Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/3C35A3F86B7B11F083D73127C4F9AE02.roa
File:                     3C35A3F86B7B11F083D73127C4F9AE02.roa (raw, json)
Hash identifier:          9qNy5zVh8UXs98buBEPxj4R5vBqOAXtHLxU85YpvOEQ=
Subject key identifier:   8E:36:C0:01:44:79:8E:F7:EC:4C:A6:BB:D3:5D:09:53:22:D9:A7:32
Certificate issuer:       /CN=A91A4402/serialNumber=B4116A8E6DA991FDCF71626E7BEA11FF69CBA846
Certificate serial:       0C26
Authority key identifier: B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/3C35A3F86B7B11F083D73127C4F9AE02.roa
Signing time:             Mon 28 Jul 2025 06:22:28 +0000
ROA not before:           Mon 28 Jul 2025 06:22:28 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     15412
IP address blocks:        45.124.60.0/22 maxlen: 22
                          103.7.208.0/22 maxlen: 22
                          103.8.84.0/24 maxlen: 24
                          103.8.85.0/24 maxlen: 24
                          103.8.86.0/24 maxlen: 24
                          103.8.87.0/24 maxlen: 24
                          103.21.104.0/24 maxlen: 24
                          103.21.106.0/24 maxlen: 24
                          103.225.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/tBFqjm2pkf3PcWJue-oR_2nLqEY.crl
                          rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/tBFqjm2pkf3PcWJue-oR_2nLqEY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3110 (0xc26)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A4402, serialNumber=B4116A8E6DA991FDCF71626E7BEA11FF69CBA846
        Validity
            Not Before: Jul 28 06:22:28 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=68871724-a7cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:86:c7:1d:0d:82:00:8e:58:c1:cf:96:28:d3:
                    45:bc:52:4f:7c:dc:d9:d8:a4:c6:1e:5d:d8:e7:69:
                    09:47:ba:1e:f8:cb:00:85:14:ae:73:16:e3:e0:3a:
                    6b:46:49:e3:3c:f1:ad:1c:b7:de:33:ab:ef:3c:e6:
                    13:a3:de:29:7f:fe:82:a6:3e:c8:e7:54:b3:5d:30:
                    b0:45:47:82:15:38:51:ae:a7:7d:08:76:11:a6:9c:
                    05:35:63:f1:ed:fd:ad:8b:47:aa:f6:69:a7:55:66:
                    3e:5f:d3:85:69:9a:85:f9:60:6b:77:ee:7d:b9:6b:
                    f8:c0:07:71:22:ef:3b:b5:92:c8:01:4f:50:50:e5:
                    7e:1a:9c:e2:98:f4:fe:cf:ae:fe:af:cb:7b:19:8a:
                    4a:2e:ef:37:6e:50:19:6e:45:08:92:bb:65:39:bd:
                    7c:01:5d:c6:f9:63:df:92:00:7e:2b:5a:3c:75:2f:
                    28:9f:ee:9d:47:81:b2:ae:2a:cb:68:21:1c:ed:87:
                    04:87:37:a6:87:37:c8:01:3a:de:91:8b:4f:fb:19:
                    61:38:d7:37:cc:12:d2:d4:37:83:db:40:64:b1:af:
                    cb:75:8e:9e:7b:a7:65:ac:eb:7e:50:d5:b8:ce:c6:
                    d3:95:25:63:4c:86:84:76:0e:85:bd:ee:33:ed:dd:
                    96:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:36:C0:01:44:79:8E:F7:EC:4C:A6:BB:D3:5D:09:53:22:D9:A7:32
            X509v3 Authority Key Identifier:
                keyid:B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/tBFqjm2pkf3PcWJue-oR_2nLqEY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/3C35A3F86B7B11F083D73127C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.124.60.0/22
                  103.7.208.0/22
                  103.8.84.0/22
                  103.21.104.0/24
                  103.21.106.0/24
                  103.225.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:6a:a9:15:fe:ce:1b:b6:8e:10:c5:26:1a:29:08:43:40:94:
         90:bf:3d:5a:9e:34:c6:27:3e:6c:6a:5f:59:b6:5d:65:11:67:
         1b:ed:0b:95:e0:88:fb:7d:c0:4f:d2:76:d5:48:8a:f0:de:bf:
         5a:6d:2f:a2:4a:0e:fb:6c:a0:90:5b:0b:f1:dc:d9:ab:a3:43:
         f4:1d:68:47:df:e1:95:c1:0e:fd:0e:68:37:89:46:2e:88:5d:
         2b:58:23:56:aa:c1:d9:c4:ca:30:23:a4:93:0e:e4:b4:cf:83:
         19:ab:22:38:06:05:77:98:89:52:df:37:e0:21:51:71:f5:41:
         0d:3f:91:0d:d9:d2:eb:67:66:25:d3:9c:9f:bb:45:1b:48:85:
         e5:ac:05:2c:cb:d3:be:7c:b3:d8:2f:25:97:0e:a5:9b:46:d8:
         01:fe:18:e5:2c:75:b2:bb:7d:cb:63:28:21:d6:4e:ff:fd:bb:
         f1:01:fc:28:b1:b3:35:00:26:05:0b:c8:95:a8:ca:08:82:e8:
         2a:86:f0:bb:67:45:5f:9f:31:a9:ab:f5:03:61:e4:cc:82:74:
         1a:a2:16:ca:64:6c:ca:5c:2b:19:bc:64:e4:8c:be:4c:7b:4d:
         70:99:88:31:e2:1e:a2:25:f7:30:97:73:46:fe:f1:b1:90:35:
         60:d3:2c:37
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICDCYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTQ0MDIxMTAvBgNVBAUTKEI0MTE2QThFNkRBOTkxRkRDRjcxNjI2RTdCRUExMUZG
NjlDQkE4NDYwHhcNMjUwNzI4MDYyMjI4WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg3MTcyNC1hN2NmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0YbHHQ2CAI5Ywc+WKNNFvFJPfNzZ2KTGHl3Y52kJR7oe+MsAhRSucxbj4Dpr
RknjPPGtHLfeM6vvPOYTo94pf/6Cpj7I51SzXTCwRUeCFThRrqd9CHYRppwFNWPx
7f2ti0eq9mmnVWY+X9OFaZqF+WBrd+59uWv4wAdxIu87tZLIAU9QUOV+GpzimPT+
z67+r8t7GYpKLu83blAZbkUIkrtlOb18AV3G+WPfkgB+K1o8dS8on+6dR4GyrirL
aCEc7YcEhzemhzfIATrekYtP+xlhONc3zBLS1DeD20Bksa/LdY6ee6dlrOt+UNW4
zsbTlSVjTIaEdg6Fve4z7d2WRQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFI42wAFE
eY737Eymu9NdCVMi2acyMB8GA1UdIwQYMBaAFLQRao5tqZH9z3FibnvqEf9py6hG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNDQwMi9GREJGRDAyMDNE
OTYxMUVBOEVBMDcwMkZDNEY5QUUwMi90QkZxam0ycGtmM1BjV0p1ZS1vUl8ybkxx
RVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RCRnFqbTJwa2YzUGNXSnVlLW9SXzJuTHFFWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTQ0MDIvRkRCRkQwMjAzRDk2MTFFQThFQTA3MDJGQzRGOUFFMDIvM0MzNUEzRjg2
QjdCMTFGMDgzRDczMTI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAItfDwDBAJnB9ADBAJnCFQDBABnFWgDBABnFWoDBAJn4cAw
DQYJKoZIhvcNAQELBQADggEBADNqqRX+zhu2jhDFJhopCENAlJC/PVqeNMYnPmxq
X1m2XWURZxvtC5XgiPt9wE/SdtVIivDev1ptL6JKDvtsoJBbC/Hc2aujQ/QdaEff
4ZXBDv0OaDeJRi6IXStYI1aqwdnEyjAjpJMO5LTPgxmrIjgGBXeYiVLfN+AhUXH1
QQ0/kQ3Z0utnZiXTnJ+7RRtIheWsBSzL0758s9gvJZcOpZtG2AH+GOUsdbK7fctj
KCHWTv/9u/EB/CixszUAJgULyJWoygiC6CqG8LtnRV+fMamr9QNh5MyCdBqiFspk
bMpcKxm8ZOSMvkx7TXCZiDHiHqIl9zCXc0b+8bGQNWDTLDc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:47:37 2025 by rpki-client