Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/321C6B5C2C6711F0B5DEE20CC4F9AE02.roa
File:                     321C6B5C2C6711F0B5DEE20CC4F9AE02.roa (raw, json)
Hash identifier:          /aTSxcHxRkOfKrRCHUaeDVdu5n6tqyMBf2gXf3ZAFRk=
Subject key identifier:   F8:DA:DC:3C:22:67:2C:A2:B0:4E:91:E6:03:8B:C7:BA:14:96:EB:E7
Certificate issuer:       /CN=A9147049/serialNumber=D9D1B055FEFC89F5803A7FA8E2B902619F338D8E
Certificate serial:       D9
Authority key identifier: D9:D1:B0:55:FE:FC:89:F5:80:3A:7F:A8:E2:B9:02:61:9F:33:8D:8E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dGwVf78ifWAOn-o4rkCYZ8zjY4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/321C6B5C2C6711F0B5DEE20CC4F9AE02.roa
Signing time:             Fri 03 Jul 2026 07:34:30 +0000
ROA not before:           Fri 03 Jul 2026 07:34:30 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     134090
IP address blocks:        2402:920::/32 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/2dGwVf78ifWAOn-o4rkCYZ8zjY4.crl
                          rsync://rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/2dGwVf78ifWAOn-o4rkCYZ8zjY4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dGwVf78ifWAOn-o4rkCYZ8zjY4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 07:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 217 (0xd9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9147049, serialNumber=D9D1B055FEFC89F5803A7FA8E2B902619F338D8E
        Validity
            Not Before: Jul  3 07:34:30 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a476606-9cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:21:43:18:0c:66:09:03:9a:23:2e:d4:c0:4d:
                    da:34:a4:ef:c9:75:82:b1:c9:ed:c8:5c:4e:3f:15:
                    73:03:20:ec:82:dc:f3:e2:f0:6d:c6:89:b9:31:4d:
                    f2:6e:16:4d:bb:42:17:fc:23:33:cf:48:8a:f5:33:
                    89:ac:77:32:83:77:ca:00:33:5d:24:88:b1:3c:6b:
                    ae:c2:8f:7c:83:35:3c:0e:45:71:8c:ac:84:f7:f8:
                    3b:0a:fc:a2:6f:f3:bd:b7:0a:4f:8b:3b:1a:d0:b5:
                    e8:6e:df:b3:b1:bf:81:25:78:f5:27:fa:92:9d:c6:
                    07:0a:db:0b:12:d6:1e:20:33:55:f1:c7:12:53:e3:
                    c9:23:4f:2c:3d:b2:14:e2:a0:4f:23:1a:af:64:d3:
                    ce:7c:de:82:04:37:52:77:7d:53:5b:25:f4:cd:b9:
                    11:c1:de:6f:26:cc:f4:dc:6e:b4:1d:40:60:da:b2:
                    40:e4:50:6d:3a:b7:a9:25:2f:25:f6:ed:39:19:7e:
                    fc:b9:33:ec:7d:35:02:34:14:fa:1a:e5:e8:f9:23:
                    fc:5a:55:d0:3d:88:e0:39:c9:06:85:6e:76:03:29:
                    fe:a2:0b:53:9b:da:f1:04:4c:21:08:51:f0:15:13:
                    0a:73:d6:66:75:29:1f:8c:16:a1:f6:2e:56:58:9f:
                    59:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DA:DC:3C:22:67:2C:A2:B0:4E:91:E6:03:8B:C7:BA:14:96:EB:E7
            X509v3 Authority Key Identifier:
                keyid:D9:D1:B0:55:FE:FC:89:F5:80:3A:7F:A8:E2:B9:02:61:9F:33:8D:8E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/2dGwVf78ifWAOn-o4rkCYZ8zjY4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dGwVf78ifWAOn-o4rkCYZ8zjY4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9147049/B09CBD662C6611F09DA56B0BC4F9AE02/321C6B5C2C6711F0B5DEE20CC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:920::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:a5:4e:eb:3c:3f:4b:2c:c2:54:1a:aa:be:9f:6e:d6:38:15:
         bc:4d:17:cc:70:37:01:80:ab:27:b5:57:31:f8:b6:87:eb:f9:
         ea:62:65:08:f8:b3:3c:ea:b7:0e:08:04:72:c1:4d:6a:4c:69:
         0a:7c:d0:c4:e4:14:b9:06:b3:a2:8c:fb:c5:b9:de:6a:78:61:
         e0:f0:fd:f8:91:73:a7:56:c1:c5:40:c9:65:7c:a1:b5:b5:b8:
         49:d8:8e:a2:30:15:28:cd:4c:64:b0:9c:d2:fd:e0:14:03:c4:
         27:2c:98:e1:bb:c3:39:06:98:51:33:d8:42:58:59:bd:4a:08:
         94:bd:bc:57:aa:94:3b:fa:94:17:f4:fc:3e:c2:98:3a:61:71:
         0e:99:8c:bc:2c:90:73:71:60:00:23:2d:c0:c8:65:d1:cc:e3:
         24:a7:14:74:76:a0:0e:b6:7c:ea:54:6d:f9:95:75:9c:0c:dd:
         4c:04:25:94:3d:cd:68:5a:37:8b:98:1e:0d:ac:02:b4:c1:ae:
         c9:bc:e7:23:69:af:ed:20:dc:6f:19:5a:19:6b:53:91:04:f0:
         f1:d1:9a:61:d5:96:05:99:8f:e3:3e:d4:c2:86:2f:82:45:a0:
         8e:a2:b9:84:e4:8b:05:e3:e5:a4:5d:aa:e4:70:b1:cd:36:26:
         52:ea:23:16
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgICANkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDcwNDkxMTAvBgNVBAUTKEQ5RDFCMDU1RkVGQzg5RjU4MDNBN0ZBOEUyQjkwMjYx
OUYzMzhEOEUwHhcNMjYwNzAzMDczNDMwWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3NjYwNi05Y2M2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAkCFDGAxmCQOaIy7UwE3aNKTvyXWCscntyFxOPxVzAyDsgtzz4vBtxom5MU3y
bhZNu0IX/CMzz0iK9TOJrHcyg3fKADNdJIixPGuuwo98gzU8DkVxjKyE9/g7Cvyi
b/O9twpPizsa0LXobt+zsb+BJXj1J/qSncYHCtsLEtYeIDNV8ccSU+PJI08sPbIU
4qBPIxqvZNPOfN6CBDdSd31TWyX0zbkRwd5vJsz03G60HUBg2rJA5FBtOrepJS8l
9u05GX78uTPsfTUCNBT6GuXo+SP8WlXQPYjgOckGhW52Ayn+ogtTm9rxBEwhCFHw
FRMKc9ZmdSkfjBah9i5WWJ9ZCwIDAQABo4ICYTCCAl0wHQYDVR0OBBYEFPja3Dwi
ZyyisE6R5gOLx7oUluvnMB8GA1UdIwQYMBaAFNnRsFX+/In1gDp/qOK5AmGfM42O
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NzA0OS9CMDlDQkQ2NjJD
NjYxMUYwOURBNTZCMEJDNEY5QUUwMi8yZEd3VmY3OGlmV0FPbi1vNHJrQ1laOHpq
WTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJkR3dWZjc4aWZXQU9uLW80cmtDWVo4empZNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDcwNDkvQjA5Q0JENjYyQzY2MTFGMDlEQTU2QjBCQzRGOUFFMDIvMzIxQzZCNUMy
QzY3MTFGMEI1REVFMjBDQzRGOUFFMDIucm9hMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAIJIDANBgkqhkiG9w0BAQsFAAOCAQEAhqVO6zw/SyzCVBqqvp9u
1jgVvE0XzHA3AYCrJ7VXMfi2h+v56mJlCPizPOq3DggEcsFNakxpCnzQxOQUuQaz
ooz7xbneanhh4PD9+JFzp1bBxUDJZXyhtbW4SdiOojAVKM1MZLCc0v3gFAPEJyyY
4bvDOQaYUTPYQlhZvUoIlL28V6qUO/qUF/T8PsKYOmFxDpmMvCyQc3FgACMtwMhl
0czjJKcUdHagDrZ86lRt+ZV1nAzdTAQllD3NaFo3i5geDawCtMGuybznI2mv7SDc
bxlaGWtTkQTw8dGaYdWWBZmP4z7UwoYvgkWgjqK5hOSLBePlpF2q5HCxzTYmUuoj
Fg==
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:12:42 2026 by rpki-client