Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/F959A9A0F11011EB8E63FC73C4F9AE02.roa
File:                     F959A9A0F11011EB8E63FC73C4F9AE02.roa (raw, json)
Hash identifier:          bD5fDxaaGSUwPwbrYDQw/+LS1pV4Lc6xbyyKLC5ox2c=
Subject key identifier:   E6:8E:80:33:BE:5D:0D:83:AA:CA:C7:C8:54:78:3C:A3:13:02:78:56
Certificate issuer:       /CN=A91AEA8C/serialNumber=870B9CD2E41DAB05BD5527C9150E948959716696
Certificate serial:       1D51
Authority key identifier: 87:0B:9C:D2:E4:1D:AB:05:BD:55:27:C9:15:0E:94:89:59:71:66:96
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/F959A9A0F11011EB8E63FC73C4F9AE02.roa
Signing time:             Thu 31 Jul 2025 16:24:27 +0000
ROA not before:           Thu 31 Jul 2025 16:24:27 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     133384
IP address blocks:        45.125.4.0/22 maxlen: 22
                          45.125.4.0/24 maxlen: 24
                          45.125.5.0/24 maxlen: 24
                          45.125.6.0/24 maxlen: 24
                          45.125.7.0/24 maxlen: 24
                          103.25.240.0/22 maxlen: 22
                          103.25.240.0/24 maxlen: 24
                          103.25.241.0/24 maxlen: 24
                          103.25.242.0/24 maxlen: 24
                          103.25.243.0/24 maxlen: 24
                          103.231.92.0/22 maxlen: 22
                          103.231.92.0/24 maxlen: 24
                          103.231.93.0/24 maxlen: 24
                          103.231.94.0/24 maxlen: 24
                          103.231.95.0/24 maxlen: 24
                          2001:df0:9200::/48 maxlen: 48
                          2407:6ec0::/32 maxlen: 32
                          2407:6ec0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.crl
                          rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7505 (0x1d51)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AEA8C, serialNumber=870B9CD2E41DAB05BD5527C9150E948959716696
        Validity
            Not Before: Jul 31 16:24:27 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=688b98bb-4ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5c:8e:bf:2e:9b:0b:9e:8c:2f:31:80:71:5b:
                    16:08:ef:ca:e0:ed:39:bb:4f:4c:9b:d4:32:b0:de:
                    87:fc:91:be:97:48:2d:34:be:c1:34:ec:5d:09:32:
                    eb:22:7f:38:fd:ec:dd:1a:76:59:9c:d5:69:f7:d5:
                    b8:aa:b6:f9:f9:61:1c:fb:59:48:80:ca:ff:8c:51:
                    31:cc:39:e1:17:18:e0:25:0d:ac:fb:46:b0:74:39:
                    d3:d0:52:21:ee:6d:29:bc:0e:e0:67:6e:6e:9a:ac:
                    b9:f4:ff:6b:23:2a:36:99:9b:b2:26:05:40:2b:b4:
                    f9:80:85:7b:60:4e:dc:26:1f:3c:c2:e4:d5:8b:47:
                    4e:27:bd:c4:28:37:a5:de:9c:75:a2:7c:90:38:5b:
                    68:5e:79:88:2f:80:4a:95:14:27:9a:b8:5c:8a:6e:
                    cb:0f:bb:f1:70:e4:94:97:96:c8:fe:32:43:26:f4:
                    2a:7d:93:88:4a:f6:e4:a3:f7:b5:f1:ed:7a:a8:a3:
                    ef:a1:b6:2d:59:ba:4c:ad:eb:08:76:db:dd:7c:aa:
                    c5:b0:17:be:09:df:57:44:d0:90:0d:5c:0b:ca:16:
                    eb:a3:13:27:26:92:98:8c:9c:06:55:7e:1a:fd:41:
                    b6:71:82:41:97:a3:14:89:a1:b3:56:8b:2e:da:c9:
                    b8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8E:80:33:BE:5D:0D:83:AA:CA:C7:C8:54:78:3C:A3:13:02:78:56
            X509v3 Authority Key Identifier:
                keyid:87:0B:9C:D2:E4:1D:AB:05:BD:55:27:C9:15:0E:94:89:59:71:66:96

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/F959A9A0F11011EB8E63FC73C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.125.4.0/22
                  103.25.240.0/22
                  103.231.92.0/22
                IPv6:
                  2001:df0:9200::/48
                  2407:6ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:69:c1:c0:54:ac:53:7c:0e:2b:98:62:45:c0:83:d5:64:1c:
         9f:49:ce:f3:6c:02:8d:07:8c:a9:57:2b:76:92:66:50:d0:d3:
         8d:1c:11:50:a0:bd:62:78:9c:0b:9c:ba:81:55:ce:57:77:0b:
         16:ae:d2:a6:e8:33:09:f1:d1:88:f2:42:b9:cd:3b:d6:60:ba:
         9b:54:ee:0d:63:09:d1:8c:03:35:82:e0:63:cb:6f:16:92:eb:
         33:df:67:a4:53:e4:06:0e:a5:25:c9:a0:be:98:19:3a:2e:42:
         cb:b7:12:d8:e4:02:fa:09:a0:dd:87:60:d5:78:aa:f1:bb:51:
         10:43:40:49:e2:9f:b5:43:bd:bb:fb:13:97:38:38:5b:ac:e3:
         4d:1e:e6:dd:82:39:ad:ca:e5:26:ff:17:c7:3f:c4:3b:49:b0:
         0f:62:21:62:d9:ec:f5:94:23:27:89:57:6a:4f:0c:5e:40:55:
         98:13:0b:12:a7:f1:bb:48:b4:2a:2e:8a:16:c3:1f:29:c6:b9:
         b7:ea:be:c4:bd:1c:ed:3d:03:bc:29:15:e6:7d:26:1f:3b:cf:
         fc:a5:c8:3e:cd:68:8c:63:c6:c9:c3:0a:a3:71:63:6a:df:f7:
         c2:a5:f3:4a:00:48:0d:6d:13:57:62:86:a8:b6:15:ec:9c:ea:
         18:3e:20:a5
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICHVEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUVBOEMxMTAvBgNVBAUTKDg3MEI5Q0QyRTQxREFCMDVCRDU1MjdDOTE1MEU5NDg5
NTk3MTY2OTYwHhcNMjUwNzMxMTYyNDI3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhiOThiYi00YmEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxVyOvy6bC56MLzGAcVsWCO/K4O05u09Mm9QysN6H/JG+l0gtNL7BNOxdCTLr
In84/ezdGnZZnNVp99W4qrb5+WEc+1lIgMr/jFExzDnhFxjgJQ2s+0awdDnT0FIh
7m0pvA7gZ25umqy59P9rIyo2mZuyJgVAK7T5gIV7YE7cJh88wuTVi0dOJ73EKDel
3px1onyQOFtoXnmIL4BKlRQnmrhcim7LD7vxcOSUl5bI/jJDJvQqfZOISvbko/e1
8e16qKPvobYtWbpMresIdtvdfKrFsBe+Cd9XRNCQDVwLyhbroxMnJpKYjJwGVX4a
/UG2cYJBl6MUiaGzVosu2sm4ZwIDAQABo4ICuTCCArUwHQYDVR0OBBYEFOaOgDO+
XQ2DqsrHyFR4PKMTAnhWMB8GA1UdIwQYMBaAFIcLnNLkHasFvVUnyRUOlIlZcWaW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRUE4Qy9GMjdCOUNERUJC
ODYxMUU2OEZGNTBDNTdDNEY5QUUwMi9od3VjMHVRZHF3VzlWU2ZKRlE2VWlWbHha
cFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h3dWMwdVFkcXdXOVZTZkpGUTZVaVZseFpwWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUVBOEMvRjI3QjlDREVCQjg2MTFFNjhGRjUwQzU3QzRGOUFFMDIvRjk1OUE5QTBG
MTEwMTFFQjhFNjNGQzczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMBgEAgABMBIDBAItfQQDBAJnGfADBAJn51wwFgQCAAIwEAMHACABDfCSAAMF
ACQHbsAwDQYJKoZIhvcNAQELBQADggEBAAxpwcBUrFN8DiuYYkXAg9VkHJ9JzvNs
Ao0HjKlXK3aSZlDQ040cEVCgvWJ4nAucuoFVzld3Cxau0qboMwnx0YjyQrnNO9Zg
uptU7g1jCdGMAzWC4GPLbxaS6zPfZ6RT5AYOpSXJoL6YGTouQsu3EtjkAvoJoN2H
YNV4qvG7URBDQEnin7VDvbv7E5c4OFus400e5t2COa3K5Sb/F8c/xDtJsA9iIWLZ
7PWUIyeJV2pPDF5AVZgTCxKn8btItCouihbDHynGubfqvsS9HO09A7wpFeZ9Jh87
z/ylyD7NaIxjxsnDCqNxY2rf98Kl80oASA1tE1dihqi2Feyc6hg+IKU=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:49:21 2025 by rpki-client