Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C65969023C6911F08821001DC4F9AE02.roa
File:                     C65969023C6911F08821001DC4F9AE02.roa (raw, json)
Hash identifier:          P67lgZc53l5sxG7QZ0MB0bvYoNAHsOlZbgP0Fts5izg=
Subject key identifier:   BA:35:73:06:9C:7F:5D:1B:08:FE:C1:ED:6C:E9:6B:60:A2:F3:E9:7D
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       BC70
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C65969023C6911F08821001DC4F9AE02.roa
Signing time:             Thu 29 May 2025 08:49:04 +0000
ROA not before:           Thu 29 May 2025 08:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152491
IP address blocks:        103.170.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 08:26:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48240 (0xbc70)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 29 08:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68381f80-2259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:64:fd:bc:c2:91:ac:35:b4:b6:e2:ff:bd:5f:
                    5a:fe:27:10:e0:70:52:c1:6f:a4:2c:42:b9:fb:78:
                    7e:06:d0:a4:9e:c5:bf:00:af:30:9c:9d:29:ce:ae:
                    14:c6:1c:56:06:2b:a1:2e:7f:d2:3f:4a:45:5b:27:
                    d4:f1:7d:f8:ff:2f:fe:ab:b8:21:a9:03:5d:b0:61:
                    e7:47:2e:60:34:f7:47:ab:a7:06:48:7f:a2:0c:bc:
                    98:69:34:8c:56:11:1b:24:05:f5:63:f9:6a:bd:40:
                    8d:63:b0:bb:b9:5e:61:7d:fe:9d:e8:63:57:2b:ba:
                    cb:70:f4:e5:1c:14:e8:40:1c:7c:b7:26:77:b7:92:
                    7a:32:c0:ee:ae:79:79:e4:7a:54:f0:a5:48:34:61:
                    0e:b6:9e:e7:63:bd:ed:1f:0e:e3:6e:d8:7e:66:00:
                    30:b7:b3:03:ba:84:c3:6c:6e:b4:e3:a2:58:b2:61:
                    a2:ba:e3:4f:21:76:7d:53:25:06:0e:12:5f:3f:47:
                    84:fc:50:a5:73:d8:59:3c:f8:17:fc:4e:0d:63:6c:
                    c9:ee:71:77:0b:b7:03:d1:6b:62:69:9d:9c:49:1f:
                    46:26:22:bc:52:a2:ae:5c:84:87:83:39:a9:62:74:
                    a1:0b:1d:16:0b:39:b6:a7:60:4a:55:17:ac:91:f3:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:35:73:06:9C:7F:5D:1B:08:FE:C1:ED:6C:E9:6B:60:A2:F3:E9:7D
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C65969023C6911F08821001DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.170.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e3:c3:78:85:07:73:2e:26:c8:83:ac:d5:0b:92:11:3f:8c:
         3c:a6:73:88:b2:f5:52:1a:ec:35:2f:47:06:f2:d4:31:fb:7a:
         3f:99:fd:fc:40:53:82:3e:8c:e1:2b:06:fb:7c:ae:e3:bb:12:
         2e:87:1b:08:b6:13:9c:f9:bb:3d:20:f1:af:7d:06:36:62:81:
         63:fd:44:cb:a3:c0:b4:3a:ae:6f:69:a4:cc:bb:77:b7:c3:7f:
         a6:6a:7c:f0:ab:2c:6c:c3:55:82:20:34:4b:14:57:d5:c1:72:
         de:75:76:be:57:2a:7d:a1:b5:4c:1b:8b:7f:f4:73:07:ef:74:
         7b:3d:ec:7d:a7:8d:39:6e:f5:16:4d:38:93:c8:25:7e:09:60:
         51:ea:69:3e:96:a2:cf:72:a9:a0:bb:87:ef:9d:65:2d:53:49:
         3b:f5:5b:2c:5d:e8:5e:f5:93:18:6c:ed:99:37:59:23:57:6e:
         34:6e:95:86:1b:3b:d8:0c:9b:c8:29:98:ed:0a:59:7e:ab:3f:
         06:90:66:a9:e8:e8:68:2a:d3:d5:c7:82:d4:a4:78:66:5f:26:
         5e:4c:d1:b3:cc:e1:30:99:33:de:37:46:a4:c6:a1:2c:16:4b:
         9e:0b:b2:18:27:52:b0:f0:a9:df:5f:c4:c3:bf:1d:7d:6f:4d:
         84:1f:f5:4e
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIDALxwMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUyOTA4NDkwNFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgzODFmODAtMjI1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBk/bzCkaw1tLbi/71fWv4nEOBwUsFvpCxCuft4fgbQpJ7FvwCvMJydKc6u
FMYcVgYroS5/0j9KRVsn1PF9+P8v/qu4IakDXbBh50cuYDT3R6unBkh/ogy8mGk0
jFYRGyQF9WP5ar1AjWOwu7leYX3+nehjVyu6y3D05RwU6EAcfLcmd7eSejLA7q55
eeR6VPClSDRhDrae52O97R8O427YfmYAMLezA7qEw2xutOOiWLJhorrjTyF2fVMl
Bg4SXz9HhPxQpXPYWTz4F/xODWNsye5xdwu3A9FrYmmdnEkfRiYivFKirlyEh4M5
qWJ0oQsdFgs5tqdgSlUXrJHzFo8CAwEAAaOCApUwggKRMB0GA1UdDgQWBBS6NXMG
nH9dGwj+we1s6WtgovPpfTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0M2NTk2OTAy
M0M2OTExRjA4ODIxMDAxREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAZ6rDMA0GCSqGSIb3DQEBCwUAA4IBAQAz48N4hQdzLibI
g6zVC5IRP4w8pnOIsvVSGuw1L0cG8tQx+3o/mf38QFOCPozhKwb7fK7juxIuhxsI
thOc+bs9IPGvfQY2YoFj/UTLo8C0Oq5vaaTMu3e3w3+manzwqyxsw1WCIDRLFFfV
wXLedXa+Vyp9obVMG4t/9HMH73R7Pex9p405bvUWTTiTyCV+CWBR6mk+lqLPcqmg
u4fvnWUtU0k79VssXehe9ZMYbO2ZN1kjV240bpWGGzvYDJvIKZjtCll+qz8GkGap
6OhoKtPVx4LUpHhmXyZeTNGzzOEwmTPeN0akxqEsFkueC7IYJ1Kw8KnfX8TDvx19
b02EH/VO
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:57:09 2025 by rpki-client