Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/CA5882E06D4611F1934851767447A888.roa
File:                     CA5882E06D4611F1934851767447A888.roa (raw, json)
Hash identifier:          PfXIGwgTTCIusRlPGqdMeq1XMVW+gcuIfsglflOola4=
Subject key identifier:   3D:B2:B9:D8:14:CA:0F:0A:66:A1:8C:EE:9A:DA:BB:C6:2C:F1:15:D8
Certificate issuer:       /CN=A91924F8/serialNumber=1F35F40C364B88B089AE12FDEDB6815C3F11A906
Certificate serial:       08
Authority key identifier: 1F:35:F4:0C:36:4B:88:B0:89:AE:12:FD:ED:B6:81:5C:3F:11:A9:06
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HzX0DDZLiLCJrhL97baBXD8RqQY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/CA5882E06D4611F1934851767447A888.roa
Signing time:             Sun 21 Jun 2026 07:57:04 +0000
ROA not before:           Sun 21 Jun 2026 07:57:03 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     132023
IP address blocks:        2402:5fe0::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/HzX0DDZLiLCJrhL97baBXD8RqQY.crl
                          rsync://rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/HzX0DDZLiLCJrhL97baBXD8RqQY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HzX0DDZLiLCJrhL97baBXD8RqQY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8 (0x8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91924F8, serialNumber=1F35F40C364B88B089AE12FDEDB6815C3F11A906
        Validity
            Not Before: Jun 21 07:57:03 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a37994f-274b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:62:ac:22:21:e3:18:04:d1:4e:bc:cc:f6:4e:
                    42:88:16:0d:e0:1c:d6:8c:c4:ad:d9:dc:9d:d4:c0:
                    c2:36:c5:62:3b:45:82:06:82:54:67:25:90:c9:73:
                    35:14:75:88:b0:71:8e:5a:7c:35:e0:cd:5e:e5:84:
                    e5:8d:0e:65:d0:a5:12:9a:41:e9:d5:75:62:dc:86:
                    10:23:48:17:c2:8b:60:d3:d8:fc:47:6b:3c:00:c9:
                    7c:1c:7d:14:77:ac:a2:5a:97:69:db:b6:a9:e2:00:
                    78:5b:dc:b0:95:f6:25:97:37:9b:dd:19:77:37:d5:
                    2c:55:b7:b3:59:a7:98:9c:97:09:28:40:1a:22:83:
                    6b:e0:40:2f:c0:e4:3e:11:d4:38:74:e8:d6:30:a1:
                    36:96:a2:51:b5:72:37:d3:fb:63:cb:ca:db:a4:24:
                    9b:74:1e:cf:15:9d:83:d2:71:22:27:91:a6:0c:d1:
                    d9:7a:50:99:3a:25:12:ea:27:df:45:92:d7:e0:a9:
                    b5:30:5f:1c:fc:9d:ce:63:59:1c:38:da:9c:1c:29:
                    63:75:68:31:80:f5:3c:da:41:1a:66:bb:21:d1:bb:
                    47:0f:75:9b:6a:c4:34:4a:7f:1e:23:f4:0f:ee:72:
                    11:a6:96:36:fb:2f:12:83:ef:ec:b2:ab:b7:07:b4:
                    24:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B2:B9:D8:14:CA:0F:0A:66:A1:8C:EE:9A:DA:BB:C6:2C:F1:15:D8
            X509v3 Authority Key Identifier:
                keyid:1F:35:F4:0C:36:4B:88:B0:89:AE:12:FD:ED:B6:81:5C:3F:11:A9:06

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/HzX0DDZLiLCJrhL97baBXD8RqQY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HzX0DDZLiLCJrhL97baBXD8RqQY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91924F8/71FD1338641111F18113D0D69B47A888/CA5882E06D4611F1934851767447A888.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:5fe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:20:8e:60:a0:00:59:87:06:16:7a:b2:9a:8f:3b:6e:eb:5d:
         d6:cf:01:57:dc:ca:b4:56:2b:b8:25:76:a6:ff:2d:98:60:3a:
         ff:2f:b4:d0:c5:2a:6f:34:dc:5a:5d:2a:b6:bf:d0:36:07:dd:
         24:9b:20:aa:d9:eb:56:60:48:5c:76:30:87:a1:9b:14:b6:b8:
         f9:6e:58:8b:16:f9:cb:d9:d5:07:89:67:dd:de:1e:2d:3d:e1:
         f5:98:25:3a:37:0b:84:77:9e:6c:fe:76:a1:ab:20:8c:ae:26:
         d5:96:42:38:6d:28:ef:ac:f4:44:05:b3:96:43:eb:03:d0:14:
         41:98:c0:1a:c7:79:3d:9a:bd:3b:e1:c8:b3:08:da:51:ea:44:
         05:d1:67:d6:31:84:a2:95:b2:aa:b4:f1:76:13:2a:10:14:9a:
         31:85:ee:1b:f6:3a:fe:a9:5a:79:de:dc:2b:8f:61:e2:92:e5:
         5c:d2:5f:d2:a0:04:85:1e:09:59:c9:db:48:55:dc:29:0d:e3:
         96:31:54:a8:d8:12:b9:18:84:34:f6:78:6f:8a:34:83:39:11:
         c4:ca:8b:39:e5:99:72:88:66:38:01:b2:8c:f2:c2:6c:b3:bb:
         5f:d4:b0:86:7d:8f:c4:eb:63:81:c5:94:74:28:3c:00:40:d2:
         b9:d6:3a:2a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
MjRGODExMC8GA1UEBRMoMUYzNUY0MEMzNjRCODhCMDg5QUUxMkZERURCNjgxNUMz
RjExQTkwNjAeFw0yNjA2MjEwNzU3MDNaFw0yNzA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhMzc5OTRmLTI3NGIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQD2YqwiIeMYBNFOvMz2TkKIFg3gHNaMxK3Z3J3UwMI2xWI7RYIGglRnJZDJczUU
dYiwcY5afDXgzV7lhOWNDmXQpRKaQenVdWLchhAjSBfCi2DT2PxHazwAyXwcfRR3
rKJal2nbtqniAHhb3LCV9iWXN5vdGXc31SxVt7NZp5iclwkoQBoig2vgQC/A5D4R
1Dh06NYwoTaWolG1cjfT+2PLytukJJt0Hs8VnYPScSInkaYM0dl6UJk6JRLqJ99F
ktfgqbUwXxz8nc5jWRw42pwcKWN1aDGA9TzaQRpmuyHRu0cPdZtqxDRKfx4j9A/u
chGmljb7LxKD7+yyq7cHtCT7AgMBAAGjggJhMIICXTAdBgNVHQ4EFgQUPbK52BTK
DwpmoYzumtq7xizxFdgwHwYDVR0jBBgwFoAUHzX0DDZLiLCJrhL97baBXD8RqQYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTkyNEY4LzcxRkQxMzM4NjQx
MTExRjE4MTEzRDBENjlCNDdBODg4L0h6WDBERFpMaUxDSnJoTDk3YmFCWEQ4UnFR
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSHpYMEREWkxpTENKcmhMOTdiYUJYRDhScVFZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
MjRGOC83MUZEMTMzODY0MTExMUYxODExM0QwRDY5QjQ3QTg4OC9DQTU4ODJFMDZE
NDYxMUYxOTM0ODUxNzY3NDQ3QTg4OC5yb2EwIAYIKwYBBQUHAQcBAf8EETAPMA0E
AgACMAcDBQAkAl/gMA0GCSqGSIb3DQEBCwUAA4IBAQAyII5goABZhwYWerKajztu
613WzwFX3Mq0Viu4JXam/y2YYDr/L7TQxSpvNNxaXSq2v9A2B90kmyCq2etWYEhc
djCHoZsUtrj5bliLFvnL2dUHiWfd3h4tPeH1mCU6NwuEd55s/nahqyCMribVlkI4
bSjvrPREBbOWQ+sD0BRBmMAax3k9mr074cizCNpR6kQF0WfWMYSilbKqtPF2EyoQ
FJoxhe4b9jr+qVp53twrj2HikuVc0l/SoASFHglZydtIVdwpDeOWMVSo2BK5GIQ0
9nhvijSDORHEyos55ZlyiGY4AbKM8sJss7tf1LCGfY/E62OBxZR0KDwAQNK51joq
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:36:29 2026 by rpki-client