Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/8EFCF04C41B811F090AB3A2EC4F9AE02.roa
File:                     8EFCF04C41B811F090AB3A2EC4F9AE02.roa (raw, json)
Hash identifier:          hDxQAVQFGFJ7nkcpsrYv8NMpIOIs9N18rujrFzA3Mbc=
Subject key identifier:   4F:14:0E:7D:02:48:B3:26:69:DD:4C:76:30:8D:BA:38:9D:9F:4A:ED
Certificate issuer:       /CN=A91BDCF1/serialNumber=C44F2ACAB2A779994315AA93B323DA9B475C7B9A
Certificate serial:       03AE
Authority key identifier: C4:4F:2A:CA:B2:A7:79:99:43:15:AA:93:B3:23:DA:9B:47:5C:7B:9A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xE8qyrKneZlDFaqTsyPam0dce5o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/8EFCF04C41B811F090AB3A2EC4F9AE02.roa
Signing time:             Thu 05 Jun 2025 02:55:38 +0000
ROA not before:           Thu 05 Jun 2025 02:55:38 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     149304
IP address blocks:        103.151.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/xE8qyrKneZlDFaqTsyPam0dce5o.crl
                          rsync://rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/xE8qyrKneZlDFaqTsyPam0dce5o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xE8qyrKneZlDFaqTsyPam0dce5o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 00:28:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 942 (0x3ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BDCF1, serialNumber=C44F2ACAB2A779994315AA93B323DA9B475C7B9A
        Validity
            Not Before: Jun  5 02:55:38 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=68410729-32ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9e:41:13:17:9c:ba:b1:05:38:b5:3f:a1:81:
                    77:b0:5c:7b:7e:74:97:bf:85:dc:73:65:3b:3a:a2:
                    68:59:0a:79:55:c6:81:64:16:d8:12:b0:9f:6b:dc:
                    c9:1a:24:8a:e2:0a:f6:0f:8e:e3:dd:2c:65:b2:2b:
                    98:42:09:92:f6:75:17:5c:ac:92:10:de:a5:f8:a7:
                    a4:99:ac:bb:14:57:0a:1a:a7:a3:6a:c6:cb:40:39:
                    7d:1a:32:b2:ee:34:f5:18:aa:66:c3:39:9d:9d:1a:
                    d1:2e:81:81:50:79:48:cb:fe:5b:98:ca:b8:9f:86:
                    b4:6b:a5:29:a8:f4:d4:91:bd:f2:5d:57:a3:6d:ff:
                    a2:8b:ab:26:48:e6:54:5a:f4:ea:fc:78:56:e6:4e:
                    81:9c:97:fc:69:32:a3:8f:eb:7b:71:17:35:fe:e6:
                    e0:9f:18:7e:1d:bf:51:96:97:cd:b5:c6:37:4e:d2:
                    62:bb:88:41:cf:9a:f7:7d:b9:0e:b3:8e:b4:bd:1a:
                    ec:d1:a5:20:86:f6:22:18:7a:50:3f:23:55:f6:97:
                    b3:26:c0:19:7e:02:34:7e:a9:9a:ea:7c:69:f6:a2:
                    f4:c2:a8:03:02:bf:14:1e:52:50:bd:22:2a:e5:38:
                    6b:2e:77:8c:e0:2c:d8:84:11:ba:51:c7:3e:06:74:
                    98:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:14:0E:7D:02:48:B3:26:69:DD:4C:76:30:8D:BA:38:9D:9F:4A:ED
            X509v3 Authority Key Identifier:
                keyid:C4:4F:2A:CA:B2:A7:79:99:43:15:AA:93:B3:23:DA:9B:47:5C:7B:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/xE8qyrKneZlDFaqTsyPam0dce5o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xE8qyrKneZlDFaqTsyPam0dce5o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BDCF1/EB591122A83C11ECA3A4F325C4F9AE02/8EFCF04C41B811F090AB3A2EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:39:83:ae:01:95:13:90:89:22:fd:42:25:25:0e:cd:04:f0:
         74:3b:65:28:e3:e5:69:ff:fd:1a:3e:cb:f2:f3:25:1d:c0:4c:
         54:a5:6d:ed:52:81:9a:b7:ea:f5:d2:45:2d:da:18:f1:13:28:
         f3:30:45:dc:46:2a:c2:75:0a:a2:64:32:f3:71:d9:cc:b3:82:
         27:2a:d4:9d:f0:04:22:d8:b7:28:df:2d:a2:6e:94:bc:cf:41:
         da:c1:d1:a6:48:40:a2:6a:a4:01:de:fb:91:78:f9:d8:f6:af:
         70:9f:db:3c:75:e3:e4:42:8b:f9:b6:95:23:7e:0e:06:52:6a:
         8a:8c:2e:b9:6d:86:91:75:48:95:89:7e:67:41:6d:8b:11:12:
         e6:be:95:7a:a8:91:86:28:c3:76:e3:90:16:9a:87:29:0d:56:
         45:22:ae:01:22:06:7b:14:a9:31:84:25:e4:b3:11:ec:ce:a7:
         f5:18:29:b1:2b:3d:95:9a:91:36:6d:57:e3:59:e8:70:51:be:
         4d:64:93:a5:bf:4b:08:69:76:cc:11:47:6f:64:16:ef:b0:77:
         2e:15:e0:60:cc:6d:c9:3e:33:9f:26:0e:a8:a9:a5:2d:d6:f5:
         93:08:c8:3b:b7:02:22:94:d6:04:43:04:d1:1c:1e:de:b1:c8:
         0b:2d:d9:81
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA64wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkRDRjExMTAvBgNVBAUTKEM0NEYyQUNBQjJBNzc5OTk0MzE1QUE5M0IzMjNEQTlC
NDc1QzdCOUEwHhcNMjUwNjA1MDI1NTM4WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQxMDcyOS0zMmFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA055BExecurEFOLU/oYF3sFx7fnSXv4Xcc2U7OqJoWQp5VcaBZBbYErCfa9zJ
GiSK4gr2D47j3SxlsiuYQgmS9nUXXKySEN6l+Kekmay7FFcKGqejasbLQDl9GjKy
7jT1GKpmwzmdnRrRLoGBUHlIy/5bmMq4n4a0a6UpqPTUkb3yXVejbf+ii6smSOZU
WvTq/HhW5k6BnJf8aTKjj+t7cRc1/ubgnxh+Hb9RlpfNtcY3TtJiu4hBz5r3fbkO
s460vRrs0aUghvYiGHpQPyNV9pezJsAZfgI0fqma6nxp9qL0wqgDAr8UHlJQvSIq
5ThrLneM4CzYhBG6Ucc+BnSY5QIDAQABo4IClTCCApEwHQYDVR0OBBYEFE8UDn0C
SLMmad1MdjCNujidn0rtMB8GA1UdIwQYMBaAFMRPKsqyp3mZQxWqk7Mj2ptHXHua
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRENGMS9FQjU5MTEyMkE4
M0MxMUVDQTNBNEYzMjVDNEY5QUUwMi94RThxeXJLbmVabERGYXFUc3lQYW0wZGNl
NW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hFOHF5cktuZVpsREZhcVRzeVBhbTBkY2U1by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkRDRjEvRUI1OTExMjJBODNDMTFFQ0EzQTRGMzI1QzRGOUFFMDIvOEVGQ0YwNEM0
MUI4MTFGMDkwQUIzQTJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnlwUwDQYJKoZIhvcNAQELBQADggEBALA5g64BlROQiSL9
QiUlDs0E8HQ7ZSjj5Wn//Ro+y/LzJR3ATFSlbe1SgZq36vXSRS3aGPETKPMwRdxG
KsJ1CqJkMvNx2cyzgicq1J3wBCLYtyjfLaJulLzPQdrB0aZIQKJqpAHe+5F4+dj2
r3Cf2zx14+RCi/m2lSN+DgZSaoqMLrlthpF1SJWJfmdBbYsREua+lXqokYYow3bj
kBaahykNVkUirgEiBnsUqTGEJeSzEezOp/UYKbErPZWakTZtV+NZ6HBRvk1kk6W/
SwhpdswRR29kFu+wdy4V4GDMbck+M58mDqippS3W9ZMIyDu3AiKU1gRDBNEcHt6x
yAst2YE=
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:17:02 2025 by rpki-client