Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/7E847B60998D11EEB9881356C4F9AE02.roa
File:                     7E847B60998D11EEB9881356C4F9AE02.roa (raw, json)
Hash identifier:          m7qVjApLjSS3xFS82auNn6PoE/p21+0h7EKugXT/tVU=
Subject key identifier:   32:56:13:EC:94:B6:D4:20:18:1A:25:6B:A8:FF:E2:83:78:28:AB:FE
Certificate issuer:       /CN=A914B5BD/serialNumber=22E81B327CB1FB3501E05AFAB94121918FDB5B5E
Certificate serial:       1870
Authority key identifier: 22:E8:1B:32:7C:B1:FB:35:01:E0:5A:FA:B9:41:21:91:8F:DB:5B:5E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IugbMnyx-zUB4Fr6uUEhkY_bW14.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/7E847B60998D11EEB9881356C4F9AE02.roa
Signing time:             Tue 22 Jul 2025 13:44:09 +0000
ROA not before:           Tue 22 Jul 2025 13:44:09 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     134512
IP address blocks:        43.239.140.0/22 maxlen: 22
                          43.239.140.0/24 maxlen: 24
                          43.239.141.0/24 maxlen: 24
                          43.239.142.0/24 maxlen: 24
                          43.239.143.0/24 maxlen: 24
                          103.71.172.0/22 maxlen: 22
                          103.71.172.0/24 maxlen: 24
                          103.71.173.0/24 maxlen: 24
                          103.71.174.0/24 maxlen: 24
                          103.71.175.0/24 maxlen: 24
                          103.194.168.0/24 maxlen: 24
                          103.194.169.0/24 maxlen: 24
                          103.194.170.0/24 maxlen: 24
                          103.194.171.0/24 maxlen: 24
                          103.248.52.0/24 maxlen: 24
                          103.248.53.0/24 maxlen: 24
                          103.248.54.0/24 maxlen: 24
                          103.248.55.0/24 maxlen: 24
                          103.252.220.0/22 maxlen: 22
                          103.252.220.0/24 maxlen: 24
                          103.252.221.0/24 maxlen: 24
                          103.252.222.0/24 maxlen: 24
                          103.252.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/IugbMnyx-zUB4Fr6uUEhkY_bW14.crl
                          rsync://rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/IugbMnyx-zUB4Fr6uUEhkY_bW14.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IugbMnyx-zUB4Fr6uUEhkY_bW14.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 16:39:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6256 (0x1870)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914B5BD, serialNumber=22E81B327CB1FB3501E05AFAB94121918FDB5B5E
        Validity
            Not Before: Jul 22 13:44:09 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=687f95a9-e576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e2:07:90:47:25:c5:bc:10:43:9b:32:11:dc:
                    5e:54:21:02:42:e1:dd:3e:a3:3e:17:9a:d9:22:78:
                    9b:fe:22:b2:23:de:c0:36:fb:50:4c:51:53:92:46:
                    18:8d:5c:dd:58:03:b2:c3:2f:8d:93:20:95:0d:53:
                    76:fe:95:e6:44:37:d2:ce:58:71:ce:a5:6b:f6:54:
                    23:9b:96:42:3e:ac:2e:8d:29:61:4d:15:71:5a:b0:
                    83:f0:e8:15:45:d8:c7:a4:fb:98:41:13:a6:fe:3b:
                    62:88:4a:f5:b3:d4:c3:06:b1:63:74:2e:bd:66:27:
                    13:c7:55:f1:5e:2c:92:47:d4:b6:9c:34:13:57:28:
                    d5:e7:16:20:92:1c:a8:bb:08:15:0f:9d:69:4a:a9:
                    54:96:25:bc:37:36:f8:05:9f:b8:29:e4:4c:57:b4:
                    66:09:f4:76:ac:4f:2b:17:af:11:21:bb:7d:17:67:
                    0e:ab:7c:29:59:2c:de:56:e6:03:10:79:0a:fd:1c:
                    0c:46:2b:c8:f8:a4:0f:60:8d:e0:29:14:4f:ce:67:
                    64:99:5d:40:a6:3a:f0:0b:28:dc:e0:06:b1:29:3c:
                    a1:13:fb:96:86:e1:d2:8b:34:3b:1e:24:f1:1e:26:
                    43:f8:1e:93:e8:1f:53:c5:64:6d:ef:d7:e3:87:a1:
                    fc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:56:13:EC:94:B6:D4:20:18:1A:25:6B:A8:FF:E2:83:78:28:AB:FE
            X509v3 Authority Key Identifier:
                keyid:22:E8:1B:32:7C:B1:FB:35:01:E0:5A:FA:B9:41:21:91:8F:DB:5B:5E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/IugbMnyx-zUB4Fr6uUEhkY_bW14.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IugbMnyx-zUB4Fr6uUEhkY_bW14.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914B5BD/33CB117AB5A911E79C74CB72C4F9AE02/7E847B60998D11EEB9881356C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.140.0/22
                  103.71.172.0/22
                  103.194.168.0/22
                  103.248.52.0/22
                  103.252.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:3a:26:8e:d4:27:d8:46:3a:c5:3e:f8:6d:aa:1b:65:3a:58:
         24:97:4a:47:0f:ad:81:41:f2:fb:9c:59:a3:02:34:21:50:fd:
         c1:fd:1d:1a:63:75:48:f4:f8:6b:de:e7:c8:cd:c5:0b:51:8e:
         2c:85:37:3f:8c:19:9c:2c:df:84:52:7f:0c:da:83:c0:0e:c2:
         76:dd:e3:0d:9d:6c:d9:ee:38:62:8c:9a:66:bd:b8:5e:80:0b:
         8c:b0:61:33:d8:fa:74:05:b7:f1:4a:ee:47:c3:fc:fe:79:38:
         00:ac:36:67:9d:53:67:ce:b6:a9:f8:e4:26:a2:af:3d:61:c5:
         15:c8:68:2b:6a:ba:28:dc:57:7e:84:fe:2c:e3:a6:86:1f:3e:
         62:b2:d2:7d:6b:0e:8b:22:3f:9b:9b:b2:9a:8f:b5:4d:c5:24:
         88:07:2a:84:80:53:39:e3:77:f6:f0:6c:9b:2a:f4:3e:a4:21:
         46:bf:20:08:5b:68:37:7a:46:17:26:d0:37:af:de:38:88:f5:
         f3:d2:8d:ca:3b:53:4b:af:fb:31:89:fe:7b:83:0b:5c:fd:e0:
         53:b1:ed:d1:e6:18:b4:fd:de:05:81:1c:71:06:08:cc:4a:c4:
         58:c6:c5:f6:50:b1:79:f1:57:8f:b6:fd:cb:b6:8e:db:90:85:
         32:46:19:6e
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICGHAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEI1QkQxMTAvBgNVBAUTKDIyRTgxQjMyN0NCMUZCMzUwMUUwNUFGQUI5NDEyMTkx
OEZEQjVCNUUwHhcNMjUwNzIyMTM0NDA5WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODdmOTVhOS1lNTc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3+IHkEclxbwQQ5syEdxeVCECQuHdPqM+F5rZInib/iKyI97ANvtQTFFTkkYY
jVzdWAOywy+NkyCVDVN2/pXmRDfSzlhxzqVr9lQjm5ZCPqwujSlhTRVxWrCD8OgV
RdjHpPuYQROm/jtiiEr1s9TDBrFjdC69ZicTx1XxXiySR9S2nDQTVyjV5xYgkhyo
uwgVD51pSqlUliW8Nzb4BZ+4KeRMV7RmCfR2rE8rF68RIbt9F2cOq3wpWSzeVuYD
EHkK/RwMRivI+KQPYI3gKRRPzmdkmV1ApjrwCyjc4AaxKTyhE/uWhuHSizQ7HiTx
HiZD+B6T6B9TxWRt79fjh6H8awIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFDJWE+yU
ttQgGBola6j/4oN4KKv+MB8GA1UdIwQYMBaAFCLoGzJ8sfs1AeBa+rlBIZGP21te
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QjVCRC8zM0NCMTE3QUI1
QTkxMUU3OUM3NENCNzJDNEY5QUUwMi9JdWdiTW55eC16VUI0RnI2dVVFaGtZX2JX
MTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0l1Z2JNbnl4LXpVQjRGcjZ1VUVoa1lfYlcxNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEI1QkQvMzNDQjExN0FCNUE5MTFFNzlDNzRDQjcyQzRGOUFFMDIvN0U4NDdCNjA5
OThEMTFFRUI5ODgxMzU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAIr74wDBAJnR6wDBAJnwqgDBAJn+DQDBAJn/NwwDQYJKoZI
hvcNAQELBQADggEBADY6Jo7UJ9hGOsU++G2qG2U6WCSXSkcPrYFB8vucWaMCNCFQ
/cH9HRpjdUj0+Gve58jNxQtRjiyFNz+MGZws34RSfwzag8AOwnbd4w2dbNnuOGKM
mma9uF6AC4ywYTPY+nQFt/FK7kfD/P55OACsNmedU2fOtqn45Cairz1hxRXIaCtq
uijcV36E/izjpoYfPmKy0n1rDosiP5ubspqPtU3FJIgHKoSAUznjd/bwbJsq9D6k
IUa/IAhbaDd6Rhcm0Dev3jiI9fPSjco7U0uv+zGJ/nuDC1z94FOx7dHmGLT93gWB
HHEGCMxKxFjGxfZQsXnxV4+2/cu2jtuQhTJGGW4=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:30:12 2025 by rpki-client