Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/21C5B04263A311F096468248C4F9AE02.roa
File:                     21C5B04263A311F096468248C4F9AE02.roa (raw, json)
Hash identifier:          ZAT1gq4fsyyEvWAh5Wb9WrqtHt9uUHF0Lm9+fNRhxOc=
Subject key identifier:   AB:8C:01:BF:AA:3E:C4:08:C1:97:B2:19:E8:49:48:DC:7E:63:DF:F1
Certificate issuer:       /CN=A9159309/serialNumber=7D8FA0BEF6AEF71BDF883858F73619D3B59E2777
Certificate serial:       BD
Authority key identifier: 7D:8F:A0:BE:F6:AE:F7:1B:DF:88:38:58:F7:36:19:D3:B5:9E:27:77
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fY-gvvau9xvfiDhY9zYZ07WeJ3c.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/21C5B04263A311F096468248C4F9AE02.roa
Signing time:             Fri 03 Jul 2026 08:34:12 +0000
ROA not before:           Fri 03 Jul 2026 08:34:12 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     154019
IP address blocks:        165.101.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/fY-gvvau9xvfiDhY9zYZ07WeJ3c.crl
                          rsync://rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/fY-gvvau9xvfiDhY9zYZ07WeJ3c.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fY-gvvau9xvfiDhY9zYZ07WeJ3c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 08:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 189 (0xbd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9159309, serialNumber=7D8FA0BEF6AEF71BDF883858F73619D3B59E2777
        Validity
            Not Before: Jul  3 08:34:12 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a477403-7506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:54:6a:57:8b:13:48:7e:d3:ec:2b:c8:0d:d6:
                    ec:eb:ff:02:e8:ee:d6:7b:67:a0:cc:13:89:a7:b1:
                    6d:a7:70:95:5e:9f:f3:49:c4:58:de:cc:e2:56:a7:
                    70:ca:e6:c4:1f:f1:05:0f:af:fc:0e:f2:9d:c7:77:
                    70:9d:f2:ca:fe:00:78:f9:89:0a:d5:cd:9b:44:0f:
                    a2:75:78:93:b8:37:5f:e4:35:b3:1f:1c:3a:db:20:
                    d8:f1:31:9c:bf:4f:3e:65:46:11:a8:fe:60:47:49:
                    7a:d9:57:3f:e7:c6:06:95:78:13:cb:25:5c:7d:7d:
                    68:f6:a6:ab:31:27:d6:88:a2:31:b5:77:ea:1e:8b:
                    ef:80:76:4e:fd:c3:76:01:f1:00:d9:aa:95:ca:99:
                    c2:79:fd:9c:73:56:9d:86:5f:11:2e:1a:85:37:1d:
                    32:ad:42:8f:f0:e3:a4:9f:03:5c:07:f6:b2:36:da:
                    d1:ad:09:90:98:ea:0a:6f:94:53:ed:95:b5:83:be:
                    44:bc:bf:ac:3d:4c:9d:d5:4a:28:1f:50:37:71:22:
                    61:a2:06:21:bc:26:61:41:bc:b0:2e:c8:4a:30:c3:
                    88:76:44:e4:b6:4b:10:2f:01:13:09:4a:f6:e2:da:
                    e9:70:0d:83:03:5a:e6:bd:3a:0d:f8:a3:18:3a:f1:
                    d9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:8C:01:BF:AA:3E:C4:08:C1:97:B2:19:E8:49:48:DC:7E:63:DF:F1
            X509v3 Authority Key Identifier:
                keyid:7D:8F:A0:BE:F6:AE:F7:1B:DF:88:38:58:F7:36:19:D3:B5:9E:27:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/fY-gvvau9xvfiDhY9zYZ07WeJ3c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fY-gvvau9xvfiDhY9zYZ07WeJ3c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9159309/9891E92E613D11F0B036B836C4F9AE02/21C5B04263A311F096468248C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:2d:b7:b6:90:24:40:c7:4f:ae:b7:a8:f4:c5:36:59:10:f3:
         09:74:25:a6:c7:30:31:1f:2b:6b:e5:8a:3b:4b:07:bb:bf:13:
         5a:bd:70:27:27:e2:dc:ea:10:2e:36:81:7b:a1:1e:7d:09:9d:
         90:10:16:0b:3a:47:67:00:d8:84:9c:d5:55:11:d8:7f:46:71:
         03:d4:48:b5:ef:2e:3d:f7:f9:03:e6:8a:7f:a4:4e:fa:66:1e:
         ec:35:fd:80:62:b7:5a:87:9c:5d:8d:53:d1:44:bc:95:96:af:
         f1:e1:7c:da:d8:fa:2a:6d:bb:c9:6d:53:b9:82:bb:cf:e5:1a:
         a7:d3:d9:f1:03:b5:e2:5a:6d:f9:c3:5d:44:8a:30:3a:50:e0:
         99:26:e3:69:d6:e9:57:da:f7:7f:08:6f:65:a7:69:3a:cc:7c:
         cf:57:35:18:2b:36:d1:13:f3:eb:10:44:81:69:dd:ec:0f:ba:
         08:bc:ae:1b:d7:34:b4:a5:13:13:bc:22:16:ce:19:3d:4f:b6:
         f8:8d:6b:ce:97:ec:af:81:56:ca:68:bf:d1:15:69:bd:4b:a9:
         71:40:07:cd:f0:3f:fe:8b:ed:08:3e:3b:0b:3b:e7:1a:4f:01:
         88:f3:b0:27:9b:06:89:02:ab:11:90:2f:47:71:20:51:6e:fa:
         71:9b:68:03
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAL0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTkzMDkxMTAvBgNVBAUTKDdEOEZBMEJFRjZBRUY3MUJERjg4Mzg1OEY3MzYxOUQz
QjU5RTI3NzcwHhcNMjYwNzAzMDgzNDEyWhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3NzQwMy03NTA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs1RqV4sTSH7T7CvIDdbs6/8C6O7We2egzBOJp7Ftp3CVXp/zScRY3sziVqdw
yubEH/EFD6/8DvKdx3dwnfLK/gB4+YkK1c2bRA+idXiTuDdf5DWzHxw62yDY8TGc
v08+ZUYRqP5gR0l62Vc/58YGlXgTyyVcfX1o9qarMSfWiKIxtXfqHovvgHZO/cN2
AfEA2aqVypnCef2cc1adhl8RLhqFNx0yrUKP8OOknwNcB/ayNtrRrQmQmOoKb5RT
7ZW1g75EvL+sPUyd1UooH1A3cSJhogYhvCZhQbywLshKMMOIdkTktksQLwETCUr2
4trpcA2DA1rmvToN+KMYOvHZ9QIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFKuMAb+q
PsQIwZeyGehJSNx+Y9/xMB8GA1UdIwQYMBaAFH2PoL72rvcb34g4WPc2GdO1nid3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTMwOS85ODkxRTkyRTYx
M0QxMUYwQjAzNkI4MzZDNEY5QUUwMi9mWS1ndnZhdTl4dmZpRGhZOXpZWjA3V2VK
M2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZZLWd2dmF1OXh2ZmlEaFk5ellaMDdXZUozYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTkzMDkvOTg5MUU5MkU2MTNEMTFGMEIwMzZCODM2QzRGOUFFMDIvMjFDNUIwNDI2
M0EzMTFGMDk2NDY4MjQ4QzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQApWVrMA0GCSqGSIb3DQEBCwUAA4IBAQBRLbe2kCRAx0+ut6j0xTZZ
EPMJdCWmxzAxHytr5Yo7Swe7vxNavXAnJ+Lc6hAuNoF7oR59CZ2QEBYLOkdnANiE
nNVVEdh/RnED1Ei17y499/kD5op/pE76Zh7sNf2AYrdah5xdjVPRRLyVlq/x4Xza
2PoqbbvJbVO5grvP5Rqn09nxA7XiWm35w11EijA6UOCZJuNp1ulX2vd/CG9lp2k6
zHzPVzUYKzbRE/PrEESBad3sD7oIvK4b1zS0pRMTvCIWzhk9T7b4jWvOl+yvgVbK
aL/RFWm9S6lxQAfN8D/+i+0IPjsLO+caTwGI87AnmwaJAqsRkC9HcSBRbvpxm2gD
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:30:26 2026 by rpki-client