Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/D411F96C532E11EFB0B63E60C4F9AE02.roa
File:                     D411F96C532E11EFB0B63E60C4F9AE02.roa (raw, json)
Hash identifier:          /MynAjOlsPDDrLH0ofjr2IcwJe85uR/Yh/gIQF7Gksg=
Subject key identifier:   29:8E:51:84:8C:E4:20:67:BC:A1:95:6F:18:8D:CF:DF:B8:CC:03:48
Certificate issuer:       /CN=A9146944/serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
Certificate serial:       0AE0
Authority key identifier: ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/D411F96C532E11EFB0B63E60C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 20:25:11 +0000
ROA not before:           Tue 30 Jun 2026 20:25:11 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     9825
IP address blocks:        103.202.222.0/24 maxlen: 24
                          103.209.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/7R-VjLYEtXboIhS0zzzA_mIO-fQ.crl
                          rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/7R-VjLYEtXboIhS0zzzA_mIO-fQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 19:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2784 (0xae0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146944, serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
        Validity
            Not Before: Jun 30 20:25:11 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a442627-3fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:28:f2:a9:70:50:98:4e:76:6d:54:35:15:f9:
                    6a:7c:bb:c3:87:ef:d7:78:09:1e:c5:f6:23:f8:e1:
                    0b:2b:19:5b:29:0a:3f:cc:36:a1:89:2d:d4:d9:5b:
                    6b:1b:7c:fd:c2:98:74:24:5b:ec:b7:10:a9:c0:c2:
                    b8:f8:42:63:d7:7a:bd:41:8a:cb:d3:f1:2f:fc:99:
                    1b:2f:b4:45:de:82:d7:91:a7:76:9b:b8:8f:69:d0:
                    9f:a4:b7:48:8b:94:af:5c:a0:db:88:fc:8e:e0:f2:
                    ca:5a:63:7a:2d:6c:97:92:5f:a0:01:4f:30:4f:1c:
                    1e:c2:95:09:27:1c:0d:3e:f8:ea:ed:be:c9:f0:93:
                    05:65:09:ed:6d:d1:b6:81:91:2f:cd:3c:1f:af:1b:
                    5a:b2:55:20:cc:e3:1a:e5:95:c7:ac:bd:a7:37:fb:
                    75:3e:06:b8:a9:13:a1:d2:75:da:29:39:5f:95:41:
                    4e:1e:2e:d0:33:c9:ea:29:10:82:8b:6d:20:08:b5:
                    d4:3b:b2:61:f8:b8:4b:37:0a:be:56:97:51:af:ae:
                    f1:d9:af:b6:31:f2:59:a4:f1:9e:c5:c6:0c:aa:04:
                    b7:de:16:3e:5f:2b:00:bb:6a:e2:c4:2a:36:d8:34:
                    d9:5c:b5:82:88:f7:e1:e7:2b:97:95:2d:85:ec:32:
                    5d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8E:51:84:8C:E4:20:67:BC:A1:95:6F:18:8D:CF:DF:B8:CC:03:48
            X509v3 Authority Key Identifier:
                keyid:ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/7R-VjLYEtXboIhS0zzzA_mIO-fQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/D411F96C532E11EFB0B63E60C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.202.222.0/24
                  103.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:94:bc:b7:38:e4:b7:c8:4c:03:18:22:e3:e5:0a:75:57:b9:
         dc:b9:07:87:0a:fb:c8:3b:99:ce:a0:1c:1c:ca:10:4d:69:a6:
         03:d3:8b:74:2c:82:c0:72:a3:74:29:89:67:10:2c:98:14:73:
         dc:d3:ef:7d:03:22:56:9d:fe:66:57:77:2a:1e:1a:05:7d:2a:
         05:11:02:79:e0:6c:75:58:eb:57:57:7f:72:be:3b:c3:ee:f3:
         47:b7:f5:70:50:88:d8:fb:f1:11:8f:51:ab:50:b0:25:b0:b4:
         cf:b0:80:e0:3e:2d:7b:c9:e2:78:2e:a4:55:0e:72:9a:13:1e:
         9c:d8:7e:f6:d8:1e:71:05:09:68:f0:60:c7:30:ed:4e:bb:e7:
         9a:9a:57:d0:1b:56:c4:7e:f0:3b:f3:4c:9a:ae:b8:97:46:4a:
         36:c8:15:a4:bd:40:1f:f0:61:3c:76:0d:fc:92:2e:94:d9:ae:
         09:02:ea:94:9a:ce:52:17:2c:a3:0d:0a:09:a2:2e:c7:48:f6:
         e7:b1:93:8b:0e:bc:78:a3:bc:35:e7:44:eb:89:2d:de:95:5f:
         37:b6:4a:7f:77:6b:75:52:35:65:84:44:40:07:15:2e:5d:e3:
         84:4c:aa:8e:9f:c4:b9:98:8b:6a:23:49:e3:05:f8:27:7c:10:
         97:11:28:71
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICCuAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDY5NDQxMTAvBgNVBAUTKEVEMUY5NThDQjYwNEI1NzZFODIyMTRCNENGM0NDMEZF
NjIwRUY5RjQwHhcNMjYwNjMwMjAyNTExWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0MjYyNy0zZmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvyjyqXBQmE52bVQ1FflqfLvDh+/XeAkexfYj+OELKxlbKQo/zDahiS3U2Vtr
G3z9wph0JFvstxCpwMK4+EJj13q9QYrL0/Ev/JkbL7RF3oLXkad2m7iPadCfpLdI
i5SvXKDbiPyO4PLKWmN6LWyXkl+gAU8wTxwewpUJJxwNPvjq7b7J8JMFZQntbdG2
gZEvzTwfrxtaslUgzOMa5ZXHrL2nN/t1Pga4qROh0nXaKTlflUFOHi7QM8nqKRCC
i20gCLXUO7Jh+LhLNwq+VpdRr67x2a+2MfJZpPGexcYMqgS33hY+XysAu2rixCo2
2DTZXLWCiPfh5yuXlS2F7DJdeQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFCmOUYSM
5CBnvKGVbxiNz9+4zANIMB8GA1UdIwQYMBaAFO0flYy2BLV26CIUtM88wP5iDvn0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Njk0NC80M0JEMUM2RThF
OTUxMUVBQTlENzNBMkVDNEY5QUUwMi83Ui1WakxZRXRYYm9JaFMwenp6QV9tSU8t
ZlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdSLVZqTFlFdFhib0loUzB6enpBX21JTy1mUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDY5NDQvNDNCRDFDNkU4RTk1MTFFQUE5RDczQTJFQzRGOUFFMDIvRDQxMUY5NkM1
MzJFMTFFRkIwQjYzRTYwQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQAZ8reAwQAZ9HGMA0GCSqGSIb3DQEBCwUAA4IBAQB3lLy3OOS3yEwD
GCLj5Qp1V7ncuQeHCvvIO5nOoBwcyhBNaaYD04t0LILAcqN0KYlnECyYFHPc0+99
AyJWnf5mV3cqHhoFfSoFEQJ54Gx1WOtXV39yvjvD7vNHt/VwUIjY+/ERj1GrULAl
sLTPsIDgPi17yeJ4LqRVDnKaEx6c2H722B5xBQlo8GDHMO1Ou+eamlfQG1bEfvA7
80yarriXRko2yBWkvUAf8GE8dg38ki6U2a4JAuqUms5SFyyjDQoJoi7HSPbnsZOL
Drx4o7w150TriS3elV83tkp/d2t1UjVlhERABxUuXeOETKqOn8S5mItqI0njBfgn
fBCXEShx
-----END CERTIFICATE-----
Generated at Sun Jul 5 11:18:39 2026 by rpki-client