Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/C27BAE1E63B411EF9A87155DC4F9AE02.roa
File:                     C27BAE1E63B411EF9A87155DC4F9AE02.roa (raw, json)
Hash identifier:          +2GaHe5cWbVmXD0EaHkbTYfFj1TTwinsmIfZx+qjcRc=
Subject key identifier:   0B:CF:88:30:09:C0:49:9E:99:5E:1D:40:5E:B3:50:AE:02:DF:63:E4
Certificate issuer:       /CN=A91A3F5D/serialNumber=B4081815C6BAED98A1CC950AC6FA10BC60058902
Certificate serial:       01B3
Authority key identifier: B4:08:18:15:C6:BA:ED:98:A1:CC:95:0A:C6:FA:10:BC:60:05:89:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tAgYFca67ZihzJUKxvoQvGAFiQI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/C27BAE1E63B411EF9A87155DC4F9AE02.roa
Signing time:             Thu 25 Jun 2026 05:35:02 +0000
ROA not before:           Thu 25 Jun 2026 05:35:02 +0000
ROA not after:            Fri 30 Jul 2027 00:00:00 +0000
asID:                     55933
IP address blocks:        103.23.172.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/tAgYFca67ZihzJUKxvoQvGAFiQI.crl
                          rsync://rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/tAgYFca67ZihzJUKxvoQvGAFiQI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tAgYFca67ZihzJUKxvoQvGAFiQI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:13:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 435 (0x1b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A3F5D, serialNumber=B4081815C6BAED98A1CC950AC6FA10BC60058902
        Validity
            Not Before: Jun 25 05:35:02 2026 GMT
            Not After : Jul 30 00:00:00 2027 GMT
        Subject: CN=6a3cbe06-a4bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6b:72:9f:a2:e9:e2:b5:11:aa:dd:cb:67:2d:
                    70:de:61:87:84:16:80:c8:09:3b:9c:16:b4:35:ae:
                    dd:b4:6f:be:a6:ff:a4:3f:ee:8a:7e:03:19:d0:2a:
                    28:8f:17:e4:1c:23:dd:b2:bf:3f:18:aa:65:ca:07:
                    4b:7c:88:b6:dd:63:fe:f5:35:87:c4:28:69:27:15:
                    37:30:6a:7c:9b:8a:60:07:ad:03:94:d7:4f:3d:27:
                    d1:ce:d8:23:6e:db:ed:da:af:e4:c1:46:0e:1f:fa:
                    3c:07:44:6c:9b:84:e9:56:03:b1:2f:9c:9f:c0:1b:
                    60:b0:c2:f1:c4:7b:7a:f2:a7:e1:b6:f4:c7:f0:24:
                    cc:31:0c:b8:b0:53:e8:51:29:92:ca:9c:4d:4e:d6:
                    95:95:f1:85:c1:28:85:3a:9c:e6:48:f2:b4:23:bc:
                    3b:fb:f8:f9:38:f5:35:5e:28:cb:3b:a2:ac:dc:31:
                    47:68:48:d0:b1:ca:dd:9d:b9:b3:99:97:23:1c:ff:
                    5c:89:af:4d:e1:71:06:84:89:8f:9a:e1:07:89:0e:
                    91:4b:e9:da:44:c7:65:c2:76:2e:f2:a6:85:36:bc:
                    d6:9c:ad:f4:2c:90:38:4c:6c:e4:81:79:e3:39:d6:
                    0f:d5:9c:b8:58:3b:b3:65:99:31:16:38:3e:5d:58:
                    c5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CF:88:30:09:C0:49:9E:99:5E:1D:40:5E:B3:50:AE:02:DF:63:E4
            X509v3 Authority Key Identifier:
                keyid:B4:08:18:15:C6:BA:ED:98:A1:CC:95:0A:C6:FA:10:BC:60:05:89:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/tAgYFca67ZihzJUKxvoQvGAFiQI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tAgYFca67ZihzJUKxvoQvGAFiQI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A3F5D/10F94EF006AB11EF87BFA725C4F9AE02/C27BAE1E63B411EF9A87155DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.23.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:e6:f9:11:9c:31:e8:78:db:e3:2b:1c:6b:2f:bd:46:41:76:
         ff:3b:bc:59:1d:e1:81:e7:97:ad:0b:9a:a6:a6:c8:4d:27:db:
         71:38:5f:cc:0d:8b:50:cd:32:91:f6:02:a5:a7:8b:af:3e:94:
         82:c3:26:38:5a:16:cc:f4:2b:3f:a8:79:19:8e:31:f0:43:d3:
         42:b8:ca:14:19:66:cc:18:ed:fb:30:ca:8a:86:0d:16:fa:7a:
         72:e6:27:85:e3:8d:fe:fb:aa:c1:90:59:18:60:0c:5a:02:a5:
         34:64:30:01:5c:9d:7f:fc:5d:89:f8:eb:22:33:70:7a:37:72:
         7c:4c:16:4f:fb:e2:7a:0e:60:18:76:88:4a:ad:b4:21:44:4c:
         2c:72:d1:2a:4f:df:14:34:36:43:55:59:b3:63:5e:a6:82:67:
         20:88:e3:a3:2d:19:3b:ea:3c:fc:9a:4b:83:79:8d:ef:2b:94:
         55:c5:59:74:e0:f2:f2:f9:2d:fa:34:65:1d:34:24:f3:56:c8:
         79:42:00:82:dd:74:a5:b5:ce:97:38:5e:ea:06:f5:3c:8a:0b:
         99:07:43:44:29:18:5d:0b:8e:63:9a:71:a5:97:76:65:92:6c:
         dd:a9:d1:c3:0b:61:a1:1a:d8:0e:03:72:d2:b3:6e:0c:17:e0:
         34:37:dd:58
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAbMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTNGNUQxMTAvBgNVBAUTKEI0MDgxODE1QzZCQUVEOThBMUNDOTUwQUM2RkExMEJD
NjAwNTg5MDIwHhcNMjYwNjI1MDUzNTAyWhcNMjcwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNjYmUwNi1hNGJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtWtyn6Lp4rURqt3LZy1w3mGHhBaAyAk7nBa0Na7dtG++pv+kP+6KfgMZ0Coo
jxfkHCPdsr8/GKplygdLfIi23WP+9TWHxChpJxU3MGp8m4pgB60DlNdPPSfRztgj
btvt2q/kwUYOH/o8B0Rsm4TpVgOxL5yfwBtgsMLxxHt68qfhtvTH8CTMMQy4sFPo
USmSypxNTtaVlfGFwSiFOpzmSPK0I7w7+/j5OPU1XijLO6Ks3DFHaEjQscrdnbmz
mZcjHP9cia9N4XEGhImPmuEHiQ6RS+naRMdlwnYu8qaFNrzWnK30LJA4TGzkgXnj
OdYP1Zy4WDuzZZkxFjg+XVjF5QIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFAvPiDAJ
wEmemV4dQF6zUK4C32PkMB8GA1UdIwQYMBaAFLQIGBXGuu2YocyVCsb6ELxgBYkC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBM0Y1RC8xMEY5NEVGMDA2
QUIxMUVGODdCRkE3MjVDNEY5QUUwMi90QWdZRmNhNjdaaWh6SlVLeHZvUXZHQUZp
UUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RBZ1lGY2E2N1ppaHpKVUt4dm9RdkdBRmlRSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTNGNUQvMTBGOTRFRjAwNkFCMTFFRjg3QkZBNzI1QzRGOUFFMDIvQzI3QkFFMUU2
M0I0MTFFRjlBODcxNTVEQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBZxesMA0GCSqGSIb3DQEBCwUAA4IBAQBJ5vkRnDHoeNvjKxxrL71G
QXb/O7xZHeGB55etC5qmpshNJ9txOF/MDYtQzTKR9gKlp4uvPpSCwyY4WhbM9Cs/
qHkZjjHwQ9NCuMoUGWbMGO37MMqKhg0W+npy5ieF443++6rBkFkYYAxaAqU0ZDAB
XJ1//F2J+OsiM3B6N3J8TBZP++J6DmAYdohKrbQhREwsctEqT98UNDZDVVmzY16m
gmcgiOOjLRk76jz8mkuDeY3vK5RVxVl04PLy+S36NGUdNCTzVsh5QgCC3XSltc6X
OF7qBvU8iguZB0NEKRhdC45jmnGll3ZlkmzdqdHDC2GhGtgOA3LSs24MF+A0N91Y
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:50:33 2026 by rpki-client