Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/A29A7DF20E2011EB81D90E2EC4F9AE02.roa
File:                     A29A7DF20E2011EB81D90E2EC4F9AE02.roa (raw, json)
Hash identifier:          hdHi4xqpMBX0AQynSt0UCqWOxzfycEn8kuSXfk/h1Wc=
Subject key identifier:   E9:FD:DE:3C:52:E9:5B:13:4B:E2:93:B2:0B:37:1B:B6:14:93:29:21
Certificate issuer:       /CN=A9192EE9/serialNumber=2F7AEBDC70179D71694FC699D5F3E40E584AB369
Certificate serial:       0802
Authority key identifier: 2F:7A:EB:DC:70:17:9D:71:69:4F:C6:99:D5:F3:E4:0E:58:4A:B3:69
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/A29A7DF20E2011EB81D90E2EC4F9AE02.roa
Signing time:             Fri 30 May 2025 21:49:32 +0000
ROA not before:           Fri 30 May 2025 21:49:32 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     139195
IP address blocks:        103.139.156.0/24 maxlen: 24
                          103.139.157.0/24 maxlen: 24
                          103.139.158.0/24 maxlen: 24
                          103.139.159.0/24 maxlen: 24
                          2404:e740::/32 maxlen: 32
                          2404:e740::/48 maxlen: 48
                          2404:e740:1::/48 maxlen: 48
                          2404:e740:2::/48 maxlen: 48
                          2404:e740:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.crl
                          rsync://rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 20:50:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2050 (0x802)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9192EE9, serialNumber=2F7AEBDC70179D71694FC699D5F3E40E584AB369
        Validity
            Not Before: May 30 21:49:32 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=683a27ec-e7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cd:bc:2a:8e:cb:e5:9e:99:85:55:b6:01:15:
                    10:6b:87:f2:34:7b:ba:a3:ba:1c:69:e2:2a:28:04:
                    6a:6c:ed:35:20:76:b1:db:71:2a:b1:f5:88:23:44:
                    02:21:25:57:ba:33:ba:bc:d2:70:5f:0d:81:ea:b9:
                    e9:c8:a4:34:2b:08:c3:ba:e3:3d:6a:bc:d1:2c:de:
                    db:15:a1:7f:9f:15:b5:a6:41:3f:47:80:85:12:d8:
                    20:7c:ec:bf:bb:72:62:1c:d2:d6:f9:a4:9a:67:57:
                    69:f0:6d:f6:49:a8:23:04:9b:47:dd:d6:46:27:6e:
                    2d:dd:b6:a5:e4:f1:de:74:ce:96:1e:bc:e1:67:bf:
                    c4:40:a3:b9:2c:76:e4:3f:5a:32:17:f6:ba:0e:24:
                    a2:bd:50:5c:33:5c:8d:7d:64:fc:f5:e6:16:fc:b4:
                    ed:3d:f7:93:9a:37:eb:3f:44:74:d1:38:e4:37:db:
                    79:d3:a6:f8:da:bf:9a:8e:16:a1:10:4e:5f:a2:e9:
                    0f:10:af:fa:7b:85:fe:54:49:04:38:e1:3b:5b:20:
                    e2:93:89:d3:1a:df:36:0b:c4:35:22:cd:cf:17:36:
                    78:5f:1a:b5:b4:81:1e:ca:74:3a:84:77:46:cc:0f:
                    6a:51:90:bc:19:40:e7:7f:65:41:ea:33:d1:a9:64:
                    34:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FD:DE:3C:52:E9:5B:13:4B:E2:93:B2:0B:37:1B:B6:14:93:29:21
            X509v3 Authority Key Identifier:
                keyid:2F:7A:EB:DC:70:17:9D:71:69:4F:C6:99:D5:F3:E4:0E:58:4A:B3:69

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3rr3HAXnXFpT8aZ1fPkDlhKs2k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9192EE9/324841F4E6FE11EA838EA148C4F9AE02/A29A7DF20E2011EB81D90E2EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.156.0/22
                IPv6:
                  2404:e740::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:05:80:66:ad:76:72:31:ca:2a:d1:74:12:5b:44:ba:f0:d5:
         cd:a3:5d:c3:ff:9e:5a:7a:a1:55:c3:46:19:d4:ec:34:1d:6d:
         93:fb:46:9d:2e:3f:77:7f:2f:99:15:1b:1a:af:11:6a:dd:f4:
         0b:74:8c:7a:f3:09:9c:36:fa:de:fc:e6:64:0f:39:26:69:84:
         9a:8b:a5:f5:21:e4:82:dd:87:1f:d9:69:a0:c6:7e:6e:50:30:
         8e:89:70:1a:86:09:21:d1:9a:e3:8c:0f:6a:63:41:53:c6:f0:
         9d:55:7c:02:7f:f8:e5:16:b9:3a:16:5d:a6:6f:57:29:24:de:
         e2:2f:b6:b5:95:6b:1d:3c:bf:3d:24:e8:1f:9f:eb:c5:8f:0f:
         3e:be:06:23:5f:23:3d:88:c9:13:2b:48:74:40:b8:b0:08:52:
         7d:f0:1c:44:06:86:6d:ba:24:b1:c5:7f:94:7e:3b:1f:42:ab:
         9d:e5:90:ed:f1:70:c4:b6:1d:9b:4d:64:29:90:72:45:37:75:
         c6:5c:bd:81:ac:ed:cd:33:61:27:9d:22:f4:7b:c7:d8:af:ce:
         f8:de:0a:0f:38:18:94:64:dd:e7:4f:91:ae:50:e7:d9:1d:b1:
         90:2c:27:6b:7e:18:27:39:23:d7:9c:17:92:2d:d6:c5:cc:aa:
         77:19:ab:d3
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCAIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTJFRTkxMTAvBgNVBAUTKDJGN0FFQkRDNzAxNzlENzE2OTRGQzY5OUQ1RjNFNDBF
NTg0QUIzNjkwHhcNMjUwNTMwMjE0OTMyWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNhMjdlYy1lN2Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvc28Ko7L5Z6ZhVW2ARUQa4fyNHu6o7ocaeIqKARqbO01IHax23EqsfWII0QC
ISVXujO6vNJwXw2B6rnpyKQ0KwjDuuM9arzRLN7bFaF/nxW1pkE/R4CFEtggfOy/
u3JiHNLW+aSaZ1dp8G32SagjBJtH3dZGJ24t3bal5PHedM6WHrzhZ7/EQKO5LHbk
P1oyF/a6DiSivVBcM1yNfWT89eYW/LTtPfeTmjfrP0R00TjkN9t506b42r+ajhah
EE5foukPEK/6e4X+VEkEOOE7WyDik4nTGt82C8Q1Is3PFzZ4Xxq1tIEeynQ6hHdG
zA9qUZC8GUDnf2VB6jPRqWQ0aQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFOn93jxS
6VsTS+KTsgs3G7YUkykhMB8GA1UdIwQYMBaAFC9669xwF51xaU/GmdXz5A5YSrNp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MkVFOS8zMjQ4NDFGNEU2
RkUxMUVBODM4RUExNDhDNEY5QUUwMi9MM3JyM0hBWG5YRnBUOGFaMWZQa0RsaEtz
MmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0wzcnIzSEFYblhGcFQ4YVoxZlBrRGxoS3Myay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTJFRTkvMzI0ODQxRjRFNkZFMTFFQTgzOEVBMTQ4QzRGOUFFMDIvQTI5QTdERjIw
RTIwMTFFQjgxRDkwRTJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJni5wwDQQCAAIwBwMFACQE50AwDQYJKoZIhvcNAQELBQAD
ggEBAFIFgGatdnIxyirRdBJbRLrw1c2jXcP/nlp6oVXDRhnU7DQdbZP7Rp0uP3d/
L5kVGxqvEWrd9At0jHrzCZw2+t785mQPOSZphJqLpfUh5ILdhx/ZaaDGfm5QMI6J
cBqGCSHRmuOMD2pjQVPG8J1VfAJ/+OUWuToWXaZvVykk3uIvtrWVax08vz0k6B+f
68WPDz6+BiNfIz2IyRMrSHRAuLAIUn3wHEQGhm26JLHFf5R+Ox9Cq53lkO3xcMS2
HZtNZCmQckU3dcZcvYGs7c0zYSedIvR7x9ivzvjeCg84GJRk3edPka5Q59kdsZAs
J2t+GCc5I9ecF5It1sXMqncZq9M=
-----END CERTIFICATE-----
Generated at Thu Jun 12 04:48:07 2025 by rpki-client