Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/9A20324CDD6011EB9935406BC4F9AE02.roa
File:                     9A20324CDD6011EB9935406BC4F9AE02.roa (raw, json)
Hash identifier:          +4t10ixiEuGQBsNf8a32ltvYibD8Pgvy8AUUl5BKpHE=
Subject key identifier:   39:20:AE:64:EB:26:2E:2D:1A:46:A5:9F:5F:10:AF:60:47:CF:03:07
Certificate issuer:       /CN=A9121B73/serialNumber=66CE6D078C88930FAC801089C3E4C4A33382901E
Certificate serial:       2517
Authority key identifier: 66:CE:6D:07:8C:88:93:0F:AC:80:10:89:C3:E4:C4:A3:33:82:90:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zs5tB4yIkw-sgBCJw-TEozOCkB4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/9A20324CDD6011EB9935406BC4F9AE02.roa
Signing time:             Tue 30 Jun 2026 16:18:22 +0000
ROA not before:           Tue 30 Jun 2026 16:18:22 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     59347
IP address blocks:        2403:cc80::/32 maxlen: 32
                          2403:cc80::/48 maxlen: 48
                          2403:cc80:1::/48 maxlen: 48
                          2403:cc80:2::/48 maxlen: 48
                          2403:cc80:3::/48 maxlen: 48
                          2403:cc80:4::/48 maxlen: 48
                          2403:cc80:5::/48 maxlen: 48
                          2403:cc80:d::/48 maxlen: 48
                          2403:cc80:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/Zs5tB4yIkw-sgBCJw-TEozOCkB4.crl
                          rsync://rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/Zs5tB4yIkw-sgBCJw-TEozOCkB4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zs5tB4yIkw-sgBCJw-TEozOCkB4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 15:46:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9495 (0x2517)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121B73, serialNumber=66CE6D078C88930FAC801089C3E4C4A33382901E
        Validity
            Not Before: Jun 30 16:18:22 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a43ec4e-d39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:04:f1:86:11:56:80:bf:cf:c9:bb:d4:3f:a3:
                    48:ca:30:af:80:3c:d5:e3:82:95:d2:72:49:1c:0e:
                    5d:a3:c6:e1:9b:6d:23:e5:86:df:f0:0e:b1:03:1e:
                    c0:5b:d2:6f:dc:32:34:fe:44:d7:f4:16:a8:cb:de:
                    72:a2:af:c6:52:0a:5d:cb:70:3e:5f:81:d7:c7:ae:
                    43:66:1f:41:88:7e:c3:b0:93:35:ad:00:94:e9:29:
                    c7:38:c5:b5:dc:05:77:53:ef:4a:b1:68:17:3c:28:
                    2c:05:97:01:8a:88:c0:8c:44:ac:e7:0b:18:92:98:
                    bb:b6:b9:9c:1c:a3:83:b7:77:50:5f:02:d1:3e:56:
                    af:27:d0:43:6d:c4:99:a5:77:e1:b8:25:18:34:6c:
                    94:f1:3d:71:03:73:7d:9d:88:9b:94:e2:bf:74:fa:
                    82:82:1a:e7:9c:84:40:82:19:b7:bb:65:f2:89:52:
                    36:cd:60:da:0e:e0:27:37:52:49:1c:99:bc:23:15:
                    91:bc:92:d0:63:bc:eb:7d:08:76:25:c9:6c:e8:68:
                    ca:d7:a2:42:b6:56:61:14:9a:1c:b1:3c:80:64:a6:
                    96:ae:13:58:11:33:de:0c:98:8f:bb:92:2c:b7:97:
                    3b:7b:57:e6:c3:e1:0e:7a:c2:09:d9:08:0b:53:f5:
                    77:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:20:AE:64:EB:26:2E:2D:1A:46:A5:9F:5F:10:AF:60:47:CF:03:07
            X509v3 Authority Key Identifier:
                keyid:66:CE:6D:07:8C:88:93:0F:AC:80:10:89:C3:E4:C4:A3:33:82:90:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/Zs5tB4yIkw-sgBCJw-TEozOCkB4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zs5tB4yIkw-sgBCJw-TEozOCkB4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9121B73/2B77EF2A5EDF11E581AD880CC4F9AE02/9A20324CDD6011EB9935406BC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:cc80::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:84:b6:f5:97:79:36:e1:9f:e3:2e:ac:f9:3f:87:d7:7c:43:
         33:29:42:08:b2:42:c5:85:62:7c:3a:a0:79:a9:87:8b:67:f5:
         b3:ff:d1:83:7e:59:f3:54:42:21:9e:e9:dd:77:55:1f:1d:11:
         fd:eb:eb:2e:e8:42:4b:80:1a:7a:27:86:cd:ab:90:93:1b:16:
         da:52:63:ce:b7:6c:91:fb:f6:1c:1e:5b:db:4c:82:38:58:7b:
         c0:fe:15:8d:d3:5b:4e:2b:09:d4:84:a0:f6:44:95:86:a7:e7:
         15:c2:da:fe:c6:2e:44:8a:9c:dc:55:aa:59:3d:28:24:0a:83:
         61:0f:fa:7f:8a:d0:49:c4:64:54:03:55:5d:45:9b:b7:30:ad:
         c0:42:79:c8:ae:f3:ac:80:09:ab:be:9a:ed:a5:1b:e0:cb:39:
         2e:fb:cc:ae:d7:70:71:1d:74:00:63:f6:22:b6:5b:0d:2f:d4:
         41:26:e0:0a:66:66:e4:48:8c:55:ae:ad:40:ba:6f:00:02:20:
         21:24:92:2a:e3:7c:b8:a7:3e:f4:64:53:dc:b0:9d:c2:60:6c:
         4a:80:76:24:20:85:e5:41:20:28:88:df:2f:9e:90:a5:7c:c7:
         59:7d:94:7c:9c:a9:75:d8:00:a3:62:72:c5:1c:fa:2f:9f:ce:
         97:ee:aa:2f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgICJRcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjFCNzMxMTAvBgNVBAUTKDY2Q0U2RDA3OEM4ODkzMEZBQzgwMTA4OUMzRTRDNEEz
MzM4MjkwMUUwHhcNMjYwNjMwMTYxODIyWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQzZWM0ZS1kMzljMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAywTxhhFWgL/PybvUP6NIyjCvgDzV44KV0nJJHA5do8bhm20j5Ybf8A6xAx7A
W9Jv3DI0/kTX9Baoy95yoq/GUgpdy3A+X4HXx65DZh9BiH7DsJM1rQCU6SnHOMW1
3AV3U+9KsWgXPCgsBZcBiojAjESs5wsYkpi7trmcHKODt3dQXwLRPlavJ9BDbcSZ
pXfhuCUYNGyU8T1xA3N9nYiblOK/dPqCghrnnIRAghm3u2XyiVI2zWDaDuAnN1JJ
HJm8IxWRvJLQY7zrfQh2Jcls6GjK16JCtlZhFJocsTyAZKaWrhNYETPeDJiPu5Is
t5c7e1fmw+EOesIJ2QgLU/V3iQIDAQABo4ICYTCCAl0wHQYDVR0OBBYEFDkgrmTr
Ji4tGkaln18Qr2BHzwMHMB8GA1UdIwQYMBaAFGbObQeMiJMPrIAQicPkxKMzgpAe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMUI3My8yQjc3RUYyQTVF
REYxMUU1ODFBRDg4MENDNEY5QUUwMi9aczV0QjR5SWt3LXNnQkNKdy1URW96T0Nr
QjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pzNXRCNHlJa3ctc2dCQ0p3LVRFb3pPQ2tCNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjFCNzMvMkI3N0VGMkE1RURGMTFFNTgxQUQ4ODBDQzRGOUFFMDIvOUEyMDMyNENE
RDYwMTFFQjk5MzU0MDZCQzRGOUFFMDIucm9hMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAPMgDANBgkqhkiG9w0BAQsFAAOCAQEAR4S29Zd5NuGf4y6s+T+H
13xDMylCCLJCxYVifDqgeamHi2f1s//Rg35Z81RCIZ7p3XdVHx0R/evrLuhCS4Aa
eieGzauQkxsW2lJjzrdskfv2HB5b20yCOFh7wP4VjdNbTisJ1ISg9kSVhqfnFcLa
/sYuRIqc3FWqWT0oJAqDYQ/6f4rQScRkVANVXUWbtzCtwEJ5yK7zrIAJq76a7aUb
4Ms5LvvMrtdwcR10AGP2IrZbDS/UQSbgCmZm5EiMVa6tQLpvAAIgISSSKuN8uKc+
9GRT3LCdwmBsSoB2JCCF5UEgKIjfL56QpXzHWX2UfJypddgAo2JyxRz6L5/Ol+6q
Lw==
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:27:58 2026 by rpki-client