Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/F7968CA6C01411EA912AC365C4F9AE02.roa
File:                     F7968CA6C01411EA912AC365C4F9AE02.roa (raw, json)
Hash identifier:          aSllRpcvN844MQkKpYVYqAr8n2r/52Cfde6x8KbnmRk=
Subject key identifier:   CF:39:DC:0B:C4:C4:3B:06:D8:40:B5:9D:3F:1C:C1:C3:03:0A:D7:C1
Certificate issuer:       /CN=A914A64F/serialNumber=D4D7DD25C713E7A9554CF352D932BF80DA652DE4
Certificate serial:       08B4
Authority key identifier: D4:D7:DD:25:C7:13:E7:A9:55:4C:F3:52:D9:32:BF:80:DA:65:2D:E4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1NfdJccT56lVTPNS2TK_gNplLeQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/F7968CA6C01411EA912AC365C4F9AE02.roa
Signing time:             Fri 20 Jun 2025 21:18:32 +0000
ROA not before:           Fri 20 Jun 2025 21:18:32 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        103.16.56.0/24 maxlen: 24
                          103.16.59.0/24 maxlen: 24
                          103.16.101.0/24 maxlen: 24
                          150.242.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/1NfdJccT56lVTPNS2TK_gNplLeQ.crl
                          rsync://rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/1NfdJccT56lVTPNS2TK_gNplLeQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1NfdJccT56lVTPNS2TK_gNplLeQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Jul 2025 20:51:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2228 (0x8b4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A64F, serialNumber=D4D7DD25C713E7A9554CF352D932BF80DA652DE4
        Validity
            Not Before: Jun 20 21:18:32 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6855d028-0f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:ef:44:dc:24:f0:b5:5c:c1:92:83:3b:fe:
                    aa:b3:c3:77:98:88:64:30:e3:6e:49:c5:20:da:dd:
                    ae:aa:ac:a2:46:c7:30:63:54:41:7a:a7:ba:87:0d:
                    fb:87:19:70:35:03:9d:c4:41:a8:99:41:d4:31:1e:
                    82:c0:c8:fa:fb:75:81:09:2d:5b:e2:39:dd:bb:ca:
                    67:46:30:ae:41:c6:b7:9c:d9:5c:15:e2:85:e0:05:
                    c8:0f:3c:45:bf:3c:24:c5:0d:5c:f1:4a:8b:9f:b8:
                    e4:4f:ab:9d:96:5d:ed:b9:91:27:24:ec:60:6a:27:
                    28:eb:68:85:48:a4:7c:51:75:c9:f7:73:9e:76:90:
                    ef:ac:61:03:d1:88:12:31:9a:5f:f3:dd:73:4a:61:
                    df:40:4f:0a:9a:e3:2f:9e:83:ff:d9:5d:d0:7f:f0:
                    51:6a:e3:13:1a:76:5c:a8:a4:3e:12:5c:68:8d:a4:
                    e9:17:ff:a6:97:7a:ac:6b:d9:e2:f3:bf:0e:3f:2b:
                    2c:44:9d:18:1a:da:5c:17:7f:59:df:e1:cf:69:d2:
                    99:71:c4:f6:5e:b6:13:36:5a:8f:fb:2a:f8:23:a2:
                    54:fd:5d:fa:03:0e:65:d4:01:61:3c:48:ae:3a:c2:
                    03:10:44:d9:71:30:df:b2:31:5a:2d:fd:2b:fb:68:
                    23:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:39:DC:0B:C4:C4:3B:06:D8:40:B5:9D:3F:1C:C1:C3:03:0A:D7:C1
            X509v3 Authority Key Identifier:
                keyid:D4:D7:DD:25:C7:13:E7:A9:55:4C:F3:52:D9:32:BF:80:DA:65:2D:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/1NfdJccT56lVTPNS2TK_gNplLeQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1NfdJccT56lVTPNS2TK_gNplLeQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A64F/3C9E2B5CC01411EA81689065C4F9AE02/F7968CA6C01411EA912AC365C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.16.56.0/24
                  103.16.59.0/24
                  103.16.101.0/24
                  150.242.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:23:ce:4f:f8:fa:c6:fe:07:f6:8a:42:81:44:6e:06:4c:70:
         64:50:bb:73:91:35:93:5e:a1:a3:9d:e4:a5:76:4b:e9:e1:76:
         73:a6:fa:00:8d:2f:4e:11:8c:04:38:d3:a5:b7:c3:ae:77:71:
         66:be:e2:c4:1b:89:3a:1c:9f:26:03:03:48:0f:e5:ef:51:6c:
         39:12:dd:fd:3b:55:9c:e7:c6:17:2e:67:a1:5c:09:17:da:fe:
         94:b6:50:fe:92:f4:1a:4a:f3:d0:31:13:ed:8b:3a:41:32:7b:
         e0:5f:bb:0c:c6:31:c8:3b:7c:f8:0f:0b:fb:e0:f4:49:a1:e3:
         42:64:a8:e3:e4:63:1d:20:52:91:1f:5a:a7:f9:6c:8f:4e:ca:
         38:6e:d3:e4:d0:51:81:6b:53:65:dd:d7:39:68:3f:49:6c:93:
         03:14:49:1d:ca:c4:db:5d:fe:b5:df:9c:da:a7:51:6b:73:6f:
         f0:4e:64:2f:0e:98:bd:e6:e6:2c:a4:c6:d8:b8:89:54:1b:14:
         de:13:86:66:88:5f:0b:32:20:1c:72:24:62:36:1e:79:5a:7c:
         6e:ce:91:93:b9:27:11:a4:45:f6:48:0f:79:97:11:1b:ed:c4:
         d1:79:66:a1:e6:90:0e:82:27:ed:3f:61:57:0d:71:a0:53:97:
         ad:bc:87:aa
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCLQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEE2NEYxMTAvBgNVBAUTKEQ0RDdERDI1QzcxM0U3QTk1NTRDRjM1MkQ5MzJCRjgw
REE2NTJERTQwHhcNMjUwNjIwMjExODMyWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODU1ZDAyOC0wZjNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwYzvRNwk8LVcwZKDO/6qs8N3mIhkMONuScUg2t2uqqyiRscwY1RBeqe6hw37
hxlwNQOdxEGomUHUMR6CwMj6+3WBCS1b4jndu8pnRjCuQca3nNlcFeKF4AXIDzxF
vzwkxQ1c8UqLn7jkT6udll3tuZEnJOxgaico62iFSKR8UXXJ93OedpDvrGED0YgS
MZpf891zSmHfQE8KmuMvnoP/2V3Qf/BRauMTGnZcqKQ+ElxojaTpF/+ml3qsa9ni
878OPyssRJ0YGtpcF39Z3+HPadKZccT2XrYTNlqP+yr4I6JU/V36Aw5l1AFhPEiu
OsIDEETZcTDfsjFaLf0r+2gjnwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFM853AvE
xDsG2EC1nT8cwcMDCtfBMB8GA1UdIwQYMBaAFNTX3SXHE+epVUzzUtkyv4DaZS3k
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTY0Ri8zQzlFMkI1Q0Mw
MTQxMUVBODE2ODkwNjVDNEY5QUUwMi8xTmZkSmNjVDU2bFZUUE5TMlRLX2dOcGxM
ZVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFOZmRKY2NUNTZsVlRQTlMyVEtfZ05wbExlUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEE2NEYvM0M5RTJCNUNDMDE0MTFFQTgxNjg5MDY1QzRGOUFFMDIvRjc5NjhDQTZD
MDE0MTFFQTkxMkFDMzY1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBABnEDgDBABnEDsDBABnEGUDBACW8kQwDQYJKoZIhvcNAQEL
BQADggEBALEjzk/4+sb+B/aKQoFEbgZMcGRQu3ORNZNeoaOd5KV2S+nhdnOm+gCN
L04RjAQ406W3w653cWa+4sQbiTocnyYDA0gP5e9RbDkS3f07VZznxhcuZ6FcCRfa
/pS2UP6S9BpK89AxE+2LOkEye+BfuwzGMcg7fPgPC/vg9Emh40JkqOPkYx0gUpEf
Wqf5bI9Oyjhu0+TQUYFrU2Xd1zloP0lskwMUSR3KxNtd/rXfnNqnUWtzb/BOZC8O
mL3m5iykxti4iVQbFN4ThmaIXwsyIBxyJGI2HnlafG7OkZO5JxGkRfZID3mXERvt
xNF5ZqHmkA6CJ+0/YVcNcaBTl628h6o=
-----END CERTIFICATE-----
Generated at Thu Jul 3 10:15:35 2025 by rpki-client