Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/E3CD40BE7D6611ECBA65C232C4F9AE02.roa
File:                     E3CD40BE7D6611ECBA65C232C4F9AE02.roa (raw, json)
Hash identifier:          gUiW2vAjoVWGmxrK7l/5cBeg47nEU1anGQrH3sCs9Nc=
Subject key identifier:   D2:BF:5E:4F:D6:D1:F2:A3:9E:2E:A6:27:88:26:13:7F:B9:63:58:C4
Certificate issuer:       /CN=A9157E9C/serialNumber=E99FF0448B0BDA3771CDC4A96C59F7C9F9C87944
Certificate serial:       04C6
Authority key identifier: E9:9F:F0:44:8B:0B:DA:37:71:CD:C4:A9:6C:59:F7:C9:F9:C8:79:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/E3CD40BE7D6611ECBA65C232C4F9AE02.roa
Signing time:             Tue 23 Jun 2026 00:28:26 +0000
ROA not before:           Tue 23 Jun 2026 00:28:26 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     7575
IP address blocks:        203.22.214.0/24 maxlen: 24
                          2401:2fc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.crl
                          rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 12 Jul 2026 00:14:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1222 (0x4c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157E9C, serialNumber=E99FF0448B0BDA3771CDC4A96C59F7C9F9C87944
        Validity
            Not Before: Jun 23 00:28:26 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a39d32a-7da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7b:1b:2a:1a:6b:0b:53:1a:c7:70:51:f9:f0:
                    f7:d2:2b:34:57:73:6a:dd:e7:5c:e9:6d:a7:96:0a:
                    82:d2:c0:14:4b:8b:9e:21:ab:0d:c5:f7:68:8b:5c:
                    15:03:8d:63:80:b5:46:b6:68:a5:8a:3c:f3:bb:ad:
                    6b:a2:59:1b:59:ee:55:c1:cc:a0:e9:23:1e:ab:87:
                    e5:a2:28:9b:cb:ab:fd:6b:13:da:a3:c2:94:1f:a7:
                    f7:00:7e:98:82:e4:f3:8f:db:a9:fb:b0:c9:a5:92:
                    b6:9c:9e:1a:7a:c4:ea:f1:99:06:ca:47:46:b1:d5:
                    44:b8:9d:83:86:69:cc:b2:d9:9d:0d:83:01:29:6d:
                    43:27:61:ba:a8:11:16:99:83:11:4d:cb:05:ec:dc:
                    84:3c:6d:bd:f1:a3:50:30:34:30:42:61:be:23:a7:
                    1a:84:10:9d:3c:1a:c6:64:5c:25:e0:b3:35:46:be:
                    53:e3:eb:4f:8a:5a:e2:8d:43:b0:3b:d3:55:25:df:
                    5d:1e:d4:30:80:87:62:39:db:a1:d4:e0:5a:57:e1:
                    77:03:28:5e:80:db:9d:a1:70:ee:f5:1d:6b:eb:ae:
                    12:59:17:e2:36:9a:75:33:a5:be:71:51:53:c2:f8:
                    2c:8d:86:d3:b2:7a:b9:7f:c9:9d:92:f2:ae:5f:89:
                    13:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BF:5E:4F:D6:D1:F2:A3:9E:2E:A6:27:88:26:13:7F:B9:63:58:C4
            X509v3 Authority Key Identifier:
                keyid:E9:9F:F0:44:8B:0B:DA:37:71:CD:C4:A9:6C:59:F7:C9:F9:C8:79:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6Z_wRIsL2jdxzcSpbFn3yfnIeUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157E9C/50C993CE7D6311ECAC5C7F1EC4F9AE02/E3CD40BE7D6611ECBA65C232C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.22.214.0/24
                IPv6:
                  2401:2fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:48:0a:65:aa:38:57:d5:34:ec:2c:17:0f:e1:0b:81:d1:05:
         52:71:fb:ed:6a:06:50:d4:ea:89:d7:58:ec:48:a4:37:ad:6a:
         cb:85:5c:9b:b3:cd:67:65:47:62:ae:1a:00:fa:f9:bd:73:39:
         31:16:ea:7a:f3:31:f6:b2:73:ed:94:f5:df:85:db:1d:85:3e:
         73:b5:cf:5c:a9:c8:dc:12:2f:87:52:5e:78:4c:e6:d2:a6:9e:
         29:8b:2b:40:28:40:0e:8d:41:f4:97:5f:06:78:e0:6c:be:8d:
         c4:8a:dd:ec:96:d9:02:30:0d:81:25:ac:36:ee:d7:7f:9c:87:
         6b:94:04:62:23:c8:29:f9:f8:4f:a4:d7:f1:b0:cf:72:3f:cb:
         cf:d6:62:c9:bc:e8:6e:7f:83:4b:3d:91:f8:97:e1:f5:1a:70:
         3c:88:93:24:35:66:2e:f2:6b:7e:42:d6:76:8a:8e:fc:33:8e:
         6a:59:29:f4:21:d9:0b:ba:57:8e:c7:55:61:9f:83:cb:19:ab:
         1a:26:5d:b6:ba:4b:72:d3:3c:68:5a:3c:e1:30:d6:9b:2a:d7:
         6e:22:ce:5a:77:55:e7:11:db:e2:2f:0e:f9:5d:ce:e7:b4:37:
         42:91:d0:38:25:a4:7b:7c:4c:a2:c4:c3:04:7f:b5:29:17:12:
         83:c6:43:b2
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICBMYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdFOUMxMTAvBgNVBAUTKEU5OUZGMDQ0OEIwQkRBMzc3MUNEQzRBOTZDNTlGN0M5
RjlDODc5NDQwHhcNMjYwNjIzMDAyODI2WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTM5ZDMyYS03ZGE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq3sbKhprC1Max3BR+fD30is0V3Nq3edc6W2nlgqC0sAUS4ueIasNxfdoi1wV
A41jgLVGtmilijzzu61rolkbWe5Vwcyg6SMeq4floiiby6v9axPao8KUH6f3AH6Y
guTzj9up+7DJpZK2nJ4aesTq8ZkGykdGsdVEuJ2DhmnMstmdDYMBKW1DJ2G6qBEW
mYMRTcsF7NyEPG298aNQMDQwQmG+I6cahBCdPBrGZFwl4LM1Rr5T4+tPilrijUOw
O9NVJd9dHtQwgIdiOduh1OBaV+F3AyhegNudoXDu9R1r664SWRfiNpp1M6W+cVFT
wvgsjYbTsnq5f8mdkvKuX4kTfQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFNK/Xk/W
0fKjni6mJ4gmE3+5Y1jEMB8GA1UdIwQYMBaAFOmf8ESLC9o3cc3EqWxZ98n5yHlE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0U5Qy81MEM5OTNDRTdE
NjMxMUVDQUM1QzdGMUVDNEY5QUUwMi82Wl93UklzTDJqZHh6Y1NwYkZuM3lmbkll
VVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZaX3dSSXNMMmpkeHpjU3BiRm4zeWZuSWVVUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdFOUMvNTBDOTkzQ0U3RDYzMTFFQ0FDNUM3RjFFQzRGOUFFMDIvRTNDRDQwQkU3
RDY2MTFFQ0JBNjVDMjMyQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQAyxbWMA0EAgACMAcDBQAkAS/AMA0GCSqGSIb3DQEBCwUAA4IBAQBS
SAplqjhX1TTsLBcP4QuB0QVScfvtagZQ1OqJ11jsSKQ3rWrLhVybs81nZUdirhoA
+vm9czkxFup68zH2snPtlPXfhdsdhT5ztc9cqcjcEi+HUl54TObSpp4piytAKEAO
jUH0l18GeOBsvo3Eit3sltkCMA2BJaw27td/nIdrlARiI8gp+fhPpNfxsM9yP8vP
1mLJvOhuf4NLPZH4l+H1GnA8iJMkNWYu8mt+QtZ2io78M45qWSn0IdkLuleOx1Vh
n4PLGasaJl22ukty0zxoWjzhMNabKtduIs5ad1XnEdviLw75Xc7ntDdCkdA4JaR7
fEyixMMEf7UpFxKDxkOy
-----END CERTIFICATE-----
Generated at Mon Jul 6 23:15:00 2026 by rpki-client