Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/02DAC07852C611ED845AB22BC4F9AE02.roa
File:                     02DAC07852C611ED845AB22BC4F9AE02.roa (raw, json)
Hash identifier:          qvspaedVSxXhNT9OPfm4dmWtO2TlaRcmc3pC2Y/603Y=
Subject key identifier:   84:64:8C:59:D1:F2:DD:2F:33:53:2E:1A:38:55:2B:26:24:FB:99:88
Certificate issuer:       /CN=A91987D0/serialNumber=95DF7A8100D979536873AC0FF99F6E472852BA99
Certificate serial:       0725
Authority key identifier: 95:DF:7A:81:00:D9:79:53:68:73:AC:0F:F9:9F:6E:47:28:52:BA:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ld96gQDZeVNoc6wP-Z9uRyhSupk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/02DAC07852C611ED845AB22BC4F9AE02.roa
Signing time:             Wed 30 Jul 2025 09:30:02 +0000
ROA not before:           Wed 30 Jul 2025 09:30:02 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     141473
IP address blocks:        103.159.188.0/24 maxlen: 24
                          103.159.189.0/24 maxlen: 24
                          2406:d9c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/ld96gQDZeVNoc6wP-Z9uRyhSupk.crl
                          rsync://rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/ld96gQDZeVNoc6wP-Z9uRyhSupk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ld96gQDZeVNoc6wP-Z9uRyhSupk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1829 (0x725)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91987D0, serialNumber=95DF7A8100D979536873AC0FF99F6E472852BA99
        Validity
            Not Before: Jul 30 09:30:02 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=6889e619-c9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:15:a0:c8:46:bb:f9:9f:10:3b:c6:51:66:02:
                    4d:00:a2:72:db:d5:f5:cc:71:a0:d6:58:8f:47:cc:
                    ac:a9:fa:fe:44:e9:da:82:47:2c:64:de:cd:0b:d4:
                    16:eb:65:f9:d2:3f:c5:50:f9:08:e0:a0:ea:7c:30:
                    e9:bd:82:2a:c9:87:10:99:51:b6:5e:6c:7d:3f:85:
                    58:0b:6b:da:d3:41:25:65:1e:d6:12:a6:2b:ad:89:
                    ce:e0:4f:0f:bf:f4:c7:e6:9a:dc:2d:90:d3:83:f2:
                    96:0f:09:2b:2b:c9:9c:d5:61:fa:1d:0b:3c:70:91:
                    15:92:ec:cd:d4:3a:78:b3:bc:3e:09:15:32:54:1d:
                    55:8f:d1:f5:e2:8e:b1:68:1f:33:15:e3:ce:e4:71:
                    d1:a6:e5:e2:ce:d3:22:27:d2:f4:1b:00:08:1a:04:
                    f9:dc:76:6d:82:1b:94:7d:ea:bf:b1:d0:ef:80:67:
                    de:c6:2c:c5:92:61:28:17:fa:48:8c:62:1a:15:22:
                    23:de:86:d7:2d:eb:55:1f:fe:95:c3:be:23:39:79:
                    63:ef:56:b1:14:c6:7c:2d:61:0e:dd:47:38:0d:dd:
                    f6:01:cc:2c:30:d7:60:cb:e5:d0:1d:c9:03:91:39:
                    bc:51:33:96:af:ef:92:e6:f2:94:a6:ee:49:79:73:
                    c8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:64:8C:59:D1:F2:DD:2F:33:53:2E:1A:38:55:2B:26:24:FB:99:88
            X509v3 Authority Key Identifier:
                keyid:95:DF:7A:81:00:D9:79:53:68:73:AC:0F:F9:9F:6E:47:28:52:BA:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/ld96gQDZeVNoc6wP-Z9uRyhSupk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ld96gQDZeVNoc6wP-Z9uRyhSupk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91987D0/18EB075242BE11EBBC1FEC1FC4F9AE02/02DAC07852C611ED845AB22BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.159.188.0/23
                IPv6:
                  2406:d9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:8c:eb:7d:02:dd:d8:2b:f1:2b:14:d4:25:c8:6c:66:69:34:
         44:ce:09:20:38:f9:83:2f:68:f6:f1:03:1c:c5:6e:b3:3a:8b:
         f1:98:07:31:e7:b9:4b:2a:ab:59:3b:07:e5:00:e7:eb:26:14:
         a7:a4:48:dd:62:58:f5:1b:60:81:7a:9f:a7:f8:2b:cb:be:33:
         f4:6a:86:f3:6e:38:7d:8e:5d:40:9a:05:b2:86:d5:77:e0:5c:
         39:32:20:1f:ad:a9:cf:49:b8:ea:e8:1d:79:a1:b5:ca:dc:18:
         56:47:d9:2e:42:fb:64:36:c9:7c:cb:ec:f9:23:74:87:28:e4:
         3c:43:aa:89:cb:e5:b3:b1:20:df:43:69:93:16:64:7a:a2:6d:
         c1:4c:c7:b8:62:7a:95:32:ce:1d:a7:a7:ae:35:45:6e:b4:a4:
         92:34:eb:22:57:f9:3d:35:e6:01:20:cd:ff:4b:49:cd:df:b6:
         86:0e:d2:1e:86:a5:35:01:b3:5d:cf:cf:5e:2d:41:0a:46:d9:
         74:85:6f:9e:a3:92:38:83:70:38:bb:1f:ca:13:0c:d8:e7:32:
         cc:0f:62:26:b9:68:f6:95:8d:b4:43:42:88:eb:76:98:bf:e3:
         99:a2:51:7d:7a:f7:14:da:79:c8:55:c2:6c:ec:4a:b4:a7:41:
         2c:b3:23:1b
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICByUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTg3RDAxMTAvBgNVBAUTKDk1REY3QTgxMDBEOTc5NTM2ODczQUMwRkY5OUY2RTQ3
Mjg1MkJBOTkwHhcNMjUwNzMwMDkzMDAyWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg5ZTYxOS1jOWNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwRWgyEa7+Z8QO8ZRZgJNAKJy29X1zHGg1liPR8ysqfr+ROnagkcsZN7NC9QW
62X50j/FUPkI4KDqfDDpvYIqyYcQmVG2Xmx9P4VYC2va00ElZR7WEqYrrYnO4E8P
v/TH5prcLZDTg/KWDwkrK8mc1WH6HQs8cJEVkuzN1Dp4s7w+CRUyVB1Vj9H14o6x
aB8zFePO5HHRpuXiztMiJ9L0GwAIGgT53HZtghuUfeq/sdDvgGfexizFkmEoF/pI
jGIaFSIj3obXLetVH/6Vw74jOXlj71axFMZ8LWEO3Uc4Dd32AcwsMNdgy+XQHckD
kTm8UTOWr++S5vKUpu5JeXPI7wIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFIRkjFnR
8t0vM1MuGjhVKyYk+5mIMB8GA1UdIwQYMBaAFJXfeoEA2XlTaHOsD/mfbkcoUrqZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5ODdEMC8xOEVCMDc1MjQy
QkUxMUVCQkMxRkVDMUZDNEY5QUUwMi9sZDk2Z1FEWmVWTm9jNndQLVo5dVJ5aFN1
cGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xkOTZnUURaZVZOb2M2d1AtWjl1UnloU3Vway5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTg3RDAvMThFQjA3NTI0MkJFMTFFQkJDMUZFQzFGQzRGOUFFMDIvMDJEQUMwNzg1
MkM2MTFFRDg0NUFCMjJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnn7wwDQQCAAIwBwMFACQG2cAwDQYJKoZIhvcNAQELBQAD
ggEBALeM630C3dgr8SsU1CXIbGZpNETOCSA4+YMvaPbxAxzFbrM6i/GYBzHnuUsq
q1k7B+UA5+smFKekSN1iWPUbYIF6n6f4K8u+M/RqhvNuOH2OXUCaBbKG1XfgXDky
IB+tqc9JuOroHXmhtcrcGFZH2S5C+2Q2yXzL7PkjdIco5DxDqonL5bOxIN9DaZMW
ZHqibcFMx7hiepUyzh2np641RW60pJI06yJX+T015gEgzf9LSc3ftoYO0h6GpTUB
s13Pz14tQQpG2XSFb56jkjiDcDi7H8oTDNjnMswPYia5aPaVjbRDQojrdpi/45mi
UX169xTaechVwmzsSrSnQSyzIxs=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:51:41 2025 by rpki-client