Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/C4245600E55A11ED98D38780C4F9AE02.roa
File:                     C4245600E55A11ED98D38780C4F9AE02.roa (raw, json)
Hash identifier:          QIvXNw4SfpNnIslRP4MG8z3E8JePtXN3iNiIRQ5vklk=
Subject key identifier:   7D:04:FC:28:79:94:7F:90:5B:52:5E:B5:21:6A:B0:B6:6C:E5:DB:A5
Certificate issuer:       /CN=A9173CE6/serialNumber=5FAD1B39BE4555262206D19F5A669BC7B69F72C8
Certificate serial:       074A
Authority key identifier: 5F:AD:1B:39:BE:45:55:26:22:06:D1:9F:5A:66:9B:C7:B6:9F:72:C8
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/X60bOb5FVSYiBtGfWmabx7afcsg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/C4245600E55A11ED98D38780C4F9AE02.roa
Signing time:             Sat 04 Jul 2026 22:23:21 +0000
ROA not before:           Sat 04 Jul 2026 22:23:21 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     17766
IP address blocks:        192.150.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/X60bOb5FVSYiBtGfWmabx7afcsg.crl
                          rsync://rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/X60bOb5FVSYiBtGfWmabx7afcsg.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/X60bOb5FVSYiBtGfWmabx7afcsg.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 13 Jul 2026 22:18:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1866 (0x74a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9173CE6, serialNumber=5FAD1B39BE4555262206D19F5A669BC7B69F72C8
        Validity
            Not Before: Jul  4 22:23:21 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a4987d8-ceea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:78:d7:1b:d3:f8:7d:9a:19:0e:b6:b3:5d:dc:
                    5b:b5:ea:87:45:87:06:46:6f:1b:15:86:9e:17:02:
                    68:7d:66:2b:35:3c:9d:79:f6:05:1f:e1:1a:66:a3:
                    e3:c5:42:8b:ad:9f:92:be:04:19:a7:66:c6:de:38:
                    4b:21:dc:4e:df:6f:12:a7:0d:98:5d:5e:62:59:45:
                    43:a3:81:4e:fe:eb:f9:17:2e:3e:66:5e:74:1c:76:
                    a0:21:9a:63:6c:d1:22:ec:4f:ba:8b:dc:fa:b9:a1:
                    21:4c:a9:32:ec:e8:92:c3:9d:43:a7:ee:84:34:d3:
                    36:d7:0c:df:89:89:66:d2:60:96:0c:95:6a:db:1b:
                    9b:3e:bc:d3:69:00:43:75:ce:c3:25:d9:9a:b1:83:
                    72:e4:cb:48:32:78:9f:c0:ee:64:40:b6:9f:3a:9a:
                    99:a6:c9:df:fc:a9:bf:16:8e:bc:bb:5a:7b:1b:03:
                    f8:09:53:8b:84:86:38:46:76:0a:7c:5c:e5:e5:63:
                    61:08:ef:fb:59:0e:37:23:8d:77:c6:20:41:8c:19:
                    ec:f8:70:b7:28:06:62:94:a9:34:3a:85:41:cd:c5:
                    37:90:a7:02:a1:47:6c:9d:5a:19:ce:a4:ad:70:77:
                    6d:6e:b5:16:21:12:63:79:6e:e9:ea:ab:31:f9:40:
                    c5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:04:FC:28:79:94:7F:90:5B:52:5E:B5:21:6A:B0:B6:6C:E5:DB:A5
            X509v3 Authority Key Identifier:
                keyid:5F:AD:1B:39:BE:45:55:26:22:06:D1:9F:5A:66:9B:C7:B6:9F:72:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/X60bOb5FVSYiBtGfWmabx7afcsg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/X60bOb5FVSYiBtGfWmabx7afcsg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9173CE6/03A017847BD011EB85A66980C4F9AE02/C4245600E55A11ED98D38780C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.150.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0f:ec:5b:9e:0e:8f:11:14:55:bc:8d:24:46:cc:a8:bc:dc:
         49:44:23:e1:f7:a3:d2:8c:73:5f:f4:aa:93:2b:e3:b4:2a:1b:
         e3:3c:8d:1e:68:9d:16:6c:02:10:2f:53:75:f0:18:e9:a9:32:
         e9:44:cd:b3:e1:db:5e:6c:dd:be:78:ef:c2:5f:17:9d:ec:4a:
         f9:5d:ec:91:96:26:5e:cc:d7:04:30:05:c0:0b:a1:0e:fb:7a:
         67:3c:9f:5b:3c:d8:86:d1:ec:af:40:54:71:e1:e9:e7:73:cf:
         61:60:bd:33:6f:e0:63:a3:94:f8:68:7a:1a:a4:99:03:4f:e1:
         cf:68:06:e3:59:31:f8:af:fa:06:ac:b1:8a:d2:7b:44:b5:53:
         93:ee:1c:02:b6:fe:21:0c:71:78:0b:2a:30:67:8a:41:e8:55:
         fb:bd:a4:a8:e7:9d:f8:0a:c6:55:c5:d1:4f:b4:25:26:fc:d8:
         6d:51:8c:8b:01:fe:86:61:cf:cf:aa:87:c1:b2:46:ca:cb:76:
         ce:db:d7:be:9d:94:e4:96:d8:c2:c3:fb:71:9f:6e:63:ab:8b:
         3a:59:50:a6:8a:f5:74:ad:9d:22:12:a8:ed:c4:87:ff:e6:59:
         f0:18:16:98:da:96:c9:8b:2d:1e:a4:72:fa:7d:d7:c5:35:13:
         4a:c0:4d:44
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICB0owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzNDRTYxMTAvBgNVBAUTKDVGQUQxQjM5QkU0NTU1MjYyMjA2RDE5RjVBNjY5QkM3
QjY5RjcyQzgwHhcNMjYwNzA0MjIyMzIxWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ5ODdkOC1jZWVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtHjXG9P4fZoZDrazXdxbteqHRYcGRm8bFYaeFwJofWYrNTydefYFH+EaZqPj
xUKLrZ+SvgQZp2bG3jhLIdxO328Spw2YXV5iWUVDo4FO/uv5Fy4+Zl50HHagIZpj
bNEi7E+6i9z6uaEhTKky7OiSw51Dp+6ENNM21wzfiYlm0mCWDJVq2xubPrzTaQBD
dc7DJdmasYNy5MtIMnifwO5kQLafOpqZpsnf/Km/Fo68u1p7GwP4CVOLhIY4RnYK
fFzl5WNhCO/7WQ43I413xiBBjBns+HC3KAZilKk0OoVBzcU3kKcCoUdsnVoZzqSt
cHdtbrUWIRJjeW7p6qsx+UDFFwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFH0E/Ch5
lH+QW1JetSFqsLZs5dulMB8GA1UdIwQYMBaAFF+tGzm+RVUmIgbRn1pmm8e2n3LI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3M0NFNi8wM0EwMTc4NDdC
RDAxMUVCODVBNjY5ODBDNEY5QUUwMi9YNjBiT2I1RlZTWWlCdEdmV21hYng3YWZj
c2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1g2MGJPYjVGVlNZaUJ0R2ZXbWFieDdhZmNzZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzNDRTYvMDNBMDE3ODQ3QkQwMTFFQjg1QTY2OTgwQzRGOUFFMDIvQzQyNDU2MDBF
NTVBMTFFRDk4RDM4NzgwQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAwJaBMA0GCSqGSIb3DQEBCwUAA4IBAQAQD+xbng6PERRVvI0kRsyo
vNxJRCPh96PSjHNf9KqTK+O0KhvjPI0eaJ0WbAIQL1N18BjpqTLpRM2z4dtebN2+
eO/CXxed7Er5XeyRliZezNcEMAXAC6EO+3pnPJ9bPNiG0eyvQFRx4ennc89hYL0z
b+Bjo5T4aHoapJkDT+HPaAbjWTH4r/oGrLGK0ntEtVOT7hwCtv4hDHF4CyowZ4pB
6FX7vaSo5534CsZVxdFPtCUm/NhtUYyLAf6GYc/PqofBskbKy3bO29e+nZTkltjC
w/txn25jq4s6WVCmivV0rZ0iEqjtxIf/5lnwGBaY2pbJiy0epHL6fdfFNRNKwE1E
-----END CERTIFICATE-----
Generated at Tue Jul 7 13:39:05 2026 by rpki-client