Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/A3906CD61E0211E9862ECE3FC4F9AE02.roa
File:                     A3906CD61E0211E9862ECE3FC4F9AE02.roa (raw, json)
Hash identifier:          r52BKS+Xcl8SH0JopRFL5Gk/ErCXqurmOgL8GXPS8N0=
Subject key identifier:   D9:5A:AA:15:68:0D:63:B7:23:A4:0B:2A:99:EC:FF:06:0C:75:19:EC
Certificate issuer:       /CN=A9137ABC/serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
Certificate serial:       3BE3
Authority key identifier: 61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/A3906CD61E0211E9862ECE3FC4F9AE02.roa
Signing time:             Mon 06 Jul 2026 15:10:57 +0000
ROA not before:           Mon 06 Jul 2026 15:10:57 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     133956
IP address blocks:        110.170.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl
                          rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15331 (0x3be3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137ABC, serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
        Validity
            Not Before: Jul  6 15:10:57 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a4bc581-dc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b3:79:c0:f1:f1:6e:4f:6b:4d:19:78:95:2f:
                    e5:e1:cc:1c:6c:f0:9c:bb:b9:ed:20:b6:de:b2:a8:
                    a6:5d:37:90:5b:a4:fe:7f:0a:30:2e:6c:16:10:28:
                    77:82:fb:d4:f5:0a:34:d9:b2:6c:50:ea:6d:2d:02:
                    a9:d4:72:18:d5:30:a7:9f:4e:4f:48:af:f0:66:0a:
                    75:74:1b:91:39:9b:f8:94:00:a4:ce:fc:ce:42:58:
                    5e:22:c1:1f:8c:ff:fb:21:23:72:b7:8c:be:2f:74:
                    fe:c8:34:2b:01:de:2d:05:2c:0a:d4:bd:72:49:27:
                    39:a9:c5:15:83:bc:9f:99:d2:b0:3c:db:52:8b:34:
                    16:45:4f:5c:58:71:81:5a:b5:99:a3:7b:8d:3f:3e:
                    c8:ba:7e:c0:cf:39:2b:a1:19:9e:e6:e4:82:89:e2:
                    7f:c7:6f:33:8e:27:d8:a4:a5:a0:9a:26:f9:ac:70:
                    94:de:d2:1d:88:c4:6f:f9:30:c5:a5:23:e3:29:f0:
                    97:28:91:6a:be:a6:fa:b1:94:5d:c8:9d:3d:47:d0:
                    3a:82:16:ab:43:cc:01:25:02:c7:20:6b:66:7d:0f:
                    3c:73:13:3d:c7:3d:f7:a5:60:d2:40:81:34:df:ae:
                    63:51:87:7c:1c:24:8a:14:22:46:02:8e:f2:ff:c1:
                    3a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5A:AA:15:68:0D:63:B7:23:A4:0B:2A:99:EC:FF:06:0C:75:19:EC
            X509v3 Authority Key Identifier:
                keyid:61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/A3906CD61E0211E9862ECE3FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.170.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:be:0c:c2:2c:5c:fd:73:6a:61:10:14:cc:98:ee:10:f9:ad:
         2c:38:60:77:db:d4:eb:86:71:f5:c1:8f:68:5c:44:cd:7b:77:
         69:84:6c:57:32:07:18:09:b2:52:81:9b:37:87:a6:81:f3:33:
         d0:d6:b3:04:de:28:9a:cb:29:9b:33:17:f6:a5:42:29:bc:04:
         2c:05:f6:ca:e5:e9:3d:2d:4e:3f:69:8d:3b:e2:be:0a:d9:11:
         a8:26:6f:0e:da:c7:4a:a1:af:5d:1d:59:72:b4:d0:20:03:a6:
         f7:03:f6:2d:16:8f:d7:6f:ec:e3:f9:1c:eb:f7:22:b4:4d:fb:
         51:22:61:fb:35:45:c0:fc:a5:9e:84:a1:1b:83:64:98:29:53:
         6f:b4:5e:74:fb:a1:a4:ed:ec:34:b8:7e:7f:76:76:49:06:21:
         99:89:d5:ce:4b:72:b7:b2:a7:53:31:90:13:1c:a6:8a:8b:12:
         c7:7e:78:10:83:26:f4:80:62:26:2b:26:2c:2c:d8:4f:47:42:
         31:7a:97:39:e2:c0:fb:ab:05:59:1b:22:05:d2:f2:1e:1c:09:
         a4:13:70:0d:ee:1f:53:0b:8b:24:d4:00:1b:55:f5:39:e4:e7:
         23:81:d1:c2:ea:5b:39:48:c6:04:29:03:f6:e8:33:1b:90:2a:
         f5:9c:db:f7
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICO+MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBQkMxMTAvBgNVBAUTKDYxQkYzRUQ0QzNCRkJDMDkxNkVGOTQ4MEFBRkYyMjJB
NDM3QUYwMkMwHhcNMjYwNzA2MTUxMDU3WhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRiYzU4MS1kYzFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsbN5wPHxbk9rTRl4lS/l4cwcbPCcu7ntILbesqimXTeQW6T+fwowLmwWECh3
gvvU9Qo02bJsUOptLQKp1HIY1TCnn05PSK/wZgp1dBuROZv4lACkzvzOQlheIsEf
jP/7ISNyt4y+L3T+yDQrAd4tBSwK1L1ySSc5qcUVg7yfmdKwPNtSizQWRU9cWHGB
WrWZo3uNPz7Iun7AzzkroRme5uSCieJ/x28zjifYpKWgmib5rHCU3tIdiMRv+TDF
pSPjKfCXKJFqvqb6sZRdyJ09R9A6gharQ8wBJQLHIGtmfQ88cxM9xz33pWDSQIE0
365jUYd8HCSKFCJGAo7y/8E6gQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFNlaqhVo
DWO3I6QLKpns/wYMdRnsMB8GA1UdIwQYMBaAFGG/PtTDv7wJFu+UgKr/IipDevAs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FCQy83MTNEOUZCMDFE
NzgxMUUyODI4NjhEQzQwOEIwMkNEMi9ZYjgtMU1PX3ZBa1c3NVNBcXY4aUtrTjY4
Q3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1liOC0xTU9fdkFrVzc1U0FxdjhpS2tONjhDdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBQkMvNzEzRDlGQjAxRDc4MTFFMjgyODY4REM0MDhCMDJDRDIvQTM5MDZDRDYx
RTAyMTFFOTg2MkVDRTNGQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAbqqZMA0GCSqGSIb3DQEBCwUAA4IBAQBJvgzCLFz9c2phEBTMmO4Q
+a0sOGB329TrhnH1wY9oXETNe3dphGxXMgcYCbJSgZs3h6aB8zPQ1rME3iiayymb
Mxf2pUIpvAQsBfbK5ek9LU4/aY074r4K2RGoJm8O2sdKoa9dHVlytNAgA6b3A/Yt
Fo/Xb+zj+Rzr9yK0TftRImH7NUXA/KWehKEbg2SYKVNvtF50+6Gk7ew0uH5/dnZJ
BiGZidXOS3K3sqdTMZATHKaKixLHfngQgyb0gGImKyYsLNhPR0Ixepc54sD7qwVZ
GyIF0vIeHAmkE3AN7h9TC4sk1AAbVfU55OcjgdHC6ls5SMYEKQP26DMbkCr1nNv3
-----END CERTIFICATE-----
Generated at Sat Jul 18 08:21:35 2026 by rpki-client