Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/95B0A0606C5811ED882F827DC4F9AE02.roa
File:                     95B0A0606C5811ED882F827DC4F9AE02.roa (raw, json)
Hash identifier:          bTxB6rDqe5W838nV/qkoLeLUMklQqO8XCDilOupFQgE=
Subject key identifier:   93:A7:F7:23:07:CC:50:80:3A:A2:BD:28:D2:00:3B:48:97:71:63:3B
Certificate issuer:       /CN=A914C99C/serialNumber=82818DD2239DE8335D22ADCE3DF190A310B70024
Certificate serial:       05B1
Authority key identifier: 82:81:8D:D2:23:9D:E8:33:5D:22:AD:CE:3D:F1:90:A3:10:B7:00:24
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/goGN0iOd6DNdIq3OPfGQoxC3ACQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/95B0A0606C5811ED882F827DC4F9AE02.roa
Signing time:             Tue 22 Jul 2025 23:36:25 +0000
ROA not before:           Tue 22 Jul 2025 23:36:25 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     24565
IP address blocks:        103.88.139.0/24 maxlen: 24
                          203.16.230.0/23 maxlen: 24
                          2001:df6:e580::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/goGN0iOd6DNdIq3OPfGQoxC3ACQ.crl
                          rsync://rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/goGN0iOd6DNdIq3OPfGQoxC3ACQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/goGN0iOd6DNdIq3OPfGQoxC3ACQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1457 (0x5b1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914C99C, serialNumber=82818DD2239DE8335D22ADCE3DF190A310B70024
        Validity
            Not Before: Jul 22 23:36:25 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68802079-b8f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:22:0d:4d:be:ed:c7:38:9d:b1:6d:f8:6f:
                    5d:ab:72:c4:47:41:18:94:7c:ed:67:67:d9:88:83:
                    61:84:10:9b:4a:5f:20:11:e6:7a:e4:90:69:3c:ca:
                    be:4c:38:92:03:c0:6f:9b:83:27:5d:44:0b:99:18:
                    9c:80:27:7d:ce:2a:f2:58:62:bb:e8:4e:c5:60:76:
                    5f:8f:19:3c:ac:b6:93:5f:2f:07:be:ef:e1:9d:67:
                    b7:1a:37:bb:7c:2a:bf:01:a7:28:17:b1:00:40:96:
                    a5:ac:4e:03:ca:a4:a4:ff:f6:59:c2:61:3b:12:a2:
                    7d:a4:55:4e:e5:dd:0d:ba:ea:b3:9b:09:dd:e5:eb:
                    ae:90:b0:af:dd:35:6a:10:ff:95:b4:95:2a:95:69:
                    eb:f8:5e:d5:8c:39:53:51:a7:7a:11:c9:40:a2:dc:
                    fd:63:29:d3:55:a5:fc:20:6a:27:be:34:f6:53:a8:
                    00:76:37:bd:14:ac:5b:ec:07:60:00:a1:ad:64:73:
                    6f:4b:f3:df:90:2b:7c:ed:e5:93:28:4c:69:f2:e1:
                    63:9f:cd:73:8d:6b:c8:7c:d3:94:b4:a7:11:07:6e:
                    1a:b2:b7:96:a4:8f:37:b8:99:0f:0e:db:30:ae:8f:
                    a9:12:30:f6:76:db:06:29:64:54:8a:93:d1:08:23:
                    3f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A7:F7:23:07:CC:50:80:3A:A2:BD:28:D2:00:3B:48:97:71:63:3B
            X509v3 Authority Key Identifier:
                keyid:82:81:8D:D2:23:9D:E8:33:5D:22:AD:CE:3D:F1:90:A3:10:B7:00:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/goGN0iOd6DNdIq3OPfGQoxC3ACQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/goGN0iOd6DNdIq3OPfGQoxC3ACQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914C99C/2A1AE9ECD57211EBA60ED057C4F9AE02/95B0A0606C5811ED882F827DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.88.139.0/24
                  203.16.230.0/23
                IPv6:
                  2001:df6:e580::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:95:61:6c:b9:f0:4c:62:4d:cb:df:53:12:28:2a:4e:94:1f:
         bd:ce:ed:c0:87:92:3d:e8:55:08:74:f1:48:f8:3a:05:3f:99:
         10:85:71:5c:88:8a:b9:92:5a:1c:11:ba:43:ec:8c:fd:d4:01:
         c8:42:b6:7e:f8:d4:bf:cd:48:a2:e4:c2:62:fb:21:fe:66:b8:
         63:eb:57:1f:c7:86:df:2d:7f:8a:80:87:4b:93:34:7f:45:1a:
         49:44:60:1c:4d:a1:19:17:e4:52:07:ba:5b:49:dd:18:54:7a:
         ba:58:d4:5b:67:e5:ca:42:c6:07:ea:f8:84:59:62:98:b6:73:
         d8:15:2e:79:a3:68:36:cb:af:e7:b5:58:98:ed:e2:b6:77:f9:
         e9:1b:f3:41:d9:37:7c:0e:83:00:47:54:28:a4:b1:38:c7:ed:
         5e:08:df:72:9a:fc:aa:ab:ec:c4:47:a0:09:ca:0f:57:4e:8b:
         30:00:5a:d2:ab:59:b7:04:5c:5d:fd:b6:4e:69:e8:ec:03:40:
         a5:35:86:f3:1b:3f:1d:3f:ec:6a:53:a0:ca:fd:79:de:95:46:
         84:a6:dc:a2:9a:74:d0:63:46:7d:b7:bb:a4:35:fc:bd:55:4f:
         5c:2b:fd:29:f2:0e:9c:ae:f6:dd:75:d6:4f:94:38:29:c9:21:
         2c:06:c8:2e
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICBbEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEM5OUMxMTAvBgNVBAUTKDgyODE4REQyMjM5REU4MzM1RDIyQURDRTNERjE5MEEz
MTBCNzAwMjQwHhcNMjUwNzIyMjMzNjI1WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgwMjA3OS1iOGY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA168iDU2+7cc4nbFt+G9dq3LER0EYlHztZ2fZiINhhBCbSl8gEeZ65JBpPMq+
TDiSA8Bvm4MnXUQLmRicgCd9ziryWGK76E7FYHZfjxk8rLaTXy8Hvu/hnWe3Gje7
fCq/AacoF7EAQJalrE4DyqSk//ZZwmE7EqJ9pFVO5d0Nuuqzmwnd5euukLCv3TVq
EP+VtJUqlWnr+F7VjDlTUad6EclAotz9YynTVaX8IGonvjT2U6gAdje9FKxb7Adg
AKGtZHNvS/PfkCt87eWTKExp8uFjn81zjWvIfNOUtKcRB24asreWpI83uJkPDtsw
ro+pEjD2dtsGKWRUipPRCCM/bQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFJOn9yMH
zFCAOqK9KNIAO0iXcWM7MB8GA1UdIwQYMBaAFIKBjdIjnegzXSKtzj3xkKMQtwAk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Qzk5Qy8yQTFBRTlFQ0Q1
NzIxMUVCQTYwRUQwNTdDNEY5QUUwMi9nb0dOMGlPZDZETmRJcTNPUGZHUW94QzNB
Q1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dvR04waU9kNkROZElxM09QZkdRb3hDM0FDUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEM5OUMvMkExQUU5RUNENTcyMTFFQkE2MEVEMDU3QzRGOUFFMDIvOTVCMEEwNjA2
QzU4MTFFRDg4MkY4MjdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnWIsDBAHLEOYwDwQCAAIwCQMHACABDfblgDANBgkqhkiG
9w0BAQsFAAOCAQEALZVhbLnwTGJNy99TEigqTpQfvc7twIeSPehVCHTxSPg6BT+Z
EIVxXIiKuZJaHBG6Q+yM/dQByEK2fvjUv81IouTCYvsh/ma4Y+tXH8eG3y1/ioCH
S5M0f0UaSURgHE2hGRfkUge6W0ndGFR6uljUW2flykLGB+r4hFlimLZz2BUueaNo
Nsuv57VYmO3itnf56RvzQdk3fA6DAEdUKKSxOMftXgjfcpr8qqvsxEegCcoPV06L
MABa0qtZtwRcXf22Tmno7ANApTWG8xs/HT/salOgyv153pVGhKbcopp00GNGfbe7
pDX8vVVPXCv9KfIOnK723XXWT5Q4KckhLAbILg==
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:09:12 2025 by rpki-client