Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/BCA6A73A75D911F1B46C33AD6CA30FBC.roa
File:                     BCA6A73A75D911F1B46C33AD6CA30FBC.roa (raw, json)
Hash identifier:          200zdhmpRY9TDWyoBotBxLY/NlAK1wTrZHNyeeHEV/Q=
Subject key identifier:   BF:40:38:66:4A:C0:BD:95:53:27:AA:83:7E:12:C1:58:81:61:25:98
Certificate issuer:       /CN=A918FC40/serialNumber=1601D8650DD556B2AFB083B233FF65AE3DAD1571
Certificate serial:       0C2D
Authority key identifier: 16:01:D8:65:0D:D5:56:B2:AF:B0:83:B2:33:FF:65:AE:3D:AD:15:71
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/BCA6A73A75D911F1B46C33AD6CA30FBC.roa
Signing time:             Thu 02 Jul 2026 05:49:06 +0000
ROA not before:           Thu 02 Jul 2026 05:49:06 +0000
ROA not after:            Tue 02 Mar 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        103.246.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.crl
                          rsync://rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3117 (0xc2d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC40, serialNumber=1601D8650DD556B2AFB083B233FF65AE3DAD1571
        Validity
            Not Before: Jul  2 05:49:06 2026 GMT
            Not After : Mar  2 00:00:00 2027 GMT
        Subject: CN=6a45fbd2-1f22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:81:f3:5d:d3:ea:1d:67:64:70:79:da:bd:e2:
                    db:cc:cd:26:a8:d4:2a:4e:65:13:e8:77:a0:7a:07:
                    da:70:e5:18:d8:0a:3d:11:e4:cb:35:86:fb:e8:aa:
                    2b:9b:2d:b9:5d:b8:c5:c9:d3:b5:96:47:a0:fb:17:
                    5d:bb:b3:ff:c8:b0:4c:06:b9:71:aa:5a:74:a7:09:
                    a5:15:ba:dc:f8:31:9b:1e:89:c7:a0:15:4c:38:d3:
                    8a:2b:77:aa:57:a1:76:7a:4b:c4:67:de:0b:64:90:
                    a4:5b:22:2a:b3:7e:a5:2a:d0:f9:4c:ff:b7:34:cb:
                    fe:49:48:c1:65:d6:ab:b3:cd:e1:87:f7:93:73:89:
                    78:82:01:55:b9:a0:a4:e1:6a:22:44:88:f1:da:a3:
                    3a:ae:c3:79:1b:72:f6:af:87:36:54:33:45:b4:42:
                    9c:c5:66:2c:58:71:ae:04:2a:52:54:aa:d4:d0:ea:
                    38:83:17:90:41:02:89:e1:15:15:a1:2d:58:7e:14:
                    9d:ca:23:a9:b9:36:b6:6d:29:62:1a:27:86:a4:12:
                    50:9f:b0:61:bf:fc:ec:de:16:83:61:2f:8a:e9:6a:
                    90:68:b7:42:3e:f9:94:e6:33:42:56:ca:38:02:53:
                    e2:b5:ed:ca:fa:88:2b:48:5a:3e:fd:6c:db:5b:a6:
                    ee:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:40:38:66:4A:C0:BD:95:53:27:AA:83:7E:12:C1:58:81:61:25:98
            X509v3 Authority Key Identifier:
                keyid:16:01:D8:65:0D:D5:56:B2:AF:B0:83:B2:33:FF:65:AE:3D:AD:15:71

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FgHYZQ3VVrKvsIOyM_9lrj2tFXE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC40/617F353640E111EABC62DB26C4F9AE02/BCA6A73A75D911F1B46C33AD6CA30FBC.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.246.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f5:8c:b5:b4:50:c6:55:b8:d0:82:fb:3c:55:b0:73:aa:b1:
         bd:fa:76:94:8f:43:ed:a0:ce:c1:36:29:67:15:7f:38:a6:b5:
         fa:51:cb:69:e3:40:48:ec:c9:dc:28:d5:44:9e:10:bc:e9:f6:
         b4:dd:15:11:77:95:a4:e6:4c:8b:55:ce:0b:ff:d3:17:24:ba:
         d0:d6:5e:d7:03:2c:8c:52:ae:18:5f:57:f5:11:1a:22:31:97:
         7c:69:a1:c2:b2:3e:a8:e8:fe:14:3c:4b:4b:97:92:d7:1c:26:
         84:6e:05:b9:87:93:20:01:04:57:07:a8:1b:60:e7:6d:6a:42:
         03:b3:8e:11:58:05:2f:74:19:80:9f:0c:c0:3c:79:57:d6:8d:
         57:7b:e0:b1:ba:a6:4c:18:14:46:d8:ca:49:26:ee:d6:f4:36:
         bb:3e:75:fb:dd:04:2a:90:08:84:3a:6a:34:42:37:09:64:f1:
         37:5d:0d:46:b9:c9:8c:5b:63:e5:da:fe:b3:b5:2f:b5:49:57:
         21:ba:4c:73:32:5f:74:4c:e6:dd:7a:d1:fa:f5:0e:fc:72:cc:
         62:a1:9d:db:32:52:97:b2:a4:6f:63:3e:58:d8:3c:09:95:05:
         76:53:61:98:cf:79:8b:ef:e6:b3:c3:dd:c8:ad:38:08:b6:c4:
         8a:a6:33:b2
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICDC0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNDAxMTAvBgNVBAUTKDE2MDFEODY1MERENTU2QjJBRkIwODNCMjMzRkY2NUFF
M0RBRDE1NzEwHhcNMjYwNzAyMDU0OTA2WhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ1ZmJkMi0xZjIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqoHzXdPqHWdkcHnaveLbzM0mqNQqTmUT6HegegfacOUY2Ao9EeTLNYb76Kor
my25XbjFydO1lkeg+xddu7P/yLBMBrlxqlp0pwmlFbrc+DGbHonHoBVMONOKK3eq
V6F2ekvEZ94LZJCkWyIqs36lKtD5TP+3NMv+SUjBZdars83hh/eTc4l4ggFVuaCk
4WoiRIjx2qM6rsN5G3L2r4c2VDNFtEKcxWYsWHGuBCpSVKrU0Oo4gxeQQQKJ4RUV
oS1YfhSdyiOpuTa2bSliGieGpBJQn7Bhv/zs3haDYS+K6WqQaLdCPvmU5jNCVso4
AlPite3K+ogrSFo+/WzbW6bucQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFL9AOGZK
wL2VUyeqg34SwViBYSWYMB8GA1UdIwQYMBaAFBYB2GUN1Vayr7CDsjP/Za49rRVx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM0MC82MTdGMzUzNjQw
RTExMUVBQkM2MkRCMjZDNEY5QUUwMi9GZ0hZWlEzVlZyS3ZzSU95TV85bHJqMnRG
WEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZnSFlaUTNWVnJLdnNJT3lNXzlscmoydEZYRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNDAvNjE3RjM1MzY0MEUxMTFFQUJDNjJEQjI2QzRGOUFFMDIvQkNBNkE3M0E3
NUQ5MTFGMUI0NkMzM0FENkNBMzBGQkMucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZ/b/MA0GCSqGSIb3DQEBCwUAA4IBAQAC9Yy1tFDGVbjQgvs8VbBz
qrG9+naUj0PtoM7BNilnFX84prX6Uctp40BI7MncKNVEnhC86fa03RURd5Wk5kyL
Vc4L/9MXJLrQ1l7XAyyMUq4YX1f1ERoiMZd8aaHCsj6o6P4UPEtLl5LXHCaEbgW5
h5MgAQRXB6gbYOdtakIDs44RWAUvdBmAnwzAPHlX1o1Xe+CxuqZMGBRG2MpJJu7W
9Da7PnX73QQqkAiEOmo0QjcJZPE3XQ1GucmMW2Pl2v6ztS+1SVchukxzMl90TObd
etH69Q78csxioZ3bMlKXsqRvYz5Y2DwJlQV2U2GYz3mL7+azw93IrTgItsSKpjOy
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:35:45 2026 by rpki-client