Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/35C8F50C218A11EE959B7037C4F9AE02.roa
File:                     35C8F50C218A11EE959B7037C4F9AE02.roa (raw, json)
Hash identifier:          d9bjtW0ZUYjonxEE3MZfuZxfLKtEPtuzgQGXr7LUJRE=
Subject key identifier:   F0:A9:45:20:93:0F:56:C2:BD:1C:AB:FF:7B:8A:41:9C:F1:F4:76:A6
Certificate issuer:       /CN=A91295B6/serialNumber=160E00015D2B58153F3482E8DE947B5F4AD78718
Certificate serial:       017F
Authority key identifier: 16:0E:00:01:5D:2B:58:15:3F:34:82:E8:DE:94:7B:5F:4A:D7:87:18
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fg4AAV0rWBU_NILo3pR7X0rXhxg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/35C8F50C218A11EE959B7037C4F9AE02.roa
Signing time:             Thu 03 Jul 2025 04:08:27 +0000
ROA not before:           Thu 03 Jul 2025 04:08:27 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     151606
IP address blocks:        103.238.66.0/23 maxlen: 23
                          103.238.66.0/24 maxlen: 24
                          103.238.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/Fg4AAV0rWBU_NILo3pR7X0rXhxg.crl
                          rsync://rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/Fg4AAV0rWBU_NILo3pR7X0rXhxg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fg4AAV0rWBU_NILo3pR7X0rXhxg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 03:45:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 383 (0x17f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91295B6, serialNumber=160E00015D2B58153F3482E8DE947B5F4AD78718
        Validity
            Not Before: Jul  3 04:08:27 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6866023a-5e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:1b:e7:ac:23:ba:d2:cc:c6:58:e5:8a:ab:
                    de:eb:7e:96:d2:b3:a8:30:70:d8:35:63:a3:77:ab:
                    b8:eb:d9:b1:7e:a1:64:77:00:50:76:21:47:60:90:
                    81:b6:5a:90:5e:34:1f:5b:f5:2c:ea:e9:78:97:f9:
                    5f:dd:4e:ef:2c:1d:99:7c:9e:9c:7b:b3:e5:0d:a4:
                    a3:2c:65:d5:48:53:db:15:97:00:c3:86:33:15:77:
                    ab:68:ae:b1:f4:b3:00:aa:b0:b0:22:0a:cc:00:c9:
                    ba:f1:0e:28:ec:9f:43:3a:18:4d:7d:d1:96:ea:bd:
                    f7:5b:5f:24:61:a7:18:29:97:ec:40:8a:c5:b7:79:
                    0a:85:51:31:ed:8a:7f:cc:bb:2b:9a:27:2c:af:46:
                    7c:69:0f:fa:b0:a8:ad:23:e1:1e:ea:25:29:bb:23:
                    d4:0e:b9:be:a6:4b:f0:7a:32:d2:c0:f4:2a:c9:2c:
                    9f:8e:7f:b3:8d:01:34:bf:76:0f:d0:b5:fa:28:90:
                    ac:f8:0d:10:78:c3:bc:ac:64:90:82:7b:34:72:25:
                    8d:68:83:ea:82:25:e6:7c:30:a5:6d:3c:4f:16:0d:
                    3a:38:b9:5e:76:85:c3:ff:f1:db:a8:d6:97:11:42:
                    b9:7c:0a:8a:62:2b:32:2a:6c:74:b3:15:ba:d1:36:
                    57:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A9:45:20:93:0F:56:C2:BD:1C:AB:FF:7B:8A:41:9C:F1:F4:76:A6
            X509v3 Authority Key Identifier:
                keyid:16:0E:00:01:5D:2B:58:15:3F:34:82:E8:DE:94:7B:5F:4A:D7:87:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/Fg4AAV0rWBU_NILo3pR7X0rXhxg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fg4AAV0rWBU_NILo3pR7X0rXhxg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91295B6/F0730C88216911EEB56F2249C4F9AE02/35C8F50C218A11EE959B7037C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.238.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:38:2c:68:65:1c:a0:44:3b:97:f4:72:b0:a8:04:fc:5e:87:
         ce:a4:ab:bd:8f:a3:f7:ab:9f:21:93:81:25:d8:58:54:82:54:
         6c:f4:73:76:91:e7:f5:c8:e0:63:b1:d0:78:f6:e7:3e:b5:a3:
         68:a6:ab:fa:bd:d7:49:a8:50:30:c2:8f:21:e6:4f:70:55:bb:
         68:78:cd:60:50:39:82:d6:49:39:59:7c:b9:63:73:c6:84:43:
         47:39:68:1e:97:c0:62:95:63:da:1e:aa:07:fc:50:1e:46:d8:
         29:fa:a8:39:f4:58:c1:b7:82:7b:81:0b:68:c1:3d:4c:08:c0:
         89:ba:eb:25:6d:e4:59:2d:eb:75:93:a7:4f:ba:86:11:ab:b7:
         0d:97:6b:d0:9d:d5:d3:01:92:ee:13:ee:5f:9e:f4:6b:49:b4:
         34:56:c4:bc:04:1e:3f:a8:fb:a3:93:5e:40:fc:0f:e8:a0:c5:
         c1:e4:2d:b9:a8:06:b9:b3:ad:95:66:1e:2e:63:37:f9:be:10:
         45:2e:16:48:be:f3:d8:92:d1:98:e0:4c:87:b9:2f:e2:e3:3b:
         bd:c0:ce:16:e7:9f:cb:74:d6:85:77:e1:98:fd:b6:e9:40:17:
         21:36:e1:55:f1:7e:6c:c7:e7:24:1a:4f:a3:51:93:b5:17:43:
         b1:e4:5b:52
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAX8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjk1QjYxMTAvBgNVBAUTKDE2MEUwMDAxNUQyQjU4MTUzRjM0ODJFOERFOTQ3QjVG
NEFENzg3MTgwHhcNMjUwNzAzMDQwODI3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY2MDIzYS01ZTM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtgEb56wjutLMxljliqve636W0rOoMHDYNWOjd6u469mxfqFkdwBQdiFHYJCB
tlqQXjQfW/Us6ul4l/lf3U7vLB2ZfJ6ce7PlDaSjLGXVSFPbFZcAw4YzFXeraK6x
9LMAqrCwIgrMAMm68Q4o7J9DOhhNfdGW6r33W18kYacYKZfsQIrFt3kKhVEx7Yp/
zLsrmicsr0Z8aQ/6sKitI+Ee6iUpuyPUDrm+pkvwejLSwPQqySyfjn+zjQE0v3YP
0LX6KJCs+A0QeMO8rGSQgns0ciWNaIPqgiXmfDClbTxPFg06OLledoXD//HbqNaX
EUK5fAqKYisyKmx0sxW60TZXGwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPCpRSCT
D1bCvRyr/3uKQZzx9HamMB8GA1UdIwQYMBaAFBYOAAFdK1gVPzSC6N6Ue19K14cY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyOTVCNi9GMDczMEM4ODIx
NjkxMUVFQjU2RjIyNDlDNEY5QUUwMi9GZzRBQVYwcldCVV9OSUxvM3BSN1gwclho
eGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZnNEFBVjByV0JVX05JTG8zcFI3WDByWGh4Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjk1QjYvRjA3MzBDODgyMTY5MTFFRUI1NkYyMjQ5QzRGOUFFMDIvMzVDOEY1MEMy
MThBMTFFRTk1OUI3MDM3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFn7kIwDQYJKoZIhvcNAQELBQADggEBAIk4LGhlHKBEO5f0
crCoBPxeh86kq72Po/ernyGTgSXYWFSCVGz0c3aR5/XI4GOx0Hj25z61o2imq/q9
10moUDDCjyHmT3BVu2h4zWBQOYLWSTlZfLljc8aEQ0c5aB6XwGKVY9oeqgf8UB5G
2Cn6qDn0WMG3gnuBC2jBPUwIwIm66yVt5Fkt63WTp0+6hhGrtw2Xa9Cd1dMBku4T
7l+e9GtJtDRWxLwEHj+o+6OTXkD8D+igxcHkLbmoBrmzrZVmHi5jN/m+EEUuFki+
89iS0ZjgTIe5L+LjO73Azhbnn8t01oV34Zj9tulAFyE24VXxfmzH5yQaT6NRk7UX
Q7HkW1I=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:27:06 2025 by rpki-client