Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/8B097276C5F911EE8D0FDF82C4F9AE02.roa
File:                     8B097276C5F911EE8D0FDF82C4F9AE02.roa (raw, json)
Hash identifier:          O+F2f0VhvNnWnKbzy9esY0C22BqTbjq93BfHVqmsqRo=
Subject key identifier:   46:5A:73:DD:C8:E1:E3:45:24:73:23:09:92:A8:AA:63:CB:4E:C9:DD
Certificate issuer:       /CN=A913B018/serialNumber=B3E941A1C55D1483AB5791D9498750E3DDADEDCC
Certificate serial:       01CA
Authority key identifier: B3:E9:41:A1:C5:5D:14:83:AB:57:91:D9:49:87:50:E3:DD:AD:ED:CC
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/s-lBocVdFIOrV5HZSYdQ492t7cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/8B097276C5F911EE8D0FDF82C4F9AE02.roa
Signing time:             Sun 05 Jul 2026 14:22:11 +0000
ROA not before:           Sun 05 Jul 2026 14:22:10 +0000
ROA not after:            Wed 31 Mar 2027 00:00:00 +0000
asID:                     152297
IP address blocks:        157.10.32.0/23 maxlen: 23
                          157.10.32.0/24 maxlen: 24
                          157.10.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/s-lBocVdFIOrV5HZSYdQ492t7cw.crl
                          rsync://rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/s-lBocVdFIOrV5HZSYdQ492t7cw.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/s-lBocVdFIOrV5HZSYdQ492t7cw.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 04:44:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 458 (0x1ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913B018, serialNumber=B3E941A1C55D1483AB5791D9498750E3DDADEDCC
        Validity
            Not Before: Jul  5 14:22:10 2026 GMT
            Not After : Mar 31 00:00:00 2027 GMT
        Subject: CN=6a4a6892-ab8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fc:8f:19:81:cd:ac:b9:1f:e1:e8:06:db:99:
                    4f:5b:d3:18:09:35:63:75:33:a9:28:34:f6:62:a1:
                    8c:10:6e:f5:85:cc:dc:14:b3:8e:8d:36:d7:56:82:
                    ab:78:0d:94:cb:e1:de:f0:54:dc:ae:42:c4:d4:78:
                    cb:68:8c:f7:ee:30:9f:1b:bb:a7:c1:ae:1c:f9:49:
                    07:19:2f:62:aa:98:f0:e5:53:5f:c4:26:51:af:2a:
                    29:fc:d6:51:81:6d:59:b5:23:1c:e5:4f:34:2b:86:
                    c3:34:9e:ef:54:bb:93:77:e7:ba:5a:8f:e1:a6:91:
                    b6:97:15:8c:36:6b:c5:dd:29:42:53:a3:f6:e7:91:
                    b6:98:cb:85:e5:7e:4e:c8:fd:a2:00:3d:f1:a4:54:
                    ef:03:a4:57:2d:93:75:b9:e7:2c:7b:17:a3:3c:e3:
                    99:a4:06:d1:89:2a:85:a1:a6:db:5f:72:63:c5:96:
                    03:d9:ea:fd:69:98:85:de:3d:0e:c6:a7:d8:31:df:
                    bd:ad:0a:59:91:e3:5e:a1:45:15:75:55:f0:59:0f:
                    4f:c5:30:10:0a:83:ad:55:26:f1:5e:d6:2b:80:f0:
                    77:6a:cb:bb:a0:31:05:84:6a:95:50:0f:76:54:95:
                    33:f5:b1:72:d6:4a:69:20:6d:ed:a3:06:3e:dc:c6:
                    ed:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:5A:73:DD:C8:E1:E3:45:24:73:23:09:92:A8:AA:63:CB:4E:C9:DD
            X509v3 Authority Key Identifier:
                keyid:B3:E9:41:A1:C5:5D:14:83:AB:57:91:D9:49:87:50:E3:DD:AD:ED:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/s-lBocVdFIOrV5HZSYdQ492t7cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/s-lBocVdFIOrV5HZSYdQ492t7cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913B018/3079D812C5F611EEBE0B7960C4F9AE02/8B097276C5F911EE8D0FDF82C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:c0:37:d8:4c:6f:ad:a0:e7:1a:fc:65:c8:24:15:93:64:66:
         10:f8:4f:d2:9c:d4:e8:af:84:23:a1:84:aa:17:7b:51:82:18:
         41:23:86:27:f3:a7:c6:8a:ba:53:91:38:2f:2c:36:26:f0:f4:
         43:2b:14:60:76:a0:b4:a6:8f:19:65:64:61:bc:b1:fe:6a:7a:
         11:32:72:dc:56:ea:03:70:49:b9:00:a9:65:23:d7:92:3c:52:
         3e:79:61:50:d2:30:bb:28:64:22:c8:30:18:1d:a6:70:eb:d3:
         45:39:ac:13:fe:92:60:12:f9:75:37:55:18:6a:46:fd:55:2a:
         e4:e2:fe:79:d5:45:a9:c4:8d:c2:cb:6f:e2:aa:31:9e:4c:8d:
         b2:52:e9:06:f5:b0:f4:aa:a5:a3:89:db:61:df:61:15:8b:c1:
         66:ec:83:3a:7a:e0:11:37:81:d5:c0:40:5b:38:4d:c7:0b:b6:
         b3:42:ee:1e:bd:44:45:dc:e2:35:f0:77:b7:a9:80:71:29:48:
         c1:76:f5:53:46:1f:68:6c:d9:50:24:fa:8a:01:78:f8:f5:e3:
         ae:6d:fb:6d:83:47:71:86:c5:cd:5e:97:31:16:db:6c:78:c1:
         19:6d:03:91:29:ed:49:df:67:8e:49:36:08:08:df:00:47:94:
         08:90:25:c8
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAcowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0IwMTgxMTAvBgNVBAUTKEIzRTk0MUExQzU1RDE0ODNBQjU3OTFEOTQ5ODc1MEUz
RERBREVEQ0MwHhcNMjYwNzA1MTQyMjEwWhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRhNjg5Mi1hYjhhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvvyPGYHNrLkf4egG25lPW9MYCTVjdTOpKDT2YqGMEG71hczcFLOOjTbXVoKr
eA2Uy+He8FTcrkLE1HjLaIz37jCfG7unwa4c+UkHGS9iqpjw5VNfxCZRryop/NZR
gW1ZtSMc5U80K4bDNJ7vVLuTd+e6Wo/hppG2lxWMNmvF3SlCU6P255G2mMuF5X5O
yP2iAD3xpFTvA6RXLZN1uecsexejPOOZpAbRiSqFoabbX3JjxZYD2er9aZiF3j0O
xqfYMd+9rQpZkeNeoUUVdVXwWQ9PxTAQCoOtVSbxXtYrgPB3asu7oDEFhGqVUA92
VJUz9bFy1kppIG3towY+3MbtKQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFEZac93I
4eNFJHMjCZKoqmPLTsndMB8GA1UdIwQYMBaAFLPpQaHFXRSDq1eR2UmHUOPdre3M
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQjAxOC8zMDc5RDgxMkM1
RjYxMUVFQkUwQjc5NjBDNEY5QUUwMi9zLWxCb2NWZEZJT3JWNUhaU1lkUTQ5MnQ3
Y3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3MtbEJvY1ZkRklPclY1SFpTWWRRNDkydDdjdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0IwMTgvMzA3OUQ4MTJDNUY2MTFFRUJFMEI3OTYwQzRGOUFFMDIvOEIwOTcyNzZD
NUY5MTFFRThEMEZERjgyQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBnQogMA0GCSqGSIb3DQEBCwUAA4IBAQCCwDfYTG+toOca/GXIJBWT
ZGYQ+E/SnNTor4QjoYSqF3tRghhBI4Yn86fGirpTkTgvLDYm8PRDKxRgdqC0po8Z
ZWRhvLH+anoRMnLcVuoDcEm5AKllI9eSPFI+eWFQ0jC7KGQiyDAYHaZw69NFOawT
/pJgEvl1N1UYakb9VSrk4v551UWpxI3Cy2/iqjGeTI2yUukG9bD0qqWjidth32EV
i8Fm7IM6euARN4HVwEBbOE3HC7azQu4evURF3OI18He3qYBxKUjBdvVTRh9obNlQ
JPqKAXj49eOubfttg0dxhsXNXpcxFttseMEZbQORKe1J32eOSTYICN8AR5QIkCXI
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:19:51 2026 by rpki-client