Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/679156E4661411F0BA434131C4F9AE02.roa
File:                     679156E4661411F0BA434131C4F9AE02.roa (raw, json)
Hash identifier:          uh+b9q8Z5InYkMQd4BErQcQFRlkMx6jgiQb9AsG76v8=
Subject key identifier:   19:E3:19:2C:3D:63:EF:22:E1:51:09:E2:66:29:5F:B1:AC:5F:C9:20
Certificate issuer:       /CN=A911D75C/serialNumber=1A1A40AD93A4A4307ED7264D47D252CAF62DEFFD
Certificate serial:       0CED
Authority key identifier: 1A:1A:40:AD:93:A4:A4:30:7E:D7:26:4D:47:D2:52:CA:F6:2D:EF:FD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GhpArZOkpDB-1yZNR9JSyvYt7_0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/679156E4661411F0BA434131C4F9AE02.roa
Signing time:             Mon 21 Jul 2025 09:23:47 +0000
ROA not before:           Mon 21 Jul 2025 09:23:47 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     134371
IP address blocks:        103.62.140.0/22 maxlen: 24
                          202.136.88.0/22 maxlen: 24
                          2400:3dc0::/32 maxlen: 32
                          2400:3dc0::/36 maxlen: 36
                          2400:3dc0::/44 maxlen: 48
                          2400:3dc0:10::/44 maxlen: 48
                          2400:3dc0:2e::/48 maxlen: 48
                          2400:3dc0:2f::/48 maxlen: 48
                          2400:3dc0:3e::/48 maxlen: 48
                          2400:3dc0:3f::/48 maxlen: 48
                          2400:3dc0:40::/44 maxlen: 47
                          2400:3dc0:40::/48 maxlen: 48
                          2400:3dc0:43::/48 maxlen: 48
                          2400:3dc0:45::/48 maxlen: 48
                          2400:3dc0:46::/48 maxlen: 48
                          2400:3dc0:49::/48 maxlen: 48
                          2400:3dc0:4a::/47 maxlen: 48
                          2400:3dc0:4c::/48 maxlen: 48
                          2400:3dc0:50::/44 maxlen: 47
                          2400:3dc0:52::/48 maxlen: 48
                          2400:3dc0:56::/47 maxlen: 48
                          2400:3dc0:58::/48 maxlen: 48
                          2400:3dc0:5a::/47 maxlen: 48
                          2400:3dc0:5c::/48 maxlen: 48
                          2400:3dc0:5e::/48 maxlen: 48
                          2400:3dc0:60::/44 maxlen: 47
                          2400:3dc0:60::/47 maxlen: 48
                          2400:3dc0:62::/48 maxlen: 48
                          2400:3dc0:64::/48 maxlen: 48
                          2400:3dc0:68::/47 maxlen: 48
                          2400:3dc0:6a::/48 maxlen: 48
                          2400:3dc0:6c::/48 maxlen: 48
                          2400:3dc0:6e::/47 maxlen: 48
                          2400:3dc0:89::/48 maxlen: 48
                          2400:3dc0:100::/48 maxlen: 48
                          2400:3dc0:101::/48 maxlen: 48
                          2400:3dc0:140::/48 maxlen: 48
                          2400:3dc0:200::/48 maxlen: 48
                          2400:3dc0:201::/48 maxlen: 48
                          2400:3dc0:300::/48 maxlen: 48
                          2400:3dc0:400::/48 maxlen: 48
                          2400:3dc0:500::/48 maxlen: 48
                          2400:3dc0:600::/48 maxlen: 48
                          2400:3dc0:700::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/GhpArZOkpDB-1yZNR9JSyvYt7_0.crl
                          rsync://rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/GhpArZOkpDB-1yZNR9JSyvYt7_0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GhpArZOkpDB-1yZNR9JSyvYt7_0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 18:38:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3309 (0xced)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911D75C, serialNumber=1A1A40AD93A4A4307ED7264D47D252CAF62DEFFD
        Validity
            Not Before: Jul 21 09:23:47 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=687e0723-6831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d3:0e:a9:15:63:f0:3c:78:e7:8e:43:f2:5e:
                    5d:6b:a5:1b:39:f7:49:83:03:0e:db:d9:bf:aa:dc:
                    42:cd:0a:5c:86:11:f8:73:d2:cc:ec:e8:7a:a4:94:
                    86:57:b0:8d:d8:27:ca:b5:9e:c3:12:8b:7b:9a:ee:
                    95:2f:8b:2d:25:a2:c0:ec:37:53:ba:67:72:4f:46:
                    e5:0e:f5:3f:06:b0:64:ac:c3:65:56:38:be:54:b8:
                    c7:87:2c:b0:d2:df:00:2b:04:11:d2:b2:1f:45:f6:
                    37:31:11:05:1e:4f:b1:18:cb:87:b2:68:11:11:7a:
                    16:fe:18:17:3f:e0:4e:e5:35:29:74:cf:34:c6:17:
                    b9:9f:4f:4a:c3:0f:60:9d:4b:a3:8e:50:7d:29:da:
                    da:13:4f:94:95:9d:a2:94:c2:43:62:a4:e3:61:31:
                    b3:c2:4e:c5:71:3a:ec:31:e6:5c:61:19:da:b9:ef:
                    73:d8:b6:90:e3:46:b9:d0:29:ed:27:b1:37:36:93:
                    21:44:3b:e2:2e:49:9a:76:fd:51:ea:b3:23:2c:9b:
                    99:c8:fc:7e:9c:b9:a6:cc:5a:34:b3:80:89:c8:1b:
                    5e:11:e5:73:49:35:6b:66:af:69:09:f6:fa:1c:1e:
                    3f:4f:f2:1b:9d:2f:36:a9:b2:fb:54:a5:22:e5:90:
                    12:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E3:19:2C:3D:63:EF:22:E1:51:09:E2:66:29:5F:B1:AC:5F:C9:20
            X509v3 Authority Key Identifier:
                keyid:1A:1A:40:AD:93:A4:A4:30:7E:D7:26:4D:47:D2:52:CA:F6:2D:EF:FD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/GhpArZOkpDB-1yZNR9JSyvYt7_0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GhpArZOkpDB-1yZNR9JSyvYt7_0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D75C/2BC5FD4006C011EABC43B709C4F9AE02/679156E4661411F0BA434131C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.62.140.0/22
                  202.136.88.0/22
                IPv6:
                  2400:3dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:c9:4a:54:07:af:75:c2:ac:68:d3:e5:ae:e6:e4:bc:41:b8:
         d7:e1:50:3d:9d:9b:fd:4e:16:92:53:1c:c6:50:e9:d6:c0:af:
         d4:d1:72:04:b7:24:c1:0a:82:49:74:9a:ff:71:94:7e:99:18:
         38:71:f0:aa:a9:28:51:ad:7b:ae:91:1e:ab:8c:6c:95:43:09:
         84:1d:b5:e4:c8:f1:27:15:13:d0:c3:ea:b7:a6:c8:61:ad:94:
         ba:71:a5:ea:f4:5d:cc:b0:09:18:ba:98:a9:81:c2:42:19:1a:
         15:18:e4:85:e6:2c:41:1f:e2:6d:ba:d5:01:fa:ed:2d:db:8e:
         bd:4c:41:c5:e2:d0:d9:be:c4:93:78:da:65:37:84:2b:92:b0:
         ff:ec:58:db:42:99:2f:d4:75:69:89:5a:28:2f:9d:8f:e5:70:
         79:9f:03:c6:99:b4:59:7f:e6:f9:67:ff:2f:73:4b:c2:ef:fc:
         e0:36:5b:ff:cf:6a:e9:24:be:74:a0:90:8c:d2:6f:99:0c:d2:
         e4:14:d7:1d:06:48:44:f8:f7:06:56:bf:e2:5f:0a:14:12:c8:
         02:d3:4e:ae:90:f0:d9:cb:3b:f3:f9:ab:70:97:a8:cc:a7:1f:
         ff:af:a2:4a:7f:8a:4f:22:3d:f6:e3:95:27:42:25:90:f1:f7:
         61:1f:13:74
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICDO0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQ3NUMxMTAvBgNVBAUTKDFBMUE0MEFEOTNBNEE0MzA3RUQ3MjY0RDQ3RDI1MkNB
RjYyREVGRkQwHhcNMjUwNzIxMDkyMzQ3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODdlMDcyMy02ODMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqNMOqRVj8Dx4545D8l5da6UbOfdJgwMO29m/qtxCzQpchhH4c9LM7Oh6pJSG
V7CN2CfKtZ7DEot7mu6VL4stJaLA7DdTumdyT0blDvU/BrBkrMNlVji+VLjHhyyw
0t8AKwQR0rIfRfY3MREFHk+xGMuHsmgREXoW/hgXP+BO5TUpdM80xhe5n09Kww9g
nUujjlB9KdraE0+UlZ2ilMJDYqTjYTGzwk7FcTrsMeZcYRnaue9z2LaQ40a50Cnt
J7E3NpMhRDviLkmadv1R6rMjLJuZyPx+nLmmzFo0s4CJyBteEeVzSTVrZq9pCfb6
HB4/T/IbnS82qbL7VKUi5ZASmwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFBnjGSw9
Y+8i4VEJ4mYpX7GsX8kgMB8GA1UdIwQYMBaAFBoaQK2TpKQwftcmTUfSUsr2Le/9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDc1Qy8yQkM1RkQ0MDA2
QzAxMUVBQkM0M0I3MDlDNEY5QUUwMi9HaHBBclpPa3BEQi0xeVpOUjlKU3l2WXQ3
XzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0docEFyWk9rcERCLTF5Wk5SOUpTeXZZdDdfMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQ3NUMvMkJDNUZENDAwNkMwMTFFQUJDNDNCNzA5QzRGOUFFMDIvNjc5MTU2RTQ2
NjE0MTFGMEJBNDM0MTMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnPowDBALKiFgwDQQCAAIwBwMFACQAPcAwDQYJKoZIhvcN
AQELBQADggEBALzJSlQHr3XCrGjT5a7m5LxBuNfhUD2dm/1OFpJTHMZQ6dbAr9TR
cgS3JMEKgkl0mv9xlH6ZGDhx8KqpKFGte66RHquMbJVDCYQdteTI8ScVE9DD6rem
yGGtlLpxper0XcywCRi6mKmBwkIZGhUY5IXmLEEf4m261QH67S3bjr1MQcXi0Nm+
xJN42mU3hCuSsP/sWNtCmS/UdWmJWigvnY/lcHmfA8aZtFl/5vln/y9zS8Lv/OA2
W//PaukkvnSgkIzSb5kM0uQU1x0GSET49wZWv+JfChQSyALTTq6Q8NnLO/P5q3CX
qMynH/+vokp/ik8iPfbjlSdCJZDx92EfE3Q=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:34:42 2025 by rpki-client