Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/23EE2B76F2F111ED91F08A4FC4F9AE02.roa
File:                     23EE2B76F2F111ED91F08A4FC4F9AE02.roa (raw, json)
Hash identifier:          gpne2Z9eCccwlEkyZjX90RD5Y2MRSV5puraHdA9qCqw=
Subject key identifier:   59:88:2A:A7:99:6B:45:84:62:DB:FC:BB:93:44:2B:88:71:F7:1B:89
Certificate issuer:       /CN=A91C72E6/serialNumber=752533B1852F7D2AC6E70DCDEBFD547DDC438F94
Certificate serial:       0194
Authority key identifier: 75:25:33:B1:85:2F:7D:2A:C6:E7:0D:CD:EB:FD:54:7D:DC:43:8F:94
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/23EE2B76F2F111ED91F08A4FC4F9AE02.roa
Signing time:             Tue 01 Jul 2025 04:08:57 +0000
ROA not before:           Tue 01 Jul 2025 04:08:57 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     148968
IP address blocks:        103.254.231.0/24 maxlen: 24
                          2001:df2:6d40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.crl
                          rsync://rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 03:34:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 404 (0x194)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C72E6, serialNumber=752533B1852F7D2AC6E70DCDEBFD547DDC438F94
        Validity
            Not Before: Jul  1 04:08:57 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68635f59-d508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:65:5c:04:73:20:e8:89:52:26:be:0c:fc:c2:
                    57:f6:d6:be:a3:40:fe:44:f1:90:61:44:35:45:61:
                    7b:9c:a1:d1:4d:39:6c:86:c0:27:fb:bd:b4:65:ac:
                    01:4c:95:c8:1f:a6:38:24:22:9e:69:7f:44:39:55:
                    76:04:33:4d:db:a2:fd:a7:03:c7:57:1a:83:90:da:
                    e6:22:ef:4a:4d:79:d8:d5:d6:54:f7:b4:e1:22:62:
                    f6:7b:f7:57:32:0a:3f:b5:96:da:95:23:45:dc:37:
                    8e:9e:2a:e9:a9:ac:6c:a9:66:38:3c:9d:02:2a:08:
                    a6:98:8e:d8:f1:95:38:5e:ae:2d:89:fa:6a:bf:12:
                    fa:7a:f4:42:6d:94:0f:bf:75:75:3f:7d:98:a4:13:
                    54:82:1a:e1:db:dd:19:7c:b8:1b:10:0d:e9:a0:d5:
                    72:ba:ad:ed:54:35:bb:04:63:df:10:56:25:f7:d9:
                    40:27:36:21:ac:91:2b:cd:b7:08:cb:3c:80:53:85:
                    dc:82:16:ea:d7:a0:88:8d:76:23:51:82:f7:ba:96:
                    45:a6:80:fb:13:fb:a6:6f:dc:0b:38:f2:5e:f5:78:
                    97:29:cd:22:46:e0:26:36:f4:9e:4d:42:81:42:c5:
                    b1:c2:f4:bd:8e:c5:c8:ff:cb:c5:f8:c3:99:d1:e6:
                    2e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:88:2A:A7:99:6B:45:84:62:DB:FC:BB:93:44:2B:88:71:F7:1B:89
            X509v3 Authority Key Identifier:
                keyid:75:25:33:B1:85:2F:7D:2A:C6:E7:0D:CD:EB:FD:54:7D:DC:43:8F:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dSUzsYUvfSrG5w3N6_1UfdxDj5Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C72E6/E6E6FB32F2EA11ED9099004AC4F9AE02/23EE2B76F2F111ED91F08A4FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.254.231.0/24
                IPv6:
                  2001:df2:6d40::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:01:37:8f:f1:9b:80:90:2a:c0:82:b7:40:3d:ba:a2:5a:00:
         fd:f3:47:9a:48:14:78:ee:9d:f1:b2:96:71:f4:3f:96:5a:88:
         8c:ad:f6:8b:53:1e:5e:b1:2c:f4:da:9d:e9:ba:0c:ff:4c:8f:
         6d:a0:21:60:19:84:b5:15:19:55:e6:0b:04:27:25:82:c3:5c:
         65:4d:3c:10:f4:86:0e:2e:66:13:b1:ba:a2:2a:e1:15:2c:2b:
         a5:d9:bc:71:99:7d:5c:aa:96:83:52:53:48:b7:07:7c:c2:33:
         73:32:03:c6:38:d1:22:0f:c1:db:53:b8:ff:0e:69:37:15:76:
         15:ed:cc:73:5a:6b:af:6e:ff:ec:58:74:e9:d6:3a:56:86:1e:
         73:3d:30:d4:36:77:22:b7:95:eb:53:9e:03:0a:5d:75:08:44:
         bc:6e:3a:25:ca:48:36:84:d0:97:e8:91:3a:2a:59:6e:c4:f8:
         94:e1:82:18:8b:62:55:57:56:43:56:ba:81:d1:42:03:b7:98:
         4e:2e:b1:c8:5b:70:41:22:a1:96:10:5f:5f:e1:d8:8e:1a:7f:
         8d:45:39:39:3b:f7:aa:dc:b5:3a:a5:dd:12:d9:76:64:37:5c:
         04:65:58:7c:6b:ee:bc:58:b6:83:09:89:82:39:cf:72:9a:78:
         a4:c3:22:3a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAZQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzcyRTYxMTAvBgNVBAUTKDc1MjUzM0IxODUyRjdEMkFDNkU3MERDREVCRkQ1NDdE
REM0MzhGOTQwHhcNMjUwNzAxMDQwODU3WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODYzNWY1OS1kNTA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8GVcBHMg6IlSJr4M/MJX9ta+o0D+RPGQYUQ1RWF7nKHRTTlshsAn+720ZawB
TJXIH6Y4JCKeaX9EOVV2BDNN26L9pwPHVxqDkNrmIu9KTXnY1dZU97ThImL2e/dX
Mgo/tZbalSNF3DeOnirpqaxsqWY4PJ0CKgimmI7Y8ZU4Xq4tifpqvxL6evRCbZQP
v3V1P32YpBNUghrh290ZfLgbEA3poNVyuq3tVDW7BGPfEFYl99lAJzYhrJErzbcI
yzyAU4Xcghbq16CIjXYjUYL3upZFpoD7E/umb9wLOPJe9XiXKc0iRuAmNvSeTUKB
QsWxwvS9jsXI/8vF+MOZ0eYuuQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFFmIKqeZ
a0WEYtv8u5NEK4hx9xuJMB8GA1UdIwQYMBaAFHUlM7GFL30qxucNzev9VH3cQ4+U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzJFNi9FNkU2RkIzMkYy
RUExMUVEOTA5OTAwNEFDNEY5QUUwMi9kU1V6c1lVdmZTckc1dzNONl8xVWZkeERq
NVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2RTVXpzWVV2ZlNyRzV3M042XzFVZmR4RGo1US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzcyRTYvRTZFNkZCMzJGMkVBMTFFRDkwOTkwMDRBQzRGOUFFMDIvMjNFRTJCNzZG
MkYxMTFFRDkxRjA4QTRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABn/ucwDwQCAAIwCQMHACABDfJtQDANBgkqhkiG9w0BAQsF
AAOCAQEAVwE3j/GbgJAqwIK3QD26oloA/fNHmkgUeO6d8bKWcfQ/llqIjK32i1Me
XrEs9Nqd6boM/0yPbaAhYBmEtRUZVeYLBCclgsNcZU08EPSGDi5mE7G6oirhFSwr
pdm8cZl9XKqWg1JTSLcHfMIzczIDxjjRIg/B21O4/w5pNxV2Fe3Mc1prr27/7Fh0
6dY6VoYecz0w1DZ3IreV61OeAwpddQhEvG46JcpINoTQl+iROipZbsT4lOGCGIti
VVdWQ1a6gdFCA7eYTi6xyFtwQSKhlhBfX+HYjhp/jUU5OTv3qty1OqXdEtl2ZDdc
BGVYfGvuvFi2gwmJgjnPcpp4pMMiOg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 07:30:09 2025 by rpki-client