Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DCC0688B57211EEBB68526DC4F9AE02.roa
File:                     2DCC0688B57211EEBB68526DC4F9AE02.roa (raw, json)
Hash identifier:          yJFPpL7wE2GdaICTMgXge87NbgvFqYn4RExlPALcImA=
Subject key identifier:   8C:06:FC:28:48:32:B7:F9:6E:EB:6E:17:FA:9C:F4:26:37:9E:F7:A0
Certificate issuer:       /CN=A9197277/serialNumber=D83B93E31E939937D8CB15FE39CA5E6E8FEAFA9B
Certificate serial:       01FE
Authority key identifier: D8:3B:93:E3:1E:93:99:37:D8:CB:15:FE:39:CA:5E:6E:8F:EA:FA:9B
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/2DuT4x6TmTfYyxX-Ocpebo_q-ps.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DCC0688B57211EEBB68526DC4F9AE02.roa
Signing time:             Sat 11 Jul 2026 04:30:48 +0000
ROA not before:           Sat 11 Jul 2026 04:30:48 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     22003
IP address blocks:        216.200.189.0/24 maxlen: 24
                          216.200.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DuT4x6TmTfYyxX-Ocpebo_q-ps.crl
                          rsync://rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DuT4x6TmTfYyxX-Ocpebo_q-ps.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/2DuT4x6TmTfYyxX-Ocpebo_q-ps.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 04:35:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 510 (0x1fe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9197277, serialNumber=D83B93E31E939937D8CB15FE39CA5E6E8FEAFA9B
        Validity
            Not Before: Jul 11 04:30:48 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a51c6f8-c111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:85:5d:43:02:ef:f8:91:90:13:26:a8:64:79:
                    92:0a:ce:76:58:0c:e7:5b:06:49:6d:5c:39:bd:6c:
                    81:07:fc:7c:0e:68:29:40:b5:76:d2:96:75:2f:d2:
                    2e:1f:43:fe:3c:a9:83:67:29:24:93:1a:ce:9b:80:
                    16:9f:de:35:6a:4f:20:02:5a:15:a3:29:9e:65:77:
                    95:aa:ed:2f:3d:5b:0b:5d:0c:10:27:18:08:2a:72:
                    d6:8a:7d:fa:94:ed:7a:9d:14:3e:66:c7:ff:14:45:
                    0c:55:7e:05:55:88:91:2e:26:34:b3:8f:33:93:09:
                    a5:81:e1:4e:4d:cc:20:a3:07:11:06:fd:e0:ba:6a:
                    9c:e8:c0:31:40:98:9f:e9:4a:78:a8:87:00:9f:d1:
                    7a:ed:59:91:6d:e1:33:83:7d:07:c4:0f:4e:fa:2e:
                    9b:f4:1d:e0:bf:01:3f:a4:43:ea:20:79:33:7e:fc:
                    ff:fc:ac:ca:85:83:de:9e:63:cb:f4:fa:a8:ad:7f:
                    b5:a8:b9:c9:4b:16:3e:eb:bb:54:5d:85:07:0e:41:
                    79:8c:97:e9:fa:d5:a8:a6:c8:67:fc:f8:2d:a9:69:
                    1c:71:76:a7:69:48:d0:b9:df:82:c7:8b:ac:0e:6f:
                    4b:c1:96:5f:39:c6:a9:5f:b7:ab:81:e4:4c:ce:e0:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:06:FC:28:48:32:B7:F9:6E:EB:6E:17:FA:9C:F4:26:37:9E:F7:A0
            X509v3 Authority Key Identifier:
                keyid:D8:3B:93:E3:1E:93:99:37:D8:CB:15:FE:39:CA:5E:6E:8F:EA:FA:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DuT4x6TmTfYyxX-Ocpebo_q-ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/2DuT4x6TmTfYyxX-Ocpebo_q-ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9197277/43A7E894B56011EE911C5D4FC4F9AE02/2DCC0688B57211EEBB68526DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.200.189.0-216.200.190.255

    Signature Algorithm: sha256WithRSAEncryption
         b9:19:5f:a8:fe:5f:48:16:ad:d5:90:d6:ab:ec:d3:ef:eb:24:
         3e:fd:7e:ed:ea:ce:b5:24:31:fb:95:6e:ad:65:78:a0:36:93:
         bd:9c:ae:20:79:1e:58:ef:4a:e6:5b:79:19:75:c8:18:4c:c8:
         eb:e0:9a:46:c0:e1:25:10:c4:2c:31:c9:56:0e:a6:4c:0c:15:
         8a:f7:65:79:71:d1:5f:66:4e:81:8d:c8:1a:c7:4c:6a:34:60:
         24:9f:52:20:08:e7:4d:e3:20:29:41:49:30:75:a3:26:8d:c0:
         c6:9f:99:2a:47:4d:4c:3c:6e:ac:cf:36:d3:62:81:96:e2:38:
         5c:4c:6a:45:31:5e:6a:86:f6:1c:2b:93:65:c2:71:b1:20:34:
         68:44:ac:6f:d1:2c:4a:53:28:e8:7f:7e:3b:ed:13:4d:8c:b3:
         39:be:a6:73:9f:a4:4b:86:f8:a6:bd:e8:f6:cc:0c:26:ea:67:
         c5:49:c9:22:7b:5b:5a:c2:18:e6:f8:4b:dc:5f:54:60:51:27:
         4d:d8:ec:a2:be:b4:75:c0:89:b5:b0:cf:35:34:56:9e:e7:52:
         8d:79:e6:65:7c:39:af:0c:8c:a4:3a:bd:d0:01:5f:9f:88:ca:
         f4:24:1b:80:68:04:64:1e:7a:2f:a3:4b:5f:fa:40:e6:bb:1e:
         7a:ee:4c:10
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgICAf4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTcyNzcxMTAvBgNVBAUTKEQ4M0I5M0UzMUU5Mzk5MzdEOENCMTVGRTM5Q0E1RTZF
OEZFQUZBOUIwHhcNMjYwNzExMDQzMDQ4WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTUxYzZmOC1jMTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx4VdQwLv+JGQEyaoZHmSCs52WAznWwZJbVw5vWyBB/x8DmgpQLV20pZ1L9Iu
H0P+PKmDZykkkxrOm4AWn941ak8gAloVoymeZXeVqu0vPVsLXQwQJxgIKnLWin36
lO16nRQ+Zsf/FEUMVX4FVYiRLiY0s48zkwmlgeFOTcwgowcRBv3gumqc6MAxQJif
6Up4qIcAn9F67VmRbeEzg30HxA9O+i6b9B3gvwE/pEPqIHkzfvz//KzKhYPenmPL
9PqorX+1qLnJSxY+67tUXYUHDkF5jJfp+tWopshn/PgtqWkccXanaUjQud+Cx4us
Dm9LwZZfOcapX7ergeRMzuBFgQIDAQABo4ICaDCCAmQwHQYDVR0OBBYEFIwG/ChI
Mrf5butuF/qc9CY3nvegMB8GA1UdIwQYMBaAFNg7k+Mek5k32MsV/jnKXm6P6vqb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NzI3Ny80M0E3RTg5NEI1
NjAxMUVFOTExQzVENEZDNEY5QUUwMi8yRHVUNHg2VG1UZll5eFgtT2NwZWJvX3Et
cHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzJEdVQ0eDZUbVRmWXl4WC1PY3BlYm9fcS1wcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTcyNzcvNDNBN0U4OTRCNTYwMTFFRTkxMUM1RDRGQzRGOUFFMDIvMkRDQzA2ODhC
NTcyMTFFRUJCNjg1MjZEQzRGOUFFMDIucm9hMCcGCCsGAQUFBwEHAQH/BBgwFjAU
BAIAATAOMAwDBADYyL0DBADYyL4wDQYJKoZIhvcNAQELBQADggEBALkZX6j+X0gW
rdWQ1qvs0+/rJD79fu3qzrUkMfuVbq1leKA2k72criB5HljvSuZbeRl1yBhMyOvg
mkbA4SUQxCwxyVYOpkwMFYr3ZXlx0V9mToGNyBrHTGo0YCSfUiAI503jIClBSTB1
oyaNwMafmSpHTUw8bqzPNtNigZbiOFxMakUxXmqG9hwrk2XCcbEgNGhErG/RLEpT
KOh/fjvtE02Mszm+pnOfpEuG+Ka96PbMDCbqZ8VJySJ7W1rCGOb4S9xfVGBRJ03Y
7KK+tHXAibWwzzU0Vp7nUo155mV8Oa8MjKQ6vdABX5+IyvQkG4BoBGQeei+jS1/6
QOa7HnruTBA=
-----END CERTIFICATE-----
Generated at Sat Jul 18 04:31:19 2026 by rpki-client