Route Origin Authorization

$ rpki-client -vvf rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203234303231.roa
File:                     3230332e3134372e3130382e302f32332d3233203d3e203234303231.roa (raw, json)
Hash identifier:          uixTo0Oe6ASeELT5L5kftp5oGLKM6vjJiP5JUfzt2V0=
Subject key identifier:   EC:A1:69:C5:E1:21:D8:73:EC:31:31:43:59:59:0A:70:46:ED:1B:86
Certificate issuer:       /CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
Certificate serial:       70C9617BCAA5F8AC9A620A911A9BD8B23C93C980
Authority key identifier: C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
Subject info access:      rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203234303231.roa
Signing time:             Thu 12 Jun 2025 00:00:01 +0000
ROA not before:           Wed 11 Jun 2025 23:55:01 +0000
ROA not after:            Thu 11 Jun 2026 00:00:01 +0000
asID:                     24021
IP address blocks:        203.147.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl
                          rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 13 Jun 2025 01:34:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c9:61:7b:ca:a5:f8:ac:9a:62:0a:91:1a:9b:d8:b2:3c:93:c9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91872ED0001, serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
        Validity
            Not Before: Jun 11 23:55:01 2025 GMT
            Not After : Jun 11 00:00:01 2026 GMT
        Subject: CN=ECA169C5E121D873EC31314359590A7046ED1B86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1c:9e:ab:72:e1:b2:b1:56:dd:46:3d:0c:d8:
                    40:e6:21:9c:d1:e2:30:8c:99:c8:64:10:bb:e8:f8:
                    0c:41:17:f8:34:aa:1a:eb:5f:ff:1e:7f:de:ff:a2:
                    92:b2:31:ba:06:e9:1d:f8:4a:ad:11:86:df:fb:10:
                    6b:40:95:eb:e4:cc:cb:9d:ad:22:ba:99:19:a9:32:
                    c4:2d:42:5c:87:fa:5e:a2:2b:02:db:d2:18:87:c4:
                    40:f7:85:0e:1f:09:2a:86:ab:24:1a:9e:db:4a:69:
                    80:7e:6e:6d:a7:95:b6:5d:1a:49:8c:7f:7c:2a:29:
                    f0:6a:9e:3b:34:12:4b:39:dd:ad:73:d3:6b:92:e5:
                    80:5b:e1:32:c9:d5:b5:8c:4e:0a:45:85:27:99:bf:
                    22:ae:c7:ba:11:74:e4:9d:7c:99:13:90:f4:76:38:
                    9d:f5:ff:bd:46:38:5d:d8:d1:1e:83:c3:d9:27:12:
                    07:48:18:8d:77:ac:40:09:5e:04:fe:dc:ae:2f:db:
                    c6:e6:dc:f0:72:66:ff:a0:78:7f:68:7c:1a:85:70:
                    1a:f7:3a:59:c7:17:c3:86:8f:0f:6e:6f:6d:b3:30:
                    91:37:92:2f:a8:5d:cf:36:9a:58:4d:63:49:11:09:
                    8a:81:78:2e:22:5e:f1:5e:8a:d4:77:d7:96:e4:1c:
                    c1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A1:69:C5:E1:21:D8:73:EC:31:31:43:59:59:0A:70:46:ED:1B:86
            X509v3 Authority Key Identifier:
                keyid:C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203234303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.147.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:25:69:d6:b3:f7:7d:26:ad:d9:df:39:24:85:34:d4:71:62:
         bd:59:aa:28:d1:27:5b:07:c5:0b:c9:59:42:99:e6:ba:3b:cc:
         80:c4:7c:9b:15:19:cc:ed:f2:91:5d:45:99:2b:74:e2:45:fc:
         91:ef:35:64:20:3a:62:16:ae:f1:91:1a:00:ae:7c:3d:ed:73:
         3c:03:dc:a1:4a:e9:e2:23:83:77:26:29:14:ec:ef:7e:e4:06:
         14:9d:db:43:6a:c4:f9:f4:e8:9e:1f:a0:89:12:79:56:e7:34:
         ad:e8:5d:08:5b:10:7c:80:b8:60:4b:8f:4d:fc:a2:4b:75:4d:
         b1:d3:76:e4:04:15:7f:c6:82:6b:f3:f3:49:19:f5:2e:26:39:
         7c:0f:7f:b1:98:13:b5:e1:88:8c:35:18:21:d8:5e:1c:6a:95:
         8b:e0:da:ce:16:70:9d:ea:2a:7b:43:cf:e9:02:e0:b9:4b:c4:
         3f:83:db:54:c9:91:90:cf:6e:f2:42:9d:70:a5:e3:90:aa:40:
         90:da:80:46:5b:04:19:52:96:30:62:73:9a:a3:74:cc:85:54:
         e9:09:2f:29:39:bb:e8:a5:12:ff:ee:09:fc:ce:dd:86:46:7e:
         03:b3:f9:52:84:04:7f:fe:53:49:c4:aa:37:42:0c:71:ea:94:
         39:25:c8:7b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUcMlhe8ql+KyaYgqRGpvYsjyTyYAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODcyRUQwMDAxMTEwLwYDVQQFEyhDMDkwNkExOUE3
REUzNDlCRkEyQjMyQjNDM0VCNEMyRDE3NzYwQ0UxMB4XDTI1MDYxMTIzNTUwMVoX
DTI2MDYxMTAwMDAwMVowMzExMC8GA1UEAxMoRUNBMTY5QzVFMTIxRDg3M0VDMzEz
MTQzNTk1OTBBNzA0NkVEMUI4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4cnqty4bKxVt1GPQzYQOYhnNHiMIyZyGQQu+j4DEEX+DSqGutf/x5/3v+i
krIxugbpHfhKrRGG3/sQa0CV6+TMy52tIrqZGakyxC1CXIf6XqIrAtvSGIfEQPeF
Dh8JKoarJBqe20ppgH5ubaeVtl0aSYx/fCop8GqeOzQSSzndrXPTa5LlgFvhMsnV
tYxOCkWFJ5m/Iq7HuhF05J18mROQ9HY4nfX/vUY4XdjRHoPD2ScSB0gYjXesQAle
BP7cri/bxubc8HJm/6B4f2h8GoVwGvc6WccXw4aPD25vbbMwkTeSL6hdzzaaWE1j
SREJioF4LiJe8V6K1HfXluQcwX8CAwEAAaOCAgkwggIFMB0GA1UdDgQWBBTsoWnF
4SHYc+wxMUNZWQpwRu0bhjAfBgNVHSMEGDAWgBTAkGoZp940m/orMrPD60wtF3YM
4TAOBgNVHQ8BAf8EBAMCB4AwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtp
LnJhbmQuYXBuaWMubmV0L3JlcG8vQTkxODcyRUQwMDAxLzAvQzA5MDZBMTlBN0RF
MzQ5QkZBMkIzMkIzQzNFQjRDMkQxNzc2MENFMS5jcmwwfgYIKwYBBQUHAQEEcjBw
MG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkv
QjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd0pCcUdhZmVOSnY2S3pL
enctdE1MUmQyRE9FLmNlcjCBiAYIKwYBBQUHAQsEfDB6MHgGCCsGAQUFBzALhmxy
c3luYzovL3Jwa2kucmFuZC5hcG5pYy5uZXQvcmVwby9BOTE4NzJFRDAwMDEvMC8z
MjMwMzMyZTMxMzQzNzJlMzEzMDM4MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzIz
NDMwMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAcuTbDANBgkqhkiG9w0BAQsFAAOCAQEAvyVp1rP3
fSat2d85JIU01HFivVmqKNEnWwfFC8lZQpnmujvMgMR8mxUZzO3ykV1FmSt04kX8
ke81ZCA6Yhau8ZEaAK58Pe1zPAPcoUrp4iODdyYpFOzvfuQGFJ3bQ2rE+fTonh+g
iRJ5Vuc0rehdCFsQfIC4YEuPTfyiS3VNsdN25AQVf8aCa/PzSRn1LiY5fA9/sZgT
teGIjDUYIdheHGqVi+DazhZwneoqe0PP6QLguUvEP4PbVMmRkM9u8kKdcKXjkKpA
kNqARlsEGVKWMGJzmqN0zIVU6QkvKTm76KUS/+4J/M7dhkZ+A7P5UoQEf/5TScSq
N0IMceqUOSXIew==
-----END CERTIFICATE-----
Generated at Thu Jun 12 06:28:32 2025 by rpki-client