Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/359072F43AD811F0A280CB19C4F9AE02.roa
File:                     359072F43AD811F0A280CB19C4F9AE02.roa (raw, json)
Hash identifier:          AqvKf1Fms2EUVCZyYdNolwrSZBicy+smw/ASm7hgRy0=
Subject key identifier:   FF:EE:99:84:61:7A:0B:B6:42:68:CD:4B:B3:AC:3F:07:0C:52:74:77
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       BC14
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/359072F43AD811F0A280CB19C4F9AE02.roa
Signing time:             Tue 27 May 2025 08:54:33 +0000
ROA not before:           Tue 27 May 2025 08:54:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135227
IP address blocks:        103.98.210.0/23 maxlen: 23
                          103.123.38.0/24 maxlen: 24
                          103.212.235.0/24 maxlen: 24
                          2403:9dc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 13:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48148 (0xbc14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 27 08:54:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68357dc9-cfd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d6:a7:9d:6b:83:a7:d1:e1:8a:30:77:00:ee:
                    bf:0a:f4:61:84:49:6f:32:7d:d3:0a:bb:10:26:e9:
                    5b:84:bd:a1:74:bc:5f:31:8f:0c:75:47:d0:27:40:
                    db:3b:15:9b:a2:f6:b4:2e:26:87:fe:16:f7:c2:7f:
                    31:e2:d4:60:dd:4e:49:ec:95:ac:e0:0b:36:76:4e:
                    15:87:4d:77:9f:36:4d:37:a7:a2:22:6e:ad:aa:24:
                    53:d9:4b:08:cb:f9:f9:f3:45:aa:d9:f4:af:0e:b3:
                    04:2c:5e:ca:ba:7e:7c:72:97:fa:88:28:3f:e6:57:
                    6c:72:aa:af:c0:58:d6:33:ae:13:3a:88:66:8b:0d:
                    39:63:9d:ed:2b:63:7f:e6:23:20:ea:e3:e7:69:92:
                    93:ae:57:37:cf:17:76:d0:12:e3:77:02:76:27:be:
                    a4:f2:9f:0d:65:c9:1b:89:a2:e8:74:53:46:1a:07:
                    3f:de:bb:f3:c9:45:1f:c5:8e:55:4e:6c:ff:03:5a:
                    e0:e8:44:39:d0:c5:07:50:e7:ea:9d:b1:c8:cd:9b:
                    d5:33:e0:21:60:1d:fe:53:85:59:c3:23:e8:c7:99:
                    76:ff:a3:51:b1:a0:24:1a:3b:5d:f1:5d:7d:80:51:
                    0d:9c:bd:8f:f1:d4:13:16:4e:be:2f:29:53:98:96:
                    a3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:EE:99:84:61:7A:0B:B6:42:68:CD:4B:B3:AC:3F:07:0C:52:74:77
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/359072F43AD811F0A280CB19C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.98.210.0/23
                  103.123.38.0/24
                  103.212.235.0/24
                IPv6:
                  2403:9dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:bc:96:df:31:17:ec:b1:3c:1a:02:9c:6d:c5:1b:b3:4e:22:
         33:ba:4b:e5:ed:b0:a6:66:2d:5d:dd:17:e5:c0:3f:b6:2d:31:
         43:5a:f5:c6:c0:d6:9e:d4:32:f6:91:e7:3b:fc:fd:96:f4:a1:
         54:b1:b7:04:37:d5:76:db:83:82:8e:d7:22:c3:03:44:0e:44:
         0f:55:b7:2f:ec:13:b1:5c:1f:2b:d0:f0:6b:d1:ed:23:d1:0c:
         82:45:b1:d3:05:67:f9:16:4c:7c:08:b8:b8:f7:f2:22:19:3d:
         bc:5e:c1:69:c3:b0:b8:37:02:34:09:bf:da:64:8a:f8:a2:c5:
         ab:a0:d1:28:df:31:e9:05:ab:24:70:84:79:ac:9c:ac:b7:cd:
         bf:2c:46:b4:50:44:b6:09:38:2e:45:69:19:7e:8e:42:5d:ab:
         33:d4:99:11:e0:f9:bf:28:43:39:6c:b5:c9:5e:dd:45:e9:50:
         f8:02:91:26:78:a9:c2:6d:b0:76:6e:a9:f8:84:39:78:87:71:
         27:a0:4a:6c:32:66:a2:f9:5a:0f:cb:1d:70:fd:b0:3a:5b:41:
         43:dd:dc:18:2d:a1:ef:45:88:72:51:92:6c:1c:df:6e:b5:74:
         5c:3c:57:5c:19:93:d9:36:5d:9c:e0:ff:8e:ee:7a:48:5f:5a:
         78:9e:53:1d
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIDALwUMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUyNzA4NTQzM1oXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgzNTdkYzktY2ZkNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJzWp51rg6fR4YowdwDuvwr0YYRJbzJ90wq7ECbpW4S9oXS8XzGPDHVH0CdA
2zsVm6L2tC4mh/4W98J/MeLUYN1OSeyVrOALNnZOFYdNd582TTenoiJuraokU9lL
CMv5+fNFqtn0rw6zBCxeyrp+fHKX+ogoP+ZXbHKqr8BY1jOuEzqIZosNOWOd7Stj
f+YjIOrj52mSk65XN88XdtAS43cCdie+pPKfDWXJG4mi6HRTRhoHP96788lFH8WO
VU5s/wNa4OhEOdDFB1Dn6p2xyM2b1TPgIWAd/lOFWcMj6MeZdv+jUbGgJBo7XfFd
fYBRDZy9j/HUExZOvi8pU5iWo0kCAwEAAaOCArAwggKsMB0GA1UdDgQWBBT/7pmE
YXoLtkJozUuzrD8HDFJ0dzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzM1OTA3MkY0
M0FEODExRjBBMjgwQ0IxOUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDoGCCsGAQUFBwEHAQH/
BCswKTAYBAIAATASAwQBZ2LSAwQAZ3smAwQAZ9TrMA0EAgACMAcDBQAkA53AMA0G
CSqGSIb3DQEBCwUAA4IBAQB1vJbfMRfssTwaApxtxRuzTiIzukvl7bCmZi1d3Rfl
wD+2LTFDWvXGwNae1DL2kec7/P2W9KFUsbcEN9V224OCjtciwwNEDkQPVbcv7BOx
XB8r0PBr0e0j0QyCRbHTBWf5Fkx8CLi49/IiGT28XsFpw7C4NwI0Cb/aZIr4osWr
oNEo3zHpBaskcIR5rJyst82/LEa0UES2CTguRWkZfo5CXasz1JkR4Pm/KEM5bLXJ
Xt1F6VD4ApEmeKnCbbB2bqn4hDl4h3EnoEpsMmai+VoPyx1w/bA6W0FD3dwYLaHv
RYhyUZJsHN9utXRcPFdcGZPZNl2c4P+O7npIX1p4nlMd
-----END CERTIFICATE-----
Generated at Tue Jun 10 17:20:24 2025 by rpki-client