Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/96BD724A36E411F0AAE1DE39C4F9AE02.roa
File:                     96BD724A36E411F0AAE1DE39C4F9AE02.roa (raw, json)
Hash identifier:          kKqvj0xomNS0RBNYUt8mH1385WpqQD6GeAsQ4vaFhLU=
Subject key identifier:   03:F1:BD:65:69:03:CA:55:3A:C2:67:B1:46:8D:29:91:C1:41:DD:DF
Certificate issuer:       /CN=A9131A5E/serialNumber=C74B34F5084C3D427D2DB5284E0A5E30770B933B
Certificate serial:       0166
Authority key identifier: C7:4B:34:F5:08:4C:3D:42:7D:2D:B5:28:4E:0A:5E:30:77:0B:93:3B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x0s09QhMPUJ9LbUoTgpeMHcLkzs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/96BD724A36E411F0AAE1DE39C4F9AE02.roa
Signing time:             Thu 22 May 2025 08:13:06 +0000
ROA not before:           Thu 22 May 2025 08:13:06 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     38314
IP address blocks:        103.125.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/x0s09QhMPUJ9LbUoTgpeMHcLkzs.crl
                          rsync://rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/x0s09QhMPUJ9LbUoTgpeMHcLkzs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x0s09QhMPUJ9LbUoTgpeMHcLkzs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 02:53:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 358 (0x166)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9131A5E, serialNumber=C74B34F5084C3D427D2DB5284E0A5E30770B933B
        Validity
            Not Before: May 22 08:13:06 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=682edc92-8efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:50:19:d9:d3:2d:32:0f:2a:18:a9:dd:4b:16:
                    2c:0e:95:75:72:a9:e4:d3:c3:fb:89:fa:f0:a8:c9:
                    4d:18:36:6f:2b:7c:d3:80:b9:82:3f:d2:43:61:79:
                    ee:19:c9:e3:5e:46:53:18:bc:c8:eb:c3:90:86:5a:
                    1e:0e:7c:6d:7e:7c:47:78:62:71:e7:e9:f7:fd:51:
                    d4:a0:84:0f:66:93:1f:13:21:17:8a:74:69:f4:ea:
                    8b:fe:49:23:2f:86:47:bf:d1:96:8b:f8:94:c8:b4:
                    6f:de:24:4a:e4:0a:5c:22:ad:95:56:2c:52:2c:2d:
                    39:5b:fa:ed:cb:15:e3:4b:97:4e:01:bb:57:b0:94:
                    ca:77:e4:10:3f:c8:47:bd:44:9a:90:e3:5c:e0:45:
                    fd:e3:2e:33:88:9d:eb:09:bb:13:66:32:b4:ce:1b:
                    5f:e2:ec:68:17:df:ad:28:3c:59:37:f8:75:2f:be:
                    fa:48:68:f0:e7:84:40:6f:21:59:7d:85:c1:7c:86:
                    f2:6b:9c:34:7a:85:da:ac:7e:d4:db:cd:a7:28:de:
                    7a:1a:6b:e6:2e:d0:8d:bd:50:2d:59:40:3f:1f:1b:
                    1d:65:2b:d8:b4:5d:c3:1d:b4:53:45:0e:27:7a:a5:
                    b9:54:01:d8:d2:fa:88:8c:7c:58:55:c0:d2:f9:dd:
                    75:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F1:BD:65:69:03:CA:55:3A:C2:67:B1:46:8D:29:91:C1:41:DD:DF
            X509v3 Authority Key Identifier:
                keyid:C7:4B:34:F5:08:4C:3D:42:7D:2D:B5:28:4E:0A:5E:30:77:0B:93:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/x0s09QhMPUJ9LbUoTgpeMHcLkzs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x0s09QhMPUJ9LbUoTgpeMHcLkzs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9131A5E/03462E6610EA11EE9A48F17BC4F9AE02/96BD724A36E411F0AAE1DE39C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.125.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:b1:b3:10:51:36:ad:fb:c1:0f:ed:47:30:f4:9e:1d:7e:0b:
         2c:f8:71:b1:02:09:62:a4:0e:b8:32:6e:3d:12:2e:db:a3:17:
         b4:90:f9:6f:a8:e2:ee:9f:3f:dc:4f:d4:f5:9f:b9:17:07:02:
         d5:da:00:73:69:db:79:29:b2:9d:70:21:90:fa:0b:f1:b5:9f:
         5d:b8:ec:07:cf:a0:fb:d7:e5:2c:e2:2f:13:8c:f4:ef:09:46:
         f9:d3:df:19:e3:41:a5:11:1c:c7:ee:42:68:70:05:5a:ae:47:
         53:19:fe:39:3d:8a:a3:4e:6d:f1:0c:e9:d2:0d:23:fe:78:7f:
         9c:f8:a5:8b:df:0a:0b:fe:6d:a8:e4:b7:83:31:1e:f6:13:5a:
         d2:f3:6c:4f:1a:de:4d:55:27:6e:e2:0f:5e:a8:7b:c8:bf:1d:
         7d:5d:e1:ee:ed:05:e9:62:6b:59:c9:43:2f:d6:37:6a:cc:ba:
         a6:0f:7d:99:35:ce:e0:1b:a3:85:7e:d8:55:ed:d8:7b:46:0c:
         58:81:98:7f:18:f5:7b:c8:48:54:2d:92:4b:7a:d8:9a:e2:44:
         24:3c:e2:62:ec:c3:a8:d7:81:27:72:cd:2c:d7:59:f8:9a:19:
         c2:df:66:0c:48:7a:cc:0e:a4:5b:22:61:38:22:71:35:6c:b1:
         61:24:53:2a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAWYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzFBNUUxMTAvBgNVBAUTKEM3NEIzNEY1MDg0QzNENDI3RDJEQjUyODRFMEE1RTMw
NzcwQjkzM0IwHhcNMjUwNTIyMDgxMzA2WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJlZGM5Mi04ZWZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAolAZ2dMtMg8qGKndSxYsDpV1cqnk08P7ifrwqMlNGDZvK3zTgLmCP9JDYXnu
GcnjXkZTGLzI68OQhloeDnxtfnxHeGJx5+n3/VHUoIQPZpMfEyEXinRp9OqL/kkj
L4ZHv9GWi/iUyLRv3iRK5ApcIq2VVixSLC05W/rtyxXjS5dOAbtXsJTKd+QQP8hH
vUSakONc4EX94y4ziJ3rCbsTZjK0zhtf4uxoF9+tKDxZN/h1L776SGjw54RAbyFZ
fYXBfIbya5w0eoXarH7U282nKN56GmvmLtCNvVAtWUA/HxsdZSvYtF3DHbRTRQ4n
eqW5VAHY0vqIjHxYVcDS+d11vQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAPxvWVp
A8pVOsJnsUaNKZHBQd3fMB8GA1UdIwQYMBaAFMdLNPUITD1CfS21KE4KXjB3C5M7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMUE1RS8wMzQ2MkU2NjEw
RUExMUVFOUE0OEYxN0JDNEY5QUUwMi94MHMwOVFoTVBVSjlMYlVvVGdwZU1IY0xr
enMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3gwczA5UWhNUFVKOUxiVW9UZ3BlTUhjTGt6cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzFBNUUvMDM0NjJFNjYxMEVBMTFFRTlBNDhGMTdCQzRGOUFFMDIvOTZCRDcyNEEz
NkU0MTFGMEFBRTFERTM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnfT0wDQYJKoZIhvcNAQELBQADggEBAEuxsxBRNq37wQ/t
RzD0nh1+Cyz4cbECCWKkDrgybj0SLtujF7SQ+W+o4u6fP9xP1PWfuRcHAtXaAHNp
23kpsp1wIZD6C/G1n1247AfPoPvX5SziLxOM9O8JRvnT3xnjQaURHMfuQmhwBVqu
R1MZ/jk9iqNObfEM6dINI/54f5z4pYvfCgv+bajkt4MxHvYTWtLzbE8a3k1VJ27i
D16oe8i/HX1d4e7tBelia1nJQy/WN2rMuqYPfZk1zuAbo4V+2FXt2HtGDFiBmH8Y
9XvISFQtkkt62JriRCQ84mLsw6jXgSdyzSzXWfiaGcLfZgxIeswOpFsiYTgicTVs
sWEkUyo=
-----END CERTIFICATE-----
Generated at Tue Jun 10 08:40:06 2025 by rpki-client