Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/38504AE86F9111F19A5C332C6CA30FBC.roa
File:                     38504AE86F9111F19A5C332C6CA30FBC.roa (raw, json)
Hash identifier:          ctFJMNlLmb24KK/hUvuG9PeuIx9ZmlcOLpD5Hrci6io=
Subject key identifier:   52:6B:A9:F4:37:D1:F0:9C:C7:DE:0A:B1:31:62:AF:A1:45:7E:8E:23
Certificate issuer:       /CN=A91784CD/serialNumber=E3439434D0AFB21949EB49062F006CA6112F3A84
Certificate serial:       02
Authority key identifier: E3:43:94:34:D0:AF:B2:19:49:EB:49:06:2F:00:6C:A6:11:2F:3A:84
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/40OUNNCvshlJ60kGLwBsphEvOoQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/38504AE86F9111F19A5C332C6CA30FBC.roa
Signing time:             Wed 24 Jun 2026 05:54:53 +0000
ROA not before:           Wed 24 Jun 2026 05:54:53 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     140842
IP address blocks:        103.251.110.0/24 maxlen: 24
                          103.251.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/40OUNNCvshlJ60kGLwBsphEvOoQ.crl
                          rsync://rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/40OUNNCvshlJ60kGLwBsphEvOoQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/40OUNNCvshlJ60kGLwBsphEvOoQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:06:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91784CD, serialNumber=E3439434D0AFB21949EB49062F006CA6112F3A84
        Validity
            Not Before: Jun 24 05:54:53 2026 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=6a3b712d-b7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:77:66:ee:e6:63:af:ae:4f:c1:84:d4:84:36:
                    27:4e:1b:f4:51:ea:cf:f1:94:ce:c8:81:77:8b:8b:
                    75:ba:85:2c:b2:7b:21:af:a0:17:2c:45:c8:91:fb:
                    ff:81:5d:6c:8f:fd:1d:21:09:9e:df:fe:57:04:35:
                    5f:bf:89:1a:3f:4f:d5:ea:05:dd:ec:28:84:03:b7:
                    5d:93:54:f0:b2:bd:d3:80:c7:5d:00:dd:68:ba:a1:
                    5b:89:11:c8:6c:a7:27:59:9e:19:6f:69:1a:8f:1a:
                    28:eb:ba:f2:9b:d2:cd:19:33:7c:a7:6d:6f:c5:85:
                    9e:40:78:73:b0:92:1b:c4:e0:e5:d1:5c:e2:7f:13:
                    27:94:df:33:2f:da:b1:ad:08:47:c4:4a:55:d1:8c:
                    04:04:04:f9:73:f3:91:7f:76:64:05:86:02:5e:e5:
                    59:c5:57:bd:5a:ac:f8:55:9a:a1:a6:36:af:e8:1d:
                    2c:05:0c:f8:ab:d5:43:22:85:a1:5a:58:54:03:9a:
                    68:65:f3:41:c5:2e:5d:4e:0d:da:19:12:01:8a:2e:
                    ba:46:a0:dd:c6:b8:18:3b:99:24:16:0c:e4:6a:47:
                    35:a9:57:8a:79:ad:87:16:55:23:2f:5d:12:ac:cd:
                    bb:c6:f2:1b:01:a2:5e:dd:be:13:7a:c2:69:3e:af:
                    79:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6B:A9:F4:37:D1:F0:9C:C7:DE:0A:B1:31:62:AF:A1:45:7E:8E:23
            X509v3 Authority Key Identifier:
                keyid:E3:43:94:34:D0:AF:B2:19:49:EB:49:06:2F:00:6C:A6:11:2F:3A:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/40OUNNCvshlJ60kGLwBsphEvOoQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/40OUNNCvshlJ60kGLwBsphEvOoQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91784CD/CCDDA9866F9011F1A8C9032B6CA30FBC/38504AE86F9111F19A5C332C6CA30FBC.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.251.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:b7:a5:04:0e:af:be:b3:9d:ce:e4:b9:25:49:bb:6c:cd:a4:
         69:bc:d7:41:90:6b:74:69:61:1f:08:79:92:bc:12:4d:09:b5:
         9d:d4:99:08:f6:2c:ff:be:b2:87:14:bd:8a:d6:16:1d:a1:e6:
         41:32:f1:49:db:02:36:5b:2d:95:ca:89:fd:da:5a:b8:ba:04:
         75:1b:a8:ed:37:98:b2:ae:db:ca:9e:01:8e:b5:fd:30:e5:95:
         61:a6:d4:34:24:4c:f8:c3:df:5b:f4:25:68:36:ca:25:a9:ce:
         d8:84:92:ac:21:35:6c:c7:74:65:70:20:a7:61:7c:68:41:06:
         dd:48:5a:0b:07:fa:52:4f:da:a9:e7:b5:0c:d8:fe:a5:91:76:
         93:46:86:c0:14:00:c1:cc:e2:39:ae:15:a3:17:2e:fd:dc:6a:
         42:7b:08:22:20:f9:dd:b7:c9:12:57:dc:d1:ac:24:9f:01:e7:
         72:a6:41:33:95:01:f0:7b:6f:93:09:5a:ac:b0:fb:14:b9:0f:
         9b:22:06:54:e4:30:4b:4b:56:91:01:e2:cc:cd:13:80:bb:d0:
         b8:0a:4c:c5:63:9d:06:b4:b8:99:59:74:25:6a:c8:0e:e9:a9:
         d2:03:8f:64:d8:51:f7:07:8d:cb:7b:b3:a7:8c:0a:02:24:f9:
         4c:71:97:08
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
ODRDRDExMC8GA1UEBRMoRTM0Mzk0MzREMEFGQjIxOTQ5RUI0OTA2MkYwMDZDQTYx
MTJGM0E4NDAeFw0yNjA2MjQwNTU0NTNaFw0yNjEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhM2I3MTJkLWI3ZjgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC5d2bu5mOvrk/BhNSENidOG/RR6s/xlM7IgXeLi3W6hSyyeyGvoBcsRciR+/+B
XWyP/R0hCZ7f/lcENV+/iRo/T9XqBd3sKIQDt12TVPCyvdOAx10A3Wi6oVuJEchs
pydZnhlvaRqPGijruvKb0s0ZM3ynbW/FhZ5AeHOwkhvE4OXRXOJ/EyeU3zMv2rGt
CEfESlXRjAQEBPlz85F/dmQFhgJe5VnFV71arPhVmqGmNq/oHSwFDPir1UMihaFa
WFQDmmhl80HFLl1ODdoZEgGKLrpGoN3GuBg7mSQWDORqRzWpV4p5rYcWVSMvXRKs
zbvG8hsBol7dvhN6wmk+r3mhAgMBAAGjggJgMIICXDAdBgNVHQ4EFgQUUmup9DfR
8JzH3gqxMWKvoUV+jiMwHwYDVR0jBBgwFoAU40OUNNCvshlJ60kGLwBsphEvOoQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTc4NENEL0NDRERBOTg2NkY5
MDExRjFBOEM5MDMyQjZDQTMwRkJDLzQwT1VOTkN2c2hsSjYwa0dMd0JzcGhFdk9v
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNDBPVU5OQ3ZzaGxKNjBrR0x3QnNwaEV2T29RLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
ODRDRC9DQ0REQTk4NjZGOTAxMUYxQThDOTAzMkI2Q0EzMEZCQy8zODUwNEFFODZG
OTExMUYxOUE1QzMzMkM2Q0EzMEZCQy5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAFn+24wDQYJKoZIhvcNAQELBQADggEBADm3pQQOr76znc7kuSVJu2zN
pGm810GQa3RpYR8IeZK8Ek0JtZ3UmQj2LP++socUvYrWFh2h5kEy8UnbAjZbLZXK
if3aWri6BHUbqO03mLKu28qeAY61/TDllWGm1DQkTPjD31v0JWg2yiWpztiEkqwh
NWzHdGVwIKdhfGhBBt1IWgsH+lJP2qnntQzY/qWRdpNGhsAUAMHM4jmuFaMXLv3c
akJ7CCIg+d23yRJX3NGsJJ8B53KmQTOVAfB7b5MJWqyw+xS5D5siBlTkMEtLVpEB
4szNE4C70LgKTMVjnQa0uJlZdCVqyA7pqdIDj2TYUfcHjct7s6eMCgIk+Uxxlwg=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:20:46 2026 by rpki-client