Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/CE9A4D70D6EA11ED8F0C322EC4F9AE02.roa
File:                     CE9A4D70D6EA11ED8F0C322EC4F9AE02.roa (raw, json)
Hash identifier:          d/kODO73Q/KifMio6xDH+g4+aS9A4hPWbQYW6hwYowo=
Subject key identifier:   0D:BD:C5:AB:4F:76:BC:1D:F8:17:4F:54:DD:1E:01:95:30:52:90:53
Certificate issuer:       /CN=A912905D/serialNumber=2041A548216FF014894B79CC9FD77311BC7CA317
Certificate serial:       01D4
Authority key identifier: 20:41:A5:48:21:6F:F0:14:89:4B:79:CC:9F:D7:73:11:BC:7C:A3:17
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IEGlSCFv8BSJS3nMn9dzEbx8oxc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/CE9A4D70D6EA11ED8F0C322EC4F9AE02.roa
Signing time:             Sun 13 Jul 2025 05:53:13 +0000
ROA not before:           Sun 13 Jul 2025 05:53:13 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     141421
IP address blocks:        103.84.56.0/24 maxlen: 24
                          103.84.57.0/24 maxlen: 24
                          2400:dce0::/48 maxlen: 48
                          2400:dce0:1::/48 maxlen: 48
                          2400:dce0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/IEGlSCFv8BSJS3nMn9dzEbx8oxc.crl
                          rsync://rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/IEGlSCFv8BSJS3nMn9dzEbx8oxc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IEGlSCFv8BSJS3nMn9dzEbx8oxc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 02:58:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 468 (0x1d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912905D, serialNumber=2041A548216FF014894B79CC9FD77311BC7CA317
        Validity
            Not Before: Jul 13 05:53:13 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=687349c9-3652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:79:7d:a9:9b:05:a7:76:cb:68:0a:63:84:67:
                    10:90:c5:fe:f8:2f:e7:01:d0:c9:bd:fc:8a:22:52:
                    8f:e1:6c:43:8a:56:1b:d7:b8:02:53:07:fd:86:b0:
                    0f:83:f1:5f:a5:ef:d9:44:ba:98:bc:5c:a8:7a:1f:
                    f2:0c:41:ba:0d:7a:97:b3:fc:57:26:33:06:b9:43:
                    25:c0:ae:2e:fb:08:da:47:b6:e1:31:c1:5f:50:51:
                    2c:ba:a4:8d:5b:63:d9:34:7b:ee:aa:58:3a:79:ca:
                    a2:68:9b:2a:d3:67:82:7d:d5:d3:9a:fb:9e:f1:ae:
                    ca:4a:b3:68:73:dc:4d:96:0b:a5:3e:6b:13:3a:a2:
                    98:6d:32:11:be:b4:0d:68:f3:18:f5:03:a9:88:ef:
                    f8:e6:50:6f:54:ff:09:a5:9c:9f:15:80:37:77:8f:
                    17:a5:bd:4b:8e:71:ea:4b:86:e3:c4:e0:c3:39:28:
                    af:7a:37:75:73:29:19:5e:12:52:a1:0c:b0:41:39:
                    9b:cb:42:48:a6:89:48:4b:05:d3:b8:7b:84:a2:5d:
                    ef:9d:d5:1f:e6:d8:bf:f0:f0:2c:8e:4d:76:4c:41:
                    2c:e8:79:b5:e7:29:99:1d:e3:86:ea:b7:4b:48:ec:
                    d1:bf:99:f0:c6:35:8e:51:6f:c5:7b:44:6f:fa:23:
                    0e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:BD:C5:AB:4F:76:BC:1D:F8:17:4F:54:DD:1E:01:95:30:52:90:53
            X509v3 Authority Key Identifier:
                keyid:20:41:A5:48:21:6F:F0:14:89:4B:79:CC:9F:D7:73:11:BC:7C:A3:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/IEGlSCFv8BSJS3nMn9dzEbx8oxc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IEGlSCFv8BSJS3nMn9dzEbx8oxc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912905D/34BF9908AC3D11EDBD4D135EC4F9AE02/CE9A4D70D6EA11ED8F0C322EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.84.56.0/23
                IPv6:
                  2400:dce0::-2400:dce0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         84:e1:1a:08:4d:93:15:51:3c:b4:74:9a:97:17:b2:b6:8d:be:
         73:1c:c6:ee:1e:5d:d0:94:3c:aa:63:da:bf:b7:9e:bd:90:5e:
         ed:51:d5:89:50:fb:47:86:16:b0:ff:6f:89:74:0f:95:68:d9:
         e4:f6:86:2c:f3:76:96:dc:ce:14:37:c3:fc:08:40:d4:c6:aa:
         92:1e:4f:15:1f:af:20:15:cd:6f:23:e3:53:e4:0c:a0:d7:fb:
         3b:ff:49:c5:ee:3a:67:16:70:9a:6e:47:de:45:82:7b:a4:22:
         c3:bb:9a:46:ed:c6:70:1d:36:cd:aa:d3:5b:f8:47:97:33:bb:
         5e:ac:be:85:d8:0b:2f:ef:87:a0:64:96:4b:1e:f1:3c:8d:ca:
         06:5c:9d:48:4b:db:a1:c8:91:c2:4b:c5:9f:45:ee:91:3c:65:
         ea:3f:3c:0f:52:87:26:68:a1:98:08:48:35:13:8b:7c:36:0a:
         04:6f:66:dd:0b:03:5e:2b:d0:7a:9f:b1:6a:68:96:20:60:8f:
         a6:ba:8e:a4:8a:09:65:e1:35:4a:bc:6c:e8:77:01:c5:a1:93:
         1b:33:06:b6:27:eb:71:ad:7d:0d:15:14:b0:cb:59:32:cd:1e:
         44:28:e3:e8:1a:71:da:51:55:d3:23:02:e9:72:a2:eb:a0:e7:
         cb:35:09:da
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICAdQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjkwNUQxMTAvBgNVBAUTKDIwNDFBNTQ4MjE2RkYwMTQ4OTRCNzlDQzlGRDc3MzEx
QkM3Q0EzMTcwHhcNMjUwNzEzMDU1MzEzWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODczNDljOS0zNjUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm3l9qZsFp3bLaApjhGcQkMX++C/nAdDJvfyKIlKP4WxDilYb17gCUwf9hrAP
g/Ffpe/ZRLqYvFyoeh/yDEG6DXqXs/xXJjMGuUMlwK4u+wjaR7bhMcFfUFEsuqSN
W2PZNHvuqlg6ecqiaJsq02eCfdXTmvue8a7KSrNoc9xNlgulPmsTOqKYbTIRvrQN
aPMY9QOpiO/45lBvVP8JpZyfFYA3d48Xpb1LjnHqS4bjxODDOSivejd1cykZXhJS
oQywQTmby0JIpolISwXTuHuEol3vndUf5ti/8PAsjk12TEEs6Hm15ymZHeOG6rdL
SOzRv5nwxjWOUW/Fe0Rv+iMOQQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFA29xatP
drwd+BdPVN0eAZUwUpBTMB8GA1UdIwQYMBaAFCBBpUghb/AUiUt5zJ/XcxG8fKMX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyOTA1RC8zNEJGOTkwOEFD
M0QxMUVEQkQ0RDEzNUVDNEY5QUUwMi9JRUdsU0NGdjhCU0pTM25NbjlkekVieDhv
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lFR2xTQ0Z2OEJTSlMzbk1uOWR6RWJ4OG94Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjkwNUQvMzRCRjk5MDhBQzNEMTFFREJENEQxMzVFQzRGOUFFMDIvQ0U5QTRENzBE
NkVBMTFFRDhGMEMzMjJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMAwEAgABMAYDBAFnVDgwGAQCAAIwEjAQAwUFJADc4AMHACQA3OAAAjANBgkq
hkiG9w0BAQsFAAOCAQEAhOEaCE2TFVE8tHSalxeyto2+cxzG7h5d0JQ8qmPav7ee
vZBe7VHViVD7R4YWsP9viXQPlWjZ5PaGLPN2ltzOFDfD/AhA1Maqkh5PFR+vIBXN
byPjU+QMoNf7O/9Jxe46ZxZwmm5H3kWCe6Qiw7uaRu3GcB02zarTW/hHlzO7Xqy+
hdgLL++HoGSWSx7xPI3KBlydSEvbociRwkvFn0XukTxl6j88D1KHJmihmAhINROL
fDYKBG9m3QsDXivQep+xamiWIGCPprqOpIoJZeE1Srxs6HcBxaGTGzMGtifrca19
DRUUsMtZMs0eRCjj6Bpx2lFV0yMC6XKi66DnyzUJ2g==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:12:46 2025 by rpki-client