Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/CF949C10359A11F0AFFF2848C4F9AE02.roa
File:                     CF949C10359A11F0AFFF2848C4F9AE02.roa (raw, json)
Hash identifier:          cIB0S20gV/ZhV77XZTzfCkZr/IsCbhpCdfiUC7S/47s=
Subject key identifier:   CA:06:A5:3A:81:33:71:95:18:3A:B0:EB:E4:DE:2F:54:8C:0F:0C:39
Certificate issuer:       /CN=A913C432/serialNumber=329DA03DB9944751498A5FCA53C85DAA60CB9A32
Certificate serial:       0FF9
Authority key identifier: 32:9D:A0:3D:B9:94:47:51:49:8A:5F:CA:53:C8:5D:AA:60:CB:9A:32
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Mp2gPbmUR1FJil_KU8hdqmDLmjI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/CF949C10359A11F0AFFF2848C4F9AE02.roa
Signing time:             Tue 20 May 2025 16:52:27 +0000
ROA not before:           Tue 20 May 2025 16:52:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138981
IP address blocks:        103.138.24.0/22 maxlen: 22
                          2404:bec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/Mp2gPbmUR1FJil_KU8hdqmDLmjI.crl
                          rsync://rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/Mp2gPbmUR1FJil_KU8hdqmDLmjI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Mp2gPbmUR1FJil_KU8hdqmDLmjI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 17:25:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4089 (0xff9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913C432, serialNumber=329DA03DB9944751498A5FCA53C85DAA60CB9A32
        Validity
            Not Before: May 20 16:52:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=682cb34b-3186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f5:10:10:a9:6e:79:0e:b7:b6:19:5c:2b:cc:
                    23:ef:0a:22:38:06:38:0b:68:3e:b3:bb:90:0b:52:
                    0b:aa:9c:c7:51:fe:7d:8f:a5:b0:3d:c4:24:0a:17:
                    88:27:c6:b9:c5:f9:d6:3f:a4:4c:f5:9d:9d:48:e4:
                    a2:a3:79:31:42:54:db:0b:e1:90:4b:87:f2:78:46:
                    5a:40:5a:3f:04:46:5d:21:bb:55:64:a6:cd:0e:83:
                    86:46:71:61:07:ba:48:4f:27:a4:39:9e:dc:cc:c3:
                    d7:0c:ed:d7:23:00:7f:79:ec:ed:ff:68:7a:b8:14:
                    92:de:f0:a0:10:7b:a3:94:84:fa:98:73:ea:8e:36:
                    18:3a:ff:b2:c3:31:25:c4:cf:d3:49:64:d0:66:0b:
                    20:0f:1a:8d:35:09:a1:b3:f4:25:3a:fd:73:de:d4:
                    4e:02:79:df:74:63:57:08:9b:41:7a:e4:11:f1:fe:
                    cf:bd:b0:5c:57:2e:12:20:19:eb:50:b5:15:1f:55:
                    ee:eb:b9:65:2a:7a:d3:16:07:1c:f6:0c:25:ea:c3:
                    ca:dd:8d:42:10:36:d0:86:15:59:96:40:90:50:d5:
                    b2:e5:0b:89:88:25:8f:3e:08:b9:48:0f:a2:10:47:
                    12:62:2a:3a:09:6d:96:9f:4f:0f:44:0f:aa:3b:c3:
                    7a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:A5:3A:81:33:71:95:18:3A:B0:EB:E4:DE:2F:54:8C:0F:0C:39
            X509v3 Authority Key Identifier:
                keyid:32:9D:A0:3D:B9:94:47:51:49:8A:5F:CA:53:C8:5D:AA:60:CB:9A:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/Mp2gPbmUR1FJil_KU8hdqmDLmjI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Mp2gPbmUR1FJil_KU8hdqmDLmjI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913C432/2DCABA685CF211E984939224C4F9AE02/CF949C10359A11F0AFFF2848C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.24.0/22
                IPv6:
                  2404:bec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:70:b9:35:7e:b5:13:37:9b:33:f0:ec:c4:14:e4:50:46:00:
         7c:13:18:0d:82:3d:10:3d:81:8b:84:a7:9d:ac:ef:6a:4d:c8:
         2a:14:c1:d0:59:14:7f:16:ca:2d:8b:ad:fd:af:19:a1:03:d2:
         70:1e:d8:1a:28:af:05:12:9c:05:03:0d:ac:b8:81:0a:73:5a:
         dc:ae:22:a0:c0:62:52:e7:6e:43:ba:dc:74:a7:b5:75:22:2d:
         9c:ad:4c:db:94:c6:3c:9b:08:33:1e:97:e1:cf:09:08:b9:76:
         ec:83:c8:04:d8:40:27:88:44:5c:b8:01:09:c0:3a:ce:0b:dd:
         20:fe:d0:2a:7b:b1:b7:c4:22:df:a1:63:55:ff:70:67:ed:f5:
         70:9e:4e:a9:4e:16:54:ad:fc:4b:9d:37:88:96:03:d2:38:a4:
         f7:78:e1:a7:3e:ad:20:e0:f2:79:64:ef:99:a8:00:4b:a0:cc:
         ab:bb:ef:f8:1d:be:d0:90:45:fe:da:52:ba:56:c1:73:38:39:
         82:2b:58:f2:96:af:2b:9b:29:7a:75:89:db:f3:1f:6a:2b:55:
         71:3e:20:00:f5:e8:4b:b6:0d:49:19:bf:8f:a0:c1:71:4a:ef:
         45:b6:7f:bb:98:e2:0e:5e:5e:41:ee:4a:5f:87:a1:66:a3:6c:
         79:76:a5:9d
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICD/kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0M0MzIxMTAvBgNVBAUTKDMyOURBMDNEQjk5NDQ3NTE0OThBNUZDQTUzQzg1REFB
NjBDQjlBMzIwHhcNMjUwNTIwMTY1MjI3WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJjYjM0Yi0zMTg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw/UQEKlueQ63thlcK8wj7woiOAY4C2g+s7uQC1ILqpzHUf59j6WwPcQkCheI
J8a5xfnWP6RM9Z2dSOSio3kxQlTbC+GQS4fyeEZaQFo/BEZdIbtVZKbNDoOGRnFh
B7pITyekOZ7czMPXDO3XIwB/eezt/2h6uBSS3vCgEHujlIT6mHPqjjYYOv+ywzEl
xM/TSWTQZgsgDxqNNQmhs/QlOv1z3tROAnnfdGNXCJtBeuQR8f7PvbBcVy4SIBnr
ULUVH1Xu67llKnrTFgcc9gwl6sPK3Y1CEDbQhhVZlkCQUNWy5QuJiCWPPgi5SA+i
EEcSYio6CW2Wn08PRA+qO8N6NQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFMoGpTqB
M3GVGDqw6+TeL1SMDww5MB8GA1UdIwQYMBaAFDKdoD25lEdRSYpfylPIXapgy5oy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQzQzMi8yRENBQkE2ODVD
RjIxMUU5ODQ5MzkyMjRDNEY5QUUwMi9NcDJnUGJtVVIxRkppbF9LVThoZHFtRExt
akkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01wMmdQYm1VUjFGSmlsX0tVOGhkcW1ETG1qSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0M0MzIvMkRDQUJBNjg1Q0YyMTFFOTg0OTM5MjI0QzRGOUFFMDIvQ0Y5NDlDMTAz
NTlBMTFGMEFGRkYyODQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnihgwDQQCAAIwBwMFACQEvsAwDQYJKoZIhvcNAQELBQAD
ggEBALhwuTV+tRM3mzPw7MQU5FBGAHwTGA2CPRA9gYuEp52s72pNyCoUwdBZFH8W
yi2Lrf2vGaED0nAe2BoorwUSnAUDDay4gQpzWtyuIqDAYlLnbkO63HSntXUiLZyt
TNuUxjybCDMel+HPCQi5duyDyATYQCeIRFy4AQnAOs4L3SD+0Cp7sbfEIt+hY1X/
cGft9XCeTqlOFlSt/EudN4iWA9I4pPd44ac+rSDg8nlk75moAEugzKu77/gdvtCQ
Rf7aUrpWwXM4OYIrWPKWryubKXp1idvzH2orVXE+IAD16Eu2DUkZv4+gwXFK70W2
f7uY4g5eXkHuSl+HoWajbHl2pZ0=
-----END CERTIFICATE-----
Generated at Tue Jun 10 15:32:48 2025 by rpki-client