Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/2A40C41C6EC511ED9672CB40C4F9AE02.roa
File:                     2A40C41C6EC511ED9672CB40C4F9AE02.roa (raw, json)
Hash identifier:          63Mc6PfxkqkDwQtpOI9U8lomk1Cxh7mzQMzSOn5gi4U=
Subject key identifier:   AB:DD:9B:26:FD:F5:49:DB:2E:A7:72:C4:BB:D0:15:AD:37:47:AD:CC
Certificate issuer:       /CN=A91AC4FA/serialNumber=8AF7D8B864FD90452FFD6DE93B51456C79EFB3C7
Certificate serial:       02BA
Authority key identifier: 8A:F7:D8:B8:64:FD:90:45:2F:FD:6D:E9:3B:51:45:6C:79:EF:B3:C7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ivfYuGT9kEUv_W3pO1FFbHnvs8c.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/2A40C41C6EC511ED9672CB40C4F9AE02.roa
Signing time:             Sun 05 Jul 2026 02:27:56 +0000
ROA not before:           Sun 05 Jul 2026 02:27:56 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     17765
IP address blocks:        203.4.188.0/23 maxlen: 24
                          203.4.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/ivfYuGT9kEUv_W3pO1FFbHnvs8c.crl
                          rsync://rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/ivfYuGT9kEUv_W3pO1FFbHnvs8c.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ivfYuGT9kEUv_W3pO1FFbHnvs8c.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 14 Jul 2026 02:21:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 698 (0x2ba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AC4FA, serialNumber=8AF7D8B864FD90452FFD6DE93B51456C79EFB3C7
        Validity
            Not Before: Jul  5 02:27:56 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a49c12c-b0a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:91:09:40:da:28:3a:b2:03:dd:8d:36:51:c5:
                    8d:0b:65:29:d2:6e:81:9a:66:c7:1d:ee:a0:a7:85:
                    ba:67:bf:d6:54:8b:4a:81:9c:de:f0:40:f4:1c:7f:
                    08:2a:cb:59:cb:79:19:89:86:e2:36:0a:42:c3:d9:
                    88:fb:47:1d:ef:7c:67:36:19:98:16:e6:cf:ff:aa:
                    3b:ee:d9:7a:c5:bd:33:13:8e:02:90:4d:e6:1c:cf:
                    14:c0:bf:7a:27:ef:14:b7:10:a5:9e:24:5c:08:65:
                    6c:d0:b3:80:c5:5d:b8:12:9c:bd:0a:ae:25:3a:99:
                    48:f0:f0:ea:bb:09:56:59:e4:bd:fb:72:fc:a4:ca:
                    0c:eb:2e:f1:78:30:4f:5f:8f:bd:1f:e3:db:dd:74:
                    da:b6:5f:8e:04:e9:19:7b:66:3d:8d:cc:6f:3d:ab:
                    d2:95:2c:7a:a0:25:2a:f1:76:64:b4:76:57:a3:1c:
                    18:1b:9c:7c:63:e1:ef:a6:29:73:39:9f:8b:9e:af:
                    38:e7:40:e4:a4:92:a0:84:ce:f6:54:fc:39:64:1a:
                    32:b0:9c:4a:fd:12:ff:1f:fe:29:91:6e:cb:0d:a2:
                    8a:a9:71:97:25:09:71:c7:79:dd:f6:4a:9c:fd:bb:
                    62:17:5a:c4:f3:26:b5:5b:02:55:98:5c:0f:10:9a:
                    5e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DD:9B:26:FD:F5:49:DB:2E:A7:72:C4:BB:D0:15:AD:37:47:AD:CC
            X509v3 Authority Key Identifier:
                keyid:8A:F7:D8:B8:64:FD:90:45:2F:FD:6D:E9:3B:51:45:6C:79:EF:B3:C7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/ivfYuGT9kEUv_W3pO1FFbHnvs8c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ivfYuGT9kEUv_W3pO1FFbHnvs8c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AC4FA/37CB87986C8B11ED87AFF571C4F9AE02/2A40C41C6EC511ED9672CB40C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.4.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:9d:f2:10:94:93:b2:99:e6:82:9a:e7:b7:2a:5d:2b:86:2d:
         45:5f:bc:64:db:c3:9d:86:21:fe:68:e0:80:40:7f:fc:a8:fd:
         83:98:63:e8:b4:9f:60:c3:00:c4:2f:9e:a1:3a:ea:ac:43:29:
         71:33:25:cf:82:fa:5b:e0:2f:f7:63:8d:cc:e5:ae:01:f2:53:
         44:56:ee:7e:2b:ac:66:a2:c6:ca:d8:7d:57:f8:34:d0:bd:55:
         01:f0:b4:9d:16:41:40:39:8b:92:90:cd:30:88:a3:65:1b:be:
         cc:f1:f8:2d:68:5b:8e:bf:04:91:d6:06:ea:7a:23:64:45:c9:
         c3:f7:7b:61:7c:cd:93:7b:e5:b8:dc:4e:19:72:79:a5:8c:b2:
         3c:f3:b8:24:69:a0:60:f5:fb:24:91:86:46:12:09:5d:77:ab:
         47:8b:5d:1d:7a:5c:55:39:45:4f:37:a6:96:b8:fb:cf:16:b4:
         9c:f0:62:f4:e9:00:de:cc:3e:d2:93:0b:9f:3c:94:f8:98:44:
         ad:fa:01:13:44:d8:12:ae:23:38:4a:6b:e2:65:1c:1f:61:b3:
         4e:a1:7e:f6:d7:87:db:c8:93:60:9a:22:87:ad:50:ad:d6:66:
         55:14:cd:5c:5e:c9:ea:8a:aa:76:e7:70:e9:3a:81:ad:b9:c8:
         42:b6:6d:88
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICArowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUM0RkExMTAvBgNVBAUTKDhBRjdEOEI4NjRGRDkwNDUyRkZENkRFOTNCNTE0NTZD
NzlFRkIzQzcwHhcNMjYwNzA1MDIyNzU2WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ5YzEyYy1iMGE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq5EJQNooOrID3Y02UcWNC2Up0m6BmmbHHe6gp4W6Z7/WVItKgZze8ED0HH8I
KstZy3kZiYbiNgpCw9mI+0cd73xnNhmYFubP/6o77tl6xb0zE44CkE3mHM8UwL96
J+8UtxClniRcCGVs0LOAxV24Epy9Cq4lOplI8PDquwlWWeS9+3L8pMoM6y7xeDBP
X4+9H+Pb3XTatl+OBOkZe2Y9jcxvPavSlSx6oCUq8XZktHZXoxwYG5x8Y+Hvpilz
OZ+Lnq8450DkpJKghM72VPw5ZBoysJxK/RL/H/4pkW7LDaKKqXGXJQlxx3nd9kqc
/btiF1rE8ya1WwJVmFwPEJpefwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFKvdmyb9
9UnbLqdyxLvQFa03R63MMB8GA1UdIwQYMBaAFIr32Lhk/ZBFL/1t6TtRRWx577PH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQzRGQS8zN0NCODc5ODZD
OEIxMUVEODdBRkY1NzFDNEY5QUUwMi9pdmZZdUdUOWtFVXZfVzNwTzFGRmJIbnZz
OGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2l2Zll1R1Q5a0VVdl9XM3BPMUZGYkhudnM4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUM0RkEvMzdDQjg3OTg2QzhCMTFFRDg3QUZGNTcxQzRGOUFFMDIvMkE0MEM0MUM2
RUM1MTFFRDk2NzJDQjQwQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCywS8MA0GCSqGSIb3DQEBCwUAA4IBAQC9nfIQlJOymeaCmue3Kl0r
hi1FX7xk28OdhiH+aOCAQH/8qP2DmGPotJ9gwwDEL56hOuqsQylxMyXPgvpb4C/3
Y43M5a4B8lNEVu5+K6xmosbK2H1X+DTQvVUB8LSdFkFAOYuSkM0wiKNlG77M8fgt
aFuOvwSR1gbqeiNkRcnD93thfM2Te+W43E4ZcnmljLI887gkaaBg9fskkYZGEgld
d6tHi10delxVOUVPN6aWuPvPFrSc8GL06QDezD7SkwufPJT4mESt+gETRNgSriM4
SmviZRwfYbNOoX7214fbyJNgmiKHrVCt1mZVFM1cXsnqiqp253DpOoGtuchCtm2I
-----END CERTIFICATE-----
Generated at Wed Jul 8 19:37:23 2026 by rpki-client