Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/A3E3640816B711ECBD752D47C4F9AE02.roa
File:                     A3E3640816B711ECBD752D47C4F9AE02.roa (raw, json)
Hash identifier:          DQKnkPiyi5yFhInT8cazQ0WWqMZZ/NRSyMH4kCN4yVg=
Subject key identifier:   2A:5F:05:7F:11:D5:EB:31:18:15:E6:9D:2C:93:DA:3D:92:89:7E:FD
Certificate issuer:       /CN=A91D891D/serialNumber=41D268C5113EF3ED7B173B780E017ED3FE8555F7
Certificate serial:       0527
Authority key identifier: 41:D2:68:C5:11:3E:F3:ED:7B:17:3B:78:0E:01:7E:D3:FE:85:55:F7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QdJoxRE-8-17Fzt4DgF-0_6FVfc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/A3E3640816B711ECBD752D47C4F9AE02.roa
Signing time:             Sat 26 Jul 2025 22:01:46 +0000
ROA not before:           Sat 26 Jul 2025 22:01:46 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     63916
IP address blocks:        103.113.156.0/22 maxlen: 22
                          103.113.156.0/24 maxlen: 24
                          103.113.157.0/24 maxlen: 24
                          103.113.158.0/24 maxlen: 24
                          103.113.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/QdJoxRE-8-17Fzt4DgF-0_6FVfc.crl
                          rsync://rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/QdJoxRE-8-17Fzt4DgF-0_6FVfc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QdJoxRE-8-17Fzt4DgF-0_6FVfc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 21:48:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1319 (0x527)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D891D, serialNumber=41D268C5113EF3ED7B173B780E017ED3FE8555F7
        Validity
            Not Before: Jul 26 22:01:46 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=6885504a-bdee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:51:e0:f0:d2:d3:42:6c:22:47:64:dd:6a:2d:
                    36:ff:e5:15:7c:71:4d:5e:f2:5f:a4:10:28:b0:fd:
                    86:cb:43:97:f4:bd:54:4a:e5:02:a0:07:dd:5f:20:
                    e5:1d:11:12:f0:52:7e:27:b1:cc:dc:ed:12:65:5f:
                    1f:fc:f9:f0:30:08:5a:03:b2:a7:76:44:bd:18:03:
                    de:13:39:dd:a7:92:30:d1:aa:f9:ed:b5:e8:38:b0:
                    6b:cf:74:46:9d:41:e9:16:cf:ca:34:e9:65:8d:bb:
                    2d:6b:4e:18:67:6b:12:ff:80:3c:51:78:b8:89:88:
                    59:ac:14:21:54:47:45:45:45:2b:67:83:ed:40:e0:
                    c4:80:f8:60:05:7d:d5:c2:e0:89:05:bb:9d:e1:c1:
                    4a:0f:6f:9f:db:f4:f9:5c:58:e8:d9:c8:97:35:01:
                    9e:f0:ab:ea:f5:b9:e6:a0:f7:70:28:23:62:fc:ea:
                    b5:da:24:21:13:54:78:7c:08:8e:0e:c8:8b:98:56:
                    ec:b9:fc:ea:e4:00:91:9b:42:70:a9:f2:02:4a:bc:
                    25:a6:95:ac:90:18:87:df:36:1a:d0:a0:29:b8:f6:
                    c6:1d:98:44:94:3c:f2:d5:18:3f:66:5e:d5:47:0f:
                    cc:9d:87:db:4e:e7:3a:0f:6e:4f:fc:a5:d3:f6:b5:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5F:05:7F:11:D5:EB:31:18:15:E6:9D:2C:93:DA:3D:92:89:7E:FD
            X509v3 Authority Key Identifier:
                keyid:41:D2:68:C5:11:3E:F3:ED:7B:17:3B:78:0E:01:7E:D3:FE:85:55:F7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/QdJoxRE-8-17Fzt4DgF-0_6FVfc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QdJoxRE-8-17Fzt4DgF-0_6FVfc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D891D/381A8F2A1CC211EB82B57178C4F9AE02/A3E3640816B711ECBD752D47C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.113.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:59:b3:ec:aa:4e:dd:46:b7:7a:df:95:b7:5e:3d:24:65:d5:
         52:f0:fc:15:a9:c0:38:44:52:39:45:43:a5:dd:cd:e1:75:b5:
         04:95:2c:7a:6b:c7:49:26:10:2e:bf:12:48:1f:c0:0b:88:20:
         74:56:97:5e:f4:8e:8f:40:7a:2b:fd:be:ce:dd:c9:8a:cd:11:
         87:25:53:17:1c:a3:9c:18:10:df:b6:4b:aa:7a:87:35:40:f3:
         cd:c7:e6:de:07:6f:00:b2:b7:7a:fd:11:c2:65:4d:77:9d:5c:
         08:fe:00:77:42:ba:52:21:6d:4b:92:01:94:e7:36:05:6a:a4:
         52:ea:71:1a:a3:e9:0f:06:8e:aa:4c:33:a3:39:a5:69:12:c2:
         fb:ec:d1:7a:6e:42:c1:2f:a6:a3:b3:f1:c5:fe:ef:49:66:ae:
         99:3c:b9:79:b4:52:fc:e5:db:95:5f:21:fe:40:01:cb:dc:0d:
         b4:13:0d:56:c5:ec:3e:f0:21:9b:1f:bf:f6:f8:af:76:d2:bd:
         dc:4c:19:32:61:33:c6:e0:2a:6b:a3:f1:8b:72:f8:f6:7e:c7:
         24:29:e9:68:57:62:88:5c:51:ac:d1:f8:42:b6:40:cd:ee:c7:
         fb:95:ab:68:e7:ea:b0:ad:2b:4d:c5:c5:f9:97:47:37:73:62:
         98:80:15:51
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBScwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDg5MUQxMTAvBgNVBAUTKDQxRDI2OEM1MTEzRUYzRUQ3QjE3M0I3ODBFMDE3RUQz
RkU4NTU1RjcwHhcNMjUwNzI2MjIwMTQ2WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg1NTA0YS1iZGVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtVHg8NLTQmwiR2Tdai02/+UVfHFNXvJfpBAosP2Gy0OX9L1USuUCoAfdXyDl
HRES8FJ+J7HM3O0SZV8f/PnwMAhaA7KndkS9GAPeEzndp5Iw0ar57bXoOLBrz3RG
nUHpFs/KNOlljbsta04YZ2sS/4A8UXi4iYhZrBQhVEdFRUUrZ4PtQODEgPhgBX3V
wuCJBbud4cFKD2+f2/T5XFjo2ciXNQGe8Kvq9bnmoPdwKCNi/Oq12iQhE1R4fAiO
DsiLmFbsufzq5ACRm0JwqfICSrwlppWskBiH3zYa0KApuPbGHZhElDzy1Rg/Zl7V
Rw/MnYfbTuc6D25P/KXT9rVdEQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCpfBX8R
1esxGBXmnSyT2j2SiX79MB8GA1UdIwQYMBaAFEHSaMURPvPtexc7eA4BftP+hVX3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEODkxRC8zODFBOEYyQTFD
QzIxMUVCODJCNTcxNzhDNEY5QUUwMi9RZEpveFJFLTgtMTdGenQ0RGdGLTBfNkZW
ZmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FkSm94UkUtOC0xN0Z6dDREZ0YtMF82RlZmYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDg5MUQvMzgxQThGMkExQ0MyMTFFQjgyQjU3MTc4QzRGOUFFMDIvQTNFMzY0MDgx
NkI3MTFFQ0JENzUyRDQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJncZwwDQYJKoZIhvcNAQELBQADggEBAEJZs+yqTt1Gt3rf
lbdePSRl1VLw/BWpwDhEUjlFQ6XdzeF1tQSVLHprx0kmEC6/EkgfwAuIIHRWl170
jo9Aeiv9vs7dyYrNEYclUxcco5wYEN+2S6p6hzVA883H5t4HbwCyt3r9EcJlTXed
XAj+AHdCulIhbUuSAZTnNgVqpFLqcRqj6Q8GjqpMM6M5pWkSwvvs0XpuQsEvpqOz
8cX+70lmrpk8uXm0Uvzl25VfIf5AAcvcDbQTDVbF7D7wIZsfv/b4r3bSvdxMGTJh
M8bgKmuj8Yty+PZ+xyQp6WhXYohcUazR+EK2QM3ux/uVq2jn6rCtK03FxfmXRzdz
YpiAFVE=
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:12:54 2025 by rpki-client