Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/BCA395126C1811EFAFBE6B0FC4F9AE02.roa
File:                     BCA395126C1811EFAFBE6B0FC4F9AE02.roa (raw, json)
Hash identifier:          cWJj/maUSSWmIwVQv3v+/nXUc2cIEZ3WxI91PpLYj30=
Subject key identifier:   E2:3B:B8:E9:BB:7E:E6:79:07:D9:44:71:9A:8C:57:E7:3F:D6:96:53
Certificate issuer:       /CN=A91A12C4/serialNumber=CFC0804DAC4FFF7A22A404E10E9864A711DE19C9
Certificate serial:       0163
Authority key identifier: CF:C0:80:4D:AC:4F:FF:7A:22:A4:04:E1:0E:98:64:A7:11:DE:19:C9
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/z8CATaxP_3oipAThDphkpxHeGck.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/BCA395126C1811EFAFBE6B0FC4F9AE02.roa
Signing time:             Thu 09 Jul 2026 07:32:23 +0000
ROA not before:           Thu 09 Jul 2026 07:32:22 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     153049
IP address blocks:        160.25.66.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/z8CATaxP_3oipAThDphkpxHeGck.crl
                          rsync://rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/z8CATaxP_3oipAThDphkpxHeGck.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/z8CATaxP_3oipAThDphkpxHeGck.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 06:06:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 355 (0x163)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A12C4, serialNumber=CFC0804DAC4FFF7A22A404E10E9864A711DE19C9
        Validity
            Not Before: Jul  9 07:32:22 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a4f4e86-e20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e4:a1:1f:27:98:f8:17:1f:b1:cc:4e:f6:44:
                    21:00:5b:c0:9f:b6:f2:4f:70:2f:f7:a2:f6:6e:0e:
                    b0:87:c5:5d:99:c9:6e:dd:ab:19:02:27:aa:5a:11:
                    e9:8f:ec:b1:32:2c:5a:d0:f6:02:0b:70:20:1d:ab:
                    46:c8:43:37:7b:83:a0:08:97:c3:59:5a:85:e2:4a:
                    02:b2:59:6d:cb:8c:1a:1b:a0:5a:99:06:5a:16:b1:
                    bb:d3:57:af:a6:1b:71:58:df:73:1e:72:f9:da:ae:
                    03:32:9b:50:5c:9e:38:70:8a:83:cc:7b:d5:8e:3f:
                    8d:c7:a3:86:6b:f7:62:17:e7:4d:0e:1a:40:9a:be:
                    fe:66:92:26:21:92:6e:ca:dc:f3:8c:d2:25:fc:d3:
                    16:73:13:2f:58:e5:83:c0:4f:54:05:9e:0c:e2:e9:
                    a1:b2:9e:2b:51:12:82:46:b2:8d:af:62:be:92:cc:
                    4f:77:0c:b8:c5:14:a4:cb:d1:f9:af:1c:97:ba:ac:
                    cd:a9:9c:15:73:19:c7:a8:28:e2:54:73:7d:d7:c3:
                    ad:11:3c:07:2c:7d:2b:d8:b6:39:a9:d2:15:92:d3:
                    c9:f0:15:fd:9a:61:43:87:31:a0:0e:8e:36:c7:bc:
                    26:21:80:1e:a9:7c:8d:fe:84:02:04:11:60:a6:74:
                    9b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3B:B8:E9:BB:7E:E6:79:07:D9:44:71:9A:8C:57:E7:3F:D6:96:53
            X509v3 Authority Key Identifier:
                keyid:CF:C0:80:4D:AC:4F:FF:7A:22:A4:04:E1:0E:98:64:A7:11:DE:19:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/z8CATaxP_3oipAThDphkpxHeGck.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/z8CATaxP_3oipAThDphkpxHeGck.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A12C4/F319EDC26C1711EFBDBFD50BC4F9AE02/BCA395126C1811EFAFBE6B0FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:9e:d7:c0:d8:7e:b5:96:b1:f5:ae:1b:7e:61:9f:87:98:93:
         a5:a9:cb:6b:c7:47:37:67:84:21:c2:11:bb:f4:1e:2c:39:4b:
         36:9c:06:55:05:0c:33:b8:1c:29:a0:ea:1e:12:2f:45:02:01:
         50:17:26:6f:08:9f:f6:41:40:18:82:6d:6a:6b:d3:15:b9:4b:
         40:64:61:bd:6b:83:df:b3:0e:1d:b8:ef:ab:73:23:ac:33:a2:
         1c:c2:4d:6e:d1:d0:87:61:38:32:00:be:a2:5b:61:3b:22:98:
         8b:c4:83:1d:19:d5:9c:6b:0f:41:25:5a:84:be:1e:e0:7e:3f:
         cd:85:c0:99:b8:57:d2:00:d2:1f:2f:88:fd:9f:08:18:57:96:
         08:0c:ac:35:97:fc:bc:4c:ba:ee:a9:6a:63:47:94:ee:33:b3:
         fa:ab:12:eb:15:44:95:ed:0b:1d:1e:b3:aa:91:4e:1d:95:4e:
         06:44:d6:3a:91:d2:14:fd:7b:f8:ef:f7:62:75:be:0c:aa:3e:
         41:90:e0:fe:34:e1:aa:e8:1a:be:55:1b:55:f9:64:07:73:32:
         66:7c:60:76:ae:ac:b7:27:2f:04:c8:7b:8f:e4:bd:5b:7d:a2:
         40:6d:8b:d0:00:1d:ff:df:a3:3d:0b:a7:43:59:d1:66:c6:ac:
         c7:58:81:65
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAWMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTEyQzQxMTAvBgNVBAUTKENGQzA4MDREQUM0RkZGN0EyMkE0MDRFMTBFOTg2NEE3
MTFERTE5QzkwHhcNMjYwNzA5MDczMjIyWhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRmNGU4Ni1lMjBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt+ShHyeY+BcfscxO9kQhAFvAn7byT3Av96L2bg6wh8Vdmclu3asZAieqWhHp
j+yxMixa0PYCC3AgHatGyEM3e4OgCJfDWVqF4koCsllty4waG6BamQZaFrG701ev
phtxWN9zHnL52q4DMptQXJ44cIqDzHvVjj+Nx6OGa/diF+dNDhpAmr7+ZpImIZJu
ytzzjNIl/NMWcxMvWOWDwE9UBZ4M4umhsp4rURKCRrKNr2K+ksxPdwy4xRSky9H5
rxyXuqzNqZwVcxnHqCjiVHN918OtETwHLH0r2LY5qdIVktPJ8BX9mmFDhzGgDo42
x7wmIYAeqXyN/oQCBBFgpnSbfQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFOI7uOm7
fuZ5B9lEcZqMV+c/1pZTMB8GA1UdIwQYMBaAFM/AgE2sT/96IqQE4Q6YZKcR3hnJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMTJDNC9GMzE5RURDMjZD
MTcxMUVGQkRCRkQ1MEJDNEY5QUUwMi96OENBVGF4UF8zb2lwQVRoRHBoa3B4SGVH
Y2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3o4Q0FUYXhQXzNvaXBBVGhEcGhrcHhIZUdjay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTEyQzQvRjMxOUVEQzI2QzE3MTFFRkJEQkZENTBCQzRGOUFFMDIvQkNBMzk1MTI2
QzE4MTFFRkFGQkU2QjBGQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBoBlCMA0GCSqGSIb3DQEBCwUAA4IBAQCLntfA2H61lrH1rht+YZ+H
mJOlqctrx0c3Z4QhwhG79B4sOUs2nAZVBQwzuBwpoOoeEi9FAgFQFyZvCJ/2QUAY
gm1qa9MVuUtAZGG9a4Pfsw4duO+rcyOsM6Icwk1u0dCHYTgyAL6iW2E7IpiLxIMd
GdWcaw9BJVqEvh7gfj/NhcCZuFfSANIfL4j9nwgYV5YIDKw1l/y8TLruqWpjR5Tu
M7P6qxLrFUSV7QsdHrOqkU4dlU4GRNY6kdIU/Xv47/didb4Mqj5BkOD+NOGq6Bq+
VRtV+WQHczJmfGB2rqy3Jy8EyHuP5L1bfaJAbYvQAB3/36M9C6dDWdFmxqzHWIFl
-----END CERTIFICATE-----
Generated at Sat Jul 18 05:22:08 2026 by rpki-client