Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/12D352766D2911F0B26CB33BC4F9AE02.roa
File:                     12D352766D2911F0B26CB33BC4F9AE02.roa (raw, json)
Hash identifier:          d+PNEJYkgwfN/EWh9YAvK3NrsnGHrIa0Ji1QGqGUhS8=
Subject key identifier:   B6:6D:0C:4C:CB:0C:DD:43:BA:3D:17:D2:35:A5:DA:64:25:F4:6B:44
Certificate issuer:       /CN=A91EB6AC/serialNumber=CB52054E3D7768EA16B6B0A894C773A27DEA921A
Certificate serial:       0C16
Authority key identifier: CB:52:05:4E:3D:77:68:EA:16:B6:B0:A8:94:C7:73:A2:7D:EA:92:1A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y1IFTj13aOoWtrColMdzon3qkho.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/12D352766D2911F0B26CB33BC4F9AE02.roa
Signing time:             Wed 30 Jul 2025 09:39:23 +0000
ROA not before:           Wed 30 Jul 2025 09:39:23 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     134971
IP address blocks:        103.252.224.0/22 maxlen: 24
                          123.253.220.0/22 maxlen: 23
                          123.253.220.0/23 maxlen: 24
                          123.253.222.0/24 maxlen: 24
                          2401:7940::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/y1IFTj13aOoWtrColMdzon3qkho.crl
                          rsync://rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/y1IFTj13aOoWtrColMdzon3qkho.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y1IFTj13aOoWtrColMdzon3qkho.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3094 (0xc16)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB6AC, serialNumber=CB52054E3D7768EA16B6B0A894C773A27DEA921A
        Validity
            Not Before: Jul 30 09:39:23 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=6889e84a-9050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d2:2e:1a:66:35:6f:69:aa:2b:f3:8b:c8:da:
                    35:f0:45:cf:c3:e3:08:51:a4:94:1c:70:63:99:7a:
                    12:13:9a:b0:67:5c:71:3b:25:e9:67:7d:15:1d:e6:
                    00:7a:62:28:2e:21:c4:9c:2a:65:1a:1e:23:84:f5:
                    1e:ef:5c:f2:e5:95:8b:e6:4f:2f:c0:41:3e:a6:97:
                    c7:eb:c2:65:30:35:d5:af:cb:65:20:a8:d8:c7:f7:
                    7e:d9:ed:87:85:6a:b3:8c:4b:32:ce:39:35:be:d1:
                    51:50:b5:ea:4e:e2:23:24:3f:c0:f1:88:87:ee:5b:
                    cb:f9:80:0c:46:de:5c:b4:d6:f1:14:8c:ef:06:95:
                    fc:6c:74:9f:74:b3:d5:28:c1:89:ca:0e:e6:52:99:
                    bb:3b:89:3a:b3:50:b6:b2:0c:4e:92:c5:45:7e:c8:
                    4b:fe:68:df:09:9f:9b:cd:5e:77:70:89:47:3b:e1:
                    d7:90:db:a3:f6:99:4a:cf:cb:b1:cb:9e:ff:3d:fa:
                    37:81:f4:fa:eb:b2:89:3a:1f:17:ca:74:14:44:f8:
                    da:f9:b7:ef:c7:8d:03:db:4e:d7:51:6c:52:bc:d0:
                    a3:48:7e:c1:35:6b:37:b0:69:d6:a1:04:49:1b:d3:
                    d9:3e:0e:2b:88:2c:fe:b8:82:31:b8:72:e8:8b:be:
                    3b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6D:0C:4C:CB:0C:DD:43:BA:3D:17:D2:35:A5:DA:64:25:F4:6B:44
            X509v3 Authority Key Identifier:
                keyid:CB:52:05:4E:3D:77:68:EA:16:B6:B0:A8:94:C7:73:A2:7D:EA:92:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/y1IFTj13aOoWtrColMdzon3qkho.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y1IFTj13aOoWtrColMdzon3qkho.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB6AC/D7E98A6E15D011EA93CA0E19C4F9AE02/12D352766D2911F0B26CB33BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.252.224.0/22
                  123.253.220.0/22
                IPv6:
                  2401:7940::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:d3:23:1f:af:3f:dd:87:c8:58:9f:3b:0b:c3:d1:20:61:87:
         cf:58:f3:b5:db:93:8b:59:72:d4:e8:78:76:06:61:25:5a:5c:
         ee:a4:cb:ac:c6:bd:92:1e:84:2c:d1:33:e5:aa:fb:f7:b8:83:
         69:ef:84:95:be:52:8a:9a:e2:de:c9:7e:c5:bf:07:5a:fc:6e:
         b1:f2:58:9c:86:50:f3:a5:a9:bf:6c:12:6a:14:a7:c4:a2:09:
         d4:62:e6:c1:d2:56:17:c8:95:dd:ee:14:b6:f6:18:06:5c:28:
         c5:b6:8f:8a:ed:3e:5a:65:aa:c9:3d:01:34:fd:f6:dd:87:19:
         64:03:94:0a:a2:e5:75:ad:0c:e9:1f:58:a4:ed:18:04:00:39:
         f2:41:b1:d5:c8:14:da:3c:2f:a7:c0:9e:c6:31:fa:2a:d4:9d:
         9c:63:06:b3:58:d4:d6:4c:da:41:ef:eb:d7:b0:9c:fe:78:ab:
         cb:8f:aa:22:9b:8b:5c:92:0a:4d:f2:73:09:b6:22:91:71:81:
         92:9b:18:f8:31:9c:e1:be:a5:eb:e2:5e:8f:dd:48:80:dd:50:
         17:3c:cc:bf:a2:4b:97:c0:f6:9f:d7:1f:6d:c5:5a:89:f9:1d:
         53:a8:0f:18:ad:98:fe:7f:52:16:fc:60:b4:72:ae:fd:bf:91:
         f8:8e:ca:57
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICDBYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUI2QUMxMTAvBgNVBAUTKENCNTIwNTRFM0Q3NzY4RUExNkI2QjBBODk0Qzc3M0Ey
N0RFQTkyMUEwHhcNMjUwNzMwMDkzOTIzWhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg5ZTg0YS05MDUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwtIuGmY1b2mqK/OLyNo18EXPw+MIUaSUHHBjmXoSE5qwZ1xxOyXpZ30VHeYA
emIoLiHEnCplGh4jhPUe71zy5ZWL5k8vwEE+ppfH68JlMDXVr8tlIKjYx/d+2e2H
hWqzjEsyzjk1vtFRULXqTuIjJD/A8YiH7lvL+YAMRt5ctNbxFIzvBpX8bHSfdLPV
KMGJyg7mUpm7O4k6s1C2sgxOksVFfshL/mjfCZ+bzV53cIlHO+HXkNuj9plKz8ux
y57/Pfo3gfT667KJOh8XynQURPja+bfvx40D207XUWxSvNCjSH7BNWs3sGnWoQRJ
G9PZPg4riCz+uIIxuHLoi747XQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFLZtDEzL
DN1Duj0X0jWl2mQl9GtEMB8GA1UdIwQYMBaAFMtSBU49d2jqFrawqJTHc6J96pIa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjZBQy9EN0U5OEE2RTE1
RDAxMUVBOTNDQTBFMTlDNEY5QUUwMi95MUlGVGoxM2FPb1d0ckNvbE1kem9uM3Fr
aG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3kxSUZUajEzYU9vV3RyQ29sTWR6b24zcWtoby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUI2QUMvRDdFOThBNkUxNUQwMTFFQTkzQ0EwRTE5QzRGOUFFMDIvMTJEMzUyNzY2
RDI5MTFGMEIyNkNCMzNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJn/OADBAJ7/dwwDQQCAAIwBwMFACQBeUAwDQYJKoZIhvcN
AQELBQADggEBAHHTIx+vP92HyFifOwvD0SBhh89Y87Xbk4tZctToeHYGYSVaXO6k
y6zGvZIehCzRM+Wq+/e4g2nvhJW+Uoqa4t7JfsW/B1r8brHyWJyGUPOlqb9sEmoU
p8SiCdRi5sHSVhfIld3uFLb2GAZcKMW2j4rtPlplqsk9ATT99t2HGWQDlAqi5XWt
DOkfWKTtGAQAOfJBsdXIFNo8L6fAnsYx+irUnZxjBrNY1NZM2kHv69ewnP54q8uP
qiKbi1ySCk3ycwm2IpFxgZKbGPgxnOG+peviXo/dSIDdUBc8zL+iS5fA9p/XH23F
Won5HVOoDxitmP5/Uhb8YLRyrv2/kfiOylc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:48:21 2025 by rpki-client