Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/C21D3A065B7E11F0A8B76B2EC4F9AE02.roa
File:                     C21D3A065B7E11F0A8B76B2EC4F9AE02.roa (raw, json)
Hash identifier:          XGpY3RP8rp7DjJ1Txu21meaiyAARXZvjCzho1tEWn3o=
Subject key identifier:   F9:2C:73:71:62:44:38:00:B2:30:38:CF:FD:F3:2F:6D:92:BD:4F:16
Certificate issuer:       /CN=A9140E66/serialNumber=DA547ED6928AAD1ECFB6847A1B07432BD87B19EF
Certificate serial:       0D3E
Authority key identifier: DA:54:7E:D6:92:8A:AD:1E:CF:B6:84:7A:1B:07:43:2B:D8:7B:19:EF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/C21D3A065B7E11F0A8B76B2EC4F9AE02.roa
Signing time:             Wed 24 Jun 2026 18:22:03 +0000
ROA not before:           Wed 24 Jun 2026 18:22:03 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     132898
IP address blocks:        103.27.216.0/22 maxlen: 24
                          2407:7f00::/32 maxlen: 32
                          2407:7f00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.crl
                          rsync://rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 18:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3390 (0xd3e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9140E66, serialNumber=DA547ED6928AAD1ECFB6847A1B07432BD87B19EF
        Validity
            Not Before: Jun 24 18:22:03 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a3c204a-6bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:81:57:ac:bc:93:66:29:19:c3:36:30:e3:07:
                    2c:63:2e:65:f8:bf:f2:a4:e3:b3:f1:02:78:4d:98:
                    35:29:f3:ea:ba:06:85:92:fa:66:05:24:23:99:05:
                    46:1d:2d:7b:a3:79:97:0c:93:a2:af:69:11:21:af:
                    a8:f6:fe:86:d4:5f:67:ab:a4:2c:66:12:98:ff:78:
                    bd:4e:6e:5f:b0:5d:ef:77:f2:75:c5:85:23:04:61:
                    b3:fa:b6:12:e7:8e:de:ee:04:2b:ce:5c:5f:e6:b9:
                    24:93:50:ab:c3:a6:e0:8c:e0:85:2c:25:42:c4:33:
                    89:21:6a:4c:89:47:bd:86:25:b3:46:44:20:40:4a:
                    05:99:89:63:56:b0:63:ba:7d:37:02:69:5c:8e:3d:
                    cf:8d:90:e4:84:f1:df:34:7d:f6:44:ab:d8:6b:b1:
                    eb:ca:a2:a5:79:4a:55:d9:28:5d:94:bf:87:d0:d1:
                    8e:0e:8a:79:21:41:57:26:86:56:0d:b5:1d:35:9a:
                    af:8e:4a:7b:01:da:ee:d6:8e:d1:28:c0:e0:f9:a3:
                    47:86:f5:34:ab:3e:5c:9c:cd:0d:b7:2d:34:2c:ce:
                    5b:8d:04:b6:84:06:1f:c2:cd:c5:88:c9:17:5f:45:
                    3f:40:1e:58:ef:53:bf:20:02:f1:60:68:30:43:4c:
                    c0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:2C:73:71:62:44:38:00:B2:30:38:CF:FD:F3:2F:6D:92:BD:4F:16
            X509v3 Authority Key Identifier:
                keyid:DA:54:7E:D6:92:8A:AD:1E:CF:B6:84:7A:1B:07:43:2B:D8:7B:19:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2lR-1pKKrR7PtoR6GwdDK9h7Ge8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9140E66/70639EFCFF6E11E985A88C67C4F9AE02/C21D3A065B7E11F0A8B76B2EC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.27.216.0/22
                IPv6:
                  2407:7f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:96:d8:41:c8:4d:a9:e2:eb:87:67:10:04:26:36:d8:d9:ca:
         63:38:25:0f:d6:e1:21:a8:54:dd:76:7d:aa:47:5c:21:60:3b:
         e5:84:a4:cd:1f:1b:57:e0:d7:ed:76:6e:db:2f:cb:78:b2:81:
         d5:7f:fe:c5:2d:27:e3:20:a9:cb:21:f7:72:92:54:b5:ff:b8:
         80:3c:7b:ba:14:48:de:af:16:a3:83:85:9a:af:60:cf:f3:c2:
         c1:7e:08:81:c7:14:38:18:8a:04:7c:5f:b5:a2:70:64:30:c7:
         a0:f6:24:15:31:c9:62:f0:66:15:82:5a:d7:8d:e0:2f:90:9b:
         b1:74:8c:64:bc:37:93:1c:f0:ce:a9:05:4c:a5:d5:2c:0d:3f:
         74:cb:f7:5d:04:be:fb:9e:31:f2:a6:70:82:79:ac:e3:e0:e9:
         c4:c2:51:cb:83:e5:02:a0:90:84:f0:b9:fa:6e:ef:13:2d:9e:
         b5:f4:a8:25:2a:03:cc:f6:f8:7c:da:59:f3:3d:50:72:c3:e9:
         bd:97:44:34:1e:bf:f2:83:cc:13:24:98:bc:7e:44:6f:33:76:
         a6:0b:78:3d:3f:6e:cd:ef:1f:1f:9b:9d:4d:26:3c:95:9f:ea:
         27:db:5c:12:24:c1:6e:3a:7d:ad:b3:35:20:35:a4:24:73:42:
         44:47:59:21
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICDT4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDBFNjYxMTAvBgNVBAUTKERBNTQ3RUQ2OTI4QUFEMUVDRkI2ODQ3QTFCMDc0MzJC
RDg3QjE5RUYwHhcNMjYwNjI0MTgyMjAzWhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNjMjA0YS02YmI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0YFXrLyTZikZwzYw4wcsYy5l+L/ypOOz8QJ4TZg1KfPqugaFkvpmBSQjmQVG
HS17o3mXDJOir2kRIa+o9v6G1F9nq6QsZhKY/3i9Tm5fsF3vd/J1xYUjBGGz+rYS
547e7gQrzlxf5rkkk1Crw6bgjOCFLCVCxDOJIWpMiUe9hiWzRkQgQEoFmYljVrBj
un03Amlcjj3PjZDkhPHfNH32RKvYa7HryqKleUpV2ShdlL+H0NGODop5IUFXJoZW
DbUdNZqvjkp7Adru1o7RKMDg+aNHhvU0qz5cnM0Nty00LM5bjQS2hAYfws3FiMkX
X0U/QB5Y71O/IALxYGgwQ0zAlQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFPksc3Fi
RDgAsjA4z/3zL22SvU8WMB8GA1UdIwQYMBaAFNpUftaSiq0ez7aEehsHQyvYexnv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MEU2Ni83MDYzOUVGQ0ZG
NkUxMUU5ODVBODhDNjdDNEY5QUUwMi8ybFItMXBLS3JSN1B0b1I2R3dkREs5aDdH
ZTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJsUi0xcEtLclI3UHRvUjZHd2RESzloN0dlOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDBFNjYvNzA2MzlFRkNGRjZFMTFFOTg1QTg4QzY3QzRGOUFFMDIvQzIxRDNBMDY1
QjdFMTFGMEE4Qjc2QjJFQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQCZxvYMA0EAgACMAcDBQAkB38AMA0GCSqGSIb3DQEBCwUAA4IBAQBu
lthByE2p4uuHZxAEJjbY2cpjOCUP1uEhqFTddn2qR1whYDvlhKTNHxtX4Nftdm7b
L8t4soHVf/7FLSfjIKnLIfdyklS1/7iAPHu6FEjerxajg4War2DP88LBfgiBxxQ4
GIoEfF+1onBkMMeg9iQVMcli8GYVglrXjeAvkJuxdIxkvDeTHPDOqQVMpdUsDT90
y/ddBL77njHypnCCeazj4OnEwlHLg+UCoJCE8Ln6bu8TLZ619KglKgPM9vh82lnz
PVByw+m9l0Q0Hr/yg8wTJJi8fkRvM3amC3g9P27N7x8fm51NJjyVn+on21wSJMFu
On2tszUgNaQkc0JER1kh
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:42:26 2026 by rpki-client