Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DE5B018C8D8B11EBB959991DC4F9AE02.roa
File:                     DE5B018C8D8B11EBB959991DC4F9AE02.roa (raw, json)
Hash identifier:          Lykd4Rg3mqkn+7qbmbCuDzvDxGivrg96Zb3jE+3hd+c=
Subject key identifier:   88:79:53:55:CD:6D:6E:8A:05:BF:C0:77:71:AC:4E:AD:DB:97:25:98
Certificate issuer:       /CN=A9123AB4/serialNumber=386C5CB2D6E0EC6141AEB73F493521B0520A3CFA
Certificate serial:       1E15
Authority key identifier: 38:6C:5C:B2:D6:E0:EC:61:41:AE:B7:3F:49:35:21:B0:52:0A:3C:FA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DE5B018C8D8B11EBB959991DC4F9AE02.roa
Signing time:             Tue 30 Jun 2026 16:19:20 +0000
ROA not before:           Tue 30 Jun 2026 16:19:20 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     17477
IP address blocks:        203.28.58.0/23 maxlen: 24
                          203.28.58.0/24 maxlen: 24
                          203.28.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.crl
                          rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 13 Jul 2026 16:09:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7701 (0x1e15)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9123AB4, serialNumber=386C5CB2D6E0EC6141AEB73F493521B0520A3CFA
        Validity
            Not Before: Jun 30 16:19:20 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a43ec88-2f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:62:74:c2:e0:30:1d:77:29:c8:ce:be:f8:bd:
                    8a:28:12:76:64:2e:40:54:64:5a:04:96:50:68:3f:
                    3a:32:5c:d6:d5:6d:b0:43:1a:08:25:53:39:e6:4b:
                    1e:33:7d:b2:30:fb:20:b5:b9:48:57:25:c1:f3:22:
                    c1:0b:23:68:54:36:e6:b1:5e:ee:db:d3:ce:30:13:
                    ae:85:e8:99:35:d4:c8:da:aa:3a:4b:55:c1:55:c4:
                    e3:54:9b:65:d7:bf:2f:53:26:11:83:2e:fb:92:19:
                    3a:e1:3d:6c:8f:35:d8:ad:af:6d:74:95:22:ea:59:
                    96:e0:04:0a:f3:4c:9b:53:b7:7b:d9:3b:ba:b2:1d:
                    eb:0b:f0:3c:22:ba:a8:4a:31:51:e6:7f:71:80:74:
                    d3:10:ed:d4:5a:ac:58:92:d0:ce:92:6a:f2:1d:ae:
                    fd:02:1e:9b:b0:fe:cb:17:b4:61:05:ce:60:06:f4:
                    72:1d:d4:a5:45:16:f1:74:5d:52:e0:51:b2:72:38:
                    a1:61:46:c1:55:18:76:c7:cc:f3:ee:7e:59:08:4f:
                    87:b1:36:4e:66:56:ea:13:a5:e9:59:d0:ed:d2:da:
                    6b:c0:80:0e:03:07:dc:2a:e2:e5:ec:a1:ce:ba:47:
                    27:89:19:34:1a:9c:31:e8:ae:7c:d3:9b:bd:80:d3:
                    4d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:79:53:55:CD:6D:6E:8A:05:BF:C0:77:71:AC:4E:AD:DB:97:25:98
            X509v3 Authority Key Identifier:
                keyid:38:6C:5C:B2:D6:E0:EC:61:41:AE:B7:3F:49:35:21:B0:52:0A:3C:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/OGxcstbg7GFBrrc_STUhsFIKPPo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OGxcstbg7GFBrrc_STUhsFIKPPo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123AB4/1FB040A0B17411E68EC88518C4F9AE02/DE5B018C8D8B11EBB959991DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.28.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:af:69:79:74:86:92:a9:81:21:c6:a1:04:e0:1c:e8:58:d4:
         2b:d9:6d:33:99:3c:82:c1:52:55:f4:ff:c0:11:8c:d0:4e:ad:
         f6:6f:d8:d3:ff:fc:c0:a2:99:64:f6:10:75:02:b5:4c:06:3d:
         7c:8d:6d:af:ea:e6:54:1a:d4:87:c6:06:22:d4:22:53:d6:3c:
         16:1e:c7:36:db:d3:c0:6f:b9:8a:b2:fd:10:5c:a6:f2:93:68:
         53:20:56:e4:d7:fa:52:43:ba:df:d4:93:a6:5d:ae:54:a3:1b:
         ee:48:04:f8:fa:80:e7:85:a0:cd:75:64:74:9a:61:db:90:5b:
         00:7a:01:58:19:12:b2:5b:2a:32:d2:1a:37:67:2b:97:18:02:
         b0:60:64:29:e2:0c:d8:2a:04:a5:92:3d:03:cf:fa:5c:23:03:
         8c:ee:7f:8f:79:67:2c:4c:f0:bd:b8:52:3c:2d:8c:14:d8:20:
         df:be:30:68:6c:7a:ae:56:3a:3d:26:c5:c0:88:63:94:6c:d2:
         a4:b3:c3:77:61:54:6a:af:4d:44:4d:f6:a3:5f:a1:55:0a:a3:
         38:02:41:79:12:32:6f:24:c2:05:fd:47:a7:b6:43:73:01:19:
         91:48:4c:78:18:68:57:ae:85:95:e1:09:35:e4:a9:6b:78:aa:
         2a:a3:2b:c9
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICHhUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNBQjQxMTAvBgNVBAUTKDM4NkM1Q0IyRDZFMEVDNjE0MUFFQjczRjQ5MzUyMUIw
NTIwQTNDRkEwHhcNMjYwNjMwMTYxOTIwWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQzZWM4OC0yZjMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvWJ0wuAwHXcpyM6++L2KKBJ2ZC5AVGRaBJZQaD86MlzW1W2wQxoIJVM55kse
M32yMPsgtblIVyXB8yLBCyNoVDbmsV7u29POMBOuheiZNdTI2qo6S1XBVcTjVJtl
178vUyYRgy77khk64T1sjzXYra9tdJUi6lmW4AQK80ybU7d72Tu6sh3rC/A8Irqo
SjFR5n9xgHTTEO3UWqxYktDOkmryHa79Ah6bsP7LF7RhBc5gBvRyHdSlRRbxdF1S
4FGycjihYUbBVRh2x8zz7n5ZCE+HsTZOZlbqE6XpWdDt0tprwIAOAwfcKuLl7KHO
ukcniRk0Gpwx6K5805u9gNNNsQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFIh5U1XN
bW6KBb/Ad3GsTq3blyWYMB8GA1UdIwQYMBaAFDhsXLLW4OxhQa63P0k1IbBSCjz6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0FCNC8xRkIwNDBBMEIx
NzQxMUU2OEVDODg1MThDNEY5QUUwMi9PR3hjc3RiZzdHRkJycmNfU1RVaHNGSUtQ
UG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09HeGNzdGJnN0dGQnJyY19TVFVoc0ZJS1BQby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNBQjQvMUZCMDQwQTBCMTc0MTFFNjhFQzg4NTE4QzRGOUFFMDIvREU1QjAxOEM4
RDhCMTFFQkI5NTk5OTFEQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQByxw6MA0GCSqGSIb3DQEBCwUAA4IBAQClr2l5dIaSqYEhxqEE4Bzo
WNQr2W0zmTyCwVJV9P/AEYzQTq32b9jT//zAoplk9hB1ArVMBj18jW2v6uZUGtSH
xgYi1CJT1jwWHsc229PAb7mKsv0QXKbyk2hTIFbk1/pSQ7rf1JOmXa5UoxvuSAT4
+oDnhaDNdWR0mmHbkFsAegFYGRKyWyoy0ho3ZyuXGAKwYGQp4gzYKgSlkj0Dz/pc
IwOM7n+PeWcsTPC9uFI8LYwU2CDfvjBobHquVjo9JsXAiGOUbNKks8N3YVRqr01E
TfajX6FVCqM4AkF5EjJvJMIF/UentkNzARmRSEx4GGhXroWV4Qk15KlreKoqoyvJ
-----END CERTIFICATE-----
Generated at Tue Jul 7 03:35:54 2026 by rpki-client