Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/A3BE70CCD5AE11EE909D5C40C4F9AE02.roa
File:                     A3BE70CCD5AE11EE909D5C40C4F9AE02.roa (raw, json)
Hash identifier:          DCdzc1/cFwoy1fQS4+Xq6wnV0SacHN4E20l5F9bDJjA=
Subject key identifier:   6B:08:B5:E4:85:9C:16:9B:3E:D1:7B:7E:AA:5D:4C:B3:18:0C:7A:19
Certificate issuer:       /CN=A91E4F66/serialNumber=69C8198BDA3FD09053F42553D73EEA15121D241C
Certificate serial:       0B77
Authority key identifier: 69:C8:19:8B:DA:3F:D0:90:53:F4:25:53:D7:3E:EA:15:12:1D:24:1C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/acgZi9o_0JBT9CVT1z7qFRIdJBw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/A3BE70CCD5AE11EE909D5C40C4F9AE02.roa
Signing time:             Thu 31 Jul 2025 19:59:48 +0000
ROA not before:           Thu 31 Jul 2025 19:59:48 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     137884
IP address blocks:        103.116.116.0/23 maxlen: 23
                          103.116.116.0/24 maxlen: 24
                          103.116.117.0/24 maxlen: 24
                          103.116.118.0/24 maxlen: 24
                          2402:f940::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/acgZi9o_0JBT9CVT1z7qFRIdJBw.crl
                          rsync://rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/acgZi9o_0JBT9CVT1z7qFRIdJBw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/acgZi9o_0JBT9CVT1z7qFRIdJBw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2935 (0xb77)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4F66, serialNumber=69C8198BDA3FD09053F42553D73EEA15121D241C
        Validity
            Not Before: Jul 31 19:59:48 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=688bcb34-7da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fd:80:5b:dc:66:19:c2:7f:a3:36:65:48:df:
                    c4:d8:cd:68:42:d5:bd:04:c6:1e:6a:09:74:e6:67:
                    1b:2c:01:87:db:63:8d:9b:26:60:43:8c:57:1f:fa:
                    50:ab:94:9c:21:f3:98:db:b4:0f:cf:31:87:ac:8e:
                    8c:7f:d4:cf:49:36:15:76:98:95:da:84:f9:d6:50:
                    7d:0e:f5:a8:4c:9f:68:ea:83:a4:53:82:9c:cf:41:
                    99:34:76:1e:54:f3:c0:3a:c9:59:85:bf:be:53:79:
                    33:98:96:80:93:af:73:19:c3:d1:c1:86:80:f9:e2:
                    1f:b2:95:77:c6:a4:0e:c1:e9:11:1c:3a:36:fc:21:
                    e3:67:f9:d2:91:54:25:1e:88:6c:2e:1d:7a:0c:89:
                    88:55:d3:51:f0:cd:80:06:5e:bc:ba:0a:4f:9a:34:
                    bd:2c:db:5d:76:35:49:62:1f:78:dd:e1:83:95:f3:
                    b6:59:be:a5:8a:d2:8d:c4:9b:68:8a:f5:0f:5e:be:
                    b0:b9:9d:cb:4c:7e:87:40:76:45:95:50:e2:43:f2:
                    6c:85:63:32:85:b4:87:e4:d5:31:3a:fe:eb:7c:c0:
                    f8:d9:88:e7:a5:53:16:53:70:51:a3:8b:4b:80:44:
                    bc:41:3c:80:3c:19:04:b6:8c:6c:58:9a:87:1b:3f:
                    95:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:08:B5:E4:85:9C:16:9B:3E:D1:7B:7E:AA:5D:4C:B3:18:0C:7A:19
            X509v3 Authority Key Identifier:
                keyid:69:C8:19:8B:DA:3F:D0:90:53:F4:25:53:D7:3E:EA:15:12:1D:24:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/acgZi9o_0JBT9CVT1z7qFRIdJBw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/acgZi9o_0JBT9CVT1z7qFRIdJBw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4F66/E5F658AA368A11EAB5749272C4F9AE02/A3BE70CCD5AE11EE909D5C40C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.116.116.0-103.116.118.255
                IPv6:
                  2402:f940::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:ac:c8:1b:71:42:e8:2b:75:64:d6:87:1f:72:b9:ca:2e:d9:
         05:6b:fc:d6:17:46:de:2b:2b:5d:8d:64:65:1e:99:cd:bf:09:
         c4:6f:36:68:d5:00:d7:d2:a2:4b:25:68:32:d9:ca:7e:f4:d1:
         68:ac:2c:78:7d:b9:b4:98:74:07:42:1d:c2:5b:04:59:5c:9f:
         c1:0a:d5:46:97:76:85:6f:bd:c1:09:8a:18:7c:9e:a6:ba:be:
         67:d9:a1:34:48:c4:a1:95:78:ed:6e:0a:f9:97:20:9c:12:82:
         21:08:e7:5e:b0:32:52:90:f4:27:99:3f:64:88:fe:75:83:4f:
         10:a8:ee:09:1e:99:88:dd:00:8b:b5:30:e5:6e:54:ac:10:3f:
         44:81:71:06:04:9a:0a:2e:77:ab:da:cc:f5:e3:39:cc:4a:1d:
         69:86:5b:08:35:ea:b9:cd:e0:fe:4c:ae:46:19:1c:71:d7:54:
         aa:ed:7c:2a:4a:c1:03:d9:b7:f4:e8:e9:33:0e:c8:a8:21:5e:
         5f:15:69:cc:df:0b:ba:6d:c6:07:be:91:03:cc:b0:87:c0:34:
         ff:3a:4c:c7:48:5c:9a:6a:36:52:04:0e:8a:27:3f:a0:9b:2c:
         6f:54:20:80:5e:b5:ee:3d:d7:df:4f:68:05:db:95:ec:8c:17:
         e6:b8:36:e1
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICC3cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRGNjYxMTAvBgNVBAUTKDY5QzgxOThCREEzRkQwOTA1M0Y0MjU1M0Q3M0VFQTE1
MTIxRDI0MUMwHhcNMjUwNzMxMTk1OTQ4WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhiY2IzNC03ZGE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4f2AW9xmGcJ/ozZlSN/E2M1oQtW9BMYeagl05mcbLAGH22ONmyZgQ4xXH/pQ
q5ScIfOY27QPzzGHrI6Mf9TPSTYVdpiV2oT51lB9DvWoTJ9o6oOkU4Kcz0GZNHYe
VPPAOslZhb++U3kzmJaAk69zGcPRwYaA+eIfspV3xqQOwekRHDo2/CHjZ/nSkVQl
HohsLh16DImIVdNR8M2ABl68ugpPmjS9LNtddjVJYh943eGDlfO2Wb6litKNxJto
ivUPXr6wuZ3LTH6HQHZFlVDiQ/JshWMyhbSH5NUxOv7rfMD42YjnpVMWU3BRo4tL
gES8QTyAPBkEtoxsWJqHGz+VhQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFGsIteSF
nBabPtF7fqpdTLMYDHoZMB8GA1UdIwQYMBaAFGnIGYvaP9CQU/QlU9c+6hUSHSQc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEY2Ni9FNUY2NThBQTM2
OEExMUVBQjU3NDkyNzJDNEY5QUUwMi9hY2daaTlvXzBKQlQ5Q1ZUMXo3cUZSSWRK
QncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FjZ1ppOW9fMEpCVDlDVlQxejdxRlJJZEpCdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRGNjYvRTVGNjU4QUEzNjhBMTFFQUI1NzQ5MjcyQzRGOUFFMDIvQTNCRTcwQ0NE
NUFFMTFFRTkwOUQ1QzQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBQEAgABMA4wDAMEAmd0dAMEAGd0djANBAIAAjAHAwUAJAL5QDANBgkqhkiG
9w0BAQsFAAOCAQEAT6zIG3FC6Ct1ZNaHH3K5yi7ZBWv81hdG3isrXY1kZR6Zzb8J
xG82aNUA19KiSyVoMtnKfvTRaKwseH25tJh0B0IdwlsEWVyfwQrVRpd2hW+9wQmK
GHyeprq+Z9mhNEjEoZV47W4K+ZcgnBKCIQjnXrAyUpD0J5k/ZIj+dYNPEKjuCR6Z
iN0Ai7Uw5W5UrBA/RIFxBgSaCi53q9rM9eM5zEodaYZbCDXquc3g/kyuRhkccddU
qu18KkrBA9m39OjpMw7IqCFeXxVpzN8Lum3GB76RA8ywh8A0/zpMx0hcmmo2UgQO
iic/oJssb1QggF617j3X309oBduV7IwX5rg24Q==
-----END CERTIFICATE-----
Generated at Mon Aug 11 09:02:51 2025 by rpki-client