Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/17EA0C7A38DF11EF8EEDB25EC4F9AE02.roa
File:                     17EA0C7A38DF11EF8EEDB25EC4F9AE02.roa (raw, json)
Hash identifier:          /XTyxqSYUJyaevZitv5Zo/nsUreDwOBj39YjFuaF4Dg=
Subject key identifier:   15:88:53:1C:1D:51:36:05:52:E3:15:1C:84:04:FE:63:C3:22:18:A5
Certificate issuer:       /CN=A9186D9F/serialNumber=43F7423F93D6BA09694059FB23DEF8528D26499D
Certificate serial:       018A
Authority key identifier: 43:F7:42:3F:93:D6:BA:09:69:40:59:FB:23:DE:F8:52:8D:26:49:9D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Q_dCP5PWuglpQFn7I974Uo0mSZ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/17EA0C7A38DF11EF8EEDB25EC4F9AE02.roa
Signing time:             Tue 23 Jun 2026 05:35:04 +0000
ROA not before:           Tue 23 Jun 2026 05:35:04 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     142125
IP address blocks:        160.22.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/Q_dCP5PWuglpQFn7I974Uo0mSZ0.crl
                          rsync://rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/Q_dCP5PWuglpQFn7I974Uo0mSZ0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Q_dCP5PWuglpQFn7I974Uo0mSZ0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 394 (0x18a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186D9F, serialNumber=43F7423F93D6BA09694059FB23DEF8528D26499D
        Validity
            Not Before: Jun 23 05:35:04 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3a1b08-f479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:01:7a:78:f5:78:2b:62:3e:6b:40:c2:30:90:
                    f3:80:98:6a:81:0d:c7:33:f7:6c:9d:d5:1f:bd:8d:
                    ab:90:c6:49:3e:fe:d9:1c:73:6e:79:f2:03:e2:3e:
                    a3:09:18:e7:19:4d:73:37:86:84:ba:7e:2c:d6:a5:
                    4e:53:b3:00:6f:89:6f:04:76:ed:39:89:cd:3f:aa:
                    a1:3d:90:fd:d9:95:19:05:4a:1a:3d:21:33:a7:62:
                    2b:54:08:5a:4a:3e:1e:68:1d:38:53:4a:8a:6c:12:
                    91:c1:df:9b:c2:83:2f:b0:4f:25:7f:20:ec:2c:4c:
                    de:e2:ea:30:f1:4d:22:07:43:37:23:43:ee:6c:fc:
                    b5:06:28:be:7c:1a:86:2b:3b:59:ee:4e:02:ff:de:
                    8e:d9:10:e7:cc:1f:ac:80:78:3e:3e:48:8a:77:94:
                    0b:d9:ae:04:3b:1e:85:30:32:bd:97:91:82:a9:6a:
                    c2:f7:b1:9b:56:af:20:05:a6:65:47:f7:f0:84:02:
                    62:46:2b:e6:1e:2c:d0:f0:5f:5d:99:30:54:cf:6d:
                    f9:19:d0:4c:8a:c0:ec:b9:58:eb:4b:4a:36:ca:a8:
                    39:83:ed:b7:2c:bd:a6:3f:73:d7:cc:6a:03:28:43:
                    60:d1:b6:1f:11:2a:d2:aa:51:8b:ac:6d:42:50:d6:
                    aa:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:88:53:1C:1D:51:36:05:52:E3:15:1C:84:04:FE:63:C3:22:18:A5
            X509v3 Authority Key Identifier:
                keyid:43:F7:42:3F:93:D6:BA:09:69:40:59:FB:23:DE:F8:52:8D:26:49:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/Q_dCP5PWuglpQFn7I974Uo0mSZ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Q_dCP5PWuglpQFn7I974Uo0mSZ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186D9F/A936E4402E0411EF86F29D79C4F9AE02/17EA0C7A38DF11EF8EEDB25EC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:c8:46:79:16:ff:62:a9:23:dc:17:a2:97:84:22:14:f2:ff:
         1f:78:a7:ad:02:a5:9b:12:76:10:2d:b9:a6:3b:27:fb:63:c3:
         63:06:ec:bd:ec:e9:b5:78:08:7b:1c:b6:1a:e2:12:82:e3:5c:
         7f:fe:0a:86:ef:19:87:bb:0d:3d:86:e7:2d:da:b4:18:b2:6f:
         16:72:6f:93:d6:1f:c6:e4:ca:34:19:92:a7:08:24:94:bb:17:
         cf:7e:28:aa:ef:2f:22:38:53:10:9a:5b:99:29:9d:7a:0c:fc:
         66:da:b1:03:71:ac:c8:6d:85:fd:bb:0c:4d:3a:2f:40:d9:39:
         be:c3:2c:ea:57:06:f1:e2:85:a8:7d:12:25:d2:38:85:b4:c7:
         41:f1:21:c4:35:10:83:c5:93:6d:a9:c9:17:48:0d:30:6f:84:
         78:41:68:4d:f7:d9:25:72:c0:7b:19:f0:6a:45:57:2b:39:c9:
         da:ea:72:e2:c8:de:69:b1:38:47:13:de:bd:00:48:6c:e4:80:
         d5:05:f0:7c:c8:da:82:e6:ae:9b:65:f4:d1:12:8a:a4:73:33:
         76:d6:39:59:7b:c8:39:e8:91:9b:d7:17:32:7f:9c:21:49:5a:
         25:7e:9c:fb:d6:3c:f8:5e:7b:2c:39:d8:68:e7:74:db:a8:d0:
         10:0e:e5:90
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAYowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODZEOUYxMTAvBgNVBAUTKDQzRjc0MjNGOTNENkJBMDk2OTQwNTlGQjIzREVGODUy
OEQyNjQ5OUQwHhcNMjYwNjIzMDUzNTA0WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNhMWIwOC1mNDc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyQF6ePV4K2I+a0DCMJDzgJhqgQ3HM/dsndUfvY2rkMZJPv7ZHHNuefID4j6j
CRjnGU1zN4aEun4s1qVOU7MAb4lvBHbtOYnNP6qhPZD92ZUZBUoaPSEzp2IrVAha
Sj4eaB04U0qKbBKRwd+bwoMvsE8lfyDsLEze4uow8U0iB0M3I0PubPy1Bii+fBqG
KztZ7k4C/96O2RDnzB+sgHg+PkiKd5QL2a4EOx6FMDK9l5GCqWrC97GbVq8gBaZl
R/fwhAJiRivmHizQ8F9dmTBUz235GdBMisDsuVjrS0o2yqg5g+23LL2mP3PXzGoD
KENg0bYfESrSqlGLrG1CUNaqiQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFBWIUxwd
UTYFUuMVHIQE/mPDIhilMB8GA1UdIwQYMBaAFEP3Qj+T1roJaUBZ+yPe+FKNJkmd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NkQ5Ri9BOTM2RTQ0MDJF
MDQxMUVGODZGMjlENzlDNEY5QUUwMi9RX2RDUDVQV3VnbHBRRm43STk3NFVvMG1T
WjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1FfZENQNVBXdWdscFFGbjdJOTc0VW8wbVNaMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODZEOUYvQTkzNkU0NDAyRTA0MTFFRjg2RjI5RDc5QzRGOUFFMDIvMTdFQTBDN0Ez
OERGMTFFRjhFRURCMjVFQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAoBYqMA0GCSqGSIb3DQEBCwUAA4IBAQCpyEZ5Fv9iqSPcF6KXhCIU
8v8feKetAqWbEnYQLbmmOyf7Y8NjBuy97Om1eAh7HLYa4hKC41x//gqG7xmHuw09
huct2rQYsm8Wcm+T1h/G5Mo0GZKnCCSUuxfPfiiq7y8iOFMQmluZKZ16DPxm2rED
cazIbYX9uwxNOi9A2Tm+wyzqVwbx4oWofRIl0jiFtMdB8SHENRCDxZNtqckXSA0w
b4R4QWhN99klcsB7GfBqRVcrOcna6nLiyN5psThHE969AEhs5IDVBfB8yNqC5q6b
ZfTREoqkczN21jlZe8g56JGb1xcyf5whSVolfpz71jz4XnssOdho53TbqNAQDuWQ
-----END CERTIFICATE-----
Generated at Sat Jul 18 06:13:15 2026 by rpki-client