Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/1004D41ED21D11E992825429C4F9AE02.roa
File:                     1004D41ED21D11E992825429C4F9AE02.roa (raw, json)
Hash identifier:          FAN1R0kTPo6CVZLPRUbNgZ570C6pJVmhGPN5h/j558A=
Subject key identifier:   3B:AE:FC:67:7C:65:D2:44:86:74:E5:7A:82:62:3D:0F:58:40:B2:02
Certificate issuer:       /CN=A91EB9C0/serialNumber=EFCF052D989292CEB10509129C8DE203D49F6804
Certificate serial:       0D4F
Authority key identifier: EF:CF:05:2D:98:92:92:CE:B1:05:09:12:9C:8D:E2:03:D4:9F:68:04
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/788FLZiSks6xBQkSnI3iA9SfaAQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/1004D41ED21D11E992825429C4F9AE02.roa
Signing time:             Thu 22 May 2025 18:21:28 +0000
ROA not before:           Thu 22 May 2025 18:21:28 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     136379
IP address blocks:        103.138.192.0/24 maxlen: 24
                          103.138.193.0/24 maxlen: 24
                          2001:df0:5080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/788FLZiSks6xBQkSnI3iA9SfaAQ.crl
                          rsync://rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/788FLZiSks6xBQkSnI3iA9SfaAQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/788FLZiSks6xBQkSnI3iA9SfaAQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 17:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3407 (0xd4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB9C0, serialNumber=EFCF052D989292CEB10509129C8DE203D49F6804
        Validity
            Not Before: May 22 18:21:28 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=682f6b28-4597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9f:63:f6:bc:59:c7:30:14:f1:6a:2d:b8:4c:
                    3e:1c:d4:3c:f9:b1:cc:da:23:dd:9e:7f:7e:23:63:
                    84:77:64:bf:12:e6:25:ea:2e:87:87:0d:d3:b1:68:
                    6d:4e:6b:02:0b:ce:bf:0e:cf:4d:8c:9e:86:38:98:
                    3b:78:dc:13:35:b3:ed:c4:fe:2d:cf:8d:bb:a4:fa:
                    c8:41:f9:6f:47:23:98:78:5c:c9:1c:e1:17:73:63:
                    c1:75:0d:7a:44:be:11:d9:63:c0:04:fc:2f:e1:91:
                    8a:f2:0e:24:ad:aa:cb:b4:e3:41:bc:1d:b1:f1:6c:
                    5b:20:7d:b9:37:a3:60:69:c3:71:5d:5e:84:e3:99:
                    15:36:50:e5:ee:bb:cf:99:b5:2a:ba:cc:7a:0f:8a:
                    b9:c9:03:92:7f:6c:5b:79:e7:cf:1e:5f:bd:37:64:
                    48:da:e7:6d:ad:06:3d:c7:64:de:0e:f6:1b:6d:58:
                    b7:d6:08:f7:cc:f3:91:5a:19:b3:70:a5:3b:3b:fd:
                    ff:0d:95:7a:04:79:9c:b9:ac:68:2b:2d:6d:7d:7e:
                    86:d6:ee:36:0d:fc:36:2b:6b:5a:9f:fd:cc:e1:ce:
                    09:23:a2:3d:8a:8f:2a:25:17:25:8c:f6:18:20:c3:
                    59:7e:ad:20:c3:bb:e3:67:b1:88:0a:8c:1c:64:7a:
                    98:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AE:FC:67:7C:65:D2:44:86:74:E5:7A:82:62:3D:0F:58:40:B2:02
            X509v3 Authority Key Identifier:
                keyid:EF:CF:05:2D:98:92:92:CE:B1:05:09:12:9C:8D:E2:03:D4:9F:68:04

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/788FLZiSks6xBQkSnI3iA9SfaAQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/788FLZiSks6xBQkSnI3iA9SfaAQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB9C0/D364F0CCD21A11E983F9E524C4F9AE02/1004D41ED21D11E992825429C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.192.0/23
                IPv6:
                  2001:df0:5080::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:1c:a8:64:78:3f:1f:96:67:0e:9e:fb:3f:f0:0d:0f:19:b1:
         e4:95:7b:c7:df:3e:d9:44:47:b6:a5:b5:d9:77:c6:c6:f5:95:
         ec:7b:3b:77:27:c0:68:2a:f6:b5:5e:e4:60:c2:92:10:84:60:
         88:0d:a1:31:47:01:b3:ca:8e:a5:75:80:ed:a3:d9:83:d3:58:
         7b:3f:42:52:b0:05:01:00:5c:3b:01:d7:aa:6b:f6:ed:1b:a0:
         2b:28:ee:9d:c8:17:9b:78:53:68:6e:bb:4f:d8:3d:42:71:b8:
         a2:16:d9:93:47:e3:c9:1e:e6:43:95:9b:94:e6:1e:d8:58:c3:
         0a:f7:47:63:76:6b:75:d8:8a:ca:87:49:89:1e:a6:af:cd:ba:
         96:53:9d:ef:2b:19:50:82:d8:ac:c0:b4:2c:60:c7:20:bc:86:
         d7:64:7c:49:9e:2d:00:b3:d8:5c:b9:19:f6:8a:a4:2b:d1:3a:
         f3:f3:c2:73:e0:18:89:d5:4d:be:03:8f:d8:42:6d:62:5e:0a:
         07:ba:f5:ea:78:4f:97:5e:0a:59:00:79:17:2b:4b:92:7f:bc:
         d4:27:32:cf:06:b9:16:a0:1e:03:f1:24:a7:2b:aa:73:2e:46:
         66:82:82:2f:69:41:3a:ad:63:2d:eb:60:33:6b:b8:9c:8b:28:
         5b:86:2d:f3
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDU8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUI5QzAxMTAvBgNVBAUTKEVGQ0YwNTJEOTg5MjkyQ0VCMTA1MDkxMjlDOERFMjAz
RDQ5RjY4MDQwHhcNMjUwNTIyMTgyMTI4WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJmNmIyOC00NTk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp59j9rxZxzAU8WotuEw+HNQ8+bHM2iPdnn9+I2OEd2S/EuYl6i6Hhw3TsWht
TmsCC86/Ds9NjJ6GOJg7eNwTNbPtxP4tz427pPrIQflvRyOYeFzJHOEXc2PBdQ16
RL4R2WPABPwv4ZGK8g4krarLtONBvB2x8WxbIH25N6NgacNxXV6E45kVNlDl7rvP
mbUqusx6D4q5yQOSf2xbeefPHl+9N2RI2udtrQY9x2TeDvYbbVi31gj3zPORWhmz
cKU7O/3/DZV6BHmcuaxoKy1tfX6G1u42Dfw2K2tan/3M4c4JI6I9io8qJRcljPYY
IMNZfq0gw7vjZ7GICowcZHqYtwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDuu/Gd8
ZdJEhnTleoJiPQ9YQLICMB8GA1UdIwQYMBaAFO/PBS2YkpLOsQUJEpyN4gPUn2gE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjlDMC9EMzY0RjBDQ0Qy
MUExMUU5ODNGOUU1MjRDNEY5QUUwMi83ODhGTFppU2tzNnhCUWtTbkkzaUE5U2Zh
QVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzc4OEZMWmlTa3M2eEJRa1NuSTNpQTlTZmFBUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUI5QzAvRDM2NEYwQ0NEMjFBMTFFOTgzRjlFNTI0QzRGOUFFMDIvMTAwNEQ0MUVE
MjFEMTFFOTkyODI1NDI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnisAwDwQCAAIwCQMHACABDfBQgDANBgkqhkiG9w0BAQsF
AAOCAQEAXhyoZHg/H5ZnDp77P/ANDxmx5JV7x98+2URHtqW12XfGxvWV7Hs7dyfA
aCr2tV7kYMKSEIRgiA2hMUcBs8qOpXWA7aPZg9NYez9CUrAFAQBcOwHXqmv27Rug
KyjuncgXm3hTaG67T9g9QnG4ohbZk0fjyR7mQ5WblOYe2FjDCvdHY3ZrddiKyodJ
iR6mr826llOd7ysZUILYrMC0LGDHILyG12R8SZ4tALPYXLkZ9oqkK9E68/PCc+AY
idVNvgOP2EJtYl4KB7r16nhPl14KWQB5FytLkn+81Ccyzwa5FqAeA/Ekpyuqcy5G
ZoKCL2lBOq1jLetgM2u4nIsoW4Yt8w==
-----END CERTIFICATE-----
Generated at Mon Jun 9 20:43:04 2025 by rpki-client