Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/1F99EBD4C66F11EAA0B1B019C4F9AE02.roa
File:                     1F99EBD4C66F11EAA0B1B019C4F9AE02.roa (raw, json)
Hash identifier:          1Qe3kM5x5KqEwe5M+bGTCCv+sth4Ebh7I/TiW9WI7Tw=
Subject key identifier:   51:F6:AB:73:06:85:46:69:8F:16:C2:D2:BF:0B:56:2A:1F:D5:BE:60
Certificate issuer:       /CN=A91B653B/serialNumber=BCAE5732EF219732B49AC8284DB1814E92C86B11
Certificate serial:       095A
Authority key identifier: BC:AE:57:32:EF:21:97:32:B4:9A:C8:28:4D:B1:81:4E:92:C8:6B:11
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vK5XMu8hlzK0msgoTbGBTpLIaxE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/1F99EBD4C66F11EAA0B1B019C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 21:24:58 +0000
ROA not before:           Tue 30 Jun 2026 21:24:58 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        103.150.161.0/24 maxlen: 24
                          103.161.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/vK5XMu8hlzK0msgoTbGBTpLIaxE.crl
                          rsync://rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/vK5XMu8hlzK0msgoTbGBTpLIaxE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vK5XMu8hlzK0msgoTbGBTpLIaxE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 20:18:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2394 (0x95a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B653B, serialNumber=BCAE5732EF219732B49AC8284DB1814E92C86B11
        Validity
            Not Before: Jun 30 21:24:58 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a44342a-1aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fa:d4:22:20:e4:c3:39:fa:3b:c5:ac:0f:f7:
                    1f:f1:70:58:b8:00:e0:70:22:c6:8f:99:c2:73:bd:
                    1a:de:c9:67:3a:12:25:ac:61:7a:d9:17:fd:ab:be:
                    e8:d0:93:65:3f:df:db:20:da:4a:5d:76:b9:a7:7a:
                    52:ed:59:62:f6:a9:f3:11:27:81:5d:46:76:b9:96:
                    ec:d3:ad:15:8e:67:75:b5:48:8e:59:56:36:52:2d:
                    7e:f9:89:96:16:b6:ac:f7:97:a0:6a:7a:da:78:24:
                    40:b0:10:9b:0c:ae:09:64:b4:b4:5b:ed:17:3d:e1:
                    73:40:bb:a5:0a:57:48:eb:76:bf:b5:73:f2:eb:9a:
                    54:05:d4:d8:82:e5:b9:c6:65:27:87:4e:79:2b:cd:
                    e1:a1:22:22:90:14:1f:27:7e:1d:48:95:67:83:2f:
                    d7:0e:d7:b7:ab:55:ec:2a:2c:74:4b:bb:a0:e9:35:
                    c9:a7:d0:47:1d:77:74:ac:d1:f2:16:91:ba:cf:8d:
                    e4:7d:24:99:5e:9b:51:a2:89:51:54:45:ca:37:6d:
                    ba:d1:d2:66:1d:89:ee:15:77:cb:42:6c:f8:e2:e3:
                    fe:65:f4:a5:28:14:bf:86:e7:50:aa:5c:dc:33:ae:
                    38:a1:58:4a:4d:ab:71:96:bf:e4:2b:26:86:2a:de:
                    9c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F6:AB:73:06:85:46:69:8F:16:C2:D2:BF:0B:56:2A:1F:D5:BE:60
            X509v3 Authority Key Identifier:
                keyid:BC:AE:57:32:EF:21:97:32:B4:9A:C8:28:4D:B1:81:4E:92:C8:6B:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/vK5XMu8hlzK0msgoTbGBTpLIaxE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vK5XMu8hlzK0msgoTbGBTpLIaxE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B653B/29383CDEC20C11EAB812A01AC4F9AE02/1F99EBD4C66F11EAA0B1B019C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.150.161.0/24
                  103.161.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:bf:a9:2a:d9:c4:39:f1:cf:9c:9d:bd:f6:2c:26:b0:3b:97:
         9f:d6:fb:3c:ec:44:c0:c9:0b:0b:48:50:97:b9:d0:c3:7f:fe:
         71:bf:24:77:e3:ba:d6:93:2d:5a:45:cb:f6:e6:0a:5a:07:6f:
         fa:94:f4:bc:c0:e1:f3:97:0c:71:27:d2:12:76:08:62:b7:3d:
         38:67:7c:01:0c:5c:90:43:47:1d:a7:0b:35:f9:bc:3a:8c:81:
         f6:4c:96:ad:10:c6:dd:25:ef:56:aa:da:ba:4c:0c:31:bf:3f:
         06:c4:da:b9:35:c6:26:77:d3:0e:01:4b:98:fc:e5:1d:9c:1a:
         ac:f2:8b:d3:5b:b6:6c:5c:fa:e4:46:b5:5c:a1:a7:b3:b6:80:
         93:8c:7e:43:cd:aa:ae:f5:45:05:b1:de:90:5b:bc:35:28:db:
         6c:ef:e1:07:71:79:46:f5:b5:9f:fb:6f:43:53:2c:ba:a5:3c:
         ae:2a:c3:1b:57:49:0e:b4:f7:ba:e2:db:d8:0c:1e:da:9a:65:
         55:77:ab:a4:15:e5:c1:0a:28:55:12:19:88:30:94:0f:c4:ab:
         ac:7d:92:21:ac:c3:63:7b:d4:bc:7c:08:2c:08:57:f7:51:ec:
         37:39:00:cb:ce:05:1f:76:8e:72:e3:ae:a9:89:fd:d2:26:b2:
         d6:91:a9:27
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICCVowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjY1M0IxMTAvBgNVBAUTKEJDQUU1NzMyRUYyMTk3MzJCNDlBQzgyODREQjE4MTRF
OTJDODZCMTEwHhcNMjYwNjMwMjEyNDU4WhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0MzQyYS0xYWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApfrUIiDkwzn6O8WsD/cf8XBYuADgcCLGj5nCc70a3slnOhIlrGF62Rf9q77o
0JNlP9/bINpKXXa5p3pS7Vli9qnzESeBXUZ2uZbs060Vjmd1tUiOWVY2Ui1++YmW
Fras95eganraeCRAsBCbDK4JZLS0W+0XPeFzQLulCldI63a/tXPy65pUBdTYguW5
xmUnh055K83hoSIikBQfJ34dSJVngy/XDte3q1XsKix0S7ug6TXJp9BHHXd0rNHy
FpG6z43kfSSZXptRoolRVEXKN2260dJmHYnuFXfLQmz44uP+ZfSlKBS/hudQqlzc
M644oVhKTatxlr/kKyaGKt6c1QIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFFH2q3MG
hUZpjxbC0r8LViof1b5gMB8GA1UdIwQYMBaAFLyuVzLvIZcytJrIKE2xgU6SyGsR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNjUzQi8yOTM4M0NERUMy
MEMxMUVBQjgxMkEwMUFDNEY5QUUwMi92SzVYTXU4aGx6SzBtc2dvVGJHQlRwTElh
eEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZLNVhNdThobHpLMG1zZ29UYkdCVHBMSWF4RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjY1M0IvMjkzODNDREVDMjBDMTFFQUI4MTJBMDFBQzRGOUFFMDIvMUY5OUVCRDRD
NjZGMTFFQUEwQjFCMDE5QzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQAZ5ahAwQAZ6FNMA0GCSqGSIb3DQEBCwUAA4IBAQCMv6kq2cQ58c+c
nb32LCawO5ef1vs87ETAyQsLSFCXudDDf/5xvyR347rWky1aRcv25gpaB2/6lPS8
wOHzlwxxJ9ISdghitz04Z3wBDFyQQ0cdpws1+bw6jIH2TJatEMbdJe9Wqtq6TAwx
vz8GxNq5NcYmd9MOAUuY/OUdnBqs8ovTW7ZsXPrkRrVcoaeztoCTjH5Dzaqu9UUF
sd6QW7w1KNts7+EHcXlG9bWf+29DUyy6pTyuKsMbV0kOtPe64tvYDB7ammVVd6uk
FeXBCihVEhmIMJQPxKusfZIhrMNje9S8fAgsCFf3Uew3OQDLzgUfdo5y466pif3S
JrLWkakn
-----END CERTIFICATE-----
Generated at Mon Jul 6 18:18:43 2026 by rpki-client