Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/8FEA9564C2AE11EB94777A0CC4F9AE02.roa
File:                     8FEA9564C2AE11EB94777A0CC4F9AE02.roa (raw, json)
Hash identifier:          9HLPq0CQbV7BB1rdV8LiO+yFSw/cEBXh7bi0v397em8=
Subject key identifier:   B8:66:E0:F7:2E:78:44:E2:E5:FC:4B:15:4F:11:EE:0A:0E:75:CC:94
Certificate issuer:       /CN=A917BB59/serialNumber=22892E3D8C449F5A9AC64CFCB634B59F6C53136B
Certificate serial:       0872
Authority key identifier: 22:89:2E:3D:8C:44:9F:5A:9A:C6:4C:FC:B6:34:B5:9F:6C:53:13:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IokuPYxEn1qaxkz8tjS1n2xTE2s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/8FEA9564C2AE11EB94777A0CC4F9AE02.roa
Signing time:             Fri 26 Jun 2026 21:25:35 +0000
ROA not before:           Fri 26 Jun 2026 21:25:35 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     134202
IP address blocks:        45.117.228.0/22 maxlen: 22
                          45.117.228.0/24 maxlen: 24
                          45.117.229.0/24 maxlen: 24
                          45.117.231.0/24 maxlen: 24
                          103.58.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/IokuPYxEn1qaxkz8tjS1n2xTE2s.crl
                          rsync://rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/IokuPYxEn1qaxkz8tjS1n2xTE2s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IokuPYxEn1qaxkz8tjS1n2xTE2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 13 Jul 2026 21:22:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2162 (0x872)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917BB59, serialNumber=22892E3D8C449F5A9AC64CFCB634B59F6C53136B
        Validity
            Not Before: Jun 26 21:25:35 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3eee4f-1ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cb:c2:54:ba:26:57:dc:87:41:f9:f3:a6:8f:
                    74:82:fe:ce:78:c5:85:b2:b1:87:54:a5:22:5d:36:
                    13:60:b5:e9:d3:09:f7:41:3d:dc:1a:2d:ba:bb:62:
                    96:a1:57:31:2b:59:55:ad:7b:9d:8b:e3:01:fa:80:
                    b7:d8:b2:b3:37:82:3e:bd:83:e8:65:29:5f:3f:60:
                    ca:05:81:6d:a0:7d:b9:6f:94:f6:4a:c2:a3:81:40:
                    93:45:91:bf:d1:8b:b4:85:dc:a7:43:16:92:3e:0b:
                    39:4c:48:3c:16:48:b1:62:66:cf:0c:f8:30:14:3b:
                    c7:4b:5f:9c:b0:0b:b0:44:2d:05:a6:1b:ca:c8:ee:
                    25:6c:d1:7f:68:95:34:c6:50:4d:e1:7b:4f:d5:15:
                    34:f8:c1:48:11:46:02:c9:9d:31:d2:64:52:91:96:
                    52:1d:7e:10:b5:68:46:35:1c:bc:50:55:0f:66:f2:
                    73:50:bc:4d:10:53:8f:ef:c6:6a:9b:1e:cd:80:35:
                    5b:06:40:f8:96:7d:b4:f0:0c:d8:61:6c:e2:a9:ac:
                    e1:fc:83:6f:50:fe:11:08:01:6c:c6:52:c5:e3:e6:
                    33:52:7b:e3:43:bc:70:38:85:b9:1f:52:b8:80:95:
                    10:d3:5b:7c:20:b7:5c:11:78:a5:25:f9:12:f0:a8:
                    2d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:66:E0:F7:2E:78:44:E2:E5:FC:4B:15:4F:11:EE:0A:0E:75:CC:94
            X509v3 Authority Key Identifier:
                keyid:22:89:2E:3D:8C:44:9F:5A:9A:C6:4C:FC:B6:34:B5:9F:6C:53:13:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/IokuPYxEn1qaxkz8tjS1n2xTE2s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IokuPYxEn1qaxkz8tjS1n2xTE2s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BB59/B68B90D60DCA11EBA7C2E22DC4F9AE02/8FEA9564C2AE11EB94777A0CC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.228.0/22
                  103.58.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:42:de:bd:bd:40:2c:f8:12:97:ed:55:a5:cb:48:9a:e9:94:
         8e:6c:c0:60:15:38:80:82:01:7a:c4:6c:45:85:0c:f3:8a:27:
         55:1c:a7:75:5b:b3:e8:90:a5:f6:62:14:14:a5:e9:6b:f3:48:
         24:a9:f6:8c:a0:5e:5f:61:ad:00:8f:0a:fe:fe:80:b9:b3:88:
         8d:e0:09:af:05:1d:73:f4:52:11:74:13:e7:fa:a2:d5:98:2c:
         19:ec:d4:0b:d0:86:54:b9:22:52:c7:df:d0:0c:28:eb:d9:81:
         63:83:ca:c0:6f:e7:67:34:bb:15:33:88:39:d7:48:b6:0b:e7:
         c8:cf:e3:28:5f:a2:16:46:6e:94:86:79:a0:c1:37:5a:05:f7:
         61:07:66:96:f4:21:8c:8e:85:15:7f:e0:de:f4:10:4c:be:52:
         fa:92:86:35:0d:43:ff:28:42:d0:47:29:2c:83:b9:44:df:26:
         ce:a8:da:91:75:53:a8:87:7a:2f:63:d0:9f:d7:91:38:75:3b:
         e5:9b:45:0f:59:93:53:bd:01:8b:3f:ca:ab:5e:6d:61:b4:1a:
         9e:d1:30:c3:15:0e:22:92:3b:4a:48:c9:5b:e8:6c:de:9b:16:
         75:f4:0d:1a:d9:2c:0b:e7:1a:4b:0f:a5:ce:df:05:e4:52:ad:
         a6:57:89:fe
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICCHIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0JCNTkxMTAvBgNVBAUTKDIyODkyRTNEOEM0NDlGNUE5QUM2NENGQ0I2MzRCNTlG
NkM1MzEzNkIwHhcNMjYwNjI2MjEyNTM1WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNlZWU0Zi0xY2EzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApsvCVLomV9yHQfnzpo90gv7OeMWFsrGHVKUiXTYTYLXp0wn3QT3cGi26u2KW
oVcxK1lVrXudi+MB+oC32LKzN4I+vYPoZSlfP2DKBYFtoH25b5T2SsKjgUCTRZG/
0Yu0hdynQxaSPgs5TEg8FkixYmbPDPgwFDvHS1+csAuwRC0FphvKyO4lbNF/aJU0
xlBN4XtP1RU0+MFIEUYCyZ0x0mRSkZZSHX4QtWhGNRy8UFUPZvJzULxNEFOP78Zq
mx7NgDVbBkD4ln208AzYYWziqazh/INvUP4RCAFsxlLF4+YzUnvjQ7xwOIW5H1K4
gJUQ01t8ILdcEXilJfkS8KgtZQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFLhm4Pcu
eETi5fxLFU8R7goOdcyUMB8GA1UdIwQYMBaAFCKJLj2MRJ9amsZM/LY0tZ9sUxNr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QkI1OS9CNjhCOTBENjBE
Q0ExMUVCQTdDMkUyMkRDNEY5QUUwMi9Jb2t1UFl4RW4xcWF4a3o4dGpTMW4yeFRF
MnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lva3VQWXhFbjFxYXhrejh0alMxbjJ4VEUycy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0JCNTkvQjY4QjkwRDYwRENBMTFFQkE3QzJFMjJEQzRGOUFFMDIvOEZFQTk1NjRD
MkFFMTFFQjk0Nzc3QTBDQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQCLXXkAwQCZzoQMA0GCSqGSIb3DQEBCwUAA4IBAQA6Qt69vUAs+BKX
7VWly0ia6ZSObMBgFTiAggF6xGxFhQzziidVHKd1W7PokKX2YhQUpelr80gkqfaM
oF5fYa0Ajwr+/oC5s4iN4AmvBR1z9FIRdBPn+qLVmCwZ7NQL0IZUuSJSx9/QDCjr
2YFjg8rAb+dnNLsVM4g510i2C+fIz+MoX6IWRm6UhnmgwTdaBfdhB2aW9CGMjoUV
f+De9BBMvlL6koY1DUP/KELQRyksg7lE3ybOqNqRdVOoh3ovY9Cf15E4dTvlm0UP
WZNTvQGLP8qrXm1htBqe0TDDFQ4ikjtKSMlb6GzemxZ19A0a2SwL5xpLD6XO3wXk
Uq2mV4n+
-----END CERTIFICATE-----
Generated at Wed Jul 8 06:11:01 2026 by rpki-client