Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8649EB6CF30E11EDAD4C2045C4F9AE02.roa
File:                     8649EB6CF30E11EDAD4C2045C4F9AE02.roa (raw, json)
Hash identifier:          fasoGUwZ25qYiyL693NSwk3tpZe2Y9yR3qCLYWPhdlo=
Subject key identifier:   41:B7:06:7B:6E:29:49:E0:9A:BB:BF:3A:3D:05:A3:10:B6:CA:51:0B
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       F482
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8649EB6CF30E11EDAD4C2045C4F9AE02.roa
Signing time:             Mon 06 Jul 2026 17:25:50 +0000
ROA not before:           Mon 06 Jul 2026 17:25:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     148001
IP address blocks:        160.202.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 13:11:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62594 (0xf482)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: Jul  6 17:25:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a4be51e-1e75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:eb:62:8d:3b:10:11:ca:9e:03:ef:7f:d4:0d:
                    8d:3c:b2:58:0a:1a:ab:ea:d8:62:a8:cb:5f:c6:c6:
                    a1:db:4a:7a:c7:9b:b2:4b:4a:29:ee:11:a5:38:79:
                    4d:e6:7b:0f:ac:4e:11:4a:63:4b:74:97:ee:4e:71:
                    24:7c:39:64:d7:a0:52:10:de:ca:93:91:e2:ec:0f:
                    3d:7c:6d:0c:12:43:90:9c:03:f0:1f:69:e8:95:0a:
                    ce:d9:5b:e6:f3:76:36:87:82:f7:23:ad:61:91:2f:
                    3f:68:30:9d:56:2f:4c:5e:1a:4d:49:05:7a:f7:bd:
                    73:ff:28:27:10:36:e7:0f:99:f4:41:03:0a:30:f3:
                    a6:b7:35:58:42:62:2c:9f:5b:8f:26:88:49:94:7c:
                    d7:c4:ec:ab:04:0a:0b:c2:b4:c3:04:76:d4:e9:d6:
                    18:1f:c3:f1:91:e5:dd:49:0d:69:e9:b7:4a:be:7b:
                    b9:1e:9a:6f:52:4d:ef:a9:55:15:16:d5:14:fe:91:
                    a9:be:23:a6:4a:1f:aa:ca:1b:29:43:85:50:aa:e6:
                    92:30:4b:8c:fe:00:a0:85:8d:32:19:7f:f5:96:09:
                    a6:e7:fa:b3:cc:30:5e:78:aa:af:36:7b:d4:e8:20:
                    8a:63:33:1a:98:16:a0:45:d6:0b:2b:68:89:cf:23:
                    03:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B7:06:7B:6E:29:49:E0:9A:BB:BF:3A:3D:05:A3:10:B6:CA:51:0B
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8649EB6CF30E11EDAD4C2045C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7f:26:84:b3:ff:8f:59:3c:b7:d4:74:62:64:75:24:e5:1d:f8:
         98:ee:a7:dc:b7:2c:d5:e5:5c:68:d1:e6:b1:6e:44:58:6f:2c:
         3d:2f:ce:e4:3a:14:7c:93:20:75:2d:14:e2:96:98:03:2a:be:
         f5:4e:27:d2:e2:e1:70:41:cd:77:f7:58:44:dd:63:95:09:da:
         4a:42:fc:78:9a:da:54:d1:95:66:31:5d:bb:f5:23:b9:8b:be:
         fb:97:fc:46:41:57:52:f2:64:88:14:09:d6:87:76:da:da:2a:
         0e:4a:5e:fa:98:c6:83:1b:b1:88:59:a7:84:af:ec:6b:6f:f8:
         9c:46:fd:88:51:73:8a:71:2c:03:6e:61:6e:00:fb:c8:67:08:
         d6:f1:22:ab:63:1a:fe:1b:9e:f2:b2:58:1c:d1:f7:88:e1:41:
         a9:ec:e6:1f:a1:c3:22:81:2f:70:3e:f9:5b:a9:4c:84:41:a4:
         7d:7f:3e:8b:7d:7a:67:50:5a:f0:9e:14:ef:7a:eb:b6:08:24:
         19:da:ef:38:96:b7:6e:5b:25:41:51:e5:3b:15:17:ef:3c:1e:
         b4:ae:c6:da:34:d7:90:b7:6a:1c:98:22:9d:17:54:a7:f1:13:
         5d:98:0c:e6:3f:a9:3e:bd:ed:5b:6e:52:f0:dd:0e:f8:ea:f6:
         70:34:14:e9
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIDAPSCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDcwNjE3MjU1MFoXDTI3MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNmE0YmU1MWUtMWU3NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANnrYo07EBHKngPvf9QNjTyyWAoaq+rYYqjLX8bGodtKesebsktKKe4RpTh5
TeZ7D6xOEUpjS3SX7k5xJHw5ZNegUhDeypOR4uwPPXxtDBJDkJwD8B9p6JUKztlb
5vN2NoeC9yOtYZEvP2gwnVYvTF4aTUkFeve9c/8oJxA25w+Z9EEDCjDzprc1WEJi
LJ9bjyaISZR818TsqwQKC8K0wwR21OnWGB/D8ZHl3UkNaem3Sr57uR6ab1JN76lV
FRbVFP6Rqb4jpkofqsobKUOFUKrmkjBLjP4AoIWNMhl/9ZYJpuf6s8wwXniqrzZ7
1OggimMzGpgWoEXWCytoic8jAxkCAwEAAaOCAmAwggJcMB0GA1UdDgQWBBRBtwZ7
bilJ4Jq7vzo9BaMQtspRCzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzg2NDlFQjZD
RjMwRTExRURBRDRDMjA0NUM0RjlBRTAyLnJvYTAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEBKDKwDANBgkqhkiG9w0BAQsFAAOCAQEAfyaEs/+PWTy31HRiZHUk
5R34mO6n3Lcs1eVcaNHmsW5EWG8sPS/O5DoUfJMgdS0U4paYAyq+9U4n0uLhcEHN
d/dYRN1jlQnaSkL8eJraVNGVZjFdu/UjuYu++5f8RkFXUvJkiBQJ1od22toqDkpe
+pjGgxuxiFmnhK/sa2/4nEb9iFFzinEsA25hbgD7yGcI1vEiq2Ma/hue8rJYHNH3
iOFBqezmH6HDIoEvcD75W6lMhEGkfX8+i316Z1Ba8J4U73rrtggkGdrvOJa3blsl
QVHlOxUX7zwetK7G2jTXkLdqHJginRdUp/ETXZgM5j+pPr3tW25S8N0O+Or2cDQU
6Q==
-----END CERTIFICATE-----
Generated at Sat Jul 18 11:10:30 2026 by rpki-client