Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/44B65A3890FF11EFA6BECB58C4F9AE02.roa
File:                     44B65A3890FF11EFA6BECB58C4F9AE02.roa (raw, json)
Hash identifier:          9p5HLgmT1CdIHAjr4jafHOekxC05g0RlL/udgHGc7xY=
Subject key identifier:   5C:D3:60:FD:C2:26:89:49:BC:00:54:F7:10:C2:AE:B2:FA:45:D0:77
Certificate issuer:       /CN=A9160C9E/serialNumber=100D9AEE91D227FE475934F2978C3617D8CFA8EE
Certificate serial:       0176
Authority key identifier: 10:0D:9A:EE:91:D2:27:FE:47:59:34:F2:97:8C:36:17:D8:CF:A8:EE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/44B65A3890FF11EFA6BECB58C4F9AE02.roa
Signing time:             Fri 19 Jun 2026 12:02:14 +0000
ROA not before:           Fri 19 Jun 2026 12:02:14 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     153365
IP address blocks:        2401:cf20::/32 maxlen: 32
                          2401:cf20::/33 maxlen: 36
                          2401:cf20:1000::/40 maxlen: 40
                          2401:cf20:1100::/40 maxlen: 40
                          2401:cf20:1200::/40 maxlen: 40
                          2401:cf20:1300::/40 maxlen: 40
                          2401:cf20:1400::/40 maxlen: 40
                          2401:cf20:1500::/40 maxlen: 40
                          2401:cf20:1600::/40 maxlen: 40
                          2401:cf20:1700::/40 maxlen: 40
                          2401:cf20:1800::/40 maxlen: 40
                          2401:cf20:1f00::/40 maxlen: 40
                          2401:cf20:2000::/40 maxlen: 40
                          2401:cf20:2100::/40 maxlen: 40
                          2401:cf20:2200::/40 maxlen: 40
                          2401:cf20:2300::/40 maxlen: 40
                          2401:cf20:2400::/40 maxlen: 40
                          2401:cf20:2500::/40 maxlen: 40
                          2401:cf20:2600::/40 maxlen: 40
                          2401:cf20:2700::/40 maxlen: 40
                          2401:cf20:2800::/40 maxlen: 40
                          2401:cf20:5000::/40 maxlen: 40
                          2401:cf20:8000::/33 maxlen: 35
                          2401:cf20:8000::/35 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.crl
                          rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 06:22:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 374 (0x176)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9160C9E, serialNumber=100D9AEE91D227FE475934F2978C3617D8CFA8EE
        Validity
            Not Before: Jun 19 12:02:14 2026 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=6a352fc6-d22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:33:a5:06:6c:6e:e5:55:dd:e9:5d:71:a6:df:
                    e2:e7:06:64:31:0b:47:a4:8b:56:2b:5b:c6:e3:32:
                    53:18:9a:d1:1a:05:e6:04:98:1c:95:d3:28:78:61:
                    6e:3d:3f:05:a3:ca:9d:7d:b2:e2:81:e1:c3:d0:bf:
                    c6:fa:71:19:3a:d3:07:f9:6d:79:16:97:0f:90:66:
                    1a:ac:cc:e5:5d:73:7b:dc:f5:94:13:c7:5c:1e:96:
                    c2:da:bb:90:b3:e5:db:d7:9b:a2:48:16:81:46:84:
                    88:9b:8e:2e:b3:7e:40:bc:84:59:d3:a0:53:a4:3f:
                    c0:ad:7f:b4:28:98:c7:2b:ad:35:65:2d:1e:c6:93:
                    df:1e:eb:90:63:f9:3e:b2:b0:fe:59:ae:3d:a0:ca:
                    a0:f5:bc:f6:0b:87:e2:69:14:df:18:15:71:b0:47:
                    28:fe:9a:5a:d4:a3:60:b3:ca:f4:86:80:3a:08:eb:
                    29:e3:56:fe:e9:0e:81:8d:3d:f3:a5:56:6b:53:62:
                    c4:2d:fa:5f:7e:a1:c9:2c:a9:de:ac:02:ac:9d:40:
                    2f:f2:a2:9c:68:ed:22:c1:cb:e4:86:9b:9a:a7:44:
                    03:c2:fd:d3:77:be:80:7d:c2:e3:df:97:13:71:f9:
                    ec:a4:34:47:8d:a3:05:37:f5:06:db:52:18:8b:ef:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D3:60:FD:C2:26:89:49:BC:00:54:F7:10:C2:AE:B2:FA:45:D0:77
            X509v3 Authority Key Identifier:
                keyid:10:0D:9A:EE:91:D2:27:FE:47:59:34:F2:97:8C:36:17:D8:CF:A8:EE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/44B65A3890FF11EFA6BECB58C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:cf20::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:5d:1a:bf:a6:cf:9a:6a:c0:b8:50:3d:4e:48:a2:22:c2:98:
         d4:4d:11:ef:40:2a:d7:d3:27:00:fb:ad:f5:4f:a0:29:43:e8:
         13:10:64:d9:e0:ba:e9:d7:16:57:a5:82:1e:f9:1e:8d:09:42:
         2b:67:09:4e:fb:4e:5d:64:e1:46:c6:d2:6d:d6:d1:87:93:5d:
         c1:6f:c6:b2:7c:fe:ee:43:e5:3c:46:72:9f:12:24:4f:8b:66:
         54:a3:77:c1:32:81:c1:df:c1:41:f2:17:8f:8a:cc:25:9e:c1:
         0a:54:a6:e7:b1:54:14:0d:1f:08:b5:0b:6b:a2:cb:ea:b6:76:
         7b:41:6b:73:8c:8a:21:f9:1a:9f:0e:4e:f6:f7:1c:a6:58:fb:
         19:46:66:2d:4c:ca:0f:0f:47:ff:e9:3c:c2:fb:0a:19:17:79:
         2f:38:dc:19:f7:3c:36:57:bb:36:97:41:d4:02:ab:cb:3e:a1:
         87:c3:e2:f3:8c:86:15:a7:f6:3c:d6:d3:fa:03:16:fe:82:59:
         86:de:8f:34:26:f7:c4:bb:be:23:a7:c7:1e:1d:ec:dc:7c:e3:
         bc:c3:c1:77:43:47:d2:e4:af:ca:54:78:44:51:5b:17:79:4c:
         0c:fd:f2:c4:6a:c6:db:ce:e2:69:2d:ce:2d:69:43:0e:93:f2:
         61:93:0b:d0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgICAXYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjBDOUUxMTAvBgNVBAUTKDEwMEQ5QUVFOTFEMjI3RkU0NzU5MzRGMjk3OEMzNjE3
RDhDRkE4RUUwHhcNMjYwNjE5MTIwMjE0WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTM1MmZjNi1kMjJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAujOlBmxu5VXd6V1xpt/i5wZkMQtHpItWK1vG4zJTGJrRGgXmBJgcldMoeGFu
PT8Fo8qdfbLigeHD0L/G+nEZOtMH+W15FpcPkGYarMzlXXN73PWUE8dcHpbC2ruQ
s+Xb15uiSBaBRoSIm44us35AvIRZ06BTpD/ArX+0KJjHK601ZS0expPfHuuQY/k+
srD+Wa49oMqg9bz2C4fiaRTfGBVxsEco/ppa1KNgs8r0hoA6COsp41b+6Q6BjT3z
pVZrU2LELfpffqHJLKnerAKsnUAv8qKcaO0iwcvkhpuap0QDwv3Td76AfcLj35cT
cfnspDRHjaMFN/UG21IYi++vPwIDAQABo4ICYTCCAl0wHQYDVR0OBBYEFFzTYP3C
JolJvABU9xDCrrL6RdB3MB8GA1UdIwQYMBaAFBANmu6R0if+R1k08peMNhfYz6ju
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MEM5RS81N0ZGNEJDQThC
Q0ExMUVGQUJGQzFBMzlDNEY5QUUwMi9FQTJhN3BIU0pfNUhXVFR5bDR3MkY5alBx
TzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VBMmE3cEhTSl81SFdUVHlsNHcyRjlqUHFPNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjBDOUUvNTdGRjRCQ0E4QkNBMTFFRkFCRkMxQTM5QzRGOUFFMDIvNDRCNjVBMzg5
MEZGMTFFRkE2QkVDQjU4QzRGOUFFMDIucm9hMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAHPIDANBgkqhkiG9w0BAQsFAAOCAQEAoV0av6bPmmrAuFA9Tkii
IsKY1E0R70Aq19MnAPut9U+gKUPoExBk2eC66dcWV6WCHvkejQlCK2cJTvtOXWTh
RsbSbdbRh5NdwW/Gsnz+7kPlPEZynxIkT4tmVKN3wTKBwd/BQfIXj4rMJZ7BClSm
57FUFA0fCLULa6LL6rZ2e0Frc4yKIfkanw5O9vccplj7GUZmLUzKDw9H/+k8wvsK
GRd5LzjcGfc8Nle7NpdB1AKryz6hh8Pi84yGFaf2PNbT+gMW/oJZht6PNCb3xLu+
I6fHHh3s3HzjvMPBd0NH0uSvylR4RFFbF3lMDP3yxGrG287iaS3OLWlDDpPyYZML
0A==
-----END CERTIFICATE-----
Generated at Sat Jul 18 08:22:09 2026 by rpki-client