Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A91A61310000/0/3130332e3233382e3133312e302f32342d3234203d3e203233353332.roa
File:                     3130332e3233382e3133312e302f32342d3234203d3e203233353332.roa (raw, json)
Hash identifier:          EocrPN7oy6EUyv4FnfOIDKqYSpn6P9J+KZyYh7hogWM=
Subject key identifier:   A9:74:D0:BD:1B:10:C9:70:C0:EB:D2:2D:B9:3C:34:8A:B5:BB:86:7F
Certificate issuer:       /CN=A91A61310000/serialNumber=72EC0D8B386D96FBC741C05F3661CB7ADA8EB800
Certificate serial:       266A004929D7E5EB16A454EA86F1530ACE6D54
Authority key identifier: 72:EC:0D:8B:38:6D:96:FB:C7:41:C0:5F:36:61:CB:7A:DA:8E:B8:00
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A91A61310000/0/3130332e3233382e3133312e302f32342d3234203d3e203233353332.roa
Signing time:             Thu 05 Jun 2025 10:20:23 +0000
ROA not before:           Thu 05 Jun 2025 10:15:23 +0000
ROA not after:            Thu 04 Jun 2026 10:20:23 +0000
asID:                     23532
IP address blocks:        103.238.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.crl
                          rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 05:21:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:6a:00:49:29:d7:e5:eb:16:a4:54:ea:86:f1:53:0a:ce:6d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A61310000, serialNumber=72EC0D8B386D96FBC741C05F3661CB7ADA8EB800
        Validity
            Not Before: Jun  5 10:15:23 2025 GMT
            Not After : Jun  4 10:20:23 2026 GMT
        Subject: CN=A974D0BD1B10C970C0EBD22DB93C348AB5BB867F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:91:fc:6c:49:d2:e8:04:f8:14:06:d5:c8:1c:
                    5c:c2:d3:d3:ed:ec:b2:50:18:d1:9e:18:83:c4:41:
                    cd:1e:c1:96:6c:23:94:8d:49:b2:e4:c3:fb:f6:74:
                    fb:b4:18:53:85:42:90:cf:ef:de:6d:4f:6a:63:dc:
                    8e:03:78:9f:fe:cd:0c:63:63:39:ce:45:0c:1b:1c:
                    9d:ba:f2:93:82:e4:22:41:f9:f1:57:de:5f:41:c3:
                    09:ad:b8:a9:69:9a:d9:00:01:88:23:d1:75:db:aa:
                    6d:45:eb:73:49:02:50:fe:97:e3:5d:a3:47:72:99:
                    0a:15:67:72:ce:e6:49:c4:0d:15:59:2f:3b:be:4d:
                    e3:3b:41:69:4e:c2:b4:93:b5:cc:4e:21:6d:dc:e0:
                    29:5e:ed:d6:15:e1:0c:56:90:d3:27:9d:ba:37:06:
                    1a:3f:5e:af:37:0e:db:d5:08:7b:c8:e8:90:91:97:
                    b6:f5:ae:f3:12:a9:94:63:4e:1c:2a:e4:1b:0e:62:
                    03:4f:94:8a:d8:cf:f0:61:82:c7:72:24:cf:ab:3e:
                    33:d9:85:53:7b:f9:7d:7c:8b:9b:7e:a1:26:db:d5:
                    f7:8e:bb:15:80:d2:37:f9:19:67:dd:9c:73:9f:81:
                    34:6f:3d:a9:b8:e6:2a:d5:4e:e7:88:2a:a2:2e:a5:
                    c8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:74:D0:BD:1B:10:C9:70:C0:EB:D2:2D:B9:3C:34:8A:B5:BB:86:7F
            X509v3 Authority Key Identifier:
                keyid:72:EC:0D:8B:38:6D:96:FB:C7:41:C0:5F:36:61:CB:7A:DA:8E:B8:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A91A61310000/0/72EC0D8B386D96FBC741C05F3661CB7ADA8EB800.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cuwNizhtlvvHQcBfNmHLetqOuAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A91A61310000/0/3130332e3233382e3133312e302f32342d3234203d3e203233353332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.238.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:3f:06:4a:ea:9b:be:29:8f:ce:68:cf:db:f5:d6:74:91:e5:
         99:aa:36:a8:57:3b:ae:e9:15:8f:9c:6d:7f:6d:b6:37:f4:e2:
         a1:00:79:77:5a:d8:79:28:d9:e3:e3:3e:7c:67:0b:c1:78:30:
         84:6d:1c:44:90:62:28:71:2d:6b:75:e8:2f:0e:1f:36:41:98:
         e7:7d:f1:51:b8:83:a3:8f:98:3b:2c:33:a8:7d:82:05:75:12:
         bf:b3:95:60:72:a8:85:ee:0f:2a:32:3a:9f:3b:9d:7a:e2:0b:
         17:ad:76:3f:9e:69:d0:bb:84:df:f9:c2:2f:c8:ae:c1:99:a0:
         38:04:32:92:b9:40:92:ea:3b:36:04:b9:88:73:bb:ce:1c:41:
         e1:bb:fc:ba:11:47:4c:f0:a7:c6:6c:41:24:ce:3d:77:a6:45:
         2d:e6:c1:20:64:77:ac:a2:a7:df:6a:74:c9:9d:be:b8:1b:73:
         0d:96:07:44:d2:98:c7:42:3a:5f:92:4a:bf:ba:57:97:3a:e2:
         3c:ec:9c:b6:0e:fe:02:44:15:93:c7:66:1d:cf:c4:47:01:2c:
         f2:e9:cf:6f:61:29:0d:58:38:d4:9c:4c:f2:d8:2e:69:6b:0d:
         5a:f1:ea:b8:eb:92:1c:71:fb:6b:6c:d4:3f:b0:b3:d4:c5:7c:
         a7:15:4b:36
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgITJmoASSnX5esWpFTqhvFTCs5tVDANBgkqhkiG9w0BAQsF
ADBKMRUwEwYDVQQDEwxBOTFBNjEzMTAwMDAxMTAvBgNVBAUTKDcyRUMwRDhCMzg2
RDk2RkJDNzQxQzA1RjM2NjFDQjdBREE4RUI4MDAwHhcNMjUwNjA1MTAxNTIzWhcN
MjYwNjA0MTAyMDIzWjAzMTEwLwYDVQQDEyhBOTc0RDBCRDFCMTBDOTcwQzBFQkQy
MkRCOTNDMzQ4QUI1QkI4NjdGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArJH8bEnS6AT4FAbVyBxcwtPT7eyyUBjRnhiDxEHNHsGWbCOUjUmy5MP79nT7
tBhThUKQz+/ebU9qY9yOA3if/s0MY2M5zkUMGxyduvKTguQiQfnxV95fQcMJrbip
aZrZAAGII9F126ptRetzSQJQ/pfjXaNHcpkKFWdyzuZJxA0VWS87vk3jO0FpTsK0
k7XMTiFt3OApXu3WFeEMVpDTJ526NwYaP16vNw7b1Qh7yOiQkZe29a7zEqmUY04c
KuQbDmIDT5SK2M/wYYLHciTPqz4z2YVTe/l9fIubfqEm29X3jrsVgNI3+Rln3Zxz
n4E0bz2puOYq1U7niCqiLqXITQIDAQABo4ICFDCCAhAwHQYDVR0OBBYEFKl00L0b
EMlwwOvSLbk8NIq1u4Z/MB8GA1UdIwQYMBaAFHLsDYs4bZb7x0HAXzZhy3rajrgA
MA4GA1UdDwEB/wQEAwIHgDByBgNVHR8EazBpMGegZaBjhmFyc3luYzovL3Jwa2ku
c3ViLmFwbmljLm5ldC9yZXBvc2l0b3J5L0E5MUE2MTMxMDAwMC8wLzcyRUMwRDhC
Mzg2RDk2RkJDNzQxQzA1RjM2NjFDQjdBREE4RUI4MDAuY3JsMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL2N1d05pemh0bHZ2
SFFjQmZObUhMZXRxT3VBQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxQTYx
MzEwMDAwLzAvMzEzMDMzMmUzMjMzMzgyZTMxMzMzMTJlMzAyZjMyMzQyZDMyMzQy
MDNkM2UyMDMyMzMzNTMzMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABn7oMwDQYJKoZIhvcNAQELBQAD
ggEBAFY/Bkrqm74pj85oz9v11nSR5ZmqNqhXO67pFY+cbX9ttjf04qEAeXda2Hko
2ePjPnxnC8F4MIRtHESQYihxLWt16C8OHzZBmOd98VG4g6OPmDssM6h9ggV1Er+z
lWByqIXuDyoyOp87nXriCxetdj+eadC7hN/5wi/IrsGZoDgEMpK5QJLqOzYEuYhz
u84cQeG7/LoRR0zwp8ZsQSTOPXemRS3mwSBkd6yip99qdMmdvrgbcw2WB0TSmMdC
Ol+SSr+6V5c64jzsnLYO/gJEFZPHZh3PxEcBLPLpz29hKQ1YONScTPLYLmlrDVrx
6rjrkhxx+2ts1D+ws9TFfKcVSzY=
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:57:43 2025 by rpki-client