Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DD9C07828D8B11EBB959991DC4F9AE02.roa
File:                     DD9C07828D8B11EBB959991DC4F9AE02.roa (raw, json)
Hash identifier:          rDG/L5XYbFUKmiozI9qRsyFdyitUC4I0rBe0q3fISXU=
Subject key identifier:   C1:A3:96:58:01:15:E2:2F:16:0B:AE:88:20:14:94:13:A6:C0:F3:39
Certificate issuer:       /CN=A9123AB4/serialNumber=386C5CB2D6E0EC6141AEB73F493521B0520A3CFA
Certificate serial:       1E14
Authority key identifier: 38:6C:5C:B2:D6:E0:EC:61:41:AE:B7:3F:49:35:21:B0:52:0A:3C:FA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DD9C07828D8B11EBB959991DC4F9AE02.roa
Signing time:             Tue 30 Jun 2026 16:19:18 +0000
ROA not before:           Tue 30 Jun 2026 16:19:18 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     135104
IP address blocks:        203.28.58.0/23 maxlen: 29
                          203.28.58.152/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.crl
                          rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 13 Jul 2026 16:09:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7700 (0x1e14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9123AB4, serialNumber=386C5CB2D6E0EC6141AEB73F493521B0520A3CFA
        Validity
            Not Before: Jun 30 16:19:18 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a43ec85-bb4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8c:12:48:00:c1:a7:ef:26:97:80:ae:51:e4:
                    8f:e2:a4:a9:d8:a6:cd:a6:d7:21:93:5b:8b:34:15:
                    8d:c2:03:a5:42:32:e6:80:7f:2f:d0:c5:4b:52:62:
                    00:e2:a6:c1:65:46:7e:29:d4:18:ff:64:b6:61:9d:
                    d0:4f:8c:2c:eb:b8:8e:4c:fb:c7:ef:d9:24:2d:6b:
                    dc:24:ec:3f:52:98:b5:34:96:83:a9:2c:5d:f5:95:
                    01:e7:18:a7:ea:68:b1:cf:3d:52:40:13:00:33:c8:
                    b9:ef:25:d2:ff:54:8a:6e:f3:e2:bc:ad:f6:1d:13:
                    9a:fa:22:ad:6a:f2:dd:04:bb:81:3c:7f:13:bd:a9:
                    de:02:5b:54:af:d7:6c:e7:df:7b:f5:75:03:26:57:
                    1a:cf:93:24:9c:c5:e3:54:3c:06:64:8c:88:27:eb:
                    88:a6:25:be:e6:69:22:ba:ed:b4:d2:b4:66:da:db:
                    d7:09:34:0d:23:93:3a:87:f9:24:a0:35:79:87:41:
                    8f:67:7b:d5:15:68:2a:c1:e0:a1:48:b8:c0:1e:4e:
                    f1:76:f9:3f:a2:17:bc:2a:de:76:f1:08:82:d8:68:
                    87:51:ee:5a:c3:9a:cd:84:5e:29:51:63:ed:e3:69:
                    8c:cb:a1:50:f7:2f:70:11:a1:37:21:4a:68:5b:17:
                    df:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A3:96:58:01:15:E2:2F:16:0B:AE:88:20:14:94:13:A6:C0:F3:39
            X509v3 Authority Key Identifier:
                keyid:38:6C:5C:B2:D6:E0:EC:61:41:AE:B7:3F:49:35:21:B0:52:0A:3C:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DD9C07828D8B11EBB959991DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.28.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:b3:59:8a:58:65:38:77:1a:1c:b8:72:5b:8c:c2:bb:37:ca:
         7e:91:c9:9d:c9:3b:42:c3:1b:67:42:ac:b1:0c:be:df:d2:43:
         f7:19:ce:85:bf:fc:7c:bc:c2:57:9d:1d:5e:e0:53:df:01:19:
         25:03:8e:82:7d:93:ab:91:24:07:1a:c0:74:a8:86:8c:0b:5f:
         aa:19:67:59:85:6e:61:48:57:4e:be:88:86:14:08:6c:f9:7b:
         b7:45:c6:a8:5b:61:e9:bc:3e:a5:dc:b5:c1:39:63:1d:36:3b:
         c4:59:e1:78:5c:57:05:82:9e:dd:60:27:15:fd:79:40:05:c9:
         6f:04:c9:99:d3:6d:98:bf:9b:f2:5a:2b:f8:c5:77:d6:cf:75:
         65:a3:70:81:fb:77:e8:3b:ac:fe:32:84:6f:11:d4:2f:e4:77:
         34:2c:d3:6d:41:47:d5:cc:cd:86:e3:e3:7a:a6:83:3e:96:23:
         c0:71:78:39:e1:66:a8:26:80:0a:06:67:79:8e:3a:ce:a5:fd:
         d1:23:20:7a:e7:da:d3:02:b7:8c:2c:20:aa:4a:81:a3:d1:cd:
         92:ac:19:9b:37:04:34:d0:f0:49:54:05:14:96:4f:34:fb:f7:
         1b:f1:da:3d:fe:ed:af:46:64:3f:ec:a8:8a:ca:de:e4:87:98:
         e6:02:ab:94
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICHhQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNBQjQxMTAvBgNVBAUTKDM4NkM1Q0IyRDZFMEVDNjE0MUFFQjczRjQ5MzUyMUIw
NTIwQTNDRkEwHhcNMjYwNjMwMTYxOTE4WhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQzZWM4NS1iYjRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArIwSSADBp+8ml4CuUeSP4qSp2KbNptchk1uLNBWNwgOlQjLmgH8v0MVLUmIA
4qbBZUZ+KdQY/2S2YZ3QT4ws67iOTPvH79kkLWvcJOw/Upi1NJaDqSxd9ZUB5xin
6mixzz1SQBMAM8i57yXS/1SKbvPivK32HROa+iKtavLdBLuBPH8TvaneAltUr9ds
59979XUDJlcaz5MknMXjVDwGZIyIJ+uIpiW+5mkiuu200rRm2tvXCTQNI5M6h/kk
oDV5h0GPZ3vVFWgqweChSLjAHk7xdvk/ohe8Kt528QiC2GiHUe5aw5rNhF4pUWPt
42mMy6FQ9y9wEaE3IUpoWxffdQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFMGjllgB
FeIvFguuiCAUlBOmwPM5MB8GA1UdIwQYMBaAFDhsXLLW4OxhQa63P0k1IbBSCjz6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0FCNC8xRkIwNDBBMEIx
NzQxMUU2OEVDODg1MThDNEY5QUUwMi9PR3hjc3RiZzdHRkJycmNfU1RVaHNGSUtQ
UG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09HeGNzdGJnN0dGQnJyY19TVFVoc0ZJS1BQby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNBQjQvMUZCMDQwQTBCMTc0MTFFNjhFQzg4NTE4QzRGOUFFMDIvREQ5QzA3ODI4
RDhCMTFFQkI5NTk5OTFEQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQByxw6MA0GCSqGSIb3DQEBCwUAA4IBAQBQs1mKWGU4dxocuHJbjMK7
N8p+kcmdyTtCwxtnQqyxDL7f0kP3Gc6Fv/x8vMJXnR1e4FPfARklA46CfZOrkSQH
GsB0qIaMC1+qGWdZhW5hSFdOvoiGFAhs+Xu3RcaoW2HpvD6l3LXBOWMdNjvEWeF4
XFcFgp7dYCcV/XlABclvBMmZ022Yv5vyWiv4xXfWz3Vlo3CB+3foO6z+MoRvEdQv
5Hc0LNNtQUfVzM2G4+N6poM+liPAcXg54WaoJoAKBmd5jjrOpf3RIyB659rTAreM
LCCqSoGj0c2SrBmbNwQ00PBJVAUUlk80+/cb8do9/u2vRmQ/7KiKyt7kh5jmAquU
-----END CERTIFICATE-----
Generated at Tue Jul 7 05:39:06 2026 by rpki-client