Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/3AA9ABDAA6C711E9933CF621C4F9AE02.roa
File:                     3AA9ABDAA6C711E9933CF621C4F9AE02.roa (raw, json)
Hash identifier:          mrVm60k4L1IXovq2YZIuxctXhL0qmKnVJLSwq+hsuuU=
Subject key identifier:   C5:35:A6:F1:CF:39:97:E6:72:29:B0:08:29:F4:B8:15:4D:2C:2E:CF
Certificate issuer:       /CN=A91619BE/serialNumber=C316319585EE2CF247B5350371467DC269DC9CE5
Certificate serial:       35A0
Authority key identifier: C3:16:31:95:85:EE:2C:F2:47:B5:35:03:71:46:7D:C2:69:DC:9C:E5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/3AA9ABDAA6C711E9933CF621C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 15:12:27 +0000
ROA not before:           Tue 30 Jun 2026 15:12:27 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     9927
IP address blocks:        45.64.120.0/24 maxlen: 24
                          45.64.121.0/24 maxlen: 24
                          45.64.122.0/24 maxlen: 24
                          45.64.123.0/24 maxlen: 24
                          58.97.160.0/24 maxlen: 24
                          58.97.161.0/24 maxlen: 24
                          58.97.163.0/24 maxlen: 24
                          58.97.164.0/24 maxlen: 24
                          58.97.165.0/24 maxlen: 24
                          58.97.166.0/24 maxlen: 24
                          58.97.167.0/24 maxlen: 24
                          58.97.168.0/24 maxlen: 24
                          58.97.169.0/24 maxlen: 24
                          58.97.170.0/24 maxlen: 24
                          58.97.171.0/24 maxlen: 24
                          58.97.172.0/24 maxlen: 24
                          58.97.173.0/24 maxlen: 24
                          58.97.174.0/24 maxlen: 24
                          58.97.175.0/24 maxlen: 24
                          58.97.176.0/24 maxlen: 24
                          58.97.177.0/24 maxlen: 24
                          58.97.178.0/24 maxlen: 24
                          58.97.179.0/24 maxlen: 24
                          58.97.180.0/24 maxlen: 24
                          58.97.181.0/24 maxlen: 24
                          58.97.182.0/24 maxlen: 24
                          58.97.183.0/24 maxlen: 24
                          58.97.184.0/24 maxlen: 24
                          58.97.185.0/24 maxlen: 24
                          58.97.186.0/24 maxlen: 24
                          58.97.187.0/24 maxlen: 24
                          58.97.188.0/24 maxlen: 24
                          58.97.189.0/24 maxlen: 24
                          58.97.190.0/24 maxlen: 24
                          58.97.191.0/24 maxlen: 24
                          103.21.12.0/24 maxlen: 24
                          103.21.13.0/24 maxlen: 24
                          103.21.14.0/24 maxlen: 24
                          103.21.15.0/24 maxlen: 24
                          202.57.32.0/24 maxlen: 24
                          202.57.33.0/24 maxlen: 24
                          202.57.34.0/24 maxlen: 24
                          202.57.35.0/24 maxlen: 24
                          202.57.36.0/24 maxlen: 24
                          202.57.37.0/24 maxlen: 24
                          202.57.38.0/24 maxlen: 24
                          202.57.39.0/24 maxlen: 24
                          202.57.40.0/24 maxlen: 24
                          202.57.41.0/24 maxlen: 24
                          202.57.42.0/24 maxlen: 24
                          202.57.43.0/24 maxlen: 24
                          202.57.44.0/24 maxlen: 24
                          202.57.45.0/24 maxlen: 24
                          202.57.46.0/24 maxlen: 24
                          202.57.47.0/24 maxlen: 24
                          202.57.48.0/24 maxlen: 24
                          202.57.49.0/24 maxlen: 24
                          202.57.50.0/24 maxlen: 24
                          202.57.51.0/24 maxlen: 24
                          202.57.52.0/24 maxlen: 24
                          202.57.53.0/24 maxlen: 24
                          202.57.54.0/24 maxlen: 24
                          202.57.55.0/24 maxlen: 24
                          202.57.57.0/24 maxlen: 24
                          202.57.58.0/24 maxlen: 24
                          202.57.61.0/24 maxlen: 24
                          202.57.62.0/24 maxlen: 24
                          202.57.63.0/24 maxlen: 24
                          2405:d400::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.crl
                          rsync://rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 14:25:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13728 (0x35a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91619BE, serialNumber=C316319585EE2CF247B5350371467DC269DC9CE5
        Validity
            Not Before: Jun 30 15:12:27 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a43dcdb-3456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:25:71:62:01:fe:8f:03:27:35:be:6c:82:c5:
                    69:dc:85:cc:51:7e:bc:aa:66:dc:0a:1f:5d:8e:82:
                    ef:4a:de:d0:67:3c:63:37:df:d8:d9:41:71:cf:61:
                    17:62:61:f7:1e:35:a5:f7:76:73:4d:a7:8c:65:88:
                    6a:ce:f5:65:ca:7d:09:c5:db:da:21:ce:af:f7:8c:
                    90:c4:d2:98:27:12:0d:80:82:79:31:db:53:41:6c:
                    cf:3f:4a:29:58:86:40:5a:0d:a3:11:03:cd:55:51:
                    6a:b2:83:25:b9:37:bf:34:7b:7d:2e:22:67:c4:e2:
                    25:0f:6f:16:56:6d:98:72:c4:c6:94:d5:02:45:cb:
                    42:93:eb:e2:d0:89:79:2e:5a:29:e9:7b:fc:67:ac:
                    d8:fc:ae:cb:40:b1:35:2b:91:e1:23:aa:7d:16:ab:
                    bb:cc:f3:4e:85:1f:08:20:e9:af:8e:f7:3b:ac:75:
                    65:c1:ea:af:ac:2d:51:4f:2c:bc:b6:de:a8:cb:77:
                    0e:71:1f:7e:ef:08:2e:aa:fe:60:a1:47:b4:fe:98:
                    71:e8:dd:5b:ff:9c:48:3c:4b:b4:40:b0:61:91:3d:
                    6b:2f:cd:f2:5c:89:98:9b:fa:4b:d7:80:f0:9d:7b:
                    f4:5c:7d:ca:09:d5:5d:1a:ba:0d:3b:c6:8c:25:eb:
                    69:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:35:A6:F1:CF:39:97:E6:72:29:B0:08:29:F4:B8:15:4D:2C:2E:CF
            X509v3 Authority Key Identifier:
                keyid:C3:16:31:95:85:EE:2C:F2:47:B5:35:03:71:46:7D:C2:69:DC:9C:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wxYxlYXuLPJHtTUDcUZ9wmncnOU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91619BE/752991C61D8511E293861BDC08B02CD2/3AA9ABDAA6C711E9933CF621C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.64.120.0/22
                  58.97.160.0/23
                  58.97.163.0-58.97.191.255
                  103.21.12.0/22
                  202.57.32.0-202.57.55.255
                  202.57.57.0-202.57.58.255
                  202.57.61.0-202.57.63.255
                IPv6:
                  2405:d400::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:ad:24:96:32:01:78:09:c5:75:85:70:4a:cd:1c:3e:50:b7:
         f5:13:d3:b9:ff:8e:c2:d9:7e:cc:07:d0:8b:5c:40:b2:22:3f:
         27:07:c3:b7:bd:69:5e:4f:48:4f:83:60:3a:c8:db:f8:cd:ad:
         77:4c:a8:b8:f4:0b:1d:43:4b:11:21:70:ff:cd:67:8f:a0:6f:
         6f:f2:d1:bb:ca:4c:dc:d2:88:f9:41:eb:3c:dd:cd:a4:9a:b4:
         12:84:49:18:5d:41:39:7b:e1:4b:5e:82:76:ef:23:cb:d5:a1:
         12:58:55:99:da:a2:82:3b:02:bb:46:08:3a:a1:ef:c3:7f:a9:
         6b:11:df:54:0d:8c:61:69:35:16:91:05:d0:34:4b:f1:6b:f5:
         96:c3:ac:ea:bf:56:79:4f:bb:d2:a5:3d:ed:93:16:66:0f:75:
         a3:cb:c4:77:6c:6a:31:77:75:7e:de:16:9e:e3:a1:6b:05:b6:
         df:3b:80:86:70:b2:0b:b4:13:81:35:6a:fb:76:29:8f:2c:18:
         99:43:ce:bd:b5:fe:d9:82:56:10:6a:7c:b9:cc:80:c7:7a:ec:
         52:91:88:45:e4:8a:60:10:ad:25:ae:5a:57:80:fc:a4:45:49:
         32:27:3f:52:15:39:ce:5b:2e:10:e9:07:b9:23:14:a4:f8:4a:
         87:ed:22:7b
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICNaAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjE5QkUxMTAvBgNVBAUTKEMzMTYzMTk1ODVFRTJDRjI0N0I1MzUwMzcxNDY3REMy
NjlEQzlDRTUwHhcNMjYwNjMwMTUxMjI3WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQzZGNkYi0zNDU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAjCVxYgH+jwMnNb5sgsVp3IXMUX68qmbcCh9djoLvSt7QZzxjN9/Y2UFxz2EX
YmH3HjWl93ZzTaeMZYhqzvVlyn0JxdvaIc6v94yQxNKYJxINgIJ5MdtTQWzPP0op
WIZAWg2jEQPNVVFqsoMluTe/NHt9LiJnxOIlD28WVm2YcsTGlNUCRctCk+vi0Il5
Llop6Xv8Z6zY/K7LQLE1K5HhI6p9Fqu7zPNOhR8IIOmvjvc7rHVlweqvrC1RTyy8
tt6oy3cOcR9+7wguqv5goUe0/phx6N1b/5xIPEu0QLBhkT1rL83yXImYm/pL14Dw
nXv0XH3KCdVdGroNO8aMJetprQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFMU1pvHP
OZfmcimwCCn0uBVNLC7PMB8GA1UdIwQYMBaAFMMWMZWF7izyR7U1A3FGfcJp3Jzl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MTlCRS83NTI5OTFDNjFE
ODUxMUUyOTM4NjFCREMwOEIwMkNEMi93eFl4bFlYdUxQSkh0VFVEY1VaOXdtbmNu
T1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d4WXhsWVh1TFBKSHRUVURjVVo5d21uY25PVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjE5QkUvNzUyOTkxQzYxRDg1MTFFMjkzODYxQkRDMDhCMDJDRDIvM0FBOUFCREFB
NkM3MTFFOTkzM0NGNjIxQzRGOUFFMDIucm9hMHIGCCsGAQUFBwEHAQH/BGMwYTBQ
BAIAATBKAwQCLUB4AwQBOmGgMAwDBAA6YaMDBAY6YYADBAJnFQwwDAMEBco5IAME
A8o5MDAMAwQAyjk5AwQAyjk6MAwDBADKOT0DBAbKOQAwDQQCAAIwBwMFACQF1AAw
DQYJKoZIhvcNAQELBQADggEBAAGtJJYyAXgJxXWFcErNHD5Qt/UT07n/jsLZfswH
0ItcQLIiPycHw7e9aV5PSE+DYDrI2/jNrXdMqLj0Cx1DSxEhcP/NZ4+gb2/y0bvK
TNzSiPlB6zzdzaSatBKESRhdQTl74UtegnbvI8vVoRJYVZnaooI7ArtGCDqh78N/
qWsR31QNjGFpNRaRBdA0S/Fr9ZbDrOq/VnlPu9KlPe2TFmYPdaPLxHdsajF3dX7e
Fp7joWsFtt87gIZwsgu0E4E1avt2KY8sGJlDzr21/tmCVhBqfLnMgMd67FKRiEXk
imAQrSWuWleA/KRFSTInP1IVOc5bLhDpB7kjFKT4SoftIns=
-----END CERTIFICATE-----
Generated at Sat Jul 18 02:23:34 2026 by rpki-client