Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/02BCE50286AF11EF9EFFD52FC4F9AE02.roa
File:                     02BCE50286AF11EF9EFFD52FC4F9AE02.roa (raw, json)
Hash identifier:          PNEP+JjlL4CHQzQXC1TXwIdCVpnriRn+fmkVsmNv1jU=
Subject key identifier:   E0:0D:EC:8A:4D:31:12:40:27:9C:43:C4:D1:D0:4F:44:6D:FB:01:93
Certificate issuer:       /CN=A91698EC/serialNumber=E58F0F52A4D2D1DE44675ACA17557BF982EC7D79
Certificate serial:       0199
Authority key identifier: E5:8F:0F:52:A4:D2:D1:DE:44:67:5A:CA:17:55:7B:F9:82:EC:7D:79
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/02BCE50286AF11EF9EFFD52FC4F9AE02.roa
Signing time:             Fri 03 Jul 2026 05:31:50 +0000
ROA not before:           Fri 03 Jul 2026 05:31:50 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     140065
IP address blocks:        2001:df3:dec0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.crl
                          rsync://rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:24:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 409 (0x199)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91698EC, serialNumber=E58F0F52A4D2D1DE44675ACA17557BF982EC7D79
        Validity
            Not Before: Jul  3 05:31:50 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a474946-0b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a3:30:98:16:3b:45:25:9e:3e:ef:d3:bd:c5:
                    ae:d2:c0:90:8b:04:02:d7:7f:30:65:85:f0:e8:ec:
                    7e:40:34:ff:db:0e:3a:53:32:f5:dd:48:33:fc:3a:
                    a1:75:fa:2e:f5:8f:53:79:f0:f8:47:a7:cd:81:1a:
                    5d:81:32:c2:e0:72:e7:27:90:9f:63:b6:17:5f:b2:
                    ba:03:bf:1d:c5:68:a7:a7:68:28:8a:e3:af:c4:55:
                    8d:4f:32:d0:76:1e:6a:3e:30:f9:be:b7:23:04:67:
                    84:78:3a:33:4b:92:4d:17:58:a3:5e:93:d9:18:3b:
                    e0:0b:e2:e7:84:7a:ac:cc:6e:6d:c3:ea:c5:d7:3e:
                    28:72:3b:16:02:af:b3:d8:11:3d:5d:ef:70:f1:d7:
                    9d:a7:9e:44:71:9e:5e:81:6c:c4:d5:d3:b4:1d:58:
                    46:51:b1:d2:ff:2b:b0:69:04:bd:34:fd:13:54:d0:
                    03:e8:51:b1:0c:29:f2:db:6a:43:4c:92:51:ef:7a:
                    43:2d:3f:a1:8e:c1:dc:05:78:95:e4:ed:d8:14:f6:
                    68:cb:88:4b:52:73:e0:90:11:0c:2b:71:e8:9c:58:
                    68:70:9c:06:0d:f3:cb:88:2f:5a:cf:42:a5:32:ca:
                    ef:cf:91:2d:d4:19:17:2b:5a:5e:f7:57:98:a8:80:
                    d1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0D:EC:8A:4D:31:12:40:27:9C:43:C4:D1:D0:4F:44:6D:FB:01:93
            X509v3 Authority Key Identifier:
                keyid:E5:8F:0F:52:A4:D2:D1:DE:44:67:5A:CA:17:55:7B:F9:82:EC:7D:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Y8PUqTS0d5EZ1rKF1V7-YLsfXk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91698EC/21E5A30A1EE111EF93F9853DC4F9AE02/02BCE50286AF11EF9EFFD52FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:dec0::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:be:bd:c7:39:cc:6f:c0:52:0a:16:03:6b:b3:bc:2d:9c:d8:
         68:57:b5:41:6a:53:ba:77:99:a0:94:60:b2:79:1d:29:51:02:
         9c:88:0e:09:81:3d:0d:3f:c7:10:dc:77:64:66:5b:c6:75:62:
         ab:8f:ad:d1:64:b5:07:59:d4:74:7e:b6:90:df:a7:68:c1:8b:
         24:0a:26:b0:00:a3:1c:0c:be:0b:55:6b:c7:15:f0:e0:a8:03:
         cd:4c:39:04:15:ba:4f:30:27:d7:55:71:70:d6:6c:11:23:3e:
         70:3e:4e:af:b5:3b:62:92:21:55:cd:d4:9f:8c:3d:40:4f:9a:
         01:d6:66:7e:cb:30:03:bf:c0:3c:63:63:03:28:08:3e:7b:7f:
         19:fc:50:8f:93:ef:ec:3b:c2:9a:21:f4:74:12:d4:84:cc:2d:
         4b:8c:55:e7:6f:b3:7b:9a:c0:6a:75:80:7c:3b:4b:54:ac:5a:
         b7:72:95:15:d8:31:34:39:2b:14:73:35:2c:d3:b4:2c:38:e9:
         3a:fe:20:c9:4e:c6:06:66:5c:00:e3:6e:58:51:25:98:be:ca:
         47:94:66:f5:76:15:43:23:e7:fa:75:57:76:7d:2a:d8:22:dc:
         bb:e1:eb:f5:db:91:e5:c6:7f:f3:58:b3:ec:ee:e6:cf:8a:07:
         bc:5c:0c:90
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgICAZkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Njk4RUMxMTAvBgNVBAUTKEU1OEYwRjUyQTREMkQxREU0NDY3NUFDQTE3NTU3QkY5
ODJFQzdENzkwHhcNMjYwNzAzMDUzMTUwWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3NDk0Ni0wYjhlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAk6MwmBY7RSWePu/TvcWu0sCQiwQC138wZYXw6Ox+QDT/2w46UzL13Ugz/Dqh
dfou9Y9TefD4R6fNgRpdgTLC4HLnJ5CfY7YXX7K6A78dxWinp2goiuOvxFWNTzLQ
dh5qPjD5vrcjBGeEeDozS5JNF1ijXpPZGDvgC+LnhHqszG5tw+rF1z4ocjsWAq+z
2BE9Xe9w8dedp55EcZ5egWzE1dO0HVhGUbHS/yuwaQS9NP0TVNAD6FGxDCny22pD
TJJR73pDLT+hjsHcBXiV5O3YFPZoy4hLUnPgkBEMK3HonFhocJwGDfPLiC9az0Kl
Msrvz5Et1BkXK1pe91eYqIDRFQIDAQABo4ICYzCCAl8wHQYDVR0OBBYEFOAN7IpN
MRJAJ5xDxNHQT0Rt+wGTMB8GA1UdIwQYMBaAFOWPD1Kk0tHeRGdayhdVe/mC7H15
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OThFQy8yMUU1QTMwQTFF
RTExMUVGOTNGOTg1M0RDNEY5QUUwMi81WThQVXFUUzBkNUVaMXJLRjFWNy1ZTHNm
WGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVZOFBVcVRTMGQ1RVoxcktGMVY3LVlMc2ZYay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Njk4RUMvMjFFNUEzMEExRUUxMTFFRjkzRjk4NTNEQzRGOUFFMDIvMDJCQ0U1MDI4
NkFGMTFFRjlFRkZENTJGQzRGOUFFMDIucm9hMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAIAEN897AMA0GCSqGSIb3DQEBCwUAA4IBAQCrvr3HOcxvwFIKFgNr
s7wtnNhoV7VBalO6d5mglGCyeR0pUQKciA4JgT0NP8cQ3HdkZlvGdWKrj63RZLUH
WdR0fraQ36dowYskCiawAKMcDL4LVWvHFfDgqAPNTDkEFbpPMCfXVXFw1mwRIz5w
Pk6vtTtikiFVzdSfjD1AT5oB1mZ+yzADv8A8Y2MDKAg+e38Z/FCPk+/sO8KaIfR0
EtSEzC1LjFXnb7N7msBqdYB8O0tUrFq3cpUV2DE0OSsUczUs07QsOOk6/iDJTsYG
ZlwA425YUSWYvspHlGb1dhVDI+f6dVd2fSrYIty74ev125Hlxn/zWLPs7ubPige8
XAyQ
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:12:34 2026 by rpki-client