Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/CD145D246E4E11EDBE02B065C4F9AE02.roa
File:                     CD145D246E4E11EDBE02B065C4F9AE02.roa (raw, json)
Hash identifier:          5PMpMbiDvOrHyA2aZdrK2EqToeI6RWLqz3P1054gczc=
Subject key identifier:   67:A2:86:B0:76:31:30:DC:61:29:EE:7B:AF:FD:F6:C4:35:69:A5:9A
Certificate issuer:       /CN=A9122219/serialNumber=D0D2F45A46D26766014B786019A09A8334873DAD
Certificate serial:       0C07
Authority key identifier: D0:D2:F4:5A:46:D2:67:66:01:4B:78:60:19:A0:9A:83:34:87:3D:AD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0NL0WkbSZ2YBS3hgGaCagzSHPa0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/CD145D246E4E11EDBE02B065C4F9AE02.roa
Signing time:             Thu 02 Jul 2026 19:19:41 +0000
ROA not before:           Thu 02 Jul 2026 19:19:41 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     38744
IP address blocks:        49.0.32.0/20 maxlen: 24
                          49.0.48.0/21 maxlen: 24
                          117.58.240.0/21 maxlen: 24
                          2404:b580::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/0NL0WkbSZ2YBS3hgGaCagzSHPa0.crl
                          rsync://rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/0NL0WkbSZ2YBS3hgGaCagzSHPa0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0NL0WkbSZ2YBS3hgGaCagzSHPa0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 18:57:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3079 (0xc07)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9122219, serialNumber=D0D2F45A46D26766014B786019A09A8334873DAD
        Validity
            Not Before: Jul  2 19:19:41 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a46b9cd-e728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:22:0f:54:c4:00:8f:e2:5b:7c:06:56:bd:1d:
                    23:ee:bf:b6:ac:11:43:20:c1:9c:2b:b5:48:bb:dc:
                    48:81:3a:db:8f:d1:4c:3b:db:e7:6a:87:29:22:af:
                    73:12:51:d4:3e:d2:26:04:4c:a6:94:fd:d5:bc:a6:
                    32:57:d4:b4:a2:1f:b5:db:c0:fe:9e:36:02:df:a1:
                    e2:8a:15:2e:34:11:be:70:22:da:b9:63:89:9b:cd:
                    b6:20:d2:eb:60:bf:0b:f1:4b:0c:be:2a:89:4b:82:
                    70:21:a4:6d:4b:ff:ee:3e:a5:05:ee:a9:cb:be:9d:
                    af:ee:33:6d:21:66:ad:6b:b0:3f:2e:5f:b0:d8:2c:
                    1c:a4:c5:a7:c1:63:d9:55:26:b0:46:83:7a:45:72:
                    05:8c:2d:b9:0d:de:09:56:1d:18:ba:49:66:a8:e3:
                    25:4d:ed:14:e2:d1:d3:e8:7e:22:5e:be:a7:85:b9:
                    8d:c7:db:f4:52:d6:8a:15:74:c0:6d:9e:19:86:04:
                    7c:43:c8:42:d9:6e:b1:c4:a0:4b:e8:94:5d:85:e0:
                    e6:95:16:76:92:d7:85:ef:59:e4:93:bd:57:e5:e3:
                    0e:fe:bd:41:47:63:71:d2:f0:47:81:14:97:50:7d:
                    80:14:d6:79:d2:ca:f9:f4:0a:cc:66:c4:f1:c0:96:
                    4b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A2:86:B0:76:31:30:DC:61:29:EE:7B:AF:FD:F6:C4:35:69:A5:9A
            X509v3 Authority Key Identifier:
                keyid:D0:D2:F4:5A:46:D2:67:66:01:4B:78:60:19:A0:9A:83:34:87:3D:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/0NL0WkbSZ2YBS3hgGaCagzSHPa0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0NL0WkbSZ2YBS3hgGaCagzSHPa0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9122219/82FE89CC3C3711EA873E1460C4F9AE02/CD145D246E4E11EDBE02B065C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.0.32.0-49.0.55.255
                  117.58.240.0/21
                IPv6:
                  2404:b580::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:5f:44:a4:dd:8a:51:3e:fa:45:25:29:21:f6:91:32:ee:5b:
         a4:80:a5:1f:c1:c8:a7:b1:ad:e2:b8:62:9b:64:f1:2f:9c:cd:
         35:a6:98:39:a3:36:e5:a4:93:4b:7f:ea:80:25:a1:26:a6:8a:
         6f:95:e3:a7:26:05:cb:31:a9:7b:84:0b:7d:70:b0:88:be:a7:
         61:26:6b:05:b0:6a:17:44:36:9a:cc:81:16:c8:23:90:39:a8:
         9c:b7:8e:34:2a:b6:ec:83:75:15:18:30:a2:a2:57:ab:17:62:
         3e:4b:4e:4e:0e:5e:8a:03:d4:20:53:25:ff:3c:c7:5b:2c:4e:
         46:b1:92:e5:40:82:1a:83:22:09:fb:85:cf:55:4a:ee:61:1b:
         61:e7:33:88:cd:78:f7:5a:cc:f8:f1:51:f2:d2:39:2b:8a:35:
         d4:65:1c:1e:36:a1:fe:dd:73:d6:cd:d1:eb:65:7c:cf:f0:32:
         65:1e:7e:74:f8:ad:44:17:8e:83:98:07:06:8f:d6:a5:04:b1:
         68:6d:14:c5:35:c4:8f:d5:8f:1c:23:0a:c0:90:87:38:27:a0:
         19:bf:a9:a4:c3:d9:84:2f:44:25:66:c4:5b:3e:d7:e5:4d:92:
         e4:a4:79:d0:5a:00:1f:f6:4f:49:26:ce:12:0e:24:89:02:6d:
         e8:b6:0f:08
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgICDAcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjIyMTkxMTAvBgNVBAUTKEQwRDJGNDVBNDZEMjY3NjYwMTRCNzg2MDE5QTA5QTgz
MzQ4NzNEQUQwHhcNMjYwNzAyMTkxOTQxWhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ2YjljZC1lNzI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmSIPVMQAj+JbfAZWvR0j7r+2rBFDIMGcK7VIu9xIgTrbj9FMO9vnaocpIq9z
ElHUPtImBEymlP3VvKYyV9S0oh+128D+njYC36HiihUuNBG+cCLauWOJm822INLr
YL8L8UsMviqJS4JwIaRtS//uPqUF7qnLvp2v7jNtIWata7A/Ll+w2CwcpMWnwWPZ
VSawRoN6RXIFjC25Dd4JVh0YuklmqOMlTe0U4tHT6H4iXr6nhbmNx9v0UtaKFXTA
bZ4ZhgR8Q8hC2W6xxKBL6JRdheDmlRZ2kteF71nkk71X5eMO/r1BR2Nx0vBHgRSX
UH2AFNZ50sr59ArMZsTxwJZLCQIDAQABo4ICfTCCAnkwHQYDVR0OBBYEFGeihrB2
MTDcYSnue6/99sQ1aaWaMB8GA1UdIwQYMBaAFNDS9FpG0mdmAUt4YBmgmoM0hz2t
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMjIxOS84MkZFODlDQzND
MzcxMUVBODczRTE0NjBDNEY5QUUwMi8wTkwwV2tiU1oyWUJTM2hnR2FDYWd6U0hQ
YTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBOTDBXa2JTWjJZQlMzaGdHYUNhZ3pTSFBhMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjIyMTkvODJGRTg5Q0MzQzM3MTFFQTg3M0UxNDYwQzRGOUFFMDIvQ0QxNDVEMjQ2
RTRFMTFFREJFMDJCMDY1QzRGOUFFMDIucm9hMDwGCCsGAQUFBwEHAQH/BC0wKzAa
BAIAATAUMAwDBAUxACADBAMxADADBAN1OvAwDQQCAAIwBwMFACQEtYAwDQYJKoZI
hvcNAQELBQADggEBAKdfRKTdilE++kUlKSH2kTLuW6SApR/ByKexreK4Yptk8S+c
zTWmmDmjNuWkk0t/6oAloSamim+V46cmBcsxqXuEC31wsIi+p2EmawWwahdENprM
gRbII5A5qJy3jjQqtuyDdRUYMKKiV6sXYj5LTk4OXooD1CBTJf88x1ssTkaxkuVA
ghqDIgn7hc9VSu5hG2HnM4jNePdazPjxUfLSOSuKNdRlHB42of7dc9bN0etlfM/w
MmUefnT4rUQXjoOYBwaP1qUEsWhtFMU1xI/VjxwjCsCQhzgnoBm/qaTD2YQvRCVm
xFs+1+VNkuSkedBaAB/2T0kmzhIOJIkCbei2Dwg=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:23:39 2026 by rpki-client