Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/DCF88EAE5ED811EBAB677671C4F9AE02.roa
File:                     DCF88EAE5ED811EBAB677671C4F9AE02.roa (raw, json)
Hash identifier:          SkOhlI1Sq/LIctQQV3ASYYQ+aRYJDMBcBGKvl4fYf/A=
Subject key identifier:   D4:0A:CB:36:F1:1F:15:10:68:2C:4A:37:F2:37:56:E5:D2:37:E8:34
Certificate issuer:       /CN=A911647C/serialNumber=436B2C5F03F91CA741C6A249DC015A6D544A62A6
Certificate serial:       0BAD
Authority key identifier: 43:6B:2C:5F:03:F9:1C:A7:41:C6:A2:49:DC:01:5A:6D:54:4A:62:A6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/DCF88EAE5ED811EBAB677671C4F9AE02.roa
Signing time:             Fri 26 Jun 2026 20:24:01 +0000
ROA not before:           Fri 26 Jun 2026 20:24:01 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     15290
IP address blocks:        203.186.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.crl
                          rsync://rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 19:48:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2989 (0xbad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911647C, serialNumber=436B2C5F03F91CA741C6A249DC015A6D544A62A6
        Validity
            Not Before: Jun 26 20:24:01 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3edfe1-7c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5d:a1:8f:f3:9b:10:d0:77:cc:2f:d8:03:37:
                    3c:25:10:5f:3d:e4:35:86:b2:2d:b6:12:0f:3c:45:
                    ca:29:78:dd:7b:74:b8:ef:47:cc:f2:19:69:1a:49:
                    25:00:ea:1d:15:5b:0b:29:82:29:0f:22:c0:f9:bf:
                    88:72:9c:3a:18:b7:e4:16:88:81:28:ae:47:b9:04:
                    09:83:bb:2c:99:87:55:d0:62:eb:7a:76:51:55:91:
                    6e:5c:e9:42:2e:d6:6c:22:db:d2:56:64:3e:23:0f:
                    66:4d:bb:ff:f5:d7:60:51:da:52:84:08:89:86:db:
                    27:9b:03:5b:70:e2:0d:ad:d5:0f:25:4c:92:c5:51:
                    02:a5:7a:be:0a:c1:27:41:5c:90:a9:07:6c:ea:d5:
                    c7:65:88:5c:97:39:ad:33:4d:c0:38:27:8c:2d:4f:
                    a2:bb:98:ac:f3:94:5b:63:5d:0b:cd:8a:e2:28:5d:
                    8d:72:38:9a:8a:fa:21:9c:0c:d7:6f:44:d9:42:84:
                    7b:96:fc:57:97:11:55:56:3d:32:1b:95:be:69:de:
                    74:c6:ed:03:00:aa:4d:6b:bc:70:7d:e0:32:98:bc:
                    6b:47:8e:bb:c5:a0:02:aa:5c:7b:50:f6:65:01:9d:
                    96:b0:69:1b:ce:7c:79:64:d7:0a:8b:3a:98:46:21:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0A:CB:36:F1:1F:15:10:68:2C:4A:37:F2:37:56:E5:D2:37:E8:34
            X509v3 Authority Key Identifier:
                keyid:43:6B:2C:5F:03:F9:1C:A7:41:C6:A2:49:DC:01:5A:6D:54:4A:62:A6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Q2ssXwP5HKdBxqJJ3AFabVRKYqY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911647C/437CC406851311EAAA0B0A7FC4F9AE02/DCF88EAE5ED811EBAB677671C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.186.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:93:be:ae:25:23:ea:57:5b:e2:56:8c:b0:28:65:05:c6:47:
         d8:9d:13:a3:1e:99:3d:7d:36:72:57:c8:2d:4a:71:2a:54:d4:
         8e:1f:5b:83:8e:61:71:ea:3a:70:5b:18:c4:1b:20:78:e8:7d:
         b5:93:a8:b4:a0:57:6d:b7:e1:9b:86:31:14:a9:48:16:7a:b0:
         a5:51:e8:9a:7b:ca:30:b5:2c:52:77:30:c4:15:b4:d3:e3:f9:
         e8:1b:da:21:20:82:4b:4c:78:78:96:24:07:2e:97:7e:a6:5c:
         46:97:81:3a:a0:f7:3b:c5:32:bf:9d:45:aa:c2:b9:2a:9a:5b:
         eb:5d:92:bf:f0:55:a3:42:af:06:d8:ba:3e:86:cf:5f:64:1a:
         c5:91:54:b0:6d:49:ab:93:f3:fb:2b:aa:f6:f8:86:c0:2f:dc:
         9d:87:b3:a0:7a:8b:f2:28:6a:d6:22:41:0c:68:e0:68:7f:3b:
         f2:81:c8:af:01:2f:d3:ef:d7:f3:6b:09:65:3f:32:24:d7:ab:
         46:c3:d6:96:8e:33:b9:10:06:c2:e0:e8:9b:f5:f4:00:6e:2f:
         e8:7b:5a:6f:cc:7b:87:67:c3:47:37:e7:77:08:fd:8c:34:c0:
         ac:63:b8:8a:3c:7e:07:9a:79:d9:1f:3e:00:7a:ba:96:08:9f:
         ac:9e:5d:09
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICC60wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTY0N0MxMTAvBgNVBAUTKDQzNkIyQzVGMDNGOTFDQTc0MUM2QTI0OURDMDE1QTZE
NTQ0QTYyQTYwHhcNMjYwNjI2MjAyNDAxWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNlZGZlMS03YzE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArF2hj/ObENB3zC/YAzc8JRBfPeQ1hrItthIPPEXKKXjde3S470fM8hlpGkkl
AOodFVsLKYIpDyLA+b+Icpw6GLfkFoiBKK5HuQQJg7ssmYdV0GLrenZRVZFuXOlC
LtZsItvSVmQ+Iw9mTbv/9ddgUdpShAiJhtsnmwNbcOINrdUPJUySxVECpXq+CsEn
QVyQqQds6tXHZYhclzmtM03AOCeMLU+iu5is85RbY10LzYriKF2NcjiaivohnAzX
b0TZQoR7lvxXlxFVVj0yG5W+ad50xu0DAKpNa7xwfeAymLxrR467xaACqlx7UPZl
AZ2WsGkbznx5ZNcKizqYRiGJbQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFNQKyzbx
HxUQaCxKN/I3VuXSN+g0MB8GA1UdIwQYMBaAFENrLF8D+RynQcaiSdwBWm1USmKm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNjQ3Qy80MzdDQzQwNjg1
MTMxMUVBQUEwQjBBN0ZDNEY5QUUwMi9RMnNzWHdQNUhLZEJ4cUpKM0FGYWJWUktZ
cVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1Eyc3NYd1A1SEtkQnhxSkozQUZhYlZSS1lxWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTY0N0MvNDM3Q0M0MDY4NTEzMTFFQUFBMEIwQTdGQzRGOUFFMDIvRENGODhFQUU1
RUQ4MTFFQkFCNjc3NjcxQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCy7p0MA0GCSqGSIb3DQEBCwUAA4IBAQCRk76uJSPqV1viVoywKGUF
xkfYnROjHpk9fTZyV8gtSnEqVNSOH1uDjmFx6jpwWxjEGyB46H21k6i0oFdtt+Gb
hjEUqUgWerClUeiae8owtSxSdzDEFbTT4/noG9ohIIJLTHh4liQHLpd+plxGl4E6
oPc7xTK/nUWqwrkqmlvrXZK/8FWjQq8G2Lo+hs9fZBrFkVSwbUmrk/P7K6r2+IbA
L9ydh7OgeovyKGrWIkEMaOBofzvygcivAS/T79fzawllPzIk16tGw9aWjjO5EAbC
4Oib9fQAbi/oe1pvzHuHZ8NHN+d3CP2MNMCsY7iKPH4HmnnZHz4AerqWCJ+snl0J
-----END CERTIFICATE-----
Generated at Fri Jul 17 11:53:44 2026 by rpki-client