Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/DAF98AAA20F111EC89E7D668C4F9AE02.roa
File:                     DAF98AAA20F111EC89E7D668C4F9AE02.roa (raw, json)
Hash identifier:          GPYE5Y2HwgNl8OKwBNP753iF7mxnvwMFHfPxqy4O8EY=
Subject key identifier:   32:5B:1B:3F:17:8C:4E:E8:1C:60:89:7A:BD:C8:A5:97:06:1E:65:98
Certificate issuer:       /CN=A912CDCB/serialNumber=BA160569B915E24C6AE6C24894D04F9D4A391692
Certificate serial:       059A
Authority key identifier: BA:16:05:69:B9:15:E2:4C:6A:E6:C2:48:94:D0:4F:9D:4A:39:16:92
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uhYFabkV4kxq5sJIlNBPnUo5FpI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/DAF98AAA20F111EC89E7D668C4F9AE02.roa
Signing time:             Mon 08 Jun 2026 23:27:37 +0000
ROA not before:           Mon 08 Jun 2026 23:27:37 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     45824
IP address blocks:        203.55.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/uhYFabkV4kxq5sJIlNBPnUo5FpI.crl
                          rsync://rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/uhYFabkV4kxq5sJIlNBPnUo5FpI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uhYFabkV4kxq5sJIlNBPnUo5FpI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 23:30:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1434 (0x59a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912CDCB, serialNumber=BA160569B915E24C6AE6C24894D04F9D4A391692
        Validity
            Not Before: Jun  8 23:27:37 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a274fe9-8b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:0f:fa:1c:c2:7b:a1:fb:92:71:ea:20:5d:
                    97:1f:16:34:e3:b9:d2:c4:6e:4f:04:cd:c7:69:e4:
                    3a:b4:a2:83:7c:6d:82:7f:92:2e:e5:a2:6c:3b:6b:
                    74:ba:29:89:a0:d5:5a:4f:a9:e4:ca:24:71:d6:d0:
                    58:88:2c:84:62:b1:1c:b4:82:e2:93:81:f9:2c:41:
                    ce:ed:03:b7:a1:38:54:ad:b7:c2:61:3b:1e:2e:41:
                    c1:d3:1d:34:1a:5f:1a:a4:fe:36:5c:ee:b7:18:f2:
                    a0:dc:59:46:39:af:47:96:61:d2:cd:91:2f:b1:a0:
                    b0:9b:3a:de:f4:97:91:34:3d:ef:13:1a:8f:56:51:
                    eb:a7:16:6c:a7:fe:ce:e3:69:88:76:80:a2:ef:2a:
                    56:b8:61:34:5e:91:37:fd:e7:17:a6:9c:21:97:da:
                    46:e4:13:25:37:6e:be:3e:78:91:86:64:41:e8:70:
                    d3:3d:7c:57:2a:34:4e:9a:89:94:9b:a4:d5:2b:e1:
                    1b:66:dc:02:ef:e4:3d:16:ef:c0:04:9e:1c:dc:41:
                    66:23:a5:53:2d:a0:3c:d9:56:c6:db:c3:3e:bf:3d:
                    30:96:0b:ac:cc:39:7c:3f:35:22:17:f6:1a:eb:10:
                    19:47:f1:2c:4f:72:a7:9f:72:49:bf:fc:74:c7:76:
                    e3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5B:1B:3F:17:8C:4E:E8:1C:60:89:7A:BD:C8:A5:97:06:1E:65:98
            X509v3 Authority Key Identifier:
                keyid:BA:16:05:69:B9:15:E2:4C:6A:E6:C2:48:94:D0:4F:9D:4A:39:16:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/uhYFabkV4kxq5sJIlNBPnUo5FpI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uhYFabkV4kxq5sJIlNBPnUo5FpI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912CDCB/8A82094420EC11EC9D5D313BC4F9AE02/DAF98AAA20F111EC89E7D668C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.55.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:a8:b2:f6:5a:a9:b6:b1:96:e4:a0:32:57:39:e3:60:c0:6c:
         8e:25:3f:0a:ec:2d:b4:0a:2a:54:9f:0f:1f:f1:6e:f3:83:1b:
         00:b8:5b:27:3c:39:8b:02:63:eb:ec:61:c5:39:12:23:5e:4d:
         02:a3:32:96:38:73:80:37:1b:99:9b:c0:e0:3c:a8:d5:46:eb:
         6d:eb:f1:4e:b5:96:6f:37:c4:ee:28:7e:7b:4b:84:0f:b0:5c:
         5d:72:d5:98:da:b3:70:fb:4a:41:eb:0a:fa:6b:4d:6d:49:91:
         40:8a:b5:d1:6e:81:2e:f7:d7:cc:94:8f:0e:4f:a7:1c:b0:4e:
         7b:a7:34:0e:85:51:95:1d:f8:f7:46:d1:0d:7e:d6:cd:31:f9:
         a8:08:a6:74:8f:19:26:db:68:41:b9:f3:52:a3:55:85:b6:77:
         03:e9:bb:aa:a9:fe:b2:6d:55:91:9a:e2:83:bf:54:86:16:0d:
         dd:05:8e:4e:da:b8:99:d5:98:92:3d:80:56:80:0e:bc:48:6d:
         9c:42:d6:2d:48:73:c0:0e:c5:5b:00:46:82:97:ad:34:ad:54:
         09:f9:49:c0:a4:2f:86:9d:dd:b3:03:24:a9:08:75:af:70:d2:
         7e:0a:c9:c3:e6:62:dc:db:ff:a1:8f:de:59:f2:d5:4a:ec:70:
         d7:d8:91:a6
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICBZowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkNEQ0IxMTAvBgNVBAUTKEJBMTYwNTY5QjkxNUUyNEM2QUU2QzI0ODk0RDA0RjlE
NEEzOTE2OTIwHhcNMjYwNjA4MjMyNzM3WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTI3NGZlOS04YjJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAztcP+hzCe6H7knHqIF2XHxY047nSxG5PBM3HaeQ6tKKDfG2Cf5Iu5aJsO2t0
uimJoNVaT6nkyiRx1tBYiCyEYrEctILik4H5LEHO7QO3oThUrbfCYTseLkHB0x00
Gl8apP42XO63GPKg3FlGOa9HlmHSzZEvsaCwmzre9JeRND3vExqPVlHrpxZsp/7O
42mIdoCi7ypWuGE0XpE3/ecXppwhl9pG5BMlN26+PniRhmRB6HDTPXxXKjROmomU
m6TVK+EbZtwC7+Q9Fu/ABJ4c3EFmI6VTLaA82VbG28M+vz0wlguszDl8PzUiF/Ya
6xAZR/EsT3Knn3JJv/x0x3bjKwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFDJbGz8X
jE7oHGCJer3IpZcGHmWYMB8GA1UdIwQYMBaAFLoWBWm5FeJMaubCSJTQT51KORaS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQ0RDQi84QTgyMDk0NDIw
RUMxMUVDOUQ1RDMxM0JDNEY5QUUwMi91aFlGYWJrVjRreHE1c0pJbE5CUG5VbzVG
cEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VoWUZhYmtWNGt4cTVzSklsTkJQblVvNUZwSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkNEQ0IvOEE4MjA5NDQyMEVDMTFFQzlENUQzMTNCQzRGOUFFMDIvREFGOThBQUEy
MEYxMTFFQzg5RTdENjY4QzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAyzfFMA0GCSqGSIb3DQEBCwUAA4IBAQAzqLL2Wqm2sZbkoDJXOeNg
wGyOJT8K7C20CipUnw8f8W7zgxsAuFsnPDmLAmPr7GHFORIjXk0CozKWOHOANxuZ
m8DgPKjVRutt6/FOtZZvN8TuKH57S4QPsFxdctWY2rNw+0pB6wr6a01tSZFAirXR
boEu99fMlI8OT6ccsE57pzQOhVGVHfj3RtENftbNMfmoCKZ0jxkm22hBufNSo1WF
tncD6buqqf6ybVWRmuKDv1SGFg3dBY5O2riZ1ZiSPYBWgA68SG2cQtYtSHPADsVb
AEaCl600rVQJ+UnApC+Gnd2zAySpCHWvcNJ+CsnD5mLc2/+hj95Z8tVK7HDX2JGm
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:23:23 2026 by rpki-client