Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/ED31BA0AFBAE11ED977DEA10C4F9AE02.roa
File:                     ED31BA0AFBAE11ED977DEA10C4F9AE02.roa (raw, json)
Hash identifier:          g1uCchBmIBLD1E0+vKSufURkU4LgiCkDHjxG4EF465I=
Subject key identifier:   DA:A1:7C:38:9D:85:BE:FE:75:02:B7:67:F1:14:5A:BB:D8:60:A2:23
Certificate issuer:       /CN=A91B1F27/serialNumber=9C2DD1827062DB892E38465A10AFE4916835C027
Certificate serial:       019E
Authority key identifier: 9C:2D:D1:82:70:62:DB:89:2E:38:46:5A:10:AF:E4:91:68:35:C0:27
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nC3RgnBi24kuOEZaEK_kkWg1wCc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/ED31BA0AFBAE11ED977DEA10C4F9AE02.roa
Signing time:             Fri 01 Aug 2025 04:41:50 +0000
ROA not before:           Fri 01 Aug 2025 04:41:50 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     151356
IP address blocks:        103.209.173.0/24 maxlen: 24
                          2001:df2:8040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/nC3RgnBi24kuOEZaEK_kkWg1wCc.crl
                          rsync://rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/nC3RgnBi24kuOEZaEK_kkWg1wCc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nC3RgnBi24kuOEZaEK_kkWg1wCc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 414 (0x19e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B1F27, serialNumber=9C2DD1827062DB892E38465A10AFE4916835C027
        Validity
            Not Before: Aug  1 04:41:50 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=688c458e-f3c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:af:36:94:27:4a:d0:e4:2b:85:5b:0a:2a:5f:
                    92:4b:12:56:2f:51:2f:19:a7:96:74:fc:e3:e4:0a:
                    59:ea:04:d7:c8:b7:8e:d5:81:84:e2:a4:c7:e2:ee:
                    35:54:be:f5:25:b4:76:ba:5d:bb:8c:01:c9:b2:5f:
                    bc:4c:16:24:c0:e0:d0:de:e4:f5:99:f8:21:6c:0f:
                    d0:26:fa:8a:ba:bc:cf:40:33:e9:a7:01:34:a5:40:
                    ba:2e:64:72:3f:fc:76:e2:6d:17:1a:bb:d9:96:6d:
                    c9:4d:98:70:9a:df:08:7f:e1:9e:c3:19:e0:ec:bd:
                    4a:07:d9:37:ec:15:24:29:5f:be:03:5d:fb:af:a0:
                    13:d7:cd:33:c9:16:37:9e:41:3f:64:6d:39:d7:e7:
                    6f:a8:31:e9:b3:d6:39:18:75:c5:15:41:97:52:4a:
                    a7:5c:ac:9e:3f:22:14:23:b4:11:e2:56:18:81:1c:
                    7e:3d:ea:ba:96:94:59:38:2c:7e:93:97:66:0d:27:
                    03:1a:9a:3f:02:c8:f6:e9:8f:e2:3e:0b:2f:39:7f:
                    33:17:54:1c:47:44:45:a9:36:7e:b5:92:52:bc:1b:
                    21:57:cf:0b:0e:6d:47:c4:a3:34:ed:09:4a:a5:4c:
                    b1:08:29:7c:a0:54:cc:35:16:3d:70:61:5a:12:f6:
                    d2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A1:7C:38:9D:85:BE:FE:75:02:B7:67:F1:14:5A:BB:D8:60:A2:23
            X509v3 Authority Key Identifier:
                keyid:9C:2D:D1:82:70:62:DB:89:2E:38:46:5A:10:AF:E4:91:68:35:C0:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/nC3RgnBi24kuOEZaEK_kkWg1wCc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nC3RgnBi24kuOEZaEK_kkWg1wCc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B1F27/F77C109AFBA511ED88D0C96DC4F9AE02/ED31BA0AFBAE11ED977DEA10C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.209.173.0/24
                IPv6:
                  2001:df2:8040::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:da:97:6b:20:ef:7f:5e:34:b8:45:e1:89:44:d8:16:fd:57:
         e7:49:a4:f7:fc:b0:55:ef:ca:44:8e:0b:1c:be:d8:be:5c:68:
         4e:97:d8:6e:90:9e:32:78:56:5c:93:e4:de:60:af:0c:81:4c:
         5a:e4:f2:b4:eb:30:3c:3b:9b:1a:95:73:4f:29:2c:71:7c:fd:
         55:e0:04:99:10:18:02:35:6d:f5:bd:b1:62:dd:79:4e:c6:6a:
         a7:b7:25:3b:85:da:81:bd:0d:42:12:4b:57:61:96:c4:2e:ca:
         cf:1e:7e:f6:e9:f4:e4:f7:7a:cd:fd:1a:db:86:ae:0a:00:e6:
         8e:6f:c6:42:df:6f:7b:a6:2b:ad:c0:49:6e:1a:88:4d:9a:89:
         e1:c5:78:48:12:5b:2d:e9:10:4a:7d:be:f2:5c:0d:5c:bf:28:
         2d:54:59:41:61:da:65:97:9d:c8:9b:fb:96:53:91:b0:b9:4e:
         dc:23:36:85:1d:df:70:58:a5:fe:6b:4c:7a:52:bc:49:1b:1d:
         d0:a1:d6:f3:49:09:d7:5d:3b:44:48:d9:45:d6:19:15:d8:8e:
         67:5a:ff:27:7f:dc:56:75:89:d0:13:90:8d:83:d5:ac:3c:85:
         f5:0e:15:3e:24:35:3c:c4:75:07:bd:0e:c4:39:3e:6b:96:d6:
         5e:6c:f6:62
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAZ4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjFGMjcxMTAvBgNVBAUTKDlDMkREMTgyNzA2MkRCODkyRTM4NDY1QTEwQUZFNDkx
NjgzNUMwMjcwHhcNMjUwODAxMDQ0MTUwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhjNDU4ZS1mM2MxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwq82lCdK0OQrhVsKKl+SSxJWL1EvGaeWdPzj5ApZ6gTXyLeO1YGE4qTH4u41
VL71JbR2ul27jAHJsl+8TBYkwODQ3uT1mfghbA/QJvqKurzPQDPppwE0pUC6LmRy
P/x24m0XGrvZlm3JTZhwmt8If+Gewxng7L1KB9k37BUkKV++A137r6AT180zyRY3
nkE/ZG051+dvqDHps9Y5GHXFFUGXUkqnXKyePyIUI7QR4lYYgRx+Peq6lpRZOCx+
k5dmDScDGpo/Asj26Y/iPgsvOX8zF1QcR0RFqTZ+tZJSvBshV88LDm1HxKM07QlK
pUyxCCl8oFTMNRY9cGFaEvbSdQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNqhfDid
hb7+dQK3Z/EUWrvYYKIjMB8GA1UdIwQYMBaAFJwt0YJwYtuJLjhGWhCv5JFoNcAn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMUYyNy9GNzdDMTA5QUZC
QTUxMUVEODhEMEM5NkRDNEY5QUUwMi9uQzNSZ25CaTI0a3VPRVphRUtfa2tXZzF3
Q2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25DM1JnbkJpMjRrdU9FWmFFS19ra1dnMXdDYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjFGMjcvRjc3QzEwOUFGQkE1MTFFRDg4RDBDOTZEQzRGOUFFMDIvRUQzMUJBMEFG
QkFFMTFFRDk3N0RFQTEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABn0a0wDwQCAAIwCQMHACABDfKAQDANBgkqhkiG9w0BAQsF
AAOCAQEAWdqXayDvf140uEXhiUTYFv1X50mk9/ywVe/KRI4LHL7YvlxoTpfYbpCe
MnhWXJPk3mCvDIFMWuTytOswPDubGpVzTykscXz9VeAEmRAYAjVt9b2xYt15TsZq
p7clO4Xagb0NQhJLV2GWxC7Kzx5+9un05Pd6zf0a24auCgDmjm/GQt9ve6YrrcBJ
bhqITZqJ4cV4SBJbLekQSn2+8lwNXL8oLVRZQWHaZZedyJv7llORsLlO3CM2hR3f
cFil/mtMelK8SRsd0KHW80kJ1107REjZRdYZFdiOZ1r/J3/cVnWJ0BOQjYPVrDyF
9Q4VPiQ1PMR1B70OxDk+a5bWXmz2Yg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:52:54 2025 by rpki-client