Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/898E9EA83C0E11F093CFD060C4F9AE02.roa
File:                     898E9EA83C0E11F093CFD060C4F9AE02.roa (raw, json)
Hash identifier:          pCu6+WJeqtvS7Tcl3+9JWLKb1zyqA9V6h4uJDrGt8GQ=
Subject key identifier:   D6:11:75:AA:07:40:7D:A7:D2:4A:34:75:A1:C9:F6:58:02:F8:6C:85
Certificate issuer:       /CN=A91BB246/serialNumber=9B5C12BF99AB288AA5D7A3D63C3588F74E9B26D1
Certificate serial:       02
Authority key identifier: 9B:5C:12:BF:99:AB:28:8A:A5:D7:A3:D6:3C:35:88:F7:4E:9B:26:D1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m1wSv5mrKIql16PWPDWI906bJtE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/898E9EA83C0E11F093CFD060C4F9AE02.roa
Signing time:             Wed 28 May 2025 21:55:58 +0000
ROA not before:           Wed 28 May 2025 21:55:58 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     9650
IP address blocks:        103.118.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/m1wSv5mrKIql16PWPDWI906bJtE.crl
                          rsync://rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/m1wSv5mrKIql16PWPDWI906bJtE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m1wSv5mrKIql16PWPDWI906bJtE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 07:06:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BB246, serialNumber=9B5C12BF99AB288AA5D7A3D63C3588F74E9B26D1
        Validity
            Not Before: May 28 21:55:58 2025 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=6837866e-c546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f6:fc:d0:de:ae:44:ef:36:c9:33:71:1d:b9:
                    24:d3:cf:60:5e:fc:5f:8d:4c:76:c1:8c:d1:aa:5c:
                    b7:73:fb:a2:86:89:cb:a6:83:06:97:27:6f:36:eb:
                    dc:48:d9:cd:66:88:7d:1f:64:65:cb:1f:43:43:e7:
                    d6:41:1c:2f:2d:e3:a0:b8:c9:0a:cd:7a:54:f1:67:
                    dc:d5:9e:1c:24:99:7f:0f:04:9c:43:ba:29:1c:e4:
                    a5:67:ba:55:d6:5e:37:cf:95:42:5a:3c:85:7f:ec:
                    ef:a9:5b:62:9f:d8:9e:29:6d:b5:b3:1e:5e:d7:ef:
                    e0:6d:c8:30:8d:9c:a7:a9:80:a8:6c:ac:03:1b:67:
                    b5:86:48:c0:7d:4b:77:ec:39:b1:9f:6b:a1:27:42:
                    ff:09:73:f2:b4:2b:52:97:5f:16:5f:81:83:c3:81:
                    01:b3:69:6d:22:97:b6:de:13:31:c4:31:fb:82:96:
                    24:b9:11:52:58:1d:80:8b:3b:a7:59:01:e6:bc:40:
                    30:bd:99:19:d9:a4:d9:2d:b4:c1:62:ae:97:54:88:
                    73:f6:8b:a5:cd:4f:bd:e5:a9:6b:4d:08:73:85:23:
                    40:31:d2:2e:68:9f:93:d6:d7:41:a3:f7:e5:15:d7:
                    21:1d:be:4e:97:9f:f8:c8:16:f7:f0:64:e9:9a:fb:
                    9c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:11:75:AA:07:40:7D:A7:D2:4A:34:75:A1:C9:F6:58:02:F8:6C:85
            X509v3 Authority Key Identifier:
                keyid:9B:5C:12:BF:99:AB:28:8A:A5:D7:A3:D6:3C:35:88:F7:4E:9B:26:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/m1wSv5mrKIql16PWPDWI906bJtE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m1wSv5mrKIql16PWPDWI906bJtE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BB246/FA0003803C0D11F096CCDB5FC4F9AE02/898E9EA83C0E11F093CFD060C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.118.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:05:09:c6:fb:21:6e:4a:b0:9e:20:72:f2:8d:83:f6:2b:cc:
         55:2d:e7:a6:ca:05:10:03:f7:aa:4b:26:ac:f1:96:32:74:69:
         bb:0a:26:c1:0e:e8:3c:e0:c5:ec:64:5a:4a:2e:14:f3:e0:8c:
         6d:a0:75:7d:2f:23:03:30:da:e1:1d:b7:c1:6b:e3:8e:f4:97:
         e6:90:44:4f:36:bc:64:8d:92:59:22:54:2c:c9:49:1b:88:0a:
         1f:13:15:67:24:c4:34:66:5d:b2:67:b7:71:ab:50:86:9a:71:
         42:e7:6f:28:f8:de:77:a9:32:86:e9:4f:b3:24:b1:94:7c:91:
         07:9b:e7:59:8f:9f:2f:25:d2:df:65:76:51:22:f0:60:77:a7:
         02:ab:37:3f:73:11:6d:59:54:e0:3b:1b:1a:de:6d:ce:d8:c2:
         8e:06:ef:4a:d0:9c:18:4c:f0:4d:98:64:c7:dc:4a:b1:f0:98:
         89:e7:98:95:29:ed:5e:7b:06:eb:61:c3:5e:e4:45:9a:d0:a7:
         ce:dc:0d:4d:04:ab:d6:f6:e4:cb:1d:47:fe:0e:9c:e1:4c:0b:
         79:50:82:67:15:93:b5:7e:3c:77:11:ca:21:a3:50:62:d6:8e:
         da:05:13:d3:1d:64:08:85:79:01:44:23:a1:fd:64:07:2f:76:
         77:32:e4:02
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
QjI0NjExMC8GA1UEBRMoOUI1QzEyQkY5OUFCMjg4QUE1RDdBM0Q2M0MzNTg4Rjc0
RTlCMjZEMTAeFw0yNTA1MjgyMTU1NThaFw0yNTA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4Mzc4NjZlLWM1NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDd9vzQ3q5E7zbJM3EduSTTz2Be/F+NTHbBjNGqXLdz+6KGicumgwaXJ28269xI
2c1miH0fZGXLH0ND59ZBHC8t46C4yQrNelTxZ9zVnhwkmX8PBJxDuikc5KVnulXW
XjfPlUJaPIV/7O+pW2Kf2J4pbbWzHl7X7+BtyDCNnKepgKhsrAMbZ7WGSMB9S3fs
ObGfa6EnQv8Jc/K0K1KXXxZfgYPDgQGzaW0il7beEzHEMfuCliS5EVJYHYCLO6dZ
Aea8QDC9mRnZpNkttMFirpdUiHP2i6XNT73lqWtNCHOFI0Ax0i5on5PW10Gj9+UV
1yEdvk6Xn/jIFvfwZOma+5wBAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU1hF1qgdA
fafSSjR1ocn2WAL4bIUwHwYDVR0jBBgwFoAUm1wSv5mrKIql16PWPDWI906bJtEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUJCMjQ2L0ZBMDAwMzgwM0Mw
RDExRjA5NkNDREI1RkM0RjlBRTAyL20xd1N2NW1yS0lxbDE2UFdQRFdJOTA2Ykp0
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvbTF3U3Y1bXJLSXFsMTZQV1BEV0k5MDZiSnRFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
QjI0Ni9GQTAwMDM4MDNDMEQxMUYwOTZDQ0RCNUZDNEY5QUUwMi84OThFOUVBODND
MEUxMUYwOTNDRkQwNjBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAmd2DDANBgkqhkiG9w0BAQsFAAOCAQEAVwUJxvshbkqwniBy
8o2D9ivMVS3npsoFEAP3qksmrPGWMnRpuwomwQ7oPODF7GRaSi4U8+CMbaB1fS8j
AzDa4R23wWvjjvSX5pBETza8ZI2SWSJULMlJG4gKHxMVZyTENGZdsme3catQhppx
QudvKPjed6kyhulPsySxlHyRB5vnWY+fLyXS32V2USLwYHenAqs3P3MRbVlU4Dsb
Gt5tztjCjgbvStCcGEzwTZhkx9xKsfCYieeYlSntXnsG62HDXuRFmtCnztwNTQSr
1vbkyx1H/g6c4UwLeVCCZxWTtX48dxHKIaNQYtaO2gUT0x1kCIV5AUQjof1kBy92
dzLkAg==
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:41:29 2025 by rpki-client