:F4:CB:F5
Certificate issuer:       /CN=A9118CA7/serialNumber=F1998A475E92DE8A6C7D4094556A0DA67D5D4D0E
Certificate serial:       0971
Authority key identifier: F1:99:8A:47:5E:92:DE:8A:6C:7D:40:94:55:6A:0D:A6:7D:5D:4D:0E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8ZmKR16S3opsfUCUVWoNpn1dTQ4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/E76F99C60FDB11ED9718606AC4F9AE02.roa
Signing time:             Thu 31 Jul 2025 21:31:10 +0000
ROA not before:           Thu 31 Jul 2025 21:31:10 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     141452
IP address blocks:        103.151.171.0/24 maxlen: 24
                          2001:df3:cc80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/8ZmKR16S3opsfUCUVWoNpn1dTQ4.crl
                          rsync://rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/8ZmKR16S3opsfUCUVWoNpn1dTQ4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8ZmKR16S3opsfUCUVWoNpn1dTQ4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2417 (0x971)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9118CA7, serialNumber=F1998A475E92DE8A6C7D4094556A0DA67D5D4D0E
        Validity
            Not Before: Jul 31 21:31:10 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=688be09e-94c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9d:75:82:39:f9:0c:ad:f9:f9:d1:81:79:10:
                    84:90:38:03:c6:11:76:ac:75:f8:9d:22:93:3d:7e:
                    9f:84:04:3b:2e:fc:04:84:47:46:23:31:6e:af:99:
                    be:c2:d4:fc:3c:83:60:58:8a:c3:8e:16:8e:bc:a5:
                    78:fa:a4:ba:11:25:bb:55:d1:40:81:9e:9d:93:4a:
                    b1:83:c8:bf:4c:9f:a0:bd:2f:b8:7d:57:24:a1:a1:
                    c3:3a:1b:72:2c:e7:7d:3d:42:a8:5e:4d:dd:42:dc:
                    0e:af:1a:06:04:90:bf:84:0d:e7:7a:94:26:b3:d5:
                    f9:41:0e:a2:44:1b:87:21:d8:90:6a:5c:74:ca:6b:
                    c4:84:b9:e1:76:55:a5:86:06:3e:fe:85:59:48:c9:
                    8c:dc:03:c8:d2:6e:c9:f1:09:c2:75:2f:5d:40:89:
                    1f:99:65:e2:97:d2:18:ce:84:80:5e:ac:a1:78:df:
                    c1:8c:44:3a:f5:80:56:c0:f2:02:8b:f3:8d:5b:22:
                    71:d6:2b:5b:f4:9c:c3:df:ef:ba:f1:f1:55:48:b6:
                    44:91:24:8f:d4:f7:5b:c0:4a:46:67:97:b1:74:81:
                    bd:fa:e9:61:28:28:97:e4:2a:39:48:0e:32:4c:ba:
                    06:00:c3:74:14:5d:0e:e9:ea:08:25:e6:84:f4:0f:
                    35:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:3E:CF:CC:DA:37:E4:2D:A7:16:CE:0C:ED:CC:53:EF:7E:F4:CB:F5
            X509v3 Authority Key Identifier:
                keyid:F1:99:8A:47:5E:92:DE:8A:6C:7D:40:94:55:6A:0D:A6:7D:5D:4D:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/8ZmKR16S3opsfUCUVWoNpn1dTQ4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8ZmKR16S3opsfUCUVWoNpn1dTQ4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9118CA7/2FC70A24A0D511EAA7FFDF29C4F9AE02/E76F99C60FDB11ED9718606AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.171.0/24
                IPv6:
                  2001:df3:cc80::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:88:cc:af:ab:2f:79:8f:5b:19:1a:a8:44:fa:a1:25:0c:20:
         0c:9f:e1:78:28:57:4a:85:3d:3e:ef:49:e4:01:c5:c2:45:ab:
         3b:16:ce:f3:ea:3e:09:59:f6:2d:9e:1f:a9:0e:c2:d6:66:ab:
         c1:d6:eb:af:5d:b4:0b:e1:bd:05:b0:12:e3:5a:61:d2:3d:05:
         78:a1:b8:b5:f6:30:58:a9:df:87:d4:6a:67:82:3b:31:a7:b1:
         38:c9:7d:90:1c:5b:a0:3a:af:de:2a:ae:5a:25:cd:71:ab:c8:
         6b:87:13:4f:53:ed:2f:87:fc:37:95:6e:0e:10:56:71:bf:59:
         1c:a6:19:23:39:56:a4:7b:6b:50:27:29:e9:2e:d0:8a:45:ac:
         54:a0:1b:de:e8:58:75:b3:f6:f0:61:e0:41:e7:7f:ca:e5:6f:
         91:88:03:54:17:2d:e7:f7:03:db:ee:be:2b:09:c8:9c:32:17:
         54:1e:56:cb:88:db:c2:1f:f8:03:6b:82:08:69:11:1c:8b:16:
         6e:f8:d4:1b:4b:ab:59:17:35:45:e6:1d:d2:cb:7e:24:b8:79:
         55:f7:2e:5f:61:fe:68:e4:7e:48:33:23:9c:2a:9d:dc:58:63:
         97:18:69:61:e1:86:bc:60:43:69:81:b8:a3:e7:a3:42:e1:78:
         60:bb:83:f1
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICCXEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MThDQTcxMTAvBgNVBAUTKEYxOTk4QTQ3NUU5MkRFOEE2QzdENDA5NDU1NkEwREE2
N0Q1RDREMEUwHhcNMjUwNzMxMjEzMTEwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhiZTA5ZS05NGMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtp11gjn5DK35+dGBeRCEkDgDxhF2rHX4nSKTPX6fhAQ7LvwEhEdGIzFur5m+
wtT8PINgWIrDjhaOvKV4+qS6ESW7VdFAgZ6dk0qxg8i/TJ+gvS+4fVckoaHDOhty
LOd9PUKoXk3dQtwOrxoGBJC/hA3nepQms9X5QQ6iRBuHIdiQalx0ymvEhLnhdlWl
hgY+/oVZSMmM3API0m7J8QnCdS9dQIkfmWXil9IYzoSAXqyheN/BjEQ69YBWwPIC
i/ONWyJx1itb9JzD3++68fFVSLZEkSSP1PdbwEpGZ5exdIG9+ulhKCiX5Co5SA4y
TLoGAMN0FF0O6eoIJeaE9A81kQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHU+z8za
N+QtpxbODO3MU+9+9Mv1MB8GA1UdIwQYMBaAFPGZikdekt6KbH1AlFVqDaZ9XU0O
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExOENBNy8yRkM3MEEyNEEw
RDUxMUVBQTdGRkRGMjlDNEY5QUUwMi84Wm1LUjE2UzNvcHNmVUNVVldvTnBuMWRU
UTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzhabUtSMTZTM29wc2ZVQ1VWV29OcG4xZFRRNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MThDQTcvMkZDNzBBMjRBMEQ1MTFFQUE3RkZERjI5QzRGOUFFMDIvRTc2Rjk5QzYw
RkRCMTFFRDk3MTg2MDZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnl6swDwQCAAIwCQMHACABDfPMgDANBgkqhkiG9w0BAQsF
AAOCAQEAWYjMr6sveY9bGRqoRPqhJQwgDJ/heChXSoU9Pu9J5AHFwkWrOxbO8+o+
CVn2LZ4fqQ7C1marwdbrr120C+G9BbAS41ph0j0FeKG4tfYwWKnfh9RqZ4I7Maex
OMl9kBxboDqv3iquWiXNcavIa4cTT1PtL4f8N5VuDhBWcb9ZHKYZIzlWpHtrUCcp
6S7QikWsVKAb3uhYdbP28GHgQed/yuVvkYgDVBct5/cD2+6+KwnInDIXVB5Wy4jb
wh/4A2uCCGkRHIsWbvjUG0urWRc1ReYd0st+JLh5VfcuX2H+aOR+SDMjnCqd3Fhj
lxhpYeGGvGBDaYG4o+ejQuF4YLuD8Q==
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:49:51 2025 by rpki-client