Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/6608D04620E911EC891FA162C4F9AE02.roa
File:                     6608D04620E911EC891FA162C4F9AE02.roa (raw, json)
Hash identifier:          63vkN+nqGcEYIUErZWKNYsJiLNJREPqHvMp6E/nWN+M=
Subject key identifier:   E7:94:CE:95:C7:2E:D9:50:6F:AF:78:A1:DF:68:9A:45:66:CE:B0:7F
Certificate issuer:       /CN=A916A505/serialNumber=84477A3CF003ABBCBC854E3F40C87CBCF2A158DF
Certificate serial:       050F
Authority key identifier: 84:47:7A:3C:F0:03:AB:BC:BC:85:4E:3F:40:C8:7C:BC:F2:A1:58:DF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hEd6PPADq7y8hU4_QMh8vPKhWN8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/6608D04620E911EC891FA162C4F9AE02.roa
Signing time:             Thu 31 Jul 2025 00:05:19 +0000
ROA not before:           Thu 31 Jul 2025 00:05:19 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     138502
IP address blocks:        103.131.42.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/hEd6PPADq7y8hU4_QMh8vPKhWN8.crl
                          rsync://rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/hEd6PPADq7y8hU4_QMh8vPKhWN8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hEd6PPADq7y8hU4_QMh8vPKhWN8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1295 (0x50f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916A505, serialNumber=84477A3CF003ABBCBC854E3F40C87CBCF2A158DF
        Validity
            Not Before: Jul 31 00:05:19 2025 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=688ab33f-0b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:93:c5:b5:1e:43:03:db:c6:80:d1:02:12:56:
                    07:28:26:ff:5d:31:db:d8:df:cd:f3:18:00:fb:f6:
                    29:15:2f:e4:52:5b:b3:47:d4:0c:93:f7:fe:6a:66:
                    e5:c0:c1:c7:92:9e:2d:7d:a9:5b:d6:fb:8a:38:18:
                    42:d3:26:12:64:f4:07:cc:f2:5c:66:db:ac:9b:b0:
                    c9:b4:3b:f7:b5:4a:f1:be:55:b9:94:04:62:eb:db:
                    e9:c8:11:8a:1a:89:6a:04:27:5c:7a:2a:9f:01:d9:
                    3c:81:6e:f1:bf:a8:a2:b6:ec:fe:18:1f:0d:cd:9b:
                    a6:01:25:15:f2:ba:50:06:75:c0:3c:04:85:18:e8:
                    15:a3:45:10:f6:51:6c:03:2d:d5:01:4a:d0:94:0f:
                    5d:29:07:42:9e:59:f3:db:27:a8:ed:ec:6c:57:52:
                    99:17:64:0f:5f:b6:49:94:fb:c4:31:58:d6:a3:5d:
                    3f:12:21:a1:03:1e:c0:93:56:17:07:ce:25:4b:78:
                    f5:50:55:9b:0d:4e:b5:62:c6:2f:24:69:4c:35:a7:
                    6f:3c:bb:e1:8f:05:f2:ac:10:c6:f4:ab:3a:08:be:
                    da:15:c0:ad:66:08:90:80:9f:37:90:b5:3e:fc:3c:
                    ab:28:aa:31:35:be:70:42:5b:5f:98:11:25:f9:f0:
                    d1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:94:CE:95:C7:2E:D9:50:6F:AF:78:A1:DF:68:9A:45:66:CE:B0:7F
            X509v3 Authority Key Identifier:
                keyid:84:47:7A:3C:F0:03:AB:BC:BC:85:4E:3F:40:C8:7C:BC:F2:A1:58:DF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/hEd6PPADq7y8hU4_QMh8vPKhWN8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hEd6PPADq7y8hU4_QMh8vPKhWN8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916A505/4A89D56220E511EC9022DD59C4F9AE02/6608D04620E911EC891FA162C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.131.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:0a:68:99:57:91:12:9e:1a:b2:fd:46:9f:09:58:7e:be:a6:
         72:5d:3e:48:ab:90:6c:b0:0a:a2:68:da:9e:55:0d:63:70:49:
         3b:f2:f4:de:fa:ca:c0:87:cd:09:82:0e:9f:cc:7d:4c:c0:a3:
         3c:9c:c2:82:34:a3:d9:a3:80:7f:0e:04:cf:44:83:31:8a:c2:
         61:cd:1e:d9:8d:7a:27:20:2d:d7:5e:b1:c4:f0:bc:ec:f5:65:
         17:47:d2:fa:47:d1:81:2a:83:73:c1:8c:da:87:d0:6b:84:13:
         bd:d0:b3:57:b5:81:b3:2d:0e:de:09:1b:f0:a6:34:d9:11:dd:
         71:81:b3:ca:45:17:c8:94:6d:bd:ca:1a:92:10:df:ec:fc:2d:
         72:30:06:de:28:40:9b:81:4a:c2:9e:4e:ce:86:40:ae:5f:93:
         f3:62:78:ed:b2:a2:42:52:2a:ee:06:9f:8c:51:36:d2:0e:2d:
         29:63:8a:24:a5:64:79:24:bd:f5:17:15:c0:20:51:91:0f:62:
         46:9e:ed:24:66:c5:bc:4c:d0:55:b6:b7:3d:c7:2b:66:74:a9:
         9f:40:80:60:91:74:c5:fc:71:b0:da:a4:0d:0f:0a:ba:40:fc:
         5a:f9:a5:73:31:b6:0e:e0:22:b5:cc:4b:3a:a9:ef:58:a2:ff:
         4c:cd:72:a7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBQ8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkE1MDUxMTAvBgNVBAUTKDg0NDc3QTNDRjAwM0FCQkNCQzg1NEUzRjQwQzg3Q0JD
RjJBMTU4REYwHhcNMjUwNzMxMDAwNTE5WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhhYjMzZi0wYjRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3JPFtR5DA9vGgNECElYHKCb/XTHb2N/N8xgA+/YpFS/kUluzR9QMk/f+ambl
wMHHkp4tfalb1vuKOBhC0yYSZPQHzPJcZtusm7DJtDv3tUrxvlW5lARi69vpyBGK
GolqBCdceiqfAdk8gW7xv6iituz+GB8NzZumASUV8rpQBnXAPASFGOgVo0UQ9lFs
Ay3VAUrQlA9dKQdCnlnz2yeo7exsV1KZF2QPX7ZJlPvEMVjWo10/EiGhAx7Ak1YX
B84lS3j1UFWbDU61YsYvJGlMNadvPLvhjwXyrBDG9Ks6CL7aFcCtZgiQgJ83kLU+
/DyrKKoxNb5wQltfmBEl+fDR9wIDAQABo4IClTCCApEwHQYDVR0OBBYEFOeUzpXH
LtlQb694od9omkVmzrB/MB8GA1UdIwQYMBaAFIRHejzwA6u8vIVOP0DIfLzyoVjf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QTUwNS80QTg5RDU2MjIw
RTUxMUVDOTAyMkRENTlDNEY5QUUwMi9oRWQ2UFBBRHE3eThoVTRfUU1oOHZQS2hX
TjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hFZDZQUEFEcTd5OGhVNF9RTWg4dlBLaFdOOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkE1MDUvNEE4OUQ1NjIyMEU1MTFFQzkwMjJERDU5QzRGOUFFMDIvNjYwOEQwNDYy
MEU5MTFFQzg5MUZBMTYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFngyowDQYJKoZIhvcNAQELBQADggEBAEMKaJlXkRKeGrL9
Rp8JWH6+pnJdPkirkGywCqJo2p5VDWNwSTvy9N76ysCHzQmCDp/MfUzAozycwoI0
o9mjgH8OBM9EgzGKwmHNHtmNeicgLddescTwvOz1ZRdH0vpH0YEqg3PBjNqH0GuE
E73Qs1e1gbMtDt4JG/CmNNkR3XGBs8pFF8iUbb3KGpIQ3+z8LXIwBt4oQJuBSsKe
Ts6GQK5fk/NieO2yokJSKu4Gn4xRNtIOLSljiiSlZHkkvfUXFcAgUZEPYkae7SRm
xbxM0FW2tz3HK2Z0qZ9AgGCRdMX8cbDapA0PCrpA/Fr5pXMxtg7gIrXMSzqp71ii
/0zNcqc=
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:05:43 2025 by rpki-client