Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/B15E8BECFF3211EEA8607454C4F9AE02.roa
File:                     B15E8BECFF3211EEA8607454C4F9AE02.roa (raw, json)
Hash identifier:          rdcsVeSD/0uRXsupB+gdsyd8ZZ4QY82jQKGKV8TuBBs=
Subject key identifier:   9C:F5:71:71:71:8B:E0:18:5B:9A:3A:D4:48:EB:65:89:5A:75:D6:DF
Certificate issuer:       /CN=A91C53FD/serialNumber=21934198E8331061D275B8CFC79458D32FABD6C9
Certificate serial:       E5
Authority key identifier: 21:93:41:98:E8:33:10:61:D2:75:B8:CF:C7:94:58:D3:2F:AB:D6:C9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IZNBmOgzEGHSdbjPx5RY0y-r1sk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/B15E8BECFF3211EEA8607454C4F9AE02.roa
Signing time:             Sat 05 Jul 2025 06:11:53 +0000
ROA not before:           Sat 05 Jul 2025 06:11:53 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     137870
IP address blocks:        103.116.16.0/24 maxlen: 24
                          103.116.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/IZNBmOgzEGHSdbjPx5RY0y-r1sk.crl
                          rsync://rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/IZNBmOgzEGHSdbjPx5RY0y-r1sk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IZNBmOgzEGHSdbjPx5RY0y-r1sk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 05:30:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 229 (0xe5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C53FD, serialNumber=21934198E8331061D275B8CFC79458D32FABD6C9
        Validity
            Not Before: Jul  5 06:11:53 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6868c228-db39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6a:3d:4a:c6:7e:14:35:05:b9:ca:87:39:bf:
                    6c:cc:25:df:f9:51:76:d8:7c:92:cf:81:d0:a5:9f:
                    de:92:2e:35:5e:c6:9e:5d:28:db:df:56:c5:83:d5:
                    50:9a:fc:18:e3:00:57:f9:10:25:f5:56:0d:0e:b6:
                    21:4f:c1:64:bb:f6:7d:16:c5:8c:78:b5:89:1e:1e:
                    8a:bc:5c:d5:56:c6:2c:a0:b7:c8:55:84:f0:44:e9:
                    53:aa:8a:9d:79:ef:a0:9d:f1:07:8f:8e:c1:20:5c:
                    fb:71:9c:8c:e7:65:88:d9:1e:80:34:7b:24:22:90:
                    19:b4:e9:79:c0:13:1b:26:3a:3a:3c:0d:80:2a:af:
                    4d:11:56:0c:88:91:d6:47:35:8f:94:89:d5:97:98:
                    62:41:51:6d:57:9f:e5:5c:f9:16:bb:dc:72:6b:2b:
                    20:cf:2f:0b:5f:8d:f1:78:44:da:31:26:87:62:ab:
                    9c:80:6c:92:66:53:79:d8:c6:5c:7e:62:86:fd:f0:
                    9e:c2:10:b4:a6:a9:30:e1:5c:0f:07:c4:eb:e9:1d:
                    44:6e:bb:20:24:13:6e:34:88:42:ca:21:09:c6:9c:
                    83:3e:29:f4:99:0e:10:18:df:71:78:bd:c6:83:e7:
                    40:8f:9f:27:da:ff:35:52:3d:38:ad:6f:a0:c5:73:
                    34:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F5:71:71:71:8B:E0:18:5B:9A:3A:D4:48:EB:65:89:5A:75:D6:DF
            X509v3 Authority Key Identifier:
                keyid:21:93:41:98:E8:33:10:61:D2:75:B8:CF:C7:94:58:D3:2F:AB:D6:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/IZNBmOgzEGHSdbjPx5RY0y-r1sk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IZNBmOgzEGHSdbjPx5RY0y-r1sk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C53FD/688E57EEFF3211EEA55D8E53C4F9AE02/B15E8BECFF3211EEA8607454C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.116.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:6f:43:4d:dd:2f:3b:d0:79:9c:2c:43:70:b0:11:d9:bd:00:
         a5:09:31:9f:9c:ba:8a:70:4f:28:b6:3f:80:5a:54:65:bd:a3:
         e1:9e:f2:26:3e:4e:ee:f6:7a:b8:46:2b:10:e4:1b:a3:aa:d1:
         50:17:09:fd:cc:bc:37:4f:26:cc:47:a3:c2:e3:15:3e:69:7d:
         d0:e5:b0:ae:87:97:0f:0a:b6:79:99:ff:56:a3:30:cf:47:7a:
         1d:7b:bc:34:46:ea:c5:b9:4e:72:d9:6f:1f:6f:90:e5:de:b9:
         74:91:73:b0:b3:bd:3a:06:13:74:cb:07:71:6a:23:95:47:3c:
         c3:3f:7b:f6:a4:41:01:a5:f7:95:96:67:c8:8d:d4:2b:af:72:
         c0:18:3e:fa:50:90:de:70:15:59:53:72:ab:36:15:c8:fb:9a:
         e8:2e:d4:e9:07:bc:6b:f3:7e:7c:43:05:61:16:65:12:08:7e:
         ec:2c:23:87:20:e8:44:9d:af:1f:12:74:e7:60:d7:6c:e9:1e:
         8f:a8:8e:bc:d5:30:8e:a2:12:72:5d:e9:01:72:e8:6a:ed:94:
         e7:b9:d1:ee:59:73:5a:e9:e8:0c:b6:05:27:e5:aa:e6:53:ff:
         8a:08:5d:72:42:4a:32:8b:46:97:36:a2:94:88:51:98:7a:2c:
         49:29:f1:3a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAOUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzUzRkQxMTAvBgNVBAUTKDIxOTM0MTk4RTgzMzEwNjFEMjc1QjhDRkM3OTQ1OEQz
MkZBQkQ2QzkwHhcNMjUwNzA1MDYxMTUzWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY4YzIyOC1kYjM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA02o9SsZ+FDUFucqHOb9szCXf+VF22HySz4HQpZ/eki41XsaeXSjb31bFg9VQ
mvwY4wBX+RAl9VYNDrYhT8Fku/Z9FsWMeLWJHh6KvFzVVsYsoLfIVYTwROlTqoqd
ee+gnfEHj47BIFz7cZyM52WI2R6ANHskIpAZtOl5wBMbJjo6PA2AKq9NEVYMiJHW
RzWPlInVl5hiQVFtV5/lXPkWu9xyaysgzy8LX43xeETaMSaHYqucgGySZlN52MZc
fmKG/fCewhC0pqkw4VwPB8Tr6R1EbrsgJBNuNIhCyiEJxpyDPin0mQ4QGN9xeL3G
g+dAj58n2v81Uj04rW+gxXM0hQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJz1cXFx
i+AYW5o61EjrZYladdbfMB8GA1UdIwQYMBaAFCGTQZjoMxBh0nW4z8eUWNMvq9bJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNTNGRC82ODhFNTdFRUZG
MzIxMUVFQTU1RDhFNTNDNEY5QUUwMi9JWk5CbU9nekVHSFNkYmpQeDVSWTB5LXIx
c2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0laTkJtT2d6RUdIU2RialB4NVJZMHktcjFzay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzUzRkQvNjg4RTU3RUVGRjMyMTFFRUE1NUQ4RTUzQzRGOUFFMDIvQjE1RThCRUNG
RjMyMTFFRUE4NjA3NDU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFndBAwDQYJKoZIhvcNAQELBQADggEBAARvQ03dLzvQeZws
Q3CwEdm9AKUJMZ+cuopwTyi2P4BaVGW9o+Ge8iY+Tu72erhGKxDkG6Oq0VAXCf3M
vDdPJsxHo8LjFT5pfdDlsK6Hlw8KtnmZ/1ajMM9Heh17vDRG6sW5TnLZbx9vkOXe
uXSRc7CzvToGE3TLB3FqI5VHPMM/e/akQQGl95WWZ8iN1CuvcsAYPvpQkN5wFVlT
cqs2Fcj7mugu1OkHvGvzfnxDBWEWZRIIfuwsI4cg6ESdrx8SdOdg12zpHo+ojrzV
MI6iEnJd6QFy6GrtlOe50e5Zc1rp6Ay2BSflquZT/4oIXXJCSjKLRpc2opSIUZh6
LEkp8To=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:26:12 2025 by rpki-client