Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/C6811EDA5FB811F094135B2FC4F9AE02.roa
File:                     C6811EDA5FB811F094135B2FC4F9AE02.roa (raw, json)
Hash identifier:          +YrktxlVC+PsFpuKkXdgvfc2lY3YsjGZkj0Z7YYEcZU=
Subject key identifier:   8E:44:18:D3:D3:7C:D0:42:7B:11:D8:F7:6F:EF:CC:65:28:25:F7:50
Certificate issuer:       /CN=A91CC0C9/serialNumber=47B577B9C8ABE2C3600C5B4E793FF4D47B650620
Certificate serial:       1C
Authority key identifier: 47:B5:77:B9:C8:AB:E2:C3:60:0C:5B:4E:79:3F:F4:D4:7B:65:06:20
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R7V3ucir4sNgDFtOeT_01HtlBiA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/C6811EDA5FB811F094135B2FC4F9AE02.roa
Signing time:             Sun 13 Jul 2025 07:16:08 +0000
ROA not before:           Sun 13 Jul 2025 07:16:08 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     136209
IP address blocks:        103.43.70.0/24 maxlen: 24
                          103.43.71.0/24 maxlen: 24
                          103.82.141.0/24 maxlen: 24
                          103.82.142.0/24 maxlen: 24
                          103.82.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/R7V3ucir4sNgDFtOeT_01HtlBiA.crl
                          rsync://rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/R7V3ucir4sNgDFtOeT_01HtlBiA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R7V3ucir4sNgDFtOeT_01HtlBiA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 08:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28 (0x1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CC0C9, serialNumber=47B577B9C8ABE2C3600C5B4E793FF4D47B650620
        Validity
            Not Before: Jul 13 07:16:08 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=68735d38-c491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:70:b0:e2:e4:f2:b1:bb:4b:c8:f3:f7:12:57:
                    8e:0a:9c:70:10:9f:86:89:b7:6f:5e:d0:c4:1d:61:
                    f8:32:1d:ef:99:c1:34:08:6e:c4:46:3b:62:c9:f8:
                    ac:57:b2:85:fa:3f:ab:8b:6c:fb:3e:6e:cc:d2:82:
                    3f:33:e7:92:73:ae:46:fa:14:ab:70:7b:ab:ef:59:
                    cf:65:87:56:1b:0d:06:b2:f3:0f:4c:3f:ec:13:e0:
                    47:92:b8:f3:ff:f6:30:13:ac:d3:2e:4b:b0:94:98:
                    56:54:61:65:f5:2f:ef:1a:06:61:fe:75:45:b4:c2:
                    70:12:0c:eb:c8:b3:79:6a:4d:b9:70:bf:cd:f5:26:
                    d2:43:bd:1a:79:02:2d:18:28:12:41:a6:03:cc:c8:
                    db:a0:56:59:93:98:0f:22:71:a3:86:69:7b:2f:a8:
                    02:da:f1:25:86:d9:1e:e5:23:2b:fd:0e:35:ee:f7:
                    f1:d5:54:74:07:39:39:0e:03:67:4a:20:c4:86:58:
                    0c:a9:82:e6:03:e7:b1:2f:6d:a2:27:e3:fc:aa:45:
                    3d:50:5a:c5:98:46:fb:62:5e:3b:a4:f4:af:21:95:
                    71:ec:7c:2c:cc:27:54:2a:ab:93:ae:c0:72:81:2d:
                    a5:eb:ff:6a:67:26:8d:bf:6a:e6:e6:57:13:4c:6d:
                    f2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:44:18:D3:D3:7C:D0:42:7B:11:D8:F7:6F:EF:CC:65:28:25:F7:50
            X509v3 Authority Key Identifier:
                keyid:47:B5:77:B9:C8:AB:E2:C3:60:0C:5B:4E:79:3F:F4:D4:7B:65:06:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/R7V3ucir4sNgDFtOeT_01HtlBiA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R7V3ucir4sNgDFtOeT_01HtlBiA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CC0C9/C5DABEEA5FB411F08203447DC4F9AE02/C6811EDA5FB811F094135B2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.43.70.0/23
                  103.82.141.0-103.82.143.255

    Signature Algorithm: sha256WithRSAEncryption
         1f:d9:47:cf:cd:b5:53:29:a1:f4:83:bf:18:d0:85:cd:08:ff:
         db:59:5d:95:09:49:34:ba:3e:77:91:68:c1:28:53:b9:89:49:
         72:e7:8f:db:13:47:33:3a:c6:ab:51:e0:26:e3:a2:ca:ff:14:
         a1:46:d4:da:b3:f1:e9:65:4e:5d:df:05:a6:a7:f7:cb:a5:7a:
         66:1d:74:ad:30:c6:8a:ca:0e:dd:3e:c6:34:8b:f5:8c:07:3a:
         f3:63:e8:36:5e:61:2d:1d:05:07:a0:0f:97:1f:39:cb:ba:07:
         6b:dc:41:bd:0a:da:2d:d3:8a:82:fd:f4:ac:ac:31:60:03:a5:
         6c:98:3d:91:c4:56:95:c8:23:e4:3d:3d:c0:7b:12:d6:14:f6:
         a1:d0:66:f3:a2:87:8d:b4:f4:10:19:5c:1c:dc:43:11:b0:bb:
         3d:cb:25:74:24:de:ce:c9:83:d3:da:bb:07:61:c1:13:42:59:
         2f:60:c2:84:af:e7:75:25:d1:3c:46:de:a5:64:38:6f:48:ca:
         87:de:0a:96:7c:42:dd:27:92:db:05:4a:73:b5:fa:d6:ba:4d:
         4a:75:a9:00:d8:b2:9e:99:dc:66:f3:6d:01:db:2f:6e:87:d1:
         c0:3a:68:33:c9:fc:78:8d:87:5e:1e:5c:9b:58:6f:cd:e2:ea:
         3f:39:a4:02
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIBHDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
QzBDOTExMC8GA1UEBRMoNDdCNTc3QjlDOEFCRTJDMzYwMEM1QjRFNzkzRkY0RDQ3
QjY1MDYyMDAeFw0yNTA3MTMwNzE2MDhaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4NzM1ZDM4LWM0OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDQcLDi5PKxu0vI8/cSV44KnHAQn4aJt29e0MQdYfgyHe+ZwTQIbsRGO2LJ+KxX
soX6P6uLbPs+bszSgj8z55Jzrkb6FKtwe6vvWc9lh1YbDQay8w9MP+wT4EeSuPP/
9jATrNMuS7CUmFZUYWX1L+8aBmH+dUW0wnASDOvIs3lqTblwv831JtJDvRp5Ai0Y
KBJBpgPMyNugVlmTmA8icaOGaXsvqALa8SWG2R7lIyv9DjXu9/HVVHQHOTkOA2dK
IMSGWAypguYD57EvbaIn4/yqRT1QWsWYRvtiXjuk9K8hlXHsfCzMJ1Qqq5OuwHKB
LaXr/2pnJo2/aubmVxNMbfLnAgMBAAGjggKjMIICnzAdBgNVHQ4EFgQUjkQY09N8
0EJ7Edj3b+/MZSgl91AwHwYDVR0jBBgwFoAUR7V3ucir4sNgDFtOeT/01HtlBiAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNDMEM5L0M1REFCRUVBNUZC
NDExRjA4MjAzNDQ3REM0RjlBRTAyL1I3VjN1Y2lyNHNOZ0RGdE9lVF8wMUh0bEJp
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUjdWM3VjaXI0c05nREZ0T2VUXzAxSHRsQmlBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
QzBDOS9DNURBQkVFQTVGQjQxMUYwODIwMzQ0N0RDNEY5QUUwMi9DNjgxMUVEQTVG
QjgxMUYwOTQxMzVCMkZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAtBggrBgEFBQcBBwEB/wQe
MBwwGgQCAAEwFAMEAWcrRjAMAwQAZ1KNAwQEZ1KAMA0GCSqGSIb3DQEBCwUAA4IB
AQAf2UfPzbVTKaH0g78Y0IXNCP/bWV2VCUk0uj53kWjBKFO5iUly54/bE0czOsar
UeAm46LK/xShRtTas/HpZU5d3wWmp/fLpXpmHXStMMaKyg7dPsY0i/WMBzrzY+g2
XmEtHQUHoA+XHznLugdr3EG9Ctot04qC/fSsrDFgA6VsmD2RxFaVyCPkPT3AexLW
FPah0GbzooeNtPQQGVwc3EMRsLs9yyV0JN7OyYPT2rsHYcETQlkvYMKEr+d1JdE8
Rt6lZDhvSMqH3gqWfELdJ5LbBUpztfrWuk1KdakA2LKemdxm820B2y9uh9HAOmgz
yfx4jYdeHlybWG/N4uo/OaQC
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:07:05 2025 by rpki-client