Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/52CA5FA4FBDA11EDBC5C2B51C4F9AE02.roa
File:                     52CA5FA4FBDA11EDBC5C2B51C4F9AE02.roa (raw, json)
Hash identifier:          hdoIBFcsKBcfu2ieIGwj6SsbqU4NXl1pTKHhFjI1OAE=
Subject key identifier:   CB:D5:F9:F8:29:E9:BA:85:6C:2A:8B:AC:16:FB:5E:E9:D7:5B:F4:E7
Certificate issuer:       /CN=A9163B62/serialNumber=D3AE626449C3A9DD0E7798BCE8BCBB39662A27FF
Certificate serial:       0196
Authority key identifier: D3:AE:62:64:49:C3:A9:DD:0E:77:98:BC:E8:BC:BB:39:66:2A:27:FF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/065iZEnDqd0Od5i86Ly7OWYqJ_8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/52CA5FA4FBDA11EDBC5C2B51C4F9AE02.roa
Signing time:             Sat 05 Jul 2025 04:09:33 +0000
ROA not before:           Sat 05 Jul 2025 04:09:33 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     142631
IP address blocks:        103.208.66.0/24 maxlen: 24
                          103.229.232.0/24 maxlen: 24
                          2401:c0a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/065iZEnDqd0Od5i86Ly7OWYqJ_8.crl
                          rsync://rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/065iZEnDqd0Od5i86Ly7OWYqJ_8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/065iZEnDqd0Od5i86Ly7OWYqJ_8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 03:30:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 406 (0x196)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9163B62, serialNumber=D3AE626449C3A9DD0E7798BCE8BCBB39662A27FF
        Validity
            Not Before: Jul  5 04:09:33 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6868a57d-f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ca:42:50:bc:76:d5:cd:9f:3f:53:9c:bc:c1:
                    8f:e2:81:63:ce:eb:99:f1:04:71:d5:fb:d2:61:8d:
                    6d:19:94:d3:7e:0d:ac:59:42:50:10:4e:21:6f:04:
                    74:a4:be:30:d0:58:49:90:94:e2:33:6e:7d:32:c6:
                    da:9a:6d:7d:1a:f6:ca:65:9b:04:4e:fd:56:e0:dd:
                    10:f0:e9:b6:53:47:22:e4:54:80:1f:9d:a0:9a:0d:
                    04:b3:6d:1a:cc:04:27:46:8b:28:83:9e:43:9b:9a:
                    aa:7c:79:1e:4c:fc:a5:20:ae:a4:6d:4f:f8:35:ce:
                    f6:d6:6e:61:b5:d3:2a:52:63:3d:98:9f:95:14:81:
                    70:4c:33:0a:73:3a:c3:ce:5c:c0:7c:d2:23:35:70:
                    6b:39:26:5d:a1:6f:f0:d6:6f:14:9b:e2:84:8e:f3:
                    27:06:6b:5e:52:a6:1a:22:57:b4:a0:ae:2b:40:de:
                    37:95:da:8e:27:52:bf:34:8a:5f:a3:65:e9:ca:7f:
                    17:41:d2:ed:e9:d7:11:20:97:fe:b3:2e:62:5c:46:
                    7e:56:e1:9a:77:44:43:66:a9:4d:2c:aa:60:15:f4:
                    38:84:6a:35:82:65:2f:2c:ae:b5:9e:70:37:6c:2c:
                    7e:c7:73:8f:7c:5b:d8:c3:24:68:9e:ce:ad:72:5e:
                    9b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:D5:F9:F8:29:E9:BA:85:6C:2A:8B:AC:16:FB:5E:E9:D7:5B:F4:E7
            X509v3 Authority Key Identifier:
                keyid:D3:AE:62:64:49:C3:A9:DD:0E:77:98:BC:E8:BC:BB:39:66:2A:27:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/065iZEnDqd0Od5i86Ly7OWYqJ_8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/065iZEnDqd0Od5i86Ly7OWYqJ_8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9163B62/4E9B76D2FBD211EDA0864345C4F9AE02/52CA5FA4FBDA11EDBC5C2B51C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.208.66.0/24
                  103.229.232.0/24
                IPv6:
                  2401:c0a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:6f:ed:25:6f:80:27:91:58:25:f5:46:7b:8a:35:1f:81:c7:
         e0:d3:5f:fa:b3:e8:a9:c5:b5:df:09:b5:c4:1c:62:65:a5:2e:
         5c:c1:9f:db:37:9f:53:8e:e7:e3:bc:2a:3a:9f:f1:61:e5:79:
         90:ab:8c:32:67:03:13:da:63:35:1e:49:28:9d:c8:26:7d:1b:
         d9:35:3d:a0:9c:dd:6d:ba:56:c4:3e:68:37:1d:bb:09:d4:1c:
         88:9a:6e:dc:c8:5c:e7:c9:42:53:a5:e6:31:f3:9a:a2:05:06:
         68:eb:7a:8e:31:a2:61:61:9f:1c:af:c3:14:f1:29:0a:b2:4c:
         53:57:23:41:36:c8:b4:7c:73:0f:ab:02:02:92:15:15:bf:a9:
         f4:b0:9a:df:e3:c3:58:2a:3e:60:2f:78:1f:08:ab:50:7a:14:
         39:4c:0a:05:80:3e:0c:fa:dc:8e:92:05:83:94:40:a8:53:cb:
         dc:a7:76:ad:03:ff:e5:a9:bb:b3:2e:7f:c5:b5:fb:d0:58:ea:
         40:bc:86:ec:92:f3:18:9f:3e:7f:17:2a:6a:94:84:c8:07:02:
         6e:87:23:21:0d:99:a1:13:87:e1:72:dc:73:33:60:86:2a:5c:
         0f:a8:23:1e:9a:2e:81:28:eb:29:25:26:6f:fe:cb:3c:85:ff:
         a2:1d:7f:c9
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAZYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjNCNjIxMTAvBgNVBAUTKEQzQUU2MjY0NDlDM0E5REQwRTc3OThCQ0U4QkNCQjM5
NjYyQTI3RkYwHhcNMjUwNzA1MDQwOTMzWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY4YTU3ZC1mMTAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAucpCULx21c2fP1OcvMGP4oFjzuuZ8QRx1fvSYY1tGZTTfg2sWUJQEE4hbwR0
pL4w0FhJkJTiM259Msbamm19GvbKZZsETv1W4N0Q8Om2U0ci5FSAH52gmg0Es20a
zAQnRosog55Dm5qqfHkeTPylIK6kbU/4Nc721m5htdMqUmM9mJ+VFIFwTDMKczrD
zlzAfNIjNXBrOSZdoW/w1m8Um+KEjvMnBmteUqYaIle0oK4rQN43ldqOJ1K/NIpf
o2Xpyn8XQdLt6dcRIJf+sy5iXEZ+VuGad0RDZqlNLKpgFfQ4hGo1gmUvLK61nnA3
bCx+x3OPfFvYwyRons6tcl6blQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFMvV+fgp
6bqFbCqLrBb7XunXW/TnMB8GA1UdIwQYMBaAFNOuYmRJw6ndDneYvOi8uzlmKif/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2M0I2Mi80RTlCNzZEMkZC
RDIxMUVEQTA4NjQzNDVDNEY5QUUwMi8wNjVpWkVuRHFkME9kNWk4Nkx5N09XWXFK
XzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzA2NWlaRW5EcWQwT2Q1aTg2THk3T1dZcUpfOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjNCNjIvNEU5Qjc2RDJGQkQyMTFFREEwODY0MzQ1QzRGOUFFMDIvNTJDQTVGQTRG
QkRBMTFFREJDNUMyQjUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBABn0EIDBABn5egwDQQCAAIwBwMFACQBwKAwDQYJKoZIhvcN
AQELBQADggEBAFdv7SVvgCeRWCX1RnuKNR+Bx+DTX/qz6KnFtd8JtcQcYmWlLlzB
n9s3n1OO5+O8Kjqf8WHleZCrjDJnAxPaYzUeSSidyCZ9G9k1PaCc3W26VsQ+aDcd
uwnUHIiabtzIXOfJQlOl5jHzmqIFBmjreo4xomFhnxyvwxTxKQqyTFNXI0E2yLR8
cw+rAgKSFRW/qfSwmt/jw1gqPmAveB8Iq1B6FDlMCgWAPgz63I6SBYOUQKhTy9yn
dq0D/+Wpu7Muf8W1+9BY6kC8huyS8xifPn8XKmqUhMgHAm6HIyENmaETh+Fy3HMz
YIYqXA+oIx6aLoEo6yklJm/+yzyF/6Idf8k=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:34:21 2025 by rpki-client