Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5BB05F0807A711EBBAD90C57C4F9AE02.roa
File:                     5BB05F0807A711EBBAD90C57C4F9AE02.roa (raw, json)
Hash identifier:          /xLzLr5G/WcRbP9j5fH3Jlc/NQM+n4Uqmz/O4DGivuo=
Subject key identifier:   E0:39:83:73:4D:34:2E:AC:78:EA:23:C2:E2:87:26:2E:5B:7E:D3:B6
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       B1E6
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5BB05F0807A711EBBAD90C57C4F9AE02.roa
Signing time:             Thu 08 May 2025 15:59:01 +0000
ROA not before:           Thu 08 May 2025 15:59:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133659
IP address blocks:        103.42.188.0/24 maxlen: 24
                          103.81.160.0/24 maxlen: 24
                          2001:df1:3c00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 13:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45542 (0xb1e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May  8 15:59:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=681cd4c5-c874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:8b:9c:29:7c:64:cb:4c:ab:a4:17:96:c3:
                    2f:89:cb:8e:98:3f:18:ac:22:3e:fe:a1:e8:36:fe:
                    05:69:b7:4d:a2:48:2d:79:71:9e:98:d6:f1:9b:dc:
                    59:fa:fa:be:df:7e:20:25:3f:57:11:5b:02:2e:0f:
                    54:a5:6a:93:d0:57:f6:20:7d:6a:74:d2:2d:a7:82:
                    f5:f4:a7:b6:fa:15:14:e3:41:c2:5a:54:f6:93:e8:
                    a0:a9:d4:2d:35:f9:f2:0c:82:b7:8a:64:66:8d:26:
                    89:20:5f:49:20:21:a5:b8:af:51:dd:45:6d:cd:33:
                    ed:b6:36:f1:20:8e:d5:2d:9b:ec:30:2b:62:e8:2f:
                    4c:b8:70:6c:d3:09:dd:ab:13:97:c7:a4:f1:de:b9:
                    42:dd:86:47:cc:a2:be:ac:3e:a2:06:ec:33:57:d3:
                    5e:98:84:23:b2:1f:bd:46:59:df:38:f0:4e:24:20:
                    b2:ee:03:f6:55:32:79:bf:c6:89:12:5e:00:69:ae:
                    c3:34:18:a1:9e:24:a4:5f:80:bc:7b:e7:40:ee:76:
                    6e:a5:bb:5a:5e:8e:99:d7:c8:f0:ca:06:72:af:26:
                    a2:fb:c2:c4:2b:c9:48:83:15:e1:14:f2:f3:71:32:
                    8f:af:ab:9f:8e:19:39:a8:40:1d:87:e5:7a:29:f9:
                    bc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:39:83:73:4D:34:2E:AC:78:EA:23:C2:E2:87:26:2E:5B:7E:D3:B6
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5BB05F0807A711EBBAD90C57C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.42.188.0/24
                  103.81.160.0/24
                IPv6:
                  2001:df1:3c00::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:1e:02:92:75:46:57:b0:c2:82:6a:92:c4:eb:95:c0:3b:48:
         f5:37:bb:99:34:cb:52:fe:66:91:93:3a:6b:e5:c4:06:f5:81:
         50:e4:06:01:43:bd:48:d4:ba:06:12:4d:ed:6f:2b:84:e7:8b:
         b4:3b:8b:dd:71:fb:97:a1:b6:01:25:43:37:39:73:e6:6d:6f:
         eb:81:85:b1:aa:05:f1:74:24:e1:1b:9a:a4:a4:8d:d6:41:d8:
         4a:5b:e0:35:81:e5:e9:93:7c:82:ed:e8:07:d3:14:19:9c:14:
         68:22:56:37:b4:97:95:c4:ce:16:b3:64:31:eb:d0:13:88:6f:
         a1:b6:2d:c9:0d:ca:0d:e7:0c:66:99:0d:e7:5a:e6:ab:60:8c:
         99:c9:83:34:fe:8c:39:64:7d:14:ae:54:84:29:58:f7:09:ac:
         81:81:eb:c1:8a:a7:85:db:7f:31:aa:72:a0:88:73:2b:e8:c7:
         04:2e:76:cb:0e:7c:9d:5f:1f:55:83:a9:4b:79:33:6f:dc:b7:
         a7:1e:03:71:cb:2e:9b:e1:0a:af:c2:17:74:34:c8:92:50:2b:
         8f:29:0d:ad:e9:bf:26:ef:95:04:89:ae:57:0e:b9:ba:a7:d4:
         81:9b:cd:b6:6d:98:ae:cb:72:b1:50:90:7f:3d:a4:1b:2b:0b:
         ac:af:eb:09
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIDALHmMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE1NTkwMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q0YzUtYzg3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALs9i5wpfGTLTKukF5bDL4nLjpg/GKwiPv6h6Db+BWm3TaJILXlxnpjW8Zvc
Wfr6vt9+ICU/VxFbAi4PVKVqk9BX9iB9anTSLaeC9fSntvoVFONBwlpU9pPooKnU
LTX58gyCt4pkZo0miSBfSSAhpbivUd1Fbc0z7bY28SCO1S2b7DArYugvTLhwbNMJ
3asTl8ek8d65Qt2GR8yivqw+ogbsM1fTXpiEI7IfvUZZ3zjwTiQgsu4D9lUyeb/G
iRJeAGmuwzQYoZ4kpF+AvHvnQO52bqW7Wl6OmdfI8MoGcq8movvCxCvJSIMV4RTy
83Eyj6+rn44ZOahAHYflein5vJkCAwEAAaOCAqwwggKoMB0GA1UdDgQWBBTgOYNz
TTQurHjqI8LihyYuW37TtjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzVCQjA1RjA4
MDdBNzExRUJCQUQ5MEM1N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDYGCCsGAQUFBwEHAQH/
BCcwJTASBAIAATAMAwQAZyq8AwQAZ1GgMA8EAgACMAkDBwAgAQ3xPAAwDQYJKoZI
hvcNAQELBQADggEBAA8eApJ1RlewwoJqksTrlcA7SPU3u5k0y1L+ZpGTOmvlxAb1
gVDkBgFDvUjUugYSTe1vK4Tni7Q7i91x+5ehtgElQzc5c+Ztb+uBhbGqBfF0JOEb
mqSkjdZB2Epb4DWB5emTfILt6AfTFBmcFGgiVje0l5XEzhazZDHr0BOIb6G2LckN
yg3nDGaZDeda5qtgjJnJgzT+jDlkfRSuVIQpWPcJrIGB68GKp4XbfzGqcqCIcyvo
xwQudssOfJ1fH1WDqUt5M2/ct6ceA3HLLpvhCq/CF3Q0yJJQK48pDa3pvybvlQSJ
rlcOubqn1IGbzbZtmK7LcrFQkH89pBsrC6yv6wk=
-----END CERTIFICATE-----
Generated at Tue Jun 10 08:04:41 2025 by rpki-client