Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/3CD61DC8812D11ED9C04940EC4F9AE02.roa
File:                     3CD61DC8812D11ED9C04940EC4F9AE02.roa (raw, json)
Hash identifier:          cOiY+eFyn2JhrTs/7WoKVeEfi4A0VW9I3AIS/bx3zYY=
Subject key identifier:   C7:E6:2C:A4:5F:C6:5B:D1:D2:09:6C:B5:AF:55:E6:CF:0D:A3:B8:E7
Certificate issuer:       /CN=A91B92DC/serialNumber=3ED226AE927F83981780546CE362F3369EDB24B3
Certificate serial:       01EF
Authority key identifier: 3E:D2:26:AE:92:7F:83:98:17:80:54:6C:E3:62:F3:36:9E:DB:24:B3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PtImrpJ_g5gXgFRs42LzNp7bJLM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/3CD61DC8812D11ED9C04940EC4F9AE02.roa
Signing time:             Tue 05 Aug 2025 03:11:16 +0000
ROA not before:           Tue 05 Aug 2025 03:11:16 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     150121
IP address blocks:        103.191.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/PtImrpJ_g5gXgFRs42LzNp7bJLM.crl
                          rsync://rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/PtImrpJ_g5gXgFRs42LzNp7bJLM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PtImrpJ_g5gXgFRs42LzNp7bJLM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 495 (0x1ef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B92DC, serialNumber=3ED226AE927F83981780546CE362F3369EDB24B3
        Validity
            Not Before: Aug  5 03:11:16 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68917654-b7d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:07:6d:ca:be:88:97:1a:ea:8b:a5:81:48:b5:
                    03:b6:32:ee:97:ae:36:00:ef:36:4e:98:58:46:2f:
                    5d:4e:3c:e1:1e:59:47:4f:4f:8a:05:47:40:02:de:
                    3b:0a:a8:3f:d5:8d:d1:56:dc:00:99:d6:bb:55:0b:
                    3b:9d:b9:3b:24:e4:46:ed:53:65:84:94:7a:3c:4d:
                    7b:47:a2:51:a6:f1:67:6d:9d:e6:94:94:67:68:e2:
                    82:c7:02:2b:61:4b:a0:d5:8a:10:2c:59:4d:0b:40:
                    05:62:b3:b4:f9:ab:1b:40:20:03:e7:65:3e:5b:63:
                    c8:69:1b:6c:7b:c7:42:7e:3e:28:22:81:5e:76:87:
                    17:55:43:a3:99:29:37:7c:27:7a:b2:b7:93:d3:92:
                    fc:c2:d7:af:eb:33:b4:e4:d1:a6:53:72:64:23:6b:
                    d6:a4:dd:6f:a1:dd:55:1f:31:64:e7:f6:ff:3b:86:
                    46:64:0b:6c:bb:73:7f:f0:e4:3b:d7:3f:9f:c0:16:
                    15:d6:4a:57:f7:18:19:b0:04:8e:31:16:02:5a:f1:
                    10:9b:08:6c:34:04:ae:53:01:a1:89:bf:e7:e3:9e:
                    44:24:25:67:74:67:e0:56:76:d6:42:51:5c:fe:ad:
                    7a:00:4e:14:5a:8d:9d:27:ac:39:f9:7a:31:a4:d8:
                    44:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E6:2C:A4:5F:C6:5B:D1:D2:09:6C:B5:AF:55:E6:CF:0D:A3:B8:E7
            X509v3 Authority Key Identifier:
                keyid:3E:D2:26:AE:92:7F:83:98:17:80:54:6C:E3:62:F3:36:9E:DB:24:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/PtImrpJ_g5gXgFRs42LzNp7bJLM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PtImrpJ_g5gXgFRs42LzNp7bJLM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B92DC/563287F6812911EDA5B15073C4F9AE02/3CD61DC8812D11ED9C04940EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.191.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:c6:7f:57:04:66:ae:85:81:ed:a4:5d:ac:83:71:af:25:84:
         01:0c:7f:8b:bf:ac:e3:64:5f:8d:66:c4:4e:f6:5e:47:8b:89:
         df:c8:0d:0f:cf:7b:77:43:ef:ac:dc:a5:e4:1b:ba:89:35:37:
         71:78:ef:81:5f:95:b1:ee:ca:d8:d3:ae:e2:86:a1:86:0c:04:
         e6:20:7a:a5:26:ca:2e:dc:44:bf:41:23:dd:4c:23:a7:8e:aa:
         78:cf:08:c9:09:e3:8d:c4:f8:91:29:79:3d:32:32:13:c4:65:
         af:da:15:cc:98:89:70:9f:64:8d:df:e7:64:86:73:f0:15:fa:
         b4:3e:bb:01:eb:66:0c:d5:d3:41:be:cd:00:cb:fd:bb:18:ab:
         10:3d:79:0a:0c:d8:80:ac:02:d0:c1:4d:17:d4:dc:77:62:e3:
         fb:3b:db:2f:df:25:8f:03:9b:b2:a5:4b:ba:2d:ba:95:70:51:
         0f:c4:13:d6:4b:7f:47:12:bf:72:b5:cd:1b:33:39:a7:44:62:
         e2:2f:39:5b:9b:6f:31:66:4a:54:dd:18:da:47:8d:29:5f:b1:
         95:d5:43:35:5f:41:2b:e6:ce:9e:54:97:5d:11:97:89:92:ef:
         42:66:56:03:7f:4d:4a:0a:cb:f8:a6:50:9c:09:32:12:72:5c:
         1a:98:51:ba
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAe8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjkyREMxMTAvBgNVBAUTKDNFRDIyNkFFOTI3RjgzOTgxNzgwNTQ2Q0UzNjJGMzM2
OUVEQjI0QjMwHhcNMjUwODA1MDMxMTE2WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkxNzY1NC1iN2Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwAdtyr6Ilxrqi6WBSLUDtjLul642AO82TphYRi9dTjzhHllHT0+KBUdAAt47
Cqg/1Y3RVtwAmda7VQs7nbk7JORG7VNlhJR6PE17R6JRpvFnbZ3mlJRnaOKCxwIr
YUug1YoQLFlNC0AFYrO0+asbQCAD52U+W2PIaRtse8dCfj4oIoFedocXVUOjmSk3
fCd6sreT05L8wtev6zO05NGmU3JkI2vWpN1vod1VHzFk5/b/O4ZGZAtsu3N/8OQ7
1z+fwBYV1kpX9xgZsASOMRYCWvEQmwhsNASuUwGhib/n455EJCVndGfgVnbWQlFc
/q16AE4UWo2dJ6w5+XoxpNhElQIDAQABo4IClTCCApEwHQYDVR0OBBYEFMfmLKRf
xlvR0glsta9V5s8No7jnMB8GA1UdIwQYMBaAFD7SJq6Sf4OYF4BUbONi8zae2ySz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOTJEQy81NjMyODdGNjgx
MjkxMUVEQTVCMTUwNzNDNEY5QUUwMi9QdEltcnBKX2c1Z1hnRlJzNDJMek5wN2JK
TE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1B0SW1ycEpfZzVnWGdGUnM0Mkx6TnA3YkpMTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjkyREMvNTYzMjg3RjY4MTI5MTFFREE1QjE1MDczQzRGOUFFMDIvM0NENjFEQzg4
MTJEMTFFRDlDMDQ5NDBFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnv0QwDQYJKoZIhvcNAQELBQADggEBAMDGf1cEZq6Fge2k
XayDca8lhAEMf4u/rONkX41mxE72XkeLid/IDQ/Pe3dD76zcpeQbuok1N3F474Ff
lbHuytjTruKGoYYMBOYgeqUmyi7cRL9BI91MI6eOqnjPCMkJ443E+JEpeT0yMhPE
Za/aFcyYiXCfZI3f52SGc/AV+rQ+uwHrZgzV00G+zQDL/bsYqxA9eQoM2ICsAtDB
TRfU3Hdi4/s72y/fJY8Dm7KlS7otupVwUQ/EE9ZLf0cSv3K1zRszOadEYuIvOVub
bzFmSlTdGNpHjSlfsZXVQzVfQSvmzp5Ul10Rl4mS70JmVgN/TUoKy/imUJwJMhJy
XBqYUbo=
-----END CERTIFICATE-----
Generated at Mon Aug 11 08:45:57 2025 by rpki-client