Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/FB29FEA06C1F11EFA8C5694EC4F9AE02.roa
File:                     FB29FEA06C1F11EFA8C5694EC4F9AE02.roa (raw, json)
Hash identifier:          9exb67LvG57W15zgis1vs2iVdcit10664aqnSHuUCpQ=
Subject key identifier:   FB:6F:EB:CA:C8:82:39:14:06:2C:FF:F6:9C:05:A1:E8:2B:D4:92:59
Certificate issuer:       /CN=A919AD11/serialNumber=A554DF3D47027FFAF7CB8A166F3E0A10E3177867
Certificate serial:       017E
Authority key identifier: A5:54:DF:3D:47:02:7F:FA:F7:CB:8A:16:6F:3E:0A:10:E3:17:78:67
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/pVTfPUcCf_r3y4oWbz4KEOMXeGc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/FB29FEA06C1F11EFA8C5694EC4F9AE02.roa
Signing time:             Sun 05 Jul 2026 05:31:55 +0000
ROA not before:           Sun 05 Jul 2026 05:31:55 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     153050
IP address blocks:        160.25.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/pVTfPUcCf_r3y4oWbz4KEOMXeGc.crl
                          rsync://rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/pVTfPUcCf_r3y4oWbz4KEOMXeGc.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/pVTfPUcCf_r3y4oWbz4KEOMXeGc.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:39:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 382 (0x17e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919AD11, serialNumber=A554DF3D47027FFAF7CB8A166F3E0A10E3177867
        Validity
            Not Before: Jul  5 05:31:55 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a49ec4b-a7c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:63:cc:fa:24:42:87:a3:92:13:57:16:bc:db:
                    4c:0a:ee:84:3e:86:2e:96:c7:da:db:aa:86:fd:4f:
                    b1:10:ac:95:7b:63:2d:a6:9c:4f:da:20:c4:06:e0:
                    57:1c:db:04:c4:bc:8f:d0:0b:04:1e:33:1e:4d:b6:
                    a7:db:a9:d1:00:28:5b:99:73:6d:fd:b7:9e:b0:b3:
                    3e:d4:0a:e2:40:8d:59:ab:4e:34:f9:1b:92:e9:c7:
                    1e:ca:1a:99:31:77:54:df:18:d4:96:d2:09:67:66:
                    a6:6a:dc:95:9e:08:00:06:36:12:01:70:0b:4b:3f:
                    39:f9:e6:9c:f6:d8:77:8e:6b:89:d9:a4:ab:65:31:
                    4e:70:65:6d:0e:d4:1a:1a:d9:75:8d:99:f9:7c:26:
                    79:86:ef:99:fe:40:01:71:6b:c3:b8:dd:c6:7e:5c:
                    06:3f:f9:fe:b4:34:8a:40:8c:f9:c4:bf:ac:c0:fd:
                    e9:15:60:40:51:73:06:31:94:03:f9:98:cb:02:a5:
                    24:90:1a:cb:7f:6d:ee:fb:5f:bc:1e:02:1f:aa:83:
                    5b:26:0b:92:b0:4f:e7:cf:f0:f7:90:4f:1a:b6:75:
                    39:f2:95:06:ed:94:c2:7b:c5:dd:f6:64:bc:06:b4:
                    d0:2b:c3:e8:8a:04:fa:62:d3:8b:de:30:48:07:7c:
                    f2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:6F:EB:CA:C8:82:39:14:06:2C:FF:F6:9C:05:A1:E8:2B:D4:92:59
            X509v3 Authority Key Identifier:
                keyid:A5:54:DF:3D:47:02:7F:FA:F7:CB:8A:16:6F:3E:0A:10:E3:17:78:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/pVTfPUcCf_r3y4oWbz4KEOMXeGc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/pVTfPUcCf_r3y4oWbz4KEOMXeGc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919AD11/FC5038483A8911EF9817B26AC4F9AE02/FB29FEA06C1F11EFA8C5694EC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c7:54:57:9a:0e:cd:76:01:67:d5:bb:14:ad:25:4b:66:42:
         88:02:01:75:41:d6:62:a9:1b:db:8b:ce:a8:73:13:42:16:98:
         25:30:ac:53:1d:14:bf:e4:97:92:d8:2b:7a:15:7e:b1:75:7b:
         8d:b6:53:5e:20:9d:d3:1d:07:64:91:ff:5e:17:31:de:0e:28:
         af:f2:be:d1:45:ea:7f:d2:a9:ef:66:56:9f:12:8c:a5:82:7f:
         cb:94:71:9d:f7:7d:cf:11:c3:03:63:69:4b:a3:c6:00:8c:de:
         a7:0e:ff:e7:93:fe:dc:d3:ec:a4:33:4d:8e:55:db:a6:82:bc:
         26:a8:28:0c:7b:69:0a:4c:47:27:1f:e0:d0:94:71:41:ce:94:
         99:a7:eb:a5:e0:bf:0a:10:93:13:cf:b0:03:c6:01:3d:08:c7:
         aa:fc:bb:43:6e:8b:f1:3a:e6:77:9d:71:0e:8f:0b:1e:24:2f:
         2c:d0:19:b5:d9:3f:82:0f:05:43:19:26:de:3e:84:76:85:ca:
         48:46:d1:24:e1:81:92:94:4e:55:89:af:0b:02:3e:dd:82:9c:
         f9:c0:a3:03:d7:26:3c:f3:ac:14:c7:a8:db:de:64:12:a0:f3:
         50:8b:81:73:77:f2:7e:20:eb:b1:a3:f4:3b:3f:10:7c:4a:8b:
         cd:d5:e3:40
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAX4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUFEMTExMTAvBgNVBAUTKEE1NTRERjNENDcwMjdGRkFGN0NCOEExNjZGM0UwQTEw
RTMxNzc4NjcwHhcNMjYwNzA1MDUzMTU1WhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ5ZWM0Yi1hN2M3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAhWPM+iRCh6OSE1cWvNtMCu6EPoYulsfa26qG/U+xEKyVe2MtppxP2iDEBuBX
HNsExLyP0AsEHjMeTban26nRAChbmXNt/beesLM+1AriQI1Zq040+RuS6cceyhqZ
MXdU3xjUltIJZ2amatyVnggABjYSAXALSz85+eac9th3jmuJ2aSrZTFOcGVtDtQa
Gtl1jZn5fCZ5hu+Z/kABcWvDuN3GflwGP/n+tDSKQIz5xL+swP3pFWBAUXMGMZQD
+ZjLAqUkkBrLf23u+1+8HgIfqoNbJguSsE/nz/D3kE8atnU58pUG7ZTCe8Xd9mS8
BrTQK8PoigT6YtOL3jBIB3zyhQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFPtv68rI
gjkUBiz/9pwFoegr1JJZMB8GA1UdIwQYMBaAFKVU3z1HAn/698uKFm8+ChDjF3hn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QUQxMS9GQzUwMzg0ODNB
ODkxMUVGOTgxN0IyNkFDNEY5QUUwMi9wVlRmUFVjQ2ZfcjN5NG9XYno0S0VPTVhl
R2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3BWVGZQVWNDZl9yM3k0b1diejRLRU9NWGVHYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUFEMTEvRkM1MDM4NDgzQTg5MTFFRjk4MTdCMjZBQzRGOUFFMDIvRkIyOUZFQTA2
QzFGMTFFRkE4QzU2OTRFQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAoBkhMA0GCSqGSIb3DQEBCwUAA4IBAQAox1RXmg7NdgFn1bsUrSVL
ZkKIAgF1QdZiqRvbi86ocxNCFpglMKxTHRS/5JeS2Ct6FX6xdXuNtlNeIJ3THQdk
kf9eFzHeDiiv8r7RRep/0qnvZlafEoylgn/LlHGd933PEcMDY2lLo8YAjN6nDv/n
k/7c0+ykM02OVdumgrwmqCgMe2kKTEcnH+DQlHFBzpSZp+ul4L8KEJMTz7ADxgE9
CMeq/LtDbovxOuZ3nXEOjwseJC8s0Bm12T+CDwVDGSbePoR2hcpIRtEk4YGSlE5V
ia8LAj7dgpz5wKMD1yY886wUx6jb3mQSoPNQi4Fzd/J+IOuxo/Q7PxB8SovN1eNA
-----END CERTIFICATE-----
Generated at Sat Jul 18 04:31:09 2026 by rpki-client