Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/A87393C8F86B11EF86A73884C4F9AE02.roa
File:                     A87393C8F86B11EF86A73884C4F9AE02.roa (raw, json)
Hash identifier:          6O0VKauTuWTfzmPjcovFKdSm/+YMqCBqWG3p+BX8OSE=
Subject key identifier:   66:95:60:EE:29:2B:3B:F0:81:B0:20:08:EC:22:7D:00:0E:52:37:5D
Certificate issuer:       /CN=A91DEC12/serialNumber=05070BF9AD930449FB3B69B8691CF20C012779B9
Certificate serial:       0C39
Authority key identifier: 05:07:0B:F9:AD:93:04:49:FB:3B:69:B8:69:1C:F2:0C:01:27:79:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQcL-a2TBEn7O2m4aRzyDAEnebk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/A87393C8F86B11EF86A73884C4F9AE02.roa
Signing time:             Mon 02 Jun 2025 19:01:40 +0000
ROA not before:           Mon 02 Jun 2025 19:01:40 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     136555
IP address blocks:        103.92.152.0/22 maxlen: 22
                          103.92.152.0/23 maxlen: 23
                          103.92.152.0/24 maxlen: 24
                          103.92.154.0/23 maxlen: 23
                          103.92.154.0/24 maxlen: 24
                          103.92.155.0/24 maxlen: 24
                          2403:bb40::/32 maxlen: 32
                          2403:bb40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/BQcL-a2TBEn7O2m4aRzyDAEnebk.crl
                          rsync://rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/BQcL-a2TBEn7O2m4aRzyDAEnebk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQcL-a2TBEn7O2m4aRzyDAEnebk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 18:34:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3129 (0xc39)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DEC12, serialNumber=05070BF9AD930449FB3B69B8691CF20C012779B9
        Validity
            Not Before: Jun  2 19:01:40 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=683df513-0b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:49:0c:45:d9:6a:11:78:d4:31:d9:84:25:24:
                    a2:7a:0d:d2:98:03:87:23:2f:54:dc:30:b1:fe:95:
                    11:de:08:e9:e4:21:4a:8a:24:bc:3c:49:07:97:bc:
                    93:e7:4f:b0:0c:88:c9:b7:f7:11:0d:7e:c2:12:08:
                    d4:60:10:64:aa:a7:b9:7b:cb:e3:3e:e3:d9:4d:13:
                    d9:89:ce:74:14:2a:91:5a:ce:93:21:f4:a2:08:ef:
                    ce:2a:0d:15:a2:f2:e1:3d:9f:7f:60:81:c3:0f:ff:
                    1f:91:67:e9:4b:ef:04:a2:5c:81:74:15:05:4a:8b:
                    ae:72:72:d5:15:84:22:2c:84:88:12:cd:f7:6e:20:
                    aa:1b:68:e9:86:bb:33:ce:c3:77:4a:7d:63:ab:3b:
                    ee:03:a3:2c:91:c0:19:b3:f5:4a:f5:da:d1:f0:c4:
                    9a:8f:74:fd:9e:53:78:8e:21:5a:b6:5c:d1:1e:c3:
                    b9:f5:7b:10:f3:da:d0:f0:31:c6:3f:0c:2d:ae:a3:
                    e5:f4:fa:e3:6f:ae:4b:15:75:de:a4:58:db:7b:3a:
                    f2:a5:21:c0:71:0d:75:29:6f:08:0c:80:c8:ba:de:
                    01:56:1b:fd:5f:c4:f9:9a:0b:5f:c2:22:d2:bf:2f:
                    f2:e6:c1:73:29:86:b5:91:4d:b8:41:43:43:ad:88:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:95:60:EE:29:2B:3B:F0:81:B0:20:08:EC:22:7D:00:0E:52:37:5D
            X509v3 Authority Key Identifier:
                keyid:05:07:0B:F9:AD:93:04:49:FB:3B:69:B8:69:1C:F2:0C:01:27:79:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/BQcL-a2TBEn7O2m4aRzyDAEnebk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQcL-a2TBEn7O2m4aRzyDAEnebk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEC12/8592E4880F6611EAAF51C646C4F9AE02/A87393C8F86B11EF86A73884C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.92.152.0/22
                IPv6:
                  2403:bb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:24:0a:87:e0:3e:ca:bd:64:bd:48:a5:3b:f4:d7:43:e2:87:
         80:e4:3b:4c:cb:a6:4b:19:2e:c1:83:41:d9:e4:c2:3f:96:9f:
         ee:c3:5e:5f:9e:2b:32:3a:12:0d:5d:ee:dd:6c:12:50:02:c1:
         c3:4b:6e:d9:d4:39:fc:1e:ba:d5:80:f5:09:16:44:88:49:58:
         f3:f3:a0:99:be:d8:37:df:9a:fd:98:11:a7:4d:5d:26:81:43:
         76:9d:80:16:e6:7a:08:f5:85:c8:c4:1b:20:7d:d7:a8:5f:82:
         ba:3d:3c:61:38:69:b8:eb:5e:b5:56:6c:0f:68:d5:22:1b:49:
         7e:1d:61:6f:c7:81:dc:90:ae:7e:74:11:29:a8:0b:1c:98:36:
         62:a7:71:a8:1e:87:33:b0:d0:ab:45:02:78:dd:1a:70:a3:94:
         6c:ed:2b:ff:7d:c8:6a:ec:86:0d:b2:49:88:c5:2b:d4:cd:3c:
         d9:92:9d:3f:5f:df:20:16:0c:0f:7e:a8:47:9d:8f:30:25:62:
         e3:82:46:72:71:17:8e:cb:ac:28:d1:37:59:15:e5:a5:86:94:
         fb:40:de:d7:64:b1:e7:90:72:0a:6f:29:f2:70:49:46:9c:8a:
         7c:12:3f:2e:a9:09:44:42:f4:36:97:fe:9f:e2:cf:af:26:e0:
         3a:fd:e8:9c
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDDkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REVDMTIxMTAvBgNVBAUTKDA1MDcwQkY5QUQ5MzA0NDlGQjNCNjlCODY5MUNGMjBD
MDEyNzc5QjkwHhcNMjUwNjAyMTkwMTQwWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNkZjUxMy0wYjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAukkMRdlqEXjUMdmEJSSieg3SmAOHIy9U3DCx/pUR3gjp5CFKiiS8PEkHl7yT
50+wDIjJt/cRDX7CEgjUYBBkqqe5e8vjPuPZTRPZic50FCqRWs6TIfSiCO/OKg0V
ovLhPZ9/YIHDD/8fkWfpS+8EolyBdBUFSouucnLVFYQiLISIEs33biCqG2jphrsz
zsN3Sn1jqzvuA6MskcAZs/VK9drR8MSaj3T9nlN4jiFatlzRHsO59XsQ89rQ8DHG
PwwtrqPl9Prjb65LFXXepFjbezrypSHAcQ11KW8IDIDIut4BVhv9X8T5mgtfwiLS
vy/y5sFzKYa1kU24QUNDrYi62QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFGaVYO4p
KzvwgbAgCOwifQAOUjddMB8GA1UdIwQYMBaAFAUHC/mtkwRJ+ztpuGkc8gwBJ3m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERUMxMi84NTkyRTQ4ODBG
NjYxMUVBQUY1MUM2NDZDNEY5QUUwMi9CUWNMLWEyVEJFbjdPMm00YVJ6eURBRW5l
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JRY0wtYTJUQkVuN08ybTRhUnp5REFFbmViay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REVDMTIvODU5MkU0ODgwRjY2MTFFQUFGNTFDNjQ2QzRGOUFFMDIvQTg3MzkzQzhG
ODZCMTFFRjg2QTczODg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnXJgwDQQCAAIwBwMFACQDu0AwDQYJKoZIhvcNAQELBQAD
ggEBAL8kCofgPsq9ZL1IpTv010Pih4DkO0zLpksZLsGDQdnkwj+Wn+7DXl+eKzI6
Eg1d7t1sElACwcNLbtnUOfweutWA9QkWRIhJWPPzoJm+2Dffmv2YEadNXSaBQ3ad
gBbmegj1hcjEGyB916hfgro9PGE4abjrXrVWbA9o1SIbSX4dYW/HgdyQrn50ESmo
CxyYNmKncagehzOw0KtFAnjdGnCjlGztK/99yGrshg2ySYjFK9TNPNmSnT9f3yAW
DA9+qEedjzAlYuOCRnJxF47LrCjRN1kV5aWGlPtA3tdkseeQcgpvKfJwSUacinwS
Py6pCURC9DaX/p/iz68m4Dr96Jw=
-----END CERTIFICATE-----
Generated at Thu Jun 12 16:01:50 2025 by rpki-client