Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/4F172076BA1F11F08DD0CE3CC4F9AE02.roa
File:                     4F172076BA1F11F08DD0CE3CC4F9AE02.roa (raw, json)
Hash identifier:          eaSdiBeFxcQwrPJB1NyFI648lfGXjeHCLe7UI2HVoV4=
Subject key identifier:   ED:56:21:45:3C:2A:FF:64:DD:69:B4:FA:61:3C:59:55:7A:77:1B:63
Certificate issuer:       /CN=A919AFBE/serialNumber=062D313B099AE86B3F4FE2E20BB45F8E86536273
Certificate serial:       79
Authority key identifier: 06:2D:31:3B:09:9A:E8:6B:3F:4F:E2:E2:0B:B4:5F:8E:86:53:62:73
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/4F172076BA1F11F08DD0CE3CC4F9AE02.roa
Signing time:             Mon 22 Jun 2026 19:10:06 +0000
ROA not before:           Mon 22 Jun 2026 19:10:06 +0000
ROA not after:            Tue 02 Mar 2027 00:00:00 +0000
asID:                     140849
IP address blocks:        138.252.144.0/23 maxlen: 23
                          138.252.144.0/24 maxlen: 24
                          138.252.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.crl
                          rsync://rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 08:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121 (0x79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919AFBE, serialNumber=062D313B099AE86B3F4FE2E20BB45F8E86536273
        Validity
            Not Before: Jun 22 19:10:06 2026 GMT
            Not After : Mar  2 00:00:00 2027 GMT
        Subject: CN=6a39888e-fb20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:20:e1:ef:f7:2a:be:63:ed:04:59:0d:ca:6c:
                    45:61:8f:c9:6e:ac:64:1e:93:b0:d2:2f:7b:b5:78:
                    dc:a8:47:62:1a:0e:90:eb:6f:b8:ed:a0:a1:cb:70:
                    75:4c:f1:e1:b3:a7:fa:ad:69:38:9a:f0:ed:a1:49:
                    34:8e:ac:b6:66:93:d1:61:8a:d1:9b:a0:a8:7f:95:
                    01:63:de:7c:64:6b:d6:fb:0f:d0:31:b7:42:5d:b7:
                    bd:2a:67:eb:18:6e:0a:73:32:e7:e7:91:f4:ed:7e:
                    21:4b:f3:15:f4:3a:a8:40:b7:e0:ca:83:cf:b2:4d:
                    a4:39:f8:53:c0:46:e2:d2:6f:d5:32:22:5f:53:c4:
                    5a:5a:4c:93:8a:3c:54:e9:58:6c:2c:f6:77:85:80:
                    b6:05:49:5d:8f:70:88:31:c5:46:5c:dd:34:ed:2b:
                    8a:5b:f1:35:7d:8a:07:39:59:0b:e7:06:d9:31:77:
                    a8:5a:c6:e3:9f:75:64:f8:59:53:3e:87:a0:e9:fd:
                    7c:4e:b9:cc:df:1a:cf:99:cb:70:d7:6b:77:5b:fd:
                    f3:78:77:92:e2:88:28:64:7d:de:53:c6:ca:02:19:
                    19:90:a1:7c:73:48:d4:b1:b0:16:33:13:9f:a4:1e:
                    e2:9b:db:09:9f:eb:c7:c2:ef:ac:8a:0d:ef:c4:68:
                    73:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:56:21:45:3C:2A:FF:64:DD:69:B4:FA:61:3C:59:55:7A:77:1B:63
            X509v3 Authority Key Identifier:
                keyid:06:2D:31:3B:09:9A:E8:6B:3F:4F:E2:E2:0B:B4:5F:8E:86:53:62:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Bi0xOwma6Gs_T-LiC7RfjoZTYnM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919AFBE/BA018DB4BA1E11F0B987393BC4F9AE02/4F172076BA1F11F08DD0CE3CC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:4f:3d:59:72:f0:59:42:43:f7:e3:9a:3d:86:3d:5d:f7:ec:
         c8:8b:23:e6:4f:c2:43:a1:21:3d:bd:77:1b:7e:2b:04:c3:b7:
         40:a2:b4:65:15:2f:35:59:81:27:5b:32:10:15:d6:e4:c8:5d:
         3d:f6:fc:d4:a0:22:4c:64:24:f3:07:2d:b8:f6:46:9c:a6:91:
         e9:08:ab:bb:31:da:81:f0:48:22:12:a7:60:37:ff:8c:23:21:
         77:96:53:e0:8e:54:38:ae:8a:0b:28:34:fb:1c:eb:d1:60:e4:
         14:61:0b:e1:c9:b4:bd:2f:11:b2:d5:d4:8c:00:3b:94:cd:56:
         d2:0e:87:cd:bc:01:55:8b:cc:2a:c5:f0:e1:8d:7f:21:6d:74:
         06:76:6f:d4:75:be:ed:a5:c4:25:13:1a:b6:e2:90:ee:32:89:
         39:ac:9d:f1:1b:4a:7c:37:b5:c2:7f:4c:87:e6:fa:50:e3:75:
         5f:ea:2f:6d:e7:51:90:59:b2:1d:d4:c7:b1:9b:eb:46:ed:99:
         68:d4:d5:1e:33:6a:23:d9:44:8e:ba:67:71:be:ce:fa:01:47:
         ba:c6:eb:05:d0:2c:50:38:79:c3:71:9a:37:e6:27:11:8f:68:
         4e:f8:23:27:d8:2e:44:b0:76:fb:7b:bf:01:c6:22:ef:24:c9:
         27:d9:68:74
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIBeTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
QUZCRTExMC8GA1UEBRMoMDYyRDMxM0IwOTlBRTg2QjNGNEZFMkUyMEJCNDVGOEU4
NjUzNjI3MzAeFw0yNjA2MjIxOTEwMDZaFw0yNzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhMzk4ODhlLWZiMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMIOHv9yq+Y+0EWQ3KbEVhj8lurGQek7DSL3u1eNyoR2IaDpDrb7jtoKHLcHVM
8eGzp/qtaTia8O2hSTSOrLZmk9FhitGboKh/lQFj3nxka9b7D9Axt0Jdt70qZ+sY
bgpzMufnkfTtfiFL8xX0OqhAt+DKg8+yTaQ5+FPARuLSb9UyIl9TxFpaTJOKPFTp
WGws9neFgLYFSV2PcIgxxUZc3TTtK4pb8TV9igc5WQvnBtkxd6haxuOfdWT4WVM+
h6Dp/XxOuczfGs+Zy3DXa3db/fN4d5LiiChkfd5TxsoCGRmQoXxzSNSxsBYzE5+k
HuKb2wmf68fC76yKDe/EaHNPAgMBAAGjggJgMIICXDAdBgNVHQ4EFgQU7VYhRTwq
/2TdabT6YTxZVXp3G2MwHwYDVR0jBBgwFoAUBi0xOwma6Gs/T+LiC7RfjoZTYnMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlBRkJFL0JBMDE4REI0QkEx
RTExRjBCOTg3MzkzQkM0RjlBRTAyL0JpMHhPd21hNkdzX1QtTGlDN1Jmam9aVFlu
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvQmkweE93bWE2R3NfVC1MaUM3UmZqb1pUWW5NLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
QUZCRS9CQTAxOERCNEJBMUUxMUYwQjk4NzM5M0JDNEY5QUUwMi80RjE3MjA3NkJB
MUYxMUYwOEREMENFM0NDNEY5QUUwMi5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAGK/JAwDQYJKoZIhvcNAQELBQADggEBACNPPVly8FlCQ/fjmj2GPV33
7MiLI+ZPwkOhIT29dxt+KwTDt0CitGUVLzVZgSdbMhAV1uTIXT32/NSgIkxkJPMH
Lbj2RpymkekIq7sx2oHwSCISp2A3/4wjIXeWU+COVDiuigsoNPsc69Fg5BRhC+HJ
tL0vEbLV1IwAO5TNVtIOh828AVWLzCrF8OGNfyFtdAZ2b9R1vu2lxCUTGrbikO4y
iTmsnfEbSnw3tcJ/TIfm+lDjdV/qL23nUZBZsh3Ux7Gb60btmWjU1R4zaiPZRI66
Z3G+zvoBR7rG6wXQLFA4ecNxmjfmJxGPaE74IyfYLkSwdvt7vwHGIu8kySfZaHQ=
-----END CERTIFICATE-----
Generated at Sat Jul 18 05:20:30 2026 by rpki-client