Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/1CA2FA08D37711EC9A8FF526C4F9AE02.roa
File:                     1CA2FA08D37711EC9A8FF526C4F9AE02.roa (raw, json)
Hash identifier:          YxqnoAL7l4ERKM3emtxisGjTUUnfDZ8cwiFl2FlKuJ8=
Subject key identifier:   B3:6C:97:46:0C:8D:37:FE:88:63:AF:13:7A:A7:9A:F6:06:66:B7:61
Certificate issuer:       /CN=A914B758/serialNumber=AF55581BA127E2090A0A5462FE7BCE70616F2CDC
Certificate serial:       03EC
Authority key identifier: AF:55:58:1B:A1:27:E2:09:0A:0A:54:62:FE:7B:CE:70:61:6F:2C:DC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r1VYG6En4gkKClRi_nvOcGFvLNw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/1CA2FA08D37711EC9A8FF526C4F9AE02.roa
Signing time:             Tue 07 Jul 2026 01:26:56 +0000
ROA not before:           Tue 07 Jul 2026 01:26:56 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     149830
IP address blocks:        2001:df0:bac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/r1VYG6En4gkKClRi_nvOcGFvLNw.crl
                          rsync://rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/r1VYG6En4gkKClRi_nvOcGFvLNw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r1VYG6En4gkKClRi_nvOcGFvLNw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 18 Jul 2026 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1004 (0x3ec)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914B758, serialNumber=AF55581BA127E2090A0A5462FE7BCE70616F2CDC
        Validity
            Not Before: Jul  7 01:26:56 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a4c55df-f963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:92:d9:1f:8d:d1:95:fe:76:77:5b:88:cb:98:
                    4f:cd:82:c2:1c:0f:e7:fe:09:21:98:1a:d7:3a:49:
                    26:0a:d4:17:f7:9a:e4:8c:f5:3d:69:18:88:f0:c1:
                    09:7a:1b:8a:ae:ab:e3:e0:b7:ff:dd:57:b2:49:61:
                    e4:bd:09:a6:12:eb:cd:f5:ed:d6:f8:85:72:58:a1:
                    7d:a4:74:72:84:97:17:3f:2d:4e:46:f7:e2:20:29:
                    d6:76:85:04:91:9c:2e:43:25:2a:22:ea:a1:04:62:
                    43:11:7c:58:24:43:4e:82:44:08:29:94:ff:f2:38:
                    c7:6b:8a:5c:8d:ac:ff:d5:dc:d6:96:c1:ad:5d:62:
                    af:45:66:35:20:0e:fc:d9:73:f1:60:9f:75:c5:c2:
                    4d:3e:2b:58:a0:8c:c7:e7:30:b0:2e:19:a4:c3:55:
                    ad:0e:d6:d6:89:c7:f2:bc:ed:8c:31:66:bc:1d:9d:
                    aa:65:5e:36:91:4d:d0:d0:a4:7e:fa:ea:b9:86:52:
                    39:6b:11:89:a3:e8:25:1d:23:46:ec:f0:81:84:6c:
                    16:f0:90:fe:b4:04:ac:71:a1:f3:06:aa:22:ca:f0:
                    6d:ab:d2:11:0d:81:69:6f:b9:40:e0:02:69:8a:e6:
                    2d:66:ce:a4:f7:67:a4:e2:25:47:93:6a:b5:90:99:
                    9a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:6C:97:46:0C:8D:37:FE:88:63:AF:13:7A:A7:9A:F6:06:66:B7:61
            X509v3 Authority Key Identifier:
                keyid:AF:55:58:1B:A1:27:E2:09:0A:0A:54:62:FE:7B:CE:70:61:6F:2C:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/r1VYG6En4gkKClRi_nvOcGFvLNw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r1VYG6En4gkKClRi_nvOcGFvLNw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914B758/4C7A2868D36E11ECB2614453C4F9AE02/1CA2FA08D37711EC9A8FF526C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:bac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:ad:c0:8b:a3:84:2e:c2:1f:7d:b1:8b:8a:a9:b3:9c:8d:34:
         49:bc:c3:29:fe:f5:70:e6:ec:77:7b:e5:1a:2f:b8:1c:85:97:
         80:00:c6:d0:f5:cf:d4:c9:06:10:ea:e9:e4:29:24:f8:89:0c:
         c3:a2:f3:b0:b1:30:6d:b4:c3:45:1f:01:9b:f6:72:a8:a2:72:
         63:b1:2e:cd:f6:c4:0a:4c:d8:58:fb:27:62:eb:61:c4:2f:e0:
         2a:0c:a8:2d:24:dc:99:e0:39:49:fe:f5:58:e0:17:61:c1:10:
         8d:7e:ff:16:b0:63:32:35:58:50:4b:f3:0f:00:4b:65:97:70:
         13:10:40:57:a6:16:c8:1d:0c:2c:45:97:b3:eb:5c:f3:f7:96:
         4d:f4:9e:53:02:68:d7:ba:b6:f7:a8:ab:6a:de:5c:9c:b5:9a:
         3d:f4:57:03:b5:72:70:4c:0d:81:9f:5b:4e:c3:0e:59:75:cc:
         79:9b:45:fd:98:56:5b:f5:ef:f4:e5:bf:db:e0:5d:64:0f:74:
         5f:d1:4d:01:e1:36:a9:94:44:5b:0b:84:be:84:0e:1a:21:59:
         da:48:e0:b2:8f:a1:c0:66:5a:e7:cf:ec:5d:54:26:a5:76:f9:
         a9:63:7b:6b:93:fa:13:ee:15:2d:72:40:51:86:a1:e6:94:bb:
         82:19:75:1d
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgICA+wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEI3NTgxMTAvBgNVBAUTKEFGNTU1ODFCQTEyN0UyMDkwQTBBNTQ2MkZFN0JDRTcw
NjE2RjJDREMwHhcNMjYwNzA3MDEyNjU2WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRjNTVkZi1mOTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyJLZH43Rlf52d1uIy5hPzYLCHA/n/gkhmBrXOkkmCtQX95rkjPU9aRiI8MEJ
ehuKrqvj4Lf/3VeySWHkvQmmEuvN9e3W+IVyWKF9pHRyhJcXPy1ORvfiICnWdoUE
kZwuQyUqIuqhBGJDEXxYJENOgkQIKZT/8jjHa4pcjaz/1dzWlsGtXWKvRWY1IA78
2XPxYJ91xcJNPitYoIzH5zCwLhmkw1WtDtbWicfyvO2MMWa8HZ2qZV42kU3Q0KR+
+uq5hlI5axGJo+glHSNG7PCBhGwW8JD+tASscaHzBqoiyvBtq9IRDYFpb7lA4AJp
iuYtZs6k92ek4iVHk2q1kJmaawIDAQABo4ICYzCCAl8wHQYDVR0OBBYEFLNsl0YM
jTf+iGOvE3qnmvYGZrdhMB8GA1UdIwQYMBaAFK9VWBuhJ+IJCgpUYv57znBhbyzc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Qjc1OC80QzdBMjg2OEQz
NkUxMUVDQjI2MTQ0NTNDNEY5QUUwMi9yMVZZRzZFbjRna0tDbFJpX252T2NHRnZM
TncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3IxVllHNkVuNGdrS0NsUmlfbnZPY0dGdkxOdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEI3NTgvNEM3QTI4NjhEMzZFMTFFQ0IyNjE0NDUzQzRGOUFFMDIvMUNBMkZBMDhE
Mzc3MTFFQzlBOEZGNTI2QzRGOUFFMDIucm9hMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAIAEN8LrAMA0GCSqGSIb3DQEBCwUAA4IBAQBgrcCLo4Quwh99sYuK
qbOcjTRJvMMp/vVw5ux3e+UaL7gchZeAAMbQ9c/UyQYQ6unkKST4iQzDovOwsTBt
tMNFHwGb9nKoonJjsS7N9sQKTNhY+ydi62HEL+AqDKgtJNyZ4DlJ/vVY4BdhwRCN
fv8WsGMyNVhQS/MPAEtll3ATEEBXphbIHQwsRZez61zz95ZN9J5TAmjXurb3qKtq
3lyctZo99FcDtXJwTA2Bn1tOww5Zdcx5m0X9mFZb9e/05b/b4F1kD3Rf0U0B4Tap
lERbC4S+hA4aIVnaSOCyj6HAZlrnz+xdVCaldvmpY3trk/oT7hUtckBRhqHmlLuC
GXUd
-----END CERTIFICATE-----
Generated at Sun Jul 12 23:53:50 2026 by rpki-client