Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/9BC8AC96555C11F0AF866966C4F9AE02.roa
File:                     9BC8AC96555C11F0AF866966C4F9AE02.roa (raw, json)
Hash identifier:          aBG6SO8r5rIticJAwQ3F1F0hRoqPZrUVOKMtrK+PpMA=
Subject key identifier:   B9:0C:87:F2:CB:89:9A:0E:C0:37:AA:F3:C9:6C:36:74:63:BC:E0:A4
Certificate issuer:       /CN=A917C716/serialNumber=875EC72E46F2CD163F06B822E704129AEFE31910
Certificate serial:       0C
Authority key identifier: 87:5E:C7:2E:46:F2:CD:16:3F:06:B8:22:E7:04:12:9A:EF:E3:19:10
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h17HLkbyzRY_Brgi5wQSmu_jGRA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/9BC8AC96555C11F0AF866966C4F9AE02.roa
Signing time:             Wed 16 Jul 2025 07:08:18 +0000
ROA not before:           Wed 16 Jul 2025 07:08:18 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     148976
IP address blocks:        103.175.34.0/23 maxlen: 24
                          2400:9de0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/h17HLkbyzRY_Brgi5wQSmu_jGRA.crl
                          rsync://rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/h17HLkbyzRY_Brgi5wQSmu_jGRA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h17HLkbyzRY_Brgi5wQSmu_jGRA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 02:06:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12 (0xc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917C716, serialNumber=875EC72E46F2CD163F06B822E704129AEFE31910
        Validity
            Not Before: Jul 16 07:08:18 2025 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=68774fe1-0073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a3:cf:ab:8c:b6:bb:96:3f:12:1a:c4:db:b8:
                    f1:35:4e:45:71:c8:77:a2:72:0e:90:5e:37:84:68:
                    ca:17:a9:09:34:0f:d9:7d:db:51:cf:5f:f5:a4:6b:
                    09:b3:c6:41:3c:04:a0:e1:51:8c:9c:80:3a:a3:c1:
                    96:78:49:dc:45:34:94:37:c2:05:d0:c2:66:7d:c7:
                    c2:e9:3a:24:ce:0a:18:71:af:03:e7:d5:64:0c:85:
                    20:9a:35:42:df:e7:41:79:1f:76:f9:d0:82:08:7f:
                    7a:68:a6:9a:bf:64:0a:00:60:ef:1c:98:aa:f8:9b:
                    0b:ee:3e:6e:75:21:4b:94:06:e0:d7:7f:5f:7a:0c:
                    f0:d9:95:bf:4e:de:7a:2f:f9:b0:f6:44:7e:5a:17:
                    0a:b1:6f:7a:f4:63:cc:4b:8f:32:2f:4c:78:49:ec:
                    21:da:62:3e:18:22:96:62:48:92:10:1b:f8:10:62:
                    19:b3:ad:ba:b4:ef:70:6b:2f:0b:7a:6c:b7:8f:8b:
                    f6:b1:73:7f:9f:bd:26:41:2a:16:ed:48:13:2b:21:
                    28:cc:cb:9b:fd:0b:86:56:5b:1f:8d:f4:0f:64:09:
                    16:b1:88:c9:f6:7f:63:24:3a:3e:ae:01:86:77:dd:
                    83:95:a2:c8:df:bf:34:d7:0a:ae:2d:9e:93:fc:9f:
                    d4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:0C:87:F2:CB:89:9A:0E:C0:37:AA:F3:C9:6C:36:74:63:BC:E0:A4
            X509v3 Authority Key Identifier:
                keyid:87:5E:C7:2E:46:F2:CD:16:3F:06:B8:22:E7:04:12:9A:EF:E3:19:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/h17HLkbyzRY_Brgi5wQSmu_jGRA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h17HLkbyzRY_Brgi5wQSmu_jGRA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917C716/4DB9CAC4140211EDB9663415C4F9AE02/9BC8AC96555C11F0AF866966C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.175.34.0/23
                IPv6:
                  2400:9de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:95:49:cc:a9:a6:d2:96:e8:f4:8f:0e:d7:71:dd:69:f8:19:
         ca:24:e6:25:df:b1:ee:d9:e1:a2:b5:01:17:c9:05:27:23:79:
         79:98:a4:e3:f8:75:78:8e:c5:1d:3e:33:51:24:33:b8:7e:4c:
         a5:48:8f:fd:63:d1:b3:11:4a:e6:fb:09:48:e2:72:d4:36:3c:
         79:a9:8a:45:0c:c7:49:eb:98:06:63:8e:10:e6:8f:a5:c4:ae:
         73:fd:a2:b5:8c:c6:21:8a:eb:db:39:9d:00:37:e3:bf:c8:25:
         aa:d1:be:5e:70:e7:5d:93:20:bc:fc:69:d5:ac:6e:47:66:3e:
         19:19:c4:8e:bc:57:a6:52:b8:8f:af:d6:27:48:ef:32:ec:43:
         c9:a1:88:3f:7c:63:61:d4:6d:08:de:aa:88:31:92:4c:fd:6c:
         87:d9:61:01:4a:34:63:86:fc:ea:ad:c6:d7:93:16:34:24:f4:
         21:11:9a:03:e0:02:7f:7f:68:96:ad:63:99:1b:30:e2:58:8a:
         5f:7b:6a:4a:f6:73:5e:8e:59:06:a2:c3:fc:f7:87:66:db:b6:
         28:10:ac:81:c6:1a:76:f0:c0:20:48:a7:74:4b:54:ab:32:c7:
         fd:4d:cf:72:36:ec:24:f3:53:c1:d8:ec:08:d0:39:1e:54:86:
         c3:d2:fa:6c
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBDDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QzcxNjExMC8GA1UEBRMoODc1RUM3MkU0NkYyQ0QxNjNGMDZCODIyRTcwNDEyOUFF
RkUzMTkxMDAeFw0yNTA3MTYwNzA4MThaFw0yNjAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4Nzc0ZmUxLTAwNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIo8+rjLa7lj8SGsTbuPE1TkVxyHeicg6QXjeEaMoXqQk0D9l921HPX/Wkawmz
xkE8BKDhUYycgDqjwZZ4SdxFNJQ3wgXQwmZ9x8LpOiTOChhxrwPn1WQMhSCaNULf
50F5H3b50IIIf3poppq/ZAoAYO8cmKr4mwvuPm51IUuUBuDXf196DPDZlb9O3nov
+bD2RH5aFwqxb3r0Y8xLjzIvTHhJ7CHaYj4YIpZiSJIQG/gQYhmzrbq073BrLwt6
bLePi/axc3+fvSZBKhbtSBMrISjMy5v9C4ZWWx+N9A9kCRaxiMn2f2MkOj6uAYZ3
3YOVosjfvzTXCq4tnpP8n9QHAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUuQyH8suJ
mg7AN6rzyWw2dGO84KQwHwYDVR0jBBgwFoAUh17HLkbyzRY/Brgi5wQSmu/jGRAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdDNzE2LzREQjlDQUM0MTQw
MjExRURCOTY2MzQxNUM0RjlBRTAyL2gxN0hMa2J5elJZX0JyZ2k1d1FTbXVfakdS
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaDE3SExrYnl6UllfQnJnaTV3UVNtdV9qR1JBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QzcxNi80REI5Q0FDNDE0MDIxMUVEQjk2NjM0MTVDNEY5QUUwMi85QkM4QUM5NjU1
NUMxMUYwQUY4NjY5NjZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAWevIjANBAIAAjAHAwUAJACd4DANBgkqhkiG9w0BAQsFAAOC
AQEAL5VJzKmm0pbo9I8O13HdafgZyiTmJd+x7tnhorUBF8kFJyN5eZik4/h1eI7F
HT4zUSQzuH5MpUiP/WPRsxFK5vsJSOJy1DY8eamKRQzHSeuYBmOOEOaPpcSuc/2i
tYzGIYrr2zmdADfjv8glqtG+XnDnXZMgvPxp1axuR2Y+GRnEjrxXplK4j6/WJ0jv
MuxDyaGIP3xjYdRtCN6qiDGSTP1sh9lhAUo0Y4b86q3G15MWNCT0IRGaA+ACf39o
lq1jmRsw4liKX3tqSvZzXo5ZBqLD/PeHZtu2KBCsgcYadvDAIEindEtUqzLH/U3P
cjbsJPNTwdjsCNA5HlSGw9L6bA==
-----END CERTIFICATE-----
Generated at Sun Jul 20 06:20:52 2025 by rpki-client