Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C2E45C64051B11EEA9671C47C4F9AE02.roa
File:                     C2E45C64051B11EEA9671C47C4F9AE02.roa (raw, json)
Hash identifier:          9G39YLuA3bogghL9p3zornCwjEcWc1hDX/Jz8WrXh+w=
Subject key identifier:   45:08:C3:B2:21:43:F1:69:C3:8D:80:E9:7B:23:46:18:01:13:9E:91
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       BCD7
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C2E45C64051B11EEA9671C47C4F9AE02.roa
Signing time:             Tue 03 Jun 2025 09:39:33 +0000
ROA not before:           Tue 03 Jun 2025 09:39:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149226
IP address blocks:        103.123.172.0/23 maxlen: 24
                          103.169.178.0/23 maxlen: 24
                          2400:f1a0::/32 maxlen: 32
                          2400:f1a0:1::/48 maxlen: 48
                          2400:f1a0:2::/48 maxlen: 48
                          2400:f1a0:3::/48 maxlen: 48
                          2400:f1a0:4::/48 maxlen: 48
                          2400:f1a0:5::/48 maxlen: 48
                          2400:f1a0:6::/48 maxlen: 48
                          2400:f1a0:7::/48 maxlen: 48
                          2400:f1a0:8::/48 maxlen: 48
                          2400:f1a0:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 15:22:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48343 (0xbcd7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: Jun  3 09:39:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=683ec2d5-316e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:22:2e:f1:ef:c1:1c:b6:e3:13:8a:a8:3e:fb:
                    62:b2:f0:e1:d1:91:c5:ad:2c:58:eb:fe:52:3c:ba:
                    09:9b:75:d9:90:9d:c5:2f:ab:72:84:ea:4a:a7:27:
                    ac:0c:5f:ef:31:b2:f6:f1:c9:4b:f6:f8:e4:c6:e3:
                    fd:4b:73:a5:01:d4:5a:0b:9e:cd:2e:9c:f1:80:13:
                    1a:69:2a:77:45:06:73:15:3d:7c:76:ef:1e:04:7f:
                    5c:21:54:07:78:e0:7c:68:9b:e1:25:6b:18:40:48:
                    a2:64:69:f3:31:7c:a8:39:cd:68:7a:b8:ae:21:e9:
                    cd:50:c0:c8:23:7c:9d:a0:2d:3c:e3:6e:cb:78:75:
                    85:b9:56:ff:95:10:c7:ff:f0:fc:87:cc:08:3b:40:
                    5b:f9:0b:13:76:c8:93:eb:09:c3:fe:b5:c0:a2:63:
                    af:b4:da:02:a4:de:07:85:6a:04:23:b8:0c:0c:b8:
                    52:37:b5:70:ff:1f:8f:ff:b2:5c:7b:ac:16:d3:f0:
                    c1:f8:bb:3b:96:af:8e:49:23:7a:aa:35:2e:90:02:
                    b9:47:85:46:f2:e5:08:d7:e4:76:b1:47:ef:95:4e:
                    66:01:39:1a:6f:36:86:58:a5:53:fe:be:aa:d9:a0:
                    4d:f2:46:af:de:a9:9a:f0:7e:20:08:db:7a:ad:ca:
                    c0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:08:C3:B2:21:43:F1:69:C3:8D:80:E9:7B:23:46:18:01:13:9E:91
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C2E45C64051B11EEA9671C47C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.123.172.0/23
                  103.169.178.0/23
                IPv6:
                  2400:f1a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:42:b9:3b:a9:7e:ca:a0:56:58:84:6f:1b:f7:cb:7d:93:38:
         b5:7f:9f:5b:28:80:af:a1:09:08:cd:c6:63:dd:f3:eb:1b:e7:
         0c:ad:12:2b:b3:ad:61:3f:9a:1e:d2:da:13:21:75:70:8b:d0:
         1d:a2:5e:a5:bc:f0:53:15:e1:8c:a4:4a:ba:af:10:f9:e1:eb:
         3f:c6:39:61:54:87:23:85:a9:f3:89:41:77:9a:0c:40:72:9f:
         2d:d5:cf:bd:4e:cc:89:59:95:0b:4c:7c:09:c0:97:89:fc:2c:
         06:8f:0b:40:e5:bc:7c:e0:54:f6:8a:4e:25:e9:19:d4:95:28:
         1d:65:cd:24:7d:91:16:77:a0:cd:89:38:1c:b0:f5:fa:0f:dd:
         29:d9:f3:68:8c:27:72:76:32:50:6e:1b:04:d4:76:9a:47:2f:
         60:6f:f1:eb:ec:e7:f0:10:d1:c8:8d:12:a9:de:d7:a5:36:e8:
         df:af:db:a9:ce:21:6f:39:e6:14:1f:ea:a3:7b:49:0b:20:a6:
         a8:bb:9c:fd:74:ca:fb:f8:bc:8a:5c:c9:f0:47:52:9a:72:82:
         a5:68:04:21:9c:a8:10:d9:9e:70:2b:2f:e5:1a:ec:62:44:7f:
         7a:e0:09:82:85:91:bc:5a:27:ae:59:f6:ae:7e:e5:f8:05:03:
         58:83:3d:27
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIDALzXMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDYwMzA5MzkzM1oXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgzZWMyZDUtMzE2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkiLvHvwRy24xOKqD77YrLw4dGRxa0sWOv+Ujy6CZt12ZCdxS+rcoTqSqcn
rAxf7zGy9vHJS/b45Mbj/UtzpQHUWguezS6c8YATGmkqd0UGcxU9fHbvHgR/XCFU
B3jgfGib4SVrGEBIomRp8zF8qDnNaHq4riHpzVDAyCN8naAtPONuy3h1hblW/5UQ
x//w/IfMCDtAW/kLE3bIk+sJw/61wKJjr7TaAqTeB4VqBCO4DAy4Uje1cP8fj/+y
XHusFtPwwfi7O5avjkkjeqo1LpACuUeFRvLlCNfkdrFH75VOZgE5Gm82hlilU/6+
qtmgTfJGr96pmvB+IAjbeq3KwBECAwEAAaOCAqowggKmMB0GA1UdDgQWBBRFCMOy
IUPxacONgOl7I0YYAROekTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0MyRTQ1QzY0
MDUxQjExRUVBOTY3MUM0N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDQGCCsGAQUFBwEHAQH/
BCUwIzASBAIAATAMAwQBZ3usAwQBZ6myMA0EAgACMAcDBQAkAPGgMA0GCSqGSIb3
DQEBCwUAA4IBAQAwQrk7qX7KoFZYhG8b98t9kzi1f59bKICvoQkIzcZj3fPrG+cM
rRIrs61hP5oe0toTIXVwi9Adol6lvPBTFeGMpEq6rxD54es/xjlhVIcjhanziUF3
mgxAcp8t1c+9TsyJWZULTHwJwJeJ/CwGjwtA5bx84FT2ik4l6RnUlSgdZc0kfZEW
d6DNiTgcsPX6D90p2fNojCdydjJQbhsE1HaaRy9gb/Hr7OfwENHIjRKp3telNujf
r9upziFvOeYUH+qje0kLIKaou5z9dMr7+LyKXMnwR1KacoKlaAQhnKgQ2Z5wKy/l
GuxiRH964AmChZG8WieuWfaufuX4BQNYgz0n
-----END CERTIFICATE-----
Generated at Wed Jun 11 00:11:17 2025 by rpki-client