Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/DB14F0D8688611F19B84FAD56C47A888.roa
File:                     DB14F0D8688611F19B84FAD56C47A888.roa (raw, json)
Hash identifier:          74bk58//l9arlYq1z7u+T+hfveHOzEv+5Ygge/tEw9M=
Subject key identifier:   FD:8D:75:CD:4A:F6:B4:11:30:E2:05:EA:82:7E:13:80:61:95:39:05
Certificate issuer:       /CN=A91B539C/serialNumber=4FC5FD8D2768E40977421918FB139C335DBF8380
Certificate serial:       02
Authority key identifier: 4F:C5:FD:8D:27:68:E4:09:77:42:19:18:FB:13:9C:33:5D:BF:83:80
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/T8X9jSdo5Al3QhkY-xOcM12_g4A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/DB14F0D8688611F19B84FAD56C47A888.roa
Signing time:             Mon 15 Jun 2026 06:53:04 +0000
ROA not before:           Mon 15 Jun 2026 06:53:04 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     154715
IP address blocks:        2402:6460::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/T8X9jSdo5Al3QhkY-xOcM12_g4A.crl
                          rsync://rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/T8X9jSdo5Al3QhkY-xOcM12_g4A.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/T8X9jSdo5Al3QhkY-xOcM12_g4A.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:03:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B539C, serialNumber=4FC5FD8D2768E40977421918FB139C335DBF8380
        Validity
            Not Before: Jun 15 06:53:04 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a2fa14f-e66e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a1:2b:e2:b6:61:1e:10:cb:70:48:83:d5:3b:
                    14:50:8e:41:7a:50:56:43:c9:8f:ae:58:8c:1c:96:
                    c2:7f:40:4e:d2:50:ae:4c:52:e4:d7:8d:8b:11:23:
                    dd:37:ec:d5:f7:ab:46:e9:86:9d:db:db:7d:ee:19:
                    41:a5:56:56:85:4e:32:3a:5c:29:1f:11:e0:f4:31:
                    48:11:61:01:79:e4:4b:23:61:09:6b:6d:84:44:ae:
                    07:c1:f7:0d:1c:20:20:e0:9c:0b:a3:45:b6:f1:0c:
                    48:77:69:5f:81:d5:81:59:35:aa:00:9c:a5:d9:f7:
                    3d:54:bd:0c:3a:53:a4:a4:2b:9f:cf:52:15:1e:05:
                    4e:da:04:c4:60:eb:02:af:94:07:ab:c4:66:f1:4a:
                    e8:43:91:ee:d5:55:18:5d:09:1e:90:e5:3e:00:4c:
                    83:a9:37:30:0d:f2:1a:e8:3c:f9:de:94:94:36:98:
                    86:56:b7:60:6e:94:a2:e3:1f:eb:d1:37:47:00:a2:
                    be:f1:d9:6e:b7:be:82:2e:f1:7a:e2:cb:4c:72:90:
                    a0:fd:25:95:d0:b5:ae:10:a5:66:86:81:68:5c:67:
                    4f:7d:8a:f5:f9:de:f1:6f:37:04:85:be:30:08:10:
                    ac:80:e7:e0:e8:2e:8e:0d:9b:2b:01:24:c3:a6:b7:
                    8c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:8D:75:CD:4A:F6:B4:11:30:E2:05:EA:82:7E:13:80:61:95:39:05
            X509v3 Authority Key Identifier:
                keyid:4F:C5:FD:8D:27:68:E4:09:77:42:19:18:FB:13:9C:33:5D:BF:83:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/T8X9jSdo5Al3QhkY-xOcM12_g4A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/T8X9jSdo5Al3QhkY-xOcM12_g4A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B539C/63C8E552688611F1A9DD30CE6C47A888/DB14F0D8688611F19B84FAD56C47A888.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:6460::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:66:0a:4a:c7:a2:30:41:fa:5d:0a:d6:66:34:da:1f:00:d7:
         f0:a4:24:fe:b2:6c:ae:ab:4a:0e:f4:f8:1a:2b:d7:b8:b0:c1:
         4d:69:50:a1:39:d8:70:ee:45:0f:df:36:72:ad:af:1a:9a:71:
         83:f0:6d:64:e2:f4:ac:a7:72:cc:6d:e4:35:f7:af:f8:d5:b8:
         13:b3:10:56:90:02:6d:a5:83:ee:c3:de:5f:ae:47:46:9e:c4:
         14:23:da:4a:98:2f:b9:93:19:d0:a6:01:ad:e3:c9:5c:59:03:
         3c:77:50:64:ef:db:28:ab:ec:9c:6c:35:02:fd:cd:f5:57:08:
         b3:fe:8f:e4:4f:ca:f2:82:64:17:b5:fd:f4:bf:f9:b6:ff:54:
         bd:59:d8:e5:3f:c1:19:d3:aa:63:74:a3:0d:7d:ba:42:a1:9b:
         49:9b:2f:cf:b2:f3:d8:81:23:30:2c:4e:20:51:8a:fa:7b:e3:
         5a:99:7c:cb:92:a4:b6:39:31:44:9e:bb:a3:95:b4:e6:42:93:
         64:c1:ba:6f:dc:ea:1e:10:5b:f0:44:30:fe:fa:83:c9:e7:02:
         80:7c:b5:0c:b0:38:04:22:a5:fb:51:ef:fa:0c:95:3e:3a:fa:
         a9:df:9e:b1:99:ae:64:86:42:c4:ce:49:50:4b:4a:ce:07:81:
         78:f6:64:ab
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NTM5QzExMC8GA1UEBRMoNEZDNUZEOEQyNzY4RTQwOTc3NDIxOTE4RkIxMzlDMzM1
REJGODM4MDAeFw0yNjA2MTUwNjUzMDRaFw0yNzA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhMmZhMTRmLWU2NmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIoSvitmEeEMtwSIPVOxRQjkF6UFZDyY+uWIwclsJ/QE7SUK5MUuTXjYsRI903
7NX3q0bphp3b233uGUGlVlaFTjI6XCkfEeD0MUgRYQF55EsjYQlrbYRErgfB9w0c
ICDgnAujRbbxDEh3aV+B1YFZNaoAnKXZ9z1UvQw6U6SkK5/PUhUeBU7aBMRg6wKv
lAerxGbxSuhDke7VVRhdCR6Q5T4ATIOpNzAN8hroPPnelJQ2mIZWt2BulKLjH+vR
N0cAor7x2W63voIu8Xriy0xykKD9JZXQta4QpWaGgWhcZ099ivX53vFvNwSFvjAI
EKyA5+DoLo4NmysBJMOmt4x5AgMBAAGjggJhMIICXTAdBgNVHQ4EFgQU/Y11zUr2
tBEw4gXqgn4TgGGVOQUwHwYDVR0jBBgwFoAUT8X9jSdo5Al3QhkY+xOcM12/g4Aw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI1MzlDLzYzQzhFNTUyNjg4
NjExRjFBOUREMzBDRTZDNDdBODg4L1Q4WDlqU2RvNUFsM1Foa1kteE9jTTEyX2c0
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvVDhYOWpTZG81QWwzUWhrWS14T2NNMTJfZzRBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NTM5Qy82M0M4RTU1MjY4ODYxMUYxQTlERDMwQ0U2QzQ3QTg4OC9EQjE0RjBEODY4
ODYxMUYxOUI4NEZBRDU2QzQ3QTg4OC5yb2EwIAYIKwYBBQUHAQcBAf8EETAPMA0E
AgACMAcDBQAkAmRgMA0GCSqGSIb3DQEBCwUAA4IBAQAEZgpKx6IwQfpdCtZmNNof
ANfwpCT+smyuq0oO9PgaK9e4sMFNaVChOdhw7kUP3zZyra8amnGD8G1k4vSsp3LM
beQ196/41bgTsxBWkAJtpYPuw95frkdGnsQUI9pKmC+5kxnQpgGt48lcWQM8d1Bk
79soq+ycbDUC/c31Vwiz/o/kT8rygmQXtf30v/m2/1S9WdjlP8EZ06pjdKMNfbpC
oZtJmy/PsvPYgSMwLE4gUYr6e+NamXzLkqS2OTFEnrujlbTmQpNkwbpv3OoeEFvw
RDD++oPJ5wKAfLUMsDgEIqX7Ue/6DJU+Ovqp356xma5khkLEzklQS0rOB4F49mSr
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:36:15 2026 by rpki-client