Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/360B9954512711ED89B40324C4F9AE02.roa
File:                     360B9954512711ED89B40324C4F9AE02.roa (raw, json)
Hash identifier:          sxRB0mmyRbm7x0c0LWENMfwQF3FvwGvUcKUEJNG8yTY=
Subject key identifier:   8C:DF:21:FB:88:45:79:8B:A9:D4:93:B5:40:5E:4F:39:89:17:F3:08
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       4BD9
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/360B9954512711ED89B40324C4F9AE02.roa
Signing time:             Tue 22 Jul 2025 10:17:32 +0000
ROA not before:           Tue 22 Jul 2025 10:17:32 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     38253
IP address blocks:        103.5.208.0/22 maxlen: 24
                          103.9.208.0/22 maxlen: 24
                          103.17.140.0/23 maxlen: 24
                          103.172.236.0/23 maxlen: 24
                          116.118.68.0/22 maxlen: 24
                          2400:b520::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19417 (0x4bd9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Jul 22 10:17:32 2025 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=687f653c-0173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5e:f6:76:c2:d7:88:2d:ca:24:0d:a3:f4:d1:
                    ee:70:ec:d4:6e:0f:1c:1f:cb:8e:69:ac:51:bd:c3:
                    98:9b:df:b3:49:56:70:5b:64:4b:5f:fb:a7:b4:bf:
                    4b:63:1f:de:54:85:35:56:6c:84:61:47:6a:d1:66:
                    68:f5:5c:e8:71:46:1b:2a:f3:5a:ed:ae:02:5e:d8:
                    03:bc:26:9c:ed:a8:54:38:98:60:85:e7:61:4b:12:
                    da:e7:6d:85:d2:88:ef:c6:86:fd:14:6c:9b:e0:d9:
                    4d:b8:1b:d2:a9:46:d6:c4:de:3f:74:ea:4f:89:b3:
                    a3:b5:d7:32:5a:84:d4:9b:b6:39:c1:3a:8c:84:42:
                    4b:13:b7:77:fd:62:db:4d:d2:77:4e:fd:30:73:44:
                    bb:b0:1e:1c:6b:0c:8e:84:9d:21:80:a5:42:06:24:
                    33:f3:32:c7:9f:53:9d:78:ae:2b:47:c5:3a:c4:89:
                    97:58:6e:f3:4b:c5:a2:78:56:ea:f3:03:11:c1:19:
                    2b:65:70:75:f2:d7:2d:24:3b:e0:5f:bb:fe:a9:3b:
                    9f:f0:2e:c2:89:b5:73:9e:e8:dd:12:c8:24:38:4b:
                    41:15:9a:c2:95:50:9b:1c:20:1d:68:99:c1:6b:c8:
                    56:8b:59:31:6f:01:8b:ef:76:3e:10:96:2e:2a:b5:
                    31:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DF:21:FB:88:45:79:8B:A9:D4:93:B5:40:5E:4F:39:89:17:F3:08
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/360B9954512711ED89B40324C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.5.208.0/22
                  103.9.208.0/22
                  103.17.140.0/23
                  103.172.236.0/23
                  116.118.68.0/22
                IPv6:
                  2400:b520::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:2c:f6:a8:2c:1b:b5:7b:59:bb:63:19:d0:3c:02:ee:f7:fe:
         4e:ab:5c:f3:b9:5b:3d:0e:94:68:76:77:e6:fe:8c:cd:5e:f4:
         6f:5e:66:f9:b5:a4:2b:11:07:1f:8a:50:77:e7:6c:98:62:37:
         b6:6e:18:7c:d2:77:b0:b9:c2:cf:3a:cc:c7:25:3d:51:98:40:
         dd:bb:3f:79:f6:32:50:2d:49:ea:38:f5:39:f8:34:be:b4:34:
         a7:48:3d:6a:e2:36:61:d7:54:2a:3a:79:45:74:79:81:bb:70:
         47:eb:12:85:43:07:39:14:ca:13:cd:d5:97:84:35:cd:38:90:
         c1:4f:ec:ff:67:f0:25:8f:48:3b:bb:b5:13:15:51:59:4d:d8:
         1d:0f:15:8e:a4:de:08:11:f1:c0:b6:4b:dc:9a:9e:92:83:79:
         8e:a7:03:9f:90:60:f7:c1:bd:d7:84:e1:92:74:93:2b:fd:41:
         cd:4e:72:df:d1:c5:ac:7f:b2:9d:f5:4b:4b:54:2b:03:b4:69:
         b7:f7:9f:f2:e5:aa:ba:d0:c0:43:bc:d3:90:1e:22:a9:81:91:
         bf:32:b7:30:a0:95:21:99:d7:b5:e5:ee:b7:6a:c4:34:9b:77:
         f9:fb:42:42:f8:9d:5f:84:9e:79:ac:c6:2d:2c:ce:1e:1c:f9:
         90:e0:d9:af
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICS9kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwNzIyMTAxNzMyWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODdmNjUzYy0wMTczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp172dsLXiC3KJA2j9NHucOzUbg8cH8uOaaxRvcOYm9+zSVZwW2RLX/untL9L
Yx/eVIU1VmyEYUdq0WZo9VzocUYbKvNa7a4CXtgDvCac7ahUOJhghedhSxLa522F
0ojvxob9FGyb4NlNuBvSqUbWxN4/dOpPibOjtdcyWoTUm7Y5wTqMhEJLE7d3/WLb
TdJ3Tv0wc0S7sB4cawyOhJ0hgKVCBiQz8zLHn1OdeK4rR8U6xImXWG7zS8WieFbq
8wMRwRkrZXB18tctJDvgX7v+qTuf8C7CibVznujdEsgkOEtBFZrClVCbHCAdaJnB
a8hWi1kxbwGL73Y+EJYuKrUxkwIDAQABo4ICvjCCArowHQYDVR0OBBYEFIzfIfuI
RXmLqdSTtUBeTzmJF/MIMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvMzYwQjk5NTQ1
MTI3MTFFRDg5QjQwMzI0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MCQEAgABMB4DBAJnBdADBAJnCdADBAFnEYwDBAFnrOwDBAJ0dkQwDwQCAAIw
CQMHACQAtSAAADANBgkqhkiG9w0BAQsFAAOCAQEAMiz2qCwbtXtZu2MZ0DwC7vf+
Tqtc87lbPQ6UaHZ35v6MzV70b15m+bWkKxEHH4pQd+dsmGI3tm4YfNJ3sLnCzzrM
xyU9UZhA3bs/efYyUC1J6jj1Ofg0vrQ0p0g9auI2YddUKjp5RXR5gbtwR+sShUMH
ORTKE83Vl4Q1zTiQwU/s/2fwJY9IO7u1ExVRWU3YHQ8VjqTeCBHxwLZL3JqekoN5
jqcDn5Bg98G914ThknSTK/1BzU5y39HFrH+ynfVLS1QrA7Rpt/ef8uWqutDAQ7zT
kB4iqYGRvzK3MKCVIZnXteXut2rENJt3+ftCQvidX4SeeazGLSzOHhz5kODZrw==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:08:31 2025 by rpki-client