Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/438C7C387D6F11ECBCDC721DC4F9AE02.roa
File:                     438C7C387D6F11ECBCDC721DC4F9AE02.roa (raw, json)
Hash identifier:          TGbZZQRtOxkLwoI+sDoyzXNZ3IGSlLxUsDOYQ4o4eXY=
Subject key identifier:   10:4C:CB:77:24:8C:13:57:F3:19:12:8F:B5:0E:28:A3:EA:77:79:B6
Certificate issuer:       /CN=A9157E9C/serialNumber=E99FF0448B0BDA3771CDC4A96C59F7C9F9C87944
Certificate serial:       04C5
Authority key identifier: E9:9F:F0:44:8B:0B:DA:37:71:CD:C4:A9:6C:59:F7:C9:F9:C8:79:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/438C7C387D6F11ECBCDC721DC4F9AE02.roa
Signing time:             Tue 23 Jun 2026 00:28:24 +0000
ROA not before:           Tue 23 Jun 2026 00:28:24 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     149305
IP address blocks:        203.22.214.0/24 maxlen: 24
                          2401:2fc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.crl
                          rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 12 Jul 2026 00:14:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1221 (0x4c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157E9C, serialNumber=E99FF0448B0BDA3771CDC4A96C59F7C9F9C87944
        Validity
            Not Before: Jun 23 00:28:24 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a39d328-343a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:09:90:0f:82:72:b2:a2:db:5f:ed:61:c4:37:
                    ce:3c:85:89:b4:67:ca:85:99:93:8c:fc:d4:a7:1f:
                    2d:a1:f2:d8:0e:d6:70:fd:d6:9c:b7:b6:6d:1c:e3:
                    fb:a6:92:cb:10:0d:79:bc:b2:3f:d8:92:ff:4f:75:
                    db:df:f8:ca:8b:89:3f:2f:5b:0e:97:18:e9:62:33:
                    1f:86:44:a2:5f:52:3a:62:ea:45:eb:d1:b3:50:66:
                    2f:1d:ca:c4:f7:79:de:da:54:fa:33:f7:34:69:6b:
                    96:7b:6c:bd:f0:ab:d8:58:cc:76:3f:78:63:bf:54:
                    ee:38:39:51:23:e3:6f:51:00:da:8e:78:a6:86:77:
                    8c:41:4a:a0:2a:b7:a1:b1:61:70:b0:60:71:df:8e:
                    73:9a:8c:e7:74:d3:f6:42:4a:7b:f3:f6:d4:2d:86:
                    3e:18:3a:bc:6a:05:df:90:04:1e:74:e0:61:e1:bd:
                    47:e5:c2:4e:e4:31:28:4b:64:a6:27:d8:e2:7c:95:
                    09:24:31:50:bc:ff:69:3c:d5:23:9c:6a:5d:08:58:
                    e9:a5:1a:8c:b9:d8:09:6a:04:0c:f7:88:45:15:32:
                    63:e7:d5:08:96:f7:80:c1:d8:38:1e:06:13:33:51:
                    07:fa:88:55:19:02:ad:0d:a4:5d:b3:a3:d0:61:62:
                    c2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4C:CB:77:24:8C:13:57:F3:19:12:8F:B5:0E:28:A3:EA:77:79:B6
            X509v3 Authority Key Identifier:
                keyid:E9:9F:F0:44:8B:0B:DA:37:71:CD:C4:A9:6C:59:F7:C9:F9:C8:79:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/438C7C387D6F11ECBCDC721DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.22.214.0/24
                IPv6:
                  2401:2fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:7b:e8:53:09:c1:a2:fa:82:2b:3a:09:e7:3f:af:80:6b:c5:
         53:c4:a8:e5:d7:7a:87:4e:b8:77:f9:9d:43:4f:0d:32:33:57:
         ca:35:ad:db:90:5b:9e:c6:93:81:b3:b9:16:c2:b9:63:34:ce:
         9e:7a:42:1e:f1:e2:97:a3:9d:78:1a:22:1b:e9:80:e6:0d:e7:
         83:f4:15:c8:7e:7f:51:22:b6:9e:ac:07:c1:aa:8d:e3:50:91:
         07:79:28:78:0e:59:61:36:bd:0f:09:2b:6c:a9:d1:b9:3d:5e:
         35:39:be:d5:dd:d1:f6:65:e0:6d:7e:e5:02:93:3c:7b:78:37:
         72:de:15:a0:57:8b:da:6a:25:25:2a:99:40:b1:80:6d:c0:1c:
         6d:24:16:c0:17:33:74:d5:ec:dd:02:dd:3a:9e:35:f9:b6:8c:
         0d:fc:fd:64:fa:45:4c:ec:d0:20:53:b9:cf:ae:7a:29:43:f8:
         8d:5f:81:c3:45:7f:43:af:75:b1:68:d4:ae:88:8c:bf:e3:76:
         2e:f8:9d:90:d7:11:47:df:4e:a8:79:98:bc:b2:7e:ab:e3:38:
         2d:80:24:53:3c:ab:7b:fd:66:81:03:f8:78:1a:a9:96:59:14:
         0e:b9:85:42:e2:34:f7:86:ce:12:a0:a2:f3:46:0e:d0:d8:75:
         b9:02:f3:99
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICBMUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdFOUMxMTAvBgNVBAUTKEU5OUZGMDQ0OEIwQkRBMzc3MUNEQzRBOTZDNTlGN0M5
RjlDODc5NDQwHhcNMjYwNjIzMDAyODI0WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTM5ZDMyOC0zNDNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxQmQD4JysqLbX+1hxDfOPIWJtGfKhZmTjPzUpx8tofLYDtZw/dact7ZtHOP7
ppLLEA15vLI/2JL/T3Xb3/jKi4k/L1sOlxjpYjMfhkSiX1I6YupF69GzUGYvHcrE
93ne2lT6M/c0aWuWe2y98KvYWMx2P3hjv1TuODlRI+NvUQDajnimhneMQUqgKreh
sWFwsGBx345zmozndNP2Qkp78/bULYY+GDq8agXfkAQedOBh4b1H5cJO5DEoS2Sm
J9jifJUJJDFQvP9pPNUjnGpdCFjppRqMudgJagQM94hFFTJj59UIlveAwdg4HgYT
M1EH+ohVGQKtDaRds6PQYWLCvQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFBBMy3ck
jBNX8xkSj7UOKKPqd3m2MB8GA1UdIwQYMBaAFOmf8ESLC9o3cc3EqWxZ98n5yHlE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0U5Qy81MEM5OTNDRTdE
NjMxMUVDQUM1QzdGMUVDNEY5QUUwMi82Wl93UklzTDJqZHh6Y1NwYkZuM3lmbkll
VVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZaX3dSSXNMMmpkeHpjU3BiRm4zeWZuSWVVUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdFOUMvNTBDOTkzQ0U3RDYzMTFFQ0FDNUM3RjFFQzRGOUFFMDIvNDM4QzdDMzg3
RDZGMTFFQ0JDREM3MjFEQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQAyxbWMA0EAgACMAcDBQAkAS/AMA0GCSqGSIb3DQEBCwUAA4IBAQAJ
e+hTCcGi+oIrOgnnP6+Aa8VTxKjl13qHTrh3+Z1DTw0yM1fKNa3bkFuexpOBs7kW
wrljNM6eekIe8eKXo514GiIb6YDmDeeD9BXIfn9RIraerAfBqo3jUJEHeSh4Dllh
Nr0PCStsqdG5PV41Ob7V3dH2ZeBtfuUCkzx7eDdy3hWgV4vaaiUlKplAsYBtwBxt
JBbAFzN01ezdAt06njX5towN/P1k+kVM7NAgU7nPrnopQ/iNX4HDRX9Dr3WxaNSu
iIy/43Yu+J2Q1xFH306oeZi8sn6r4zgtgCRTPKt7/WaBA/h4GqmWWRQOuYVC4jT3
hs4SoKLzRg7Q2HW5AvOZ
-----END CERTIFICATE-----
Generated at Tue Jul 7 01:17:06 2026 by rpki-client