Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/A20C3500BE6811EEBFF35870C4F9AE02.roa
File:                     A20C3500BE6811EEBFF35870C4F9AE02.roa (raw, json)
Hash identifier:          ZoAZdnIjhPNhfvvjzIwikys50Arhr1asUkA5epIVYGc=
Subject key identifier:   08:1E:E5:5E:53:C0:46:27:86:BF:D5:63:6A:83:F0:0A:D0:9A:A6:94
Certificate issuer:       /CN=A913C07A/serialNumber=30F0DB82D58F583E8488379BA00D35ACB3526110
Certificate serial:       01D9
Authority key identifier: 30:F0:DB:82:D5:8F:58:3E:84:88:37:9B:A0:0D:35:AC:B3:52:61:10
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MPDbgtWPWD6EiDeboA01rLNSYRA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/A20C3500BE6811EEBFF35870C4F9AE02.roa
Signing time:             Fri 03 Jul 2026 04:31:34 +0000
ROA not before:           Fri 03 Jul 2026 04:31:34 +0000
ROA not after:            Sun 01 Nov 2026 00:00:00 +0000
asID:                     152447
IP address blocks:        2401:7ae0::/32 maxlen: 32
                          2401:7ae0::/36 maxlen: 36
                          2401:7ae0:4000::/36 maxlen: 36
                          2401:7ae0:4003::/48 maxlen: 48
                          2401:7ae0:8000::/36 maxlen: 36
                          2401:7ae0:c000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/MPDbgtWPWD6EiDeboA01rLNSYRA.crl
                          rsync://rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/MPDbgtWPWD6EiDeboA01rLNSYRA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MPDbgtWPWD6EiDeboA01rLNSYRA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 04:40:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 473 (0x1d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913C07A, serialNumber=30F0DB82D58F583E8488379BA00D35ACB3526110
        Validity
            Not Before: Jul  3 04:31:34 2026 GMT
            Not After : Nov  1 00:00:00 2026 GMT
        Subject: CN=6a473b26-5f46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ef:c2:bd:25:6d:39:22:ff:41:3f:f3:dd:2e:
                    e8:f0:e5:23:cf:e3:4a:4a:ab:05:2e:bd:86:64:80:
                    39:5d:22:73:b9:70:d0:c6:8b:f1:d3:2c:9e:ad:3d:
                    e9:92:f2:84:3e:f5:80:8b:70:77:25:9c:62:66:df:
                    eb:13:d9:fa:7a:df:29:2c:ff:9e:e2:ae:23:9b:c3:
                    3c:6f:7c:71:eb:a3:a4:cc:0c:3c:96:89:22:d5:d5:
                    4b:b2:40:27:c8:89:bd:2d:dc:b5:86:35:35:50:4c:
                    1b:70:29:47:48:60:99:d5:2e:1f:a4:50:93:2e:c6:
                    f2:bb:99:77:28:a2:f8:5a:8e:1a:26:18:22:e6:e2:
                    0f:1c:68:2c:fe:31:10:84:6e:a9:e9:77:38:16:0e:
                    a8:31:d2:6c:63:76:c5:c3:ec:15:e7:72:c7:b8:21:
                    c4:2e:03:b8:fd:99:71:fe:42:a8:3f:49:42:bd:a8:
                    c4:36:37:c7:01:f4:ae:db:b3:0e:54:ff:bb:49:ee:
                    bb:d4:55:ae:4e:49:37:5c:55:d9:9d:c9:dc:ce:bf:
                    37:50:16:37:07:e2:5b:8d:4c:40:a8:9a:bd:cb:18:
                    ee:bd:12:02:13:62:ef:5f:29:14:85:d4:15:fc:23:
                    61:ff:fc:02:d2:b5:cc:69:71:fb:c9:5a:a1:da:3a:
                    08:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1E:E5:5E:53:C0:46:27:86:BF:D5:63:6A:83:F0:0A:D0:9A:A6:94
            X509v3 Authority Key Identifier:
                keyid:30:F0:DB:82:D5:8F:58:3E:84:88:37:9B:A0:0D:35:AC:B3:52:61:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/MPDbgtWPWD6EiDeboA01rLNSYRA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MPDbgtWPWD6EiDeboA01rLNSYRA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913C07A/FB182998BE6711EEB33C6D6EC4F9AE02/A20C3500BE6811EEBFF35870C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:7ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:5a:d6:7a:a7:83:aa:22:57:e4:64:bc:14:7a:7d:6d:f8:1a:
         8b:b7:8b:f6:5f:2e:db:8c:d9:65:dd:30:5c:99:4b:5b:02:90:
         67:9b:70:3e:3b:32:36:5c:4b:0e:3a:77:14:ae:7a:6e:38:e4:
         a3:1d:6e:fb:f5:f6:95:dd:14:3c:7e:2f:09:f3:1d:91:2d:06:
         8f:98:23:db:0b:43:57:05:56:d6:8d:b5:ca:c2:94:7b:6f:25:
         5a:cb:62:bc:ba:7e:d2:af:60:37:ce:b4:5a:92:87:05:12:c6:
         75:f2:58:65:ec:f7:1c:98:9b:d8:de:e7:4b:2a:26:46:f2:de:
         b1:16:26:5b:b0:92:4d:83:03:fa:be:da:ce:c3:b1:d8:bd:02:
         91:82:1d:89:00:6b:62:ea:bf:9e:0f:d5:0c:c7:ca:43:f3:31:
         79:ba:0b:b7:a3:a7:ae:8f:ed:84:10:57:fb:e3:9a:94:dd:a9:
         b9:dc:f6:5e:b2:60:8f:84:71:67:82:fd:52:96:de:37:8b:8d:
         8f:82:d5:68:a8:b7:07:bf:89:76:8e:00:6c:93:7f:b1:e6:fd:
         a4:7d:8c:6f:35:d1:63:4f:4c:41:37:d0:6c:60:bf:5c:be:2d:
         e1:ec:f7:c2:f4:ab:c7:2e:8d:ec:82:84:fc:36:39:22:fd:fc:
         2f:2a:3d:7f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgICAdkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0MwN0ExMTAvBgNVBAUTKDMwRjBEQjgyRDU4RjU4M0U4NDg4Mzc5QkEwMEQzNUFD
QjM1MjYxMTAwHhcNMjYwNzAzMDQzMTM0WhcNMjYxMTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3M2IyNi01ZjQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzu/CvSVtOSL/QT/z3S7o8OUjz+NKSqsFLr2GZIA5XSJzuXDQxovx0yyerT3p
kvKEPvWAi3B3JZxiZt/rE9n6et8pLP+e4q4jm8M8b3xx66OkzAw8loki1dVLskAn
yIm9Ldy1hjU1UEwbcClHSGCZ1S4fpFCTLsbyu5l3KKL4Wo4aJhgi5uIPHGgs/jEQ
hG6p6Xc4Fg6oMdJsY3bFw+wV53LHuCHELgO4/Zlx/kKoP0lCvajENjfHAfSu27MO
VP+7Se671FWuTkk3XFXZncnczr83UBY3B+JbjUxAqJq9yxjuvRICE2LvXykUhdQV
/CNh//wC0rXMaXH7yVqh2joI+wIDAQABo4ICYTCCAl0wHQYDVR0OBBYEFAge5V5T
wEYnhr/VY2qD8ArQmqaUMB8GA1UdIwQYMBaAFDDw24LVj1g+hIg3m6ANNayzUmEQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQzA3QS9GQjE4Mjk5OEJF
NjcxMUVFQjMzQzZENkVDNEY5QUUwMi9NUERiZ3RXUFdENkVpRGVib0EwMXJMTlNZ
UkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01QRGJndFdQV0Q2RWlEZWJvQTAxckxOU1lSQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0MwN0EvRkIxODI5OThCRTY3MTFFRUIzM0M2RDZFQzRGOUFFMDIvQTIwQzM1MDBC
RTY4MTFFRUJGRjM1ODcwQzRGOUFFMDIucm9hMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAF64DANBgkqhkiG9w0BAQsFAAOCAQEAC1rWeqeDqiJX5GS8FHp9
bfgai7eL9l8u24zZZd0wXJlLWwKQZ5twPjsyNlxLDjp3FK56bjjkox1u+/X2ld0U
PH4vCfMdkS0Gj5gj2wtDVwVW1o21ysKUe28lWstivLp+0q9gN860WpKHBRLGdfJY
Zez3HJib2N7nSyomRvLesRYmW7CSTYMD+r7azsOx2L0CkYIdiQBrYuq/ng/VDMfK
Q/MxeboLt6Onro/thBBX++OalN2pudz2XrJgj4RxZ4L9UpbeN4uNj4LVaKi3B7+J
do4AbJN/seb9pH2MbzXRY09MQTfQbGC/XL4t4ez3wvSrxy6N7IKE/DY5Iv38Lyo9
fw==
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:23:12 2026 by rpki-client