Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/387532CEE46D11EE8DBC2937C4F9AE02.roa
File:                     387532CEE46D11EE8DBC2937C4F9AE02.roa (raw, json)
Hash identifier:          sZRPuyEc2obrRDqUdXXwQYNHmHFhne08Q0DhhbP/fKU=
Subject key identifier:   DC:3A:3D:AA:B8:80:F2:2B:E7:F5:22:D7:93:0E:63:71:92:B3:FA:EC
Certificate issuer:       /CN=A91892EB/serialNumber=0B6CDF3FACC680B786926DE139F1E0F674440654
Certificate serial:       05F3
Authority key identifier: 0B:6C:DF:3F:AC:C6:80:B7:86:92:6D:E1:39:F1:E0:F6:74:44:06:54
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/C2zfP6zGgLeGkm3hOfHg9nREBlQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/387532CEE46D11EE8DBC2937C4F9AE02.roa
Signing time:             Fri 04 Jul 2025 23:35:58 +0000
ROA not before:           Fri 04 Jul 2025 23:35:58 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     142127
IP address blocks:        103.151.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/C2zfP6zGgLeGkm3hOfHg9nREBlQ.crl
                          rsync://rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/C2zfP6zGgLeGkm3hOfHg9nREBlQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/C2zfP6zGgLeGkm3hOfHg9nREBlQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 23:23:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1523 (0x5f3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91892EB, serialNumber=0B6CDF3FACC680B786926DE139F1E0F674440654
        Validity
            Not Before: Jul  4 23:35:58 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6868655d-79e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:23:d7:2b:1f:68:e1:48:26:32:2b:b2:78:7f:
                    39:6b:b3:64:73:83:04:0c:9b:66:f8:17:ee:12:c2:
                    99:9b:ee:9d:65:eb:a1:81:a6:25:7a:a3:3f:a0:96:
                    59:23:8d:4a:0e:5b:47:b5:87:08:af:50:93:ca:17:
                    3c:a8:b5:df:eb:99:54:5c:ca:39:dc:77:44:5b:7e:
                    b6:4f:c0:29:e2:69:16:67:a9:ac:4f:f1:4a:6d:e4:
                    a4:ff:26:4c:48:cf:4d:ca:5c:31:24:bb:73:c1:14:
                    41:0b:90:d5:09:67:b9:c1:bb:46:2a:52:02:bf:95:
                    81:c4:d2:75:de:79:95:2b:f0:3d:bf:76:91:3e:3b:
                    c2:e6:87:71:eb:32:7e:86:4d:6c:9d:14:5f:fa:68:
                    1b:45:55:4f:d6:a7:fd:9a:a4:da:31:19:77:b1:03:
                    af:59:8f:de:df:7c:07:23:b6:9b:0b:98:7b:ab:02:
                    e2:26:17:a0:49:db:b5:8f:58:af:a4:c8:b7:f1:bd:
                    fd:0d:86:d3:6a:a3:13:32:3c:ca:05:38:3e:a6:5c:
                    72:4d:e8:c2:b0:31:60:c2:0a:f3:3d:d9:c0:4f:4c:
                    a9:ec:44:5b:e8:64:be:dd:91:fb:47:08:8b:2b:a1:
                    d5:78:b4:19:4f:ab:50:8a:f5:dd:f4:0f:a3:9e:8a:
                    d3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3A:3D:AA:B8:80:F2:2B:E7:F5:22:D7:93:0E:63:71:92:B3:FA:EC
            X509v3 Authority Key Identifier:
                keyid:0B:6C:DF:3F:AC:C6:80:B7:86:92:6D:E1:39:F1:E0:F6:74:44:06:54

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/C2zfP6zGgLeGkm3hOfHg9nREBlQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/C2zfP6zGgLeGkm3hOfHg9nREBlQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91892EB/FD0081DEC56711EBAFEA602BC4F9AE02/387532CEE46D11EE8DBC2937C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:52:35:12:03:07:31:14:02:db:08:3f:69:31:78:3c:83:64:
         91:fd:c5:a9:2f:1f:11:c2:b7:ad:71:4e:c9:49:51:a3:e4:ca:
         79:36:fd:5d:2a:49:1e:4c:62:7b:f8:a7:b1:2e:9a:ea:2b:34:
         1e:a2:18:25:63:fb:ae:77:bf:fd:42:60:1a:70:9e:b7:38:f5:
         ad:24:cf:2b:e3:55:ae:28:97:6f:32:51:b6:3e:c5:43:a9:fd:
         fa:39:21:7c:2f:64:d0:05:11:a8:10:90:ad:ab:9a:16:04:7a:
         67:ee:07:4f:4e:ba:1d:c0:fa:b4:6e:52:7a:7c:1e:e4:28:78:
         5e:9c:04:f9:00:c5:b6:99:b3:ca:4a:92:9d:3b:a3:57:47:10:
         67:20:c6:84:e9:dd:8d:5c:3c:06:b7:fd:4b:e5:e4:83:e2:e8:
         a3:dc:3e:51:be:53:18:67:e8:98:5e:bb:96:44:6b:97:ef:3b:
         db:7a:86:ee:78:ee:38:b6:98:ff:38:01:e8:a2:cb:75:4d:3f:
         c8:03:99:ed:e3:da:29:f9:16:bb:ba:0f:4b:2c:7b:43:12:ba:
         b9:91:d4:12:78:e3:e4:ba:ff:f7:73:e6:ee:16:bc:81:79:86:
         93:87:ea:40:9a:14:0a:98:ff:53:91:a6:92:4d:43:0f:f8:52:
         be:5c:3f:4f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBfMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODkyRUIxMTAvBgNVBAUTKDBCNkNERjNGQUNDNjgwQjc4NjkyNkRFMTM5RjFFMEY2
NzQ0NDA2NTQwHhcNMjUwNzA0MjMzNTU4WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY4NjU1ZC03OWUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwSPXKx9o4UgmMiuyeH85a7Nkc4MEDJtm+BfuEsKZm+6dZeuhgaYleqM/oJZZ
I41KDltHtYcIr1CTyhc8qLXf65lUXMo53HdEW362T8Ap4mkWZ6msT/FKbeSk/yZM
SM9NylwxJLtzwRRBC5DVCWe5wbtGKlICv5WBxNJ13nmVK/A9v3aRPjvC5odx6zJ+
hk1snRRf+mgbRVVP1qf9mqTaMRl3sQOvWY/e33wHI7abC5h7qwLiJhegSdu1j1iv
pMi38b39DYbTaqMTMjzKBTg+plxyTejCsDFgwgrzPdnAT0yp7ERb6GS+3ZH7RwiL
K6HVeLQZT6tQivXd9A+jnorTnwIDAQABo4IClTCCApEwHQYDVR0OBBYEFNw6Paq4
gPIr5/Ui15MOY3GSs/rsMB8GA1UdIwQYMBaAFAts3z+sxoC3hpJt4Tnx4PZ0RAZU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4OTJFQi9GRDAwODFERUM1
NjcxMUVCQUZFQTYwMkJDNEY5QUUwMi9DMnpmUDZ6R2dMZUdrbTNoT2ZIZzluUkVC
bFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0MyemZQNnpHZ0xlR2ttM2hPZkhnOW5SRUJsUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODkyRUIvRkQwMDgxREVDNTY3MTFFQkFGRUE2MDJCQzRGOUFFMDIvMzg3NTMyQ0VF
NDZEMTFFRThEQkMyOTM3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnlyswDQYJKoZIhvcNAQELBQADggEBAEBSNRIDBzEUAtsI
P2kxeDyDZJH9xakvHxHCt61xTslJUaPkynk2/V0qSR5MYnv4p7EumuorNB6iGCVj
+653v/1CYBpwnrc49a0kzyvjVa4ol28yUbY+xUOp/fo5IXwvZNAFEagQkK2rmhYE
emfuB09Ouh3A+rRuUnp8HuQoeF6cBPkAxbaZs8pKkp07o1dHEGcgxoTp3Y1cPAa3
/Uvl5IPi6KPcPlG+Uxhn6Jheu5ZEa5fvO9t6hu547ji2mP84Aeiiy3VNP8gDme3j
2in5Fru6D0sse0MSurmR1BJ44+S6//dz5u4WvIF5hpOH6kCaFAqY/1ORppJNQw/4
Ur5cP08=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:07:56 2025 by rpki-client