Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/FA7CB46C8AB411EA89D83541C4F9AE02.roa
File:                     FA7CB46C8AB411EA89D83541C4F9AE02.roa (raw, json)
Hash identifier:          aqqfGs3JriEsKH61+I5TG754MoSti71jdm+menPPL/8=
Subject key identifier:   E0:CB:F5:A5:29:93:7F:ED:F0:75:F7:BD:17:D9:E6:A6:71:F0:6B:4B
Certificate issuer:       /CN=A91A2F6C/serialNumber=EDAF1E9A79D9FECB107883AFD3757FA8F70A32D7
Certificate serial:       0A6D
Authority key identifier: ED:AF:1E:9A:79:D9:FE:CB:10:78:83:AF:D3:75:7F:A8:F7:0A:32:D7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7a8emnnZ_ssQeIOv03V_qPcKMtc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/FA7CB46C8AB411EA89D83541C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 20:24:41 +0000
ROA not before:           Tue 30 Jun 2026 20:24:41 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     140611
IP address blocks:        103.150.254.0/23 maxlen: 23
                          103.150.254.0/24 maxlen: 24
                          103.150.255.0/24 maxlen: 24
                          2001:df3:9980::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/7a8emnnZ_ssQeIOv03V_qPcKMtc.crl
                          rsync://rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/7a8emnnZ_ssQeIOv03V_qPcKMtc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7a8emnnZ_ssQeIOv03V_qPcKMtc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 19:45:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2669 (0xa6d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A2F6C, serialNumber=EDAF1E9A79D9FECB107883AFD3757FA8F70A32D7
        Validity
            Not Before: Jun 30 20:24:41 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a442609-cf58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a5:cb:df:02:27:d8:51:1d:5c:19:d6:c3:5b:
                    17:38:d9:95:29:e5:92:97:fa:21:b9:9a:77:d3:97:
                    ac:e1:2d:4e:dc:82:0f:af:8d:4e:f5:e5:be:d5:5c:
                    79:86:cb:17:44:bc:1a:57:bc:03:53:09:b5:9f:18:
                    7a:af:b0:d9:50:4a:5d:7d:da:fe:bc:f0:55:f6:d9:
                    85:86:67:2b:46:df:5e:17:87:f0:c4:f9:5c:c5:a0:
                    24:f6:54:af:59:d8:34:44:9e:b4:10:04:b1:4f:97:
                    16:1e:28:69:37:a7:cb:ca:c1:0b:6a:15:3d:70:b0:
                    ae:38:22:f5:88:27:b5:49:e5:d5:b6:0b:dd:04:7e:
                    9e:bd:ad:5e:35:0b:18:19:a2:35:79:8b:92:3b:06:
                    8e:92:3a:08:30:53:c3:b2:aa:e3:2b:0a:1c:fd:7a:
                    ec:4a:bf:d0:ac:42:39:68:d9:8b:57:76:64:a7:45:
                    5c:af:3a:13:b9:7c:e5:da:e6:dc:36:99:33:f4:09:
                    73:b9:d2:25:30:75:2d:12:50:b0:0c:7a:aa:e1:ef:
                    3a:77:72:b2:08:42:c6:51:99:c4:a5:b5:5d:fc:7e:
                    e8:c1:d0:68:cc:c5:ab:35:52:35:2c:d4:9b:8e:41:
                    21:94:21:21:94:0e:35:f9:f1:d1:dc:73:df:f2:05:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CB:F5:A5:29:93:7F:ED:F0:75:F7:BD:17:D9:E6:A6:71:F0:6B:4B
            X509v3 Authority Key Identifier:
                keyid:ED:AF:1E:9A:79:D9:FE:CB:10:78:83:AF:D3:75:7F:A8:F7:0A:32:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/7a8emnnZ_ssQeIOv03V_qPcKMtc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7a8emnnZ_ssQeIOv03V_qPcKMtc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A2F6C/9E31F3B28AB311EA93A6BA3EC4F9AE02/FA7CB46C8AB411EA89D83541C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.150.254.0/23
                IPv6:
                  2001:df3:9980::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:80:93:fe:21:93:0d:c2:6e:88:16:8b:79:5a:44:37:b6:5a:
         8c:98:45:30:d4:a3:9f:4b:5b:f9:d7:a2:da:c2:ae:11:59:12:
         14:1c:c7:c3:f4:41:9b:30:b9:f1:4a:a9:82:85:2e:96:11:46:
         3a:1f:0f:04:4f:e3:3d:2d:28:81:93:4b:bf:7a:2e:e5:37:71:
         6f:1b:00:17:e4:fd:b8:e0:68:15:5f:aa:91:94:94:38:51:89:
         62:0f:a7:33:74:2b:73:39:31:26:12:18:88:cd:21:e1:ef:eb:
         db:80:a8:43:a3:61:97:c1:5e:0a:fc:2c:3d:5b:81:a6:11:76:
         35:f3:1b:08:92:33:d0:fb:bd:0a:56:ad:7f:b8:78:e7:33:cf:
         15:4e:38:94:35:02:fe:c9:37:34:d0:a3:f1:82:4c:5a:ee:10:
         01:f5:1f:ae:a4:aa:6e:63:90:f8:1f:40:8e:aa:80:29:b2:ed:
         8f:cf:3e:02:9a:58:e3:3f:24:c9:12:07:47:b7:bd:37:e7:e1:
         97:a4:57:f3:93:f4:55:9b:a1:64:ae:e6:2f:57:69:68:5c:22:
         ba:54:ee:c3:7b:a2:86:a1:53:8c:7d:b2:94:c9:12:06:ea:cb:
         6b:29:2c:f4:23:cd:0a:11:2e:ec:a0:a2:4e:f7:04:f5:93:b5:
         af:24:0e:f3
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgICCm0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTJGNkMxMTAvBgNVBAUTKEVEQUYxRTlBNzlEOUZFQ0IxMDc4ODNBRkQzNzU3RkE4
RjcwQTMyRDcwHhcNMjYwNjMwMjAyNDQxWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0MjYwOS1jZjU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApKXL3wIn2FEdXBnWw1sXONmVKeWSl/ohuZp305es4S1O3IIPr41O9eW+1Vx5
hssXRLwaV7wDUwm1nxh6r7DZUEpdfdr+vPBV9tmFhmcrRt9eF4fwxPlcxaAk9lSv
Wdg0RJ60EASxT5cWHihpN6fLysELahU9cLCuOCL1iCe1SeXVtgvdBH6eva1eNQsY
GaI1eYuSOwaOkjoIMFPDsqrjKwoc/XrsSr/QrEI5aNmLV3Zkp0VcrzoTuXzl2ubc
Npkz9AlzudIlMHUtElCwDHqq4e86d3KyCELGUZnEpbVd/H7owdBozMWrNVI1LNSb
jkEhlCEhlA41+fHR3HPf8gXmdwIDAQABo4ICcTCCAm0wHQYDVR0OBBYEFODL9aUp
k3/t8HX3vRfZ5qZx8GtLMB8GA1UdIwQYMBaAFO2vHpp52f7LEHiDr9N1f6j3CjLX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMkY2Qy85RTMxRjNCMjhB
QjMxMUVBOTNBNkJBM0VDNEY5QUUwMi83YThlbW5uWl9zc1FlSU92MDNWX3FQY0tN
dGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdhOGVtbm5aX3NzUWVJT3YwM1ZfcVBjS010Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTJGNkMvOUUzMUYzQjI4QUIzMTFFQTkzQTZCQTNFQzRGOUFFMDIvRkE3Q0I0NkM4
QUI0MTFFQTg5RDgzNTQxQzRGOUFFMDIucm9hMDAGCCsGAQUFBwEHAQH/BCEwHzAM
BAIAATAGAwQBZ5b+MA8EAgACMAkDBwAgAQ3zmYAwDQYJKoZIhvcNAQELBQADggEB
ACGAk/4hkw3CbogWi3laRDe2WoyYRTDUo59LW/nXotrCrhFZEhQcx8P0QZswufFK
qYKFLpYRRjofDwRP4z0tKIGTS796LuU3cW8bABfk/bjgaBVfqpGUlDhRiWIPpzN0
K3M5MSYSGIjNIeHv69uAqEOjYZfBXgr8LD1bgaYRdjXzGwiSM9D7vQpWrX+4eOcz
zxVOOJQ1Av7JNzTQo/GCTFruEAH1H66kqm5jkPgfQI6qgCmy7Y/PPgKaWOM/JMkS
B0e3vTfn4ZekV/OT9FWboWSu5i9XaWhcIrpU7sN7ooahU4x9spTJEgbqy2spLPQj
zQoRLuygok73BPWTta8kDvM=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:23:38 2026 by rpki-client