Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/F1C9EE68B13B11E5B2D80087C4F9AE02.roa
File:                     F1C9EE68B13B11E5B2D80087C4F9AE02.roa (raw, json)
Hash identifier:          1VVuRrqVVTtGHoXa2KKerRIHjhwmzovA9uhLiSgp/NQ=
Subject key identifier:   AB:FB:9D:3A:2B:D1:0F:0C:E0:F4:26:D4:58:F8:01:57:55:1D:D9:3F
Certificate issuer:       /CN=A9146D06/serialNumber=D3156FF538A0D3F53973861FAD6436FB1E5FE8C0
Certificate serial:       320C
Authority key identifier: D3:15:6F:F5:38:A0:D3:F5:39:73:86:1F:AD:64:36:FB:1E:5F:E8:C0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/F1C9EE68B13B11E5B2D80087C4F9AE02.roa
Signing time:             Fri 30 May 2025 16:02:14 +0000
ROA not before:           Fri 30 May 2025 16:02:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132726
IP address blocks:        103.19.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.crl
                          rsync://rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 15:22:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12812 (0x320c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146D06, serialNumber=D3156FF538A0D3F53973861FAD6436FB1E5FE8C0
        Validity
            Not Before: May 30 16:02:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6839d685-dff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:79:c9:cf:48:25:35:db:36:03:e4:ba:d8:05:
                    2f:bc:2d:9d:ba:da:7f:b8:86:87:f1:a7:50:36:f0:
                    ba:f1:c1:ce:d0:d2:1e:b4:59:97:71:60:13:15:95:
                    03:76:e5:a7:96:24:fd:e1:7c:96:06:92:4e:5f:d1:
                    1b:9c:94:21:76:fd:10:80:3d:a9:1f:c8:58:36:8a:
                    50:b8:48:c0:cb:19:3d:b8:ef:f8:6c:30:a9:bb:02:
                    36:98:d3:39:d3:63:6d:e0:69:c7:e9:66:54:ed:83:
                    3d:cb:40:a2:dd:d0:05:77:9c:01:02:10:7b:27:c0:
                    7a:83:0f:85:1a:af:08:ad:2f:51:20:28:fa:24:ab:
                    4a:02:21:87:09:de:af:65:ee:93:e4:17:73:73:b1:
                    08:0c:79:cf:84:07:b1:d2:36:47:ea:e5:f1:d9:c7:
                    bf:a1:63:b0:87:9a:38:3a:ae:ff:58:31:db:17:87:
                    36:6d:14:a7:fb:dc:e5:e3:6e:e0:2a:f2:45:90:3c:
                    46:98:f3:01:5d:0d:76:dd:6b:bb:4d:d9:33:bf:6a:
                    cb:c7:11:1d:1c:5a:02:2d:3e:8f:60:9e:86:38:ea:
                    76:83:46:93:ae:05:d5:35:f1:0a:a3:57:2f:28:8e:
                    e4:c3:b9:b8:7c:2d:c1:86:8d:6e:9d:11:9f:45:8f:
                    ad:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FB:9D:3A:2B:D1:0F:0C:E0:F4:26:D4:58:F8:01:57:55:1D:D9:3F
            X509v3 Authority Key Identifier:
                keyid:D3:15:6F:F5:38:A0:D3:F5:39:73:86:1F:AD:64:36:FB:1E:5F:E8:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0xVv9Tig0_U5c4YfrWQ2-x5f6MA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146D06/1CECB18AA00411E2A23865E42F5A7754/F1C9EE68B13B11E5B2D80087C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.19.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:b6:7f:3d:8f:04:d8:39:bc:3b:a2:6c:c5:65:8e:03:99:dc:
         2b:36:b4:27:7b:f6:8c:39:53:fb:c8:7b:d6:d8:ec:5e:ae:f6:
         ba:51:7a:f8:e9:d3:2f:cf:be:a6:6e:28:44:a1:af:a8:af:9c:
         b5:97:d1:9a:38:ca:74:55:fc:64:1f:ac:58:ef:5d:1f:ec:b2:
         3c:60:a7:12:b8:ec:fb:97:96:f3:2c:a0:26:72:29:c3:d4:47:
         1b:87:c1:48:6a:2f:d8:af:4c:26:5d:43:a0:78:8e:a7:9a:51:
         26:8b:b3:58:5c:cb:6f:fe:20:38:98:07:ed:13:8d:d5:6b:73:
         9f:28:fa:9c:07:64:b1:d9:89:b2:d2:c5:46:2f:8e:fa:2f:3b:
         f2:6d:2a:da:74:19:44:f2:f2:1e:28:bc:ce:fe:09:7a:4b:c6:
         40:81:61:bc:cd:1b:c5:5c:f0:a4:44:aa:41:5c:fe:b8:e8:57:
         26:36:a1:0e:b2:36:41:04:13:76:85:67:d9:f3:7c:04:d7:d4:
         35:4f:3e:c3:e5:7d:60:80:e5:ff:60:15:77:c7:95:02:db:a0:
         2c:c3:4c:41:be:86:f9:d3:12:d7:9f:81:97:f5:98:a4:09:7b:
         5e:3e:ab:a5:54:17:7a:33:4a:fa:7f:02:d0:50:f8:3e:32:b6:
         1b:c3:a4:c1
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICMgwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDZEMDYxMTAvBgNVBAUTKEQzMTU2RkY1MzhBMEQzRjUzOTczODYxRkFENjQzNkZC
MUU1RkU4QzAwHhcNMjUwNTMwMTYwMjE0WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODM5ZDY4NS1kZmY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo3nJz0glNds2A+S62AUvvC2dutp/uIaH8adQNvC68cHO0NIetFmXcWATFZUD
duWnliT94XyWBpJOX9EbnJQhdv0QgD2pH8hYNopQuEjAyxk9uO/4bDCpuwI2mNM5
02Nt4GnH6WZU7YM9y0Ci3dAFd5wBAhB7J8B6gw+FGq8IrS9RICj6JKtKAiGHCd6v
Ze6T5Bdzc7EIDHnPhAex0jZH6uXx2ce/oWOwh5o4Oq7/WDHbF4c2bRSn+9zl427g
KvJFkDxGmPMBXQ123Wu7Tdkzv2rLxxEdHFoCLT6PYJ6GOOp2g0aTrgXVNfEKo1cv
KI7kw7m4fC3Bho1unRGfRY+tLwIDAQABo4IClTCCApEwHQYDVR0OBBYEFKv7nTor
0Q8M4PQm1Fj4AVdVHdk/MB8GA1UdIwQYMBaAFNMVb/U4oNP1OXOGH61kNvseX+jA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NkQwNi8xQ0VDQjE4QUEw
MDQxMUUyQTIzODY1RTQyRjVBNzc1NC8weFZ2OVRpZzBfVTVjNFlmcldRMi14NWY2
TUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzB4VnY5VGlnMF9VNWM0WWZyV1EyLXg1ZjZNQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDZEMDYvMUNFQ0IxOEFBMDA0MTFFMkEyMzg2NUU0MkY1QTc3NTQvRjFDOUVFNjhC
MTNCMTFFNUIyRDgwMDg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnE/AwDQYJKoZIhvcNAQELBQADggEBABq2fz2PBNg5vDui
bMVljgOZ3Cs2tCd79ow5U/vIe9bY7F6u9rpRevjp0y/PvqZuKEShr6ivnLWX0Zo4
ynRV/GQfrFjvXR/ssjxgpxK47PuXlvMsoCZyKcPURxuHwUhqL9ivTCZdQ6B4jqea
USaLs1hcy2/+IDiYB+0TjdVrc58o+pwHZLHZibLSxUYvjvovO/JtKtp0GUTy8h4o
vM7+CXpLxkCBYbzNG8Vc8KREqkFc/rjoVyY2oQ6yNkEEE3aFZ9nzfATX1DVPPsPl
fWCA5f9gFXfHlQLboCzDTEG+hvnTEtefgZf1mKQJe14+q6VUF3ozSvp/AtBQ+D4y
thvDpME=
-----END CERTIFICATE-----
Generated at Tue Jun 10 02:23:42 2025 by rpki-client