Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/0963FDF0C35711EC9F5ADC3DC4F9AE02.roa
File:                     0963FDF0C35711EC9F5ADC3DC4F9AE02.roa (raw, json)
Hash identifier:          6UUZGVX+yz33BPFW9zj9LAK08O51N58DNxWBC06Z/8c=
Subject key identifier:   18:39:96:D1:B8:CA:4C:C5:6F:DA:E4:43:7E:FA:FC:38:0D:36:CC:AB
Certificate issuer:       /CN=A91717D1/serialNumber=DC187FC8416CE5B347BAF221A3613A3B47828E88
Certificate serial:       0EFE
Authority key identifier: DC:18:7F:C8:41:6C:E5:B3:47:BA:F2:21:A3:61:3A:3B:47:82:8E:88
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3Bh_yEFs5bNHuvIho2E6O0eCjog.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/0963FDF0C35711EC9F5ADC3DC4F9AE02.roa
Signing time:             Wed 16 Jul 2025 17:56:43 +0000
ROA not before:           Wed 16 Jul 2025 17:56:43 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     135413
IP address blocks:        103.139.8.0/23 maxlen: 23
                          103.139.8.0/24 maxlen: 24
                          2001:df0:6180::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/3Bh_yEFs5bNHuvIho2E6O0eCjog.crl
                          rsync://rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/3Bh_yEFs5bNHuvIho2E6O0eCjog.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3Bh_yEFs5bNHuvIho2E6O0eCjog.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 17:47:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3838 (0xefe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91717D1, serialNumber=DC187FC8416CE5B347BAF221A3613A3B47828E88
        Validity
            Not Before: Jul 16 17:56:43 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6877e7da-8b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:11:5a:34:40:84:89:ff:4e:03:67:d4:4c:b3:
                    e0:c4:ad:23:75:ed:1c:22:f1:f1:a2:24:04:72:d0:
                    a6:2a:55:07:fd:9b:54:1c:7d:d0:4f:6e:50:af:b5:
                    ee:9b:67:13:3e:9c:9d:fe:e1:e2:f9:14:c3:9c:77:
                    c7:cc:68:ca:55:ac:08:b7:11:b3:e7:03:89:1b:b4:
                    4c:be:27:ff:23:60:a9:34:09:a3:87:4a:a6:4a:95:
                    e6:93:d3:fc:e0:22:71:64:0d:ac:44:65:04:11:35:
                    13:cb:02:2e:92:e3:aa:c1:8c:5d:77:48:5e:f0:c1:
                    92:50:76:26:24:c7:b7:4a:6e:40:aa:7c:b6:27:a3:
                    64:7a:fc:67:01:f5:6d:8e:bd:1d:b5:f6:f6:4e:e7:
                    e7:da:11:cc:a4:12:91:4a:44:73:fe:d5:e1:d0:c4:
                    e0:9b:d7:93:f7:08:d6:fd:2c:bc:73:65:8f:bf:13:
                    44:9a:69:53:45:0f:86:af:e9:e8:93:92:33:ca:7b:
                    ef:a1:2b:20:9f:93:24:ce:ef:ae:24:33:4f:d8:c8:
                    fe:03:94:46:cc:9a:5b:f1:99:7d:fc:3d:92:3a:82:
                    e4:cc:e5:ff:c2:f7:94:b7:e5:a6:2e:94:12:e8:4d:
                    01:40:41:bf:3e:81:a1:81:77:3e:e9:f1:5e:fe:15:
                    8d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:39:96:D1:B8:CA:4C:C5:6F:DA:E4:43:7E:FA:FC:38:0D:36:CC:AB
            X509v3 Authority Key Identifier:
                keyid:DC:18:7F:C8:41:6C:E5:B3:47:BA:F2:21:A3:61:3A:3B:47:82:8E:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/3Bh_yEFs5bNHuvIho2E6O0eCjog.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3Bh_yEFs5bNHuvIho2E6O0eCjog.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91717D1/9A9B48A282A311E99E582384C4F9AE02/0963FDF0C35711EC9F5ADC3DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.8.0/23
                IPv6:
                  2001:df0:6180::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:36:5a:1d:a7:d9:63:fd:83:f0:74:db:ac:cb:cb:7b:c1:fe:
         ad:aa:57:48:36:82:09:9c:af:b2:7e:fe:27:f4:d7:f1:9d:09:
         42:1d:90:cf:8e:1e:85:4b:e5:9a:97:07:5c:3c:9d:86:7c:3d:
         19:f0:65:50:69:16:43:36:87:b7:3a:f9:df:5a:36:e5:c7:58:
         09:42:c9:6f:49:52:3b:6d:31:30:ca:57:3a:85:83:f2:d0:db:
         e1:d8:23:94:65:c4:ca:c6:79:a2:62:ea:97:03:8a:6f:0a:5d:
         71:d5:73:11:d0:65:f9:b3:85:ef:ca:c4:9b:90:f7:fe:c6:67:
         6f:3f:26:63:c3:8b:3e:e8:3e:44:a3:2a:38:11:77:80:ab:2e:
         27:25:2b:4d:59:36:80:c7:e4:91:48:06:96:92:8f:97:cd:d4:
         7c:a6:6a:d1:9d:ea:ce:32:c9:75:24:c4:ff:60:05:af:bf:60:
         92:16:3a:7a:50:01:a1:4f:c2:67:48:78:0c:be:fc:cc:9b:24:
         39:42:4f:d5:eb:60:8d:de:3f:fb:fa:e7:ff:43:e2:6e:4b:1d:
         42:51:be:a8:61:8d:97:e6:1c:7a:31:28:24:4f:2c:e5:3a:3d:
         08:67:57:85:90:e5:34:82:85:1f:53:56:ef:b1:41:19:ec:35:
         2e:36:98:f1
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDv4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzE3RDExMTAvBgNVBAUTKERDMTg3RkM4NDE2Q0U1QjM0N0JBRjIyMUEzNjEzQTNC
NDc4MjhFODgwHhcNMjUwNzE2MTc1NjQzWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc3ZTdkYS04YjhjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4hFaNECEif9OA2fUTLPgxK0jde0cIvHxoiQEctCmKlUH/ZtUHH3QT25Qr7Xu
m2cTPpyd/uHi+RTDnHfHzGjKVawItxGz5wOJG7RMvif/I2CpNAmjh0qmSpXmk9P8
4CJxZA2sRGUEETUTywIukuOqwYxdd0he8MGSUHYmJMe3Sm5Aqny2J6NkevxnAfVt
jr0dtfb2Tufn2hHMpBKRSkRz/tXh0MTgm9eT9wjW/Sy8c2WPvxNEmmlTRQ+Gr+no
k5IzynvvoSsgn5Mkzu+uJDNP2Mj+A5RGzJpb8Zl9/D2SOoLkzOX/wveUt+WmLpQS
6E0BQEG/PoGhgXc+6fFe/hWN+wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFBg5ltG4
ykzFb9rkQ376/DgNNsyrMB8GA1UdIwQYMBaAFNwYf8hBbOWzR7ryIaNhOjtHgo6I
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MTdEMS85QTlCNDhBMjgy
QTMxMUU5OUU1ODIzODRDNEY5QUUwMi8zQmhfeUVGczViTkh1dklobzJFNk8wZUNq
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNCaF95RUZzNWJOSHV2SWhvMkU2TzBlQ2pvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzE3RDEvOUE5QjQ4QTI4MkEzMTFFOTlFNTgyMzg0QzRGOUFFMDIvMDk2M0ZERjBD
MzU3MTFFQzlGNUFEQzNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFniwgwDwQCAAIwCQMHACABDfBhgDANBgkqhkiG9w0BAQsF
AAOCAQEAPjZaHafZY/2D8HTbrMvLe8H+rapXSDaCCZyvsn7+J/TX8Z0JQh2Qz44e
hUvlmpcHXDydhnw9GfBlUGkWQzaHtzr531o25cdYCULJb0lSO20xMMpXOoWD8tDb
4dgjlGXEysZ5omLqlwOKbwpdcdVzEdBl+bOF78rEm5D3/sZnbz8mY8OLPug+RKMq
OBF3gKsuJyUrTVk2gMfkkUgGlpKPl83UfKZq0Z3qzjLJdSTE/2AFr79gkhY6elAB
oU/CZ0h4DL78zJskOUJP1etgjd4/+/rn/0PibksdQlG+qGGNl+YcejEoJE8s5To9
CGdXhZDlNIKFH1NW77FBGew1LjaY8Q==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:19:24 2025 by rpki-client