Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/2EE29686B57211EEBB68526DC4F9AE02.roa
File:                     2EE29686B57211EEBB68526DC4F9AE02.roa (raw, json)
Hash identifier:          vg+Qd/KA7R0vIJYJoP3cohpMu4uCLOfH2JrCgBVFs5Q=
Subject key identifier:   43:EA:21:82:4D:6C:D8:76:2D:C9:27:23:90:35:6B:91:7D:C6:0D:81
Certificate issuer:       /CN=A9197277/serialNumber=7AE9D5AC5B3D06725951C1DDA544EFD2B8EF6EEB
Certificate serial:       0124
Authority key identifier: 7A:E9:D5:AC:5B:3D:06:72:59:51:C1:DD:A5:44:EF:D2:B8:EF:6E:EB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eunVrFs9BnJZUcHdpUTv0rjvbus.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/2EE29686B57211EEBB68526DC4F9AE02.roa
Signing time:             Fri 01 Aug 2025 06:13:00 +0000
ROA not before:           Fri 01 Aug 2025 06:13:00 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     6461
IP address blocks:        103.139.130.0/23 maxlen: 23
                          2001:df0:7c80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/eunVrFs9BnJZUcHdpUTv0rjvbus.crl
                          rsync://rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/eunVrFs9BnJZUcHdpUTv0rjvbus.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eunVrFs9BnJZUcHdpUTv0rjvbus.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 292 (0x124)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9197277, serialNumber=7AE9D5AC5B3D06725951C1DDA544EFD2B8EF6EEB
        Validity
            Not Before: Aug  1 06:13:00 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=688c5aec-75a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1f:e2:9e:ee:61:e0:33:fd:e9:47:4f:80:63:
                    08:75:27:3b:5c:43:64:1b:4a:37:e2:b5:de:9b:07:
                    3b:44:b5:ce:3a:69:a3:18:1a:d0:79:0b:fc:2e:f7:
                    c7:11:5a:87:09:3a:bf:2c:d2:24:e5:cc:86:2d:52:
                    de:b2:b9:ab:41:6b:12:c2:ac:00:61:9e:b2:ed:e8:
                    a0:eb:14:48:d1:09:10:35:d2:07:93:b1:ad:91:72:
                    20:f5:5a:cf:4a:17:68:e3:8e:69:fb:03:55:c6:cd:
                    8d:e5:32:22:ac:15:95:6e:42:36:ed:8e:f0:5c:e3:
                    f9:2e:0d:90:b5:97:d8:44:cd:bc:71:2d:38:41:81:
                    03:99:46:c8:20:e8:29:d4:8b:e7:a2:09:6b:34:97:
                    f7:e6:49:10:e7:a6:6b:b1:d5:52:8d:f6:09:18:c5:
                    8e:47:eb:e5:c7:6e:8b:29:84:6e:61:02:81:c4:f3:
                    7d:4c:fa:63:82:f7:f6:4f:a4:cc:5e:ce:6d:f8:12:
                    fe:77:08:20:b6:d6:54:32:f3:8f:0e:2b:79:52:62:
                    8e:15:60:1d:dc:72:80:b3:4d:68:69:61:a1:e4:90:
                    e9:55:9f:54:53:e4:6c:b4:8b:3f:40:5b:33:a8:7a:
                    8e:3b:2c:73:9a:58:70:24:30:bc:82:a0:cf:55:0d:
                    6b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:EA:21:82:4D:6C:D8:76:2D:C9:27:23:90:35:6B:91:7D:C6:0D:81
            X509v3 Authority Key Identifier:
                keyid:7A:E9:D5:AC:5B:3D:06:72:59:51:C1:DD:A5:44:EF:D2:B8:EF:6E:EB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/eunVrFs9BnJZUcHdpUTv0rjvbus.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eunVrFs9BnJZUcHdpUTv0rjvbus.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9197277/4CE0EB36B56011EE911C5D4FC4F9AE02/2EE29686B57211EEBB68526DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.130.0/23
                IPv6:
                  2001:df0:7c80::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:55:ec:28:28:1a:c1:13:83:c4:a8:d4:f6:33:67:0a:bf:35:
         30:de:04:63:eb:92:e1:00:78:81:22:d3:97:0f:32:f0:a5:73:
         fd:09:d2:3c:3e:b7:f1:f5:3d:4f:7e:a8:61:db:7b:60:0e:5c:
         63:a5:ae:df:fd:a5:b2:72:3c:07:e0:8e:dd:71:86:37:2e:ab:
         70:cb:35:91:39:d3:4e:e6:52:de:e3:5e:cb:e4:07:1e:93:ff:
         95:8b:aa:b0:a1:d5:2d:22:b2:97:60:4b:5b:76:62:4a:ce:b7:
         55:87:17:96:02:62:07:bf:d2:57:92:91:e2:01:17:54:0c:5a:
         50:d2:eb:79:48:08:82:49:50:ce:31:7f:d1:a5:be:41:1c:da:
         38:b8:0b:cb:64:e8:73:d9:bd:c4:28:61:18:cc:53:79:3d:dc:
         5f:4d:5b:45:22:c8:de:c9:62:b0:7d:fa:2c:44:5a:dd:9e:12:
         2e:87:46:6a:f2:85:fd:4e:73:5a:8d:c6:75:1c:e1:88:ec:92:
         05:cc:5d:3a:79:90:a3:d6:72:01:ad:bf:6b:5d:2c:90:96:a1:
         fa:d5:21:d4:19:48:60:e9:ac:4b:1a:f5:20:3f:2c:7f:e6:f4:
         db:35:97:3f:4c:99:96:37:cd:88:f6:57:a9:21:89:a8:eb:3b:
         b0:d2:76:cd
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTcyNzcxMTAvBgNVBAUTKDdBRTlENUFDNUIzRDA2NzI1OTUxQzFEREE1NDRFRkQy
QjhFRjZFRUIwHhcNMjUwODAxMDYxMzAwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhjNWFlYy03NWEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxh/inu5h4DP96UdPgGMIdSc7XENkG0o34rXemwc7RLXOOmmjGBrQeQv8LvfH
EVqHCTq/LNIk5cyGLVLesrmrQWsSwqwAYZ6y7eig6xRI0QkQNdIHk7GtkXIg9VrP
Shdo445p+wNVxs2N5TIirBWVbkI27Y7wXOP5Lg2QtZfYRM28cS04QYEDmUbIIOgp
1IvnoglrNJf35kkQ56ZrsdVSjfYJGMWOR+vlx26LKYRuYQKBxPN9TPpjgvf2T6TM
Xs5t+BL+dwggttZUMvOPDit5UmKOFWAd3HKAs01oaWGh5JDpVZ9UU+RstIs/QFsz
qHqOOyxzmlhwJDC8gqDPVQ1rLwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFEPqIYJN
bNh2LcknI5A1a5F9xg2BMB8GA1UdIwQYMBaAFHrp1axbPQZyWVHB3aVE79K4727r
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NzI3Ny80Q0UwRUIzNkI1
NjAxMUVFOTExQzVENEZDNEY5QUUwMi9ldW5WckZzOUJuSlpVY0hkcFVUdjByanZi
dXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V1blZyRnM5Qm5KWlVjSGRwVVR2MHJqdmJ1cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTcyNzcvNENFMEVCMzZCNTYwMTFFRTkxMUM1RDRGQzRGOUFFMDIvMkVFMjk2ODZC
NTcyMTFFRUJCNjg1MjZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFni4IwDwQCAAIwCQMHACABDfB8gDANBgkqhkiG9w0BAQsF
AAOCAQEAv1XsKCgawRODxKjU9jNnCr81MN4EY+uS4QB4gSLTlw8y8KVz/QnSPD63
8fU9T36oYdt7YA5cY6Wu3/2lsnI8B+CO3XGGNy6rcMs1kTnTTuZS3uNey+QHHpP/
lYuqsKHVLSKyl2BLW3ZiSs63VYcXlgJiB7/SV5KR4gEXVAxaUNLreUgIgklQzjF/
0aW+QRzaOLgLy2Toc9m9xChhGMxTeT3cX01bRSLI3slisH36LERa3Z4SLodGavKF
/U5zWo3GdRzhiOySBcxdOnmQo9ZyAa2/a10skJah+tUh1BlIYOmsSxr1ID8sf+b0
2zWXP0yZljfNiPZXqSGJqOs7sNJ2zQ==
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:23:54 2025 by rpki-client