Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/039807B286B511EFAF868C6EC4F9AE02.roa
File:                     039807B286B511EFAF868C6EC4F9AE02.roa (raw, json)
Hash identifier:          mvlfednBP8hH+VJF+N7b5lj86+gAiaBFLJ6OGfwQefA=
Subject key identifier:   47:24:A2:41:C9:A8:2C:2D:DE:A2:5B:97:1A:BD:89:BA:EE:83:D3:6F
Certificate issuer:       /CN=A91D200F/serialNumber=4D909087BDDFA1505E2BBA03F206112EAEFFB11B
Certificate serial:       0181
Authority key identifier: 4D:90:90:87:BD:DF:A1:50:5E:2B:BA:03:F2:06:11:2E:AE:FF:B1:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TZCQh73foVBeK7oD8gYRLq7_sRs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/039807B286B511EFAF868C6EC4F9AE02.roa
Signing time:             Sat 31 May 2025 03:52:21 +0000
ROA not before:           Sat 31 May 2025 03:52:21 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     38235
IP address blocks:        103.225.118.0/23 maxlen: 23
                          103.225.118.0/24 maxlen: 24
                          103.225.119.0/24 maxlen: 24
                          2401:be0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/TZCQh73foVBeK7oD8gYRLq7_sRs.crl
                          rsync://rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/TZCQh73foVBeK7oD8gYRLq7_sRs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TZCQh73foVBeK7oD8gYRLq7_sRs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 02:55:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 385 (0x181)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D200F, serialNumber=4D909087BDDFA1505E2BBA03F206112EAEFFB11B
        Validity
            Not Before: May 31 03:52:21 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=683a7cf4-7b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:06:31:62:29:ba:b9:db:5f:92:43:3b:20:81:
                    0b:7a:b5:1a:44:19:dd:55:43:42:25:20:a3:e0:5f:
                    bc:71:4b:7b:a9:4b:06:f4:c1:60:c0:d9:57:af:24:
                    aa:f5:65:76:ea:d5:31:8b:67:65:61:58:61:ef:fa:
                    95:5d:f2:0b:1c:ee:b0:a4:dd:4f:d1:77:79:b0:b6:
                    ed:77:9f:25:04:03:31:d6:19:22:48:27:de:90:51:
                    8b:97:57:03:57:8b:3c:ef:fc:be:9e:62:62:f5:89:
                    fd:a4:5e:eb:77:32:3f:ff:61:30:fc:de:4f:54:dc:
                    44:12:0b:44:e8:a3:a9:68:0f:cc:b7:7a:44:56:1f:
                    6a:9c:c3:c0:b7:4b:bd:61:1e:37:c8:cb:ff:b0:0c:
                    3b:20:f4:f2:29:5f:43:43:bb:57:6e:99:7b:b1:85:
                    c9:34:1a:30:fe:b2:b6:d8:11:d4:e7:9b:19:7b:14:
                    3f:d8:ce:e5:7d:22:97:03:14:67:5b:92:be:a2:27:
                    28:fd:16:cd:d5:b6:6c:72:f9:ec:04:be:78:54:d9:
                    ac:93:d2:c8:f7:8b:3f:21:8f:33:e8:84:1b:af:9f:
                    ac:66:bc:e2:5b:ac:0c:4f:dc:e7:55:62:4f:1a:0f:
                    48:b3:82:ba:5e:27:53:a6:66:59:40:b8:49:13:8b:
                    73:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:24:A2:41:C9:A8:2C:2D:DE:A2:5B:97:1A:BD:89:BA:EE:83:D3:6F
            X509v3 Authority Key Identifier:
                keyid:4D:90:90:87:BD:DF:A1:50:5E:2B:BA:03:F2:06:11:2E:AE:FF:B1:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/TZCQh73foVBeK7oD8gYRLq7_sRs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TZCQh73foVBeK7oD8gYRLq7_sRs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D200F/25787402164F11EE9E73404EC4F9AE02/039807B286B511EFAF868C6EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.225.118.0/23
                IPv6:
                  2401:be0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:88:58:f2:8e:5d:b3:f0:7e:c1:fa:c3:ed:dd:9f:40:a2:da:
         0e:15:db:36:d7:87:52:f4:6e:8b:de:3a:58:0c:8a:56:79:41:
         fd:f8:42:d3:67:94:b6:52:94:b0:02:c3:c3:a7:31:b9:2e:ec:
         0b:bb:fb:24:b6:23:21:8a:31:62:75:4b:dd:a3:a0:42:34:26:
         cb:c8:09:d6:ac:33:4c:c7:91:cd:b6:03:13:09:4a:36:be:3e:
         fb:83:b9:ba:cb:51:b8:53:bb:d2:7f:e8:a6:04:58:39:a1:68:
         cb:bf:9c:ec:9d:5e:f7:ba:87:ab:c3:f4:60:59:91:6c:82:be:
         aa:78:e6:07:b5:d2:24:86:cc:8f:36:54:77:a8:e5:3b:0b:04:
         6d:87:d7:14:4a:d9:a3:ed:3a:82:d7:ae:92:e1:34:81:70:f6:
         b7:6d:ba:78:0d:c5:41:42:73:0c:ef:69:cf:87:f6:74:4b:f2:
         a4:dc:17:75:e0:11:5d:a2:3c:f5:dc:07:59:77:70:df:87:8c:
         fc:54:da:d6:80:2b:7d:93:60:8c:90:c0:d6:27:d8:98:c4:e4:
         7b:b7:52:5e:e0:a0:1f:cc:c3:c1:e8:39:bb:1a:05:b5:ad:82:
         c4:99:27:42:64:7d:8e:2c:81:2d:e2:c2:20:64:b3:83:04:2f:
         1f:70:ba:b3
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAYEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDIwMEYxMTAvBgNVBAUTKDREOTA5MDg3QkRERkExNTA1RTJCQkEwM0YyMDYxMTJF
QUVGRkIxMUIwHhcNMjUwNTMxMDM1MjIxWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNhN2NmNC03YjA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6gYxYim6udtfkkM7IIELerUaRBndVUNCJSCj4F+8cUt7qUsG9MFgwNlXrySq
9WV26tUxi2dlYVhh7/qVXfILHO6wpN1P0Xd5sLbtd58lBAMx1hkiSCfekFGLl1cD
V4s87/y+nmJi9Yn9pF7rdzI//2Ew/N5PVNxEEgtE6KOpaA/Mt3pEVh9qnMPAt0u9
YR43yMv/sAw7IPTyKV9DQ7tXbpl7sYXJNBow/rK22BHU55sZexQ/2M7lfSKXAxRn
W5K+oico/RbN1bZscvnsBL54VNmsk9LI94s/IY8z6IQbr5+sZrziW6wMT9znVWJP
Gg9Is4K6XidTpmZZQLhJE4tzeQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFEckokHJ
qCwt3qJblxq9ibrug9NvMB8GA1UdIwQYMBaAFE2QkIe936FQXiu6A/IGES6u/7Eb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMjAwRi8yNTc4NzQwMjE2
NEYxMUVFOUU3MzQwNEVDNEY5QUUwMi9UWkNRaDczZm9WQmVLN29EOGdZUkxxN19z
UnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RaQ1FoNzNmb1ZCZUs3b0Q4Z1lSTHE3X3NScy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDIwMEYvMjU3ODc0MDIxNjRGMTFFRTlFNzM0MDRFQzRGOUFFMDIvMDM5ODA3QjI4
NkI1MTFFRkFGODY4QzZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFn4XYwDQQCAAIwBwMFACQBC+AwDQYJKoZIhvcNAQELBQAD
ggEBAEOIWPKOXbPwfsH6w+3dn0Ci2g4V2zbXh1L0boveOlgMilZ5Qf34QtNnlLZS
lLACw8OnMbku7Au7+yS2IyGKMWJ1S92joEI0JsvICdasM0zHkc22AxMJSja+PvuD
ubrLUbhTu9J/6KYEWDmhaMu/nOydXve6h6vD9GBZkWyCvqp45ge10iSGzI82VHeo
5TsLBG2H1xRK2aPtOoLXrpLhNIFw9rdtungNxUFCcwzvac+H9nRL8qTcF3XgEV2i
PPXcB1l3cN+HjPxU2taAK32TYIyQwNYn2JjE5Hu3Ul7goB/Mw8HoObsaBbWtgsSZ
J0JkfY4sgS3iwiBks4MELx9wurM=
-----END CERTIFICATE-----
Generated at Mon Jun 9 16:55:45 2025 by rpki-client