Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/BD65DA5EE24111ECB7132461C4F9AE02.roa
File:                     BD65DA5EE24111ECB7132461C4F9AE02.roa (raw, json)
Hash identifier:          bxUKlVvCWdZ2Eyvw13Hoq944T3dQzpz/Hp7tmrauMz0=
Subject key identifier:   9A:FA:FD:26:33:27:05:86:77:6D:70:8B:30:2D:56:90:D4:5C:0B:11
Certificate issuer:       /CN=A9181B90/serialNumber=5AC36DE95936B87A010A2A4BA915695A6999071D
Certificate serial:       03B8
Authority key identifier: 5A:C3:6D:E9:59:36:B8:7A:01:0A:2A:4B:A9:15:69:5A:69:99:07:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WsNt6Vk2uHoBCipLqRVpWmmZBx0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/BD65DA5EE24111ECB7132461C4F9AE02.roa
Signing time:             Sat 27 Jun 2026 01:31:34 +0000
ROA not before:           Sat 27 Jun 2026 01:31:34 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     149854
IP address blocks:        103.188.232.0/23 maxlen: 23
                          103.188.232.0/24 maxlen: 24
                          103.188.233.0/24 maxlen: 24
                          2001:df0:c8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/WsNt6Vk2uHoBCipLqRVpWmmZBx0.crl
                          rsync://rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/WsNt6Vk2uHoBCipLqRVpWmmZBx0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WsNt6Vk2uHoBCipLqRVpWmmZBx0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 12 Jul 2026 01:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 952 (0x3b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9181B90, serialNumber=5AC36DE95936B87A010A2A4BA915695A6999071D
        Validity
            Not Before: Jun 27 01:31:34 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3f27f6-1eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9d:4e:5f:47:bb:2a:e7:5b:bd:d7:d5:27:f2:
                    20:1e:d2:96:38:e0:49:ed:05:83:53:0c:e8:31:14:
                    6d:8a:b7:59:67:73:9b:9e:d3:37:84:e7:2c:92:c2:
                    25:77:8d:e7:7d:52:e2:b1:96:5e:bb:23:7d:2d:fd:
                    de:3d:46:a6:55:71:cc:a5:2c:f8:fd:2e:e9:b6:b5:
                    c5:53:96:05:7b:b8:04:13:2d:57:ba:3c:c5:d0:92:
                    81:bc:1b:9f:18:68:69:59:09:60:65:86:a9:99:24:
                    4b:3d:4f:0d:dd:79:3d:00:bb:45:da:f6:f1:2c:0c:
                    13:7b:50:a2:e1:35:cb:2d:a4:23:17:93:22:10:72:
                    6b:c3:f5:b2:04:30:6c:3a:a5:37:7f:29:d9:e8:81:
                    b5:0b:c4:fe:7c:7f:11:f6:5f:b1:57:9f:7b:60:3b:
                    9b:cc:66:89:5a:08:71:da:b0:a0:7c:64:9b:3d:96:
                    f3:1d:3b:86:e1:11:a6:ab:82:47:5d:bc:14:ec:a7:
                    9b:b8:31:a5:17:20:3e:d0:81:91:e1:bd:d9:56:fd:
                    3d:ff:f4:e0:d0:e2:12:a0:fe:86:d8:d8:59:fc:80:
                    98:f6:04:43:b8:a2:7f:75:f0:6e:fe:48:bb:3b:c3:
                    61:d6:1c:82:03:51:9f:7a:fe:61:5f:91:03:37:59:
                    f3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FA:FD:26:33:27:05:86:77:6D:70:8B:30:2D:56:90:D4:5C:0B:11
            X509v3 Authority Key Identifier:
                keyid:5A:C3:6D:E9:59:36:B8:7A:01:0A:2A:4B:A9:15:69:5A:69:99:07:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/WsNt6Vk2uHoBCipLqRVpWmmZBx0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WsNt6Vk2uHoBCipLqRVpWmmZBx0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9181B90/F80CEFACE23D11EC84D2B35EC4F9AE02/BD65DA5EE24111ECB7132461C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.188.232.0/23
                IPv6:
                  2001:df0:c8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:8f:1d:94:29:a6:04:84:ae:bf:57:21:37:7e:74:cc:32:fc:
         eb:60:4c:44:95:60:0c:15:fa:9e:6d:74:f3:53:8d:f6:27:42:
         5d:c2:e3:d8:87:85:64:58:f3:19:61:61:df:31:d7:94:81:27:
         11:c0:49:33:c4:a9:ac:fc:a2:32:e6:8b:54:4d:db:76:0f:40:
         6a:c5:03:5b:6f:cd:a6:25:72:60:94:ba:54:17:88:7d:6e:98:
         88:c2:af:0e:19:82:39:ba:12:30:d4:97:5a:a4:43:4f:70:0c:
         db:a2:31:0b:c5:d6:67:4d:5d:6e:f6:20:96:ae:31:1f:f2:a9:
         34:91:7a:bc:1c:2c:16:8e:1e:07:85:04:eb:e9:58:5b:b2:36:
         a9:e0:7a:b8:17:78:85:82:7f:33:d4:e7:95:65:53:6f:17:01:
         9f:5d:bc:40:88:ed:9b:3a:90:6f:f8:fe:f4:52:5d:4a:ba:9b:
         ed:30:fc:57:27:38:95:d4:cb:5b:e3:46:e2:01:a1:88:a8:cc:
         dc:09:09:86:52:37:b1:f3:b7:80:0a:0a:d7:0d:fc:d7:13:52:
         27:d9:0e:ff:ab:ce:2f:17:0b:42:99:ca:50:75:c5:58:a2:6c:
         31:21:b8:28:40:ad:2c:88:0b:e8:d7:d0:0d:80:4d:36:8e:93:
         08:10:9d:7c
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgICA7gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODFCOTAxMTAvBgNVBAUTKDVBQzM2REU5NTkzNkI4N0EwMTBBMkE0QkE5MTU2OTVB
Njk5OTA3MUQwHhcNMjYwNjI3MDEzMTM0WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNmMjdmNi0xZWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1J1OX0e7KudbvdfVJ/IgHtKWOOBJ7QWDUwzoMRRtirdZZ3ObntM3hOcsksIl
d43nfVLisZZeuyN9Lf3ePUamVXHMpSz4/S7ptrXFU5YFe7gEEy1XujzF0JKBvBuf
GGhpWQlgZYapmSRLPU8N3Xk9ALtF2vbxLAwTe1Ci4TXLLaQjF5MiEHJrw/WyBDBs
OqU3fynZ6IG1C8T+fH8R9l+xV597YDubzGaJWghx2rCgfGSbPZbzHTuG4RGmq4JH
XbwU7KebuDGlFyA+0IGR4b3ZVv09//Tg0OISoP6G2NhZ/ICY9gRDuKJ/dfBu/ki7
O8Nh1hyCA1Gfev5hX5EDN1nzBQIDAQABo4ICcTCCAm0wHQYDVR0OBBYEFJr6/SYz
JwWGd21wizAtVpDUXAsRMB8GA1UdIwQYMBaAFFrDbelZNrh6AQoqS6kVaVppmQcd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MUI5MC9GODBDRUZBQ0Uy
M0QxMUVDODREMkIzNUVDNEY5QUUwMi9Xc050NlZrMnVIb0JDaXBMcVJWcFdtbVpC
eDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dzTnQ2VmsydUhvQkNpcExxUlZwV21tWkJ4MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODFCOTAvRjgwQ0VGQUNFMjNEMTFFQzg0RDJCMzVFQzRGOUFFMDIvQkQ2NURBNUVF
MjQxMTFFQ0I3MTMyNDYxQzRGOUFFMDIucm9hMDAGCCsGAQUFBwEHAQH/BCEwHzAM
BAIAATAGAwQBZ7zoMA8EAgACMAkDBwAgAQ3wyMAwDQYJKoZIhvcNAQELBQADggEB
AFKPHZQppgSErr9XITd+dMwy/OtgTESVYAwV+p5tdPNTjfYnQl3C49iHhWRY8xlh
Yd8x15SBJxHASTPEqaz8ojLmi1RN23YPQGrFA1tvzaYlcmCUulQXiH1umIjCrw4Z
gjm6EjDUl1qkQ09wDNuiMQvF1mdNXW72IJauMR/yqTSRerwcLBaOHgeFBOvpWFuy
NqngergXeIWCfzPU55VlU28XAZ9dvECI7Zs6kG/4/vRSXUq6m+0w/FcnOJXUy1vj
RuIBoYiozNwJCYZSN7Hzt4AKCtcN/NcTUifZDv+rzi8XC0KZylB1xViibDEhuChA
rSyIC+jX0A2ATTaOkwgQnXw=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:23:23 2026 by rpki-client