Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/3FA4288CD29B11ED88E16742C4F9AE02.roa
File:                     3FA4288CD29B11ED88E16742C4F9AE02.roa (raw, json)
Hash identifier:          XRam2F4FC1VRB1bzeJbTRlXhvSOCTuW1Ti0TuLeUucE=
Subject key identifier:   CB:24:9E:9B:E6:9F:B7:99:AF:CF:63:48:E9:00:7F:41:85:FE:B1:A1
Certificate issuer:       /CN=A91638DD/serialNumber=7211E68B57CDCDF4EDA83CF0B4623B7693F6343A
Certificate serial:       0269
Authority key identifier: 72:11:E6:8B:57:CD:CD:F4:ED:A8:3C:F0:B4:62:3B:76:93:F6:34:3A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/chHmi1fNzfTtqDzwtGI7dpP2NDo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/3FA4288CD29B11ED88E16742C4F9AE02.roa
Signing time:             Sun 05 Jul 2026 03:28:20 +0000
ROA not before:           Sun 05 Jul 2026 03:28:20 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     45352
IP address blocks:        103.93.72.0/24 maxlen: 24
                          103.93.73.0/24 maxlen: 24
                          103.93.74.0/24 maxlen: 24
                          103.93.75.0/24 maxlen: 24
                          123.253.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/chHmi1fNzfTtqDzwtGI7dpP2NDo.crl
                          rsync://rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/chHmi1fNzfTtqDzwtGI7dpP2NDo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/chHmi1fNzfTtqDzwtGI7dpP2NDo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 02:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 617 (0x269)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91638DD, serialNumber=7211E68B57CDCDF4EDA83CF0B4623B7693F6343A
        Validity
            Not Before: Jul  5 03:28:20 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a49cf54-7312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:45:04:00:5b:86:c8:92:5e:f1:17:27:1d:3b:
                    d2:84:c9:a5:c0:65:e6:09:92:19:4f:aa:50:6d:06:
                    4d:2f:bf:67:d1:c8:6d:f4:cc:7b:38:bf:94:ec:a6:
                    a4:76:1d:50:e1:08:71:a3:2c:01:e7:fd:79:8e:e4:
                    a6:cf:c7:4f:dc:04:5c:b5:72:08:4d:f6:3e:fa:ca:
                    13:64:ea:88:79:fb:9f:f1:ab:c9:fe:08:ab:a0:3d:
                    16:13:ea:14:2b:66:53:91:fc:7f:15:60:9a:11:10:
                    21:13:f3:0c:9d:4e:70:25:5a:a2:c2:0f:0b:d9:24:
                    fa:30:a5:44:a1:7e:91:1c:2e:70:0f:36:65:15:1a:
                    e4:99:47:ec:aa:1a:1b:90:5d:fe:82:6e:9f:f2:f6:
                    14:b0:78:22:43:b7:08:e5:be:b4:75:b6:cd:c9:d5:
                    45:80:f5:43:82:a9:f4:4d:e9:77:74:d4:c8:54:72:
                    c2:7f:f9:9e:b1:a8:5e:36:a8:55:7d:cd:c2:eb:0a:
                    90:5e:b7:1b:b4:48:74:89:ac:c3:c1:d0:a5:30:0b:
                    db:c5:ef:fd:d6:64:7c:55:46:27:2c:77:6b:61:07:
                    2c:d4:ad:a6:4b:84:f8:1f:d6:66:a3:1f:c0:3e:48:
                    04:9b:37:cc:21:e9:9d:91:1a:44:22:5b:7a:f3:39:
                    ef:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:24:9E:9B:E6:9F:B7:99:AF:CF:63:48:E9:00:7F:41:85:FE:B1:A1
            X509v3 Authority Key Identifier:
                keyid:72:11:E6:8B:57:CD:CD:F4:ED:A8:3C:F0:B4:62:3B:76:93:F6:34:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/chHmi1fNzfTtqDzwtGI7dpP2NDo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/chHmi1fNzfTtqDzwtGI7dpP2NDo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91638DD/C8870CAED29711EDB0858B3DC4F9AE02/3FA4288CD29B11ED88E16742C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.93.72.0/22
                  123.253.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:54:82:7d:5b:6a:e9:29:55:8f:96:bb:e7:67:f7:c0:15:4e:
         c3:74:0c:fb:4e:58:bf:cf:50:a5:46:12:c6:79:15:0f:c1:d6:
         9c:70:36:a7:fe:40:64:d0:c2:3f:ad:5b:21:d1:4a:a2:a6:d2:
         fc:b2:d4:ee:1d:29:3f:8e:49:8e:c7:00:78:00:46:04:d8:cd:
         de:0f:21:4d:d9:fa:d9:7a:b8:3c:a5:6e:75:c0:63:df:38:94:
         05:40:8d:48:c8:93:41:78:4e:22:9a:c5:c6:43:7b:03:01:79:
         7a:90:ab:7f:52:e6:f8:7b:2e:66:b5:da:1a:33:1e:b1:3f:af:
         9d:92:50:9a:a0:0c:0f:f8:f3:ec:d5:76:60:1b:12:8a:90:63:
         d2:8f:64:5b:b2:ae:22:92:c8:1f:cb:a4:0d:26:76:2d:45:12:
         d3:e7:89:a0:d6:3b:9f:af:06:1b:d8:43:72:56:c6:1d:2d:a3:
         64:d7:7f:68:50:89:e7:3a:30:5c:55:86:0c:3b:1f:a8:44:79:
         04:50:25:b8:83:89:7d:82:77:6f:52:c7:fd:28:5e:5e:5e:54:
         d2:a0:0d:dd:76:b2:49:07:9d:b1:80:aa:bd:63:83:ce:03:a4:
         a6:ba:a2:6f:57:3e:ae:6e:8d:29:aa:56:78:7d:61:3c:30:c6:
         a1:42:0d:d8
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICAmkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjM4REQxMTAvBgNVBAUTKDcyMTFFNjhCNTdDRENERjRFREE4M0NGMEI0NjIzQjc2
OTNGNjM0M0EwHhcNMjYwNzA1MDMyODIwWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ5Y2Y1NC03MzEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoUUEAFuGyJJe8RcnHTvShMmlwGXmCZIZT6pQbQZNL79n0cht9Mx7OL+U7Kak
dh1Q4QhxoywB5/15juSmz8dP3ARctXIITfY++soTZOqIefuf8avJ/giroD0WE+oU
K2ZTkfx/FWCaERAhE/MMnU5wJVqiwg8L2ST6MKVEoX6RHC5wDzZlFRrkmUfsqhob
kF3+gm6f8vYUsHgiQ7cI5b60dbbNydVFgPVDgqn0Tel3dNTIVHLCf/mesaheNqhV
fc3C6wqQXrcbtEh0iazDwdClMAvbxe/91mR8VUYnLHdrYQcs1K2mS4T4H9Zmox/A
PkgEmzfMIemdkRpEIlt68znvawIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFMsknpvm
n7eZr89jSOkAf0GF/rGhMB8GA1UdIwQYMBaAFHIR5otXzc307ag88LRiO3aT9jQ6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MzhERC9DODg3MENBRUQy
OTcxMUVEQjA4NThCM0RDNEY5QUUwMi9jaEhtaTFmTnpmVHRxRHp3dEdJN2RwUDJO
RG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NoSG1pMWZOemZUdHFEend0R0k3ZHBQMk5Eby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjM4REQvQzg4NzBDQUVEMjk3MTFFREIwODU4QjNEQzRGOUFFMDIvM0ZBNDI4OENE
MjlCMTFFRDg4RTE2NzQyQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQCZ11IAwQCe/1wMA0GCSqGSIb3DQEBCwUAA4IBAQB9VIJ9W2rpKVWP
lrvnZ/fAFU7DdAz7Tli/z1ClRhLGeRUPwdaccDan/kBk0MI/rVsh0UqiptL8stTu
HSk/jkmOxwB4AEYE2M3eDyFN2frZerg8pW51wGPfOJQFQI1IyJNBeE4imsXGQ3sD
AXl6kKt/Uub4ey5mtdoaMx6xP6+dklCaoAwP+PPs1XZgGxKKkGPSj2Rbsq4iksgf
y6QNJnYtRRLT54mg1jufrwYb2ENyVsYdLaNk139oUInnOjBcVYYMOx+oRHkEUCW4
g4l9gndvUsf9KF5eXlTSoA3ddrJJB52xgKq9Y4POA6SmuqJvVz6ubo0pqlZ4fWE8
MMahQg3Y
-----END CERTIFICATE-----
Generated at Sat Jul 18 07:20:59 2026 by rpki-client