Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/D9470BFE7DC811ECB84BD174C4F9AE02.roa
File:                     D9470BFE7DC811ECB84BD174C4F9AE02.roa (raw, json)
Hash identifier:          JfIAFCu2MeeRSwrWxSJdpgjG5VN2LpU2/LUPIGp49hg=
Subject key identifier:   C7:2A:E6:79:09:38:17:85:2F:7A:AC:34:12:AE:2B:67:55:64:41:07
Certificate issuer:       /CN=A91B8265/serialNumber=8F11C47E2FEA199C2727C86B4990F3BFAE820162
Certificate serial:       04D3
Authority key identifier: 8F:11:C4:7E:2F:EA:19:9C:27:27:C8:6B:49:90:F3:BF:AE:82:01:62
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jxHEfi_qGZwnJ8hrSZDzv66CAWI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/D9470BFE7DC811ECB84BD174C4F9AE02.roa
Signing time:             Fri 03 Jul 2026 00:25:19 +0000
ROA not before:           Fri 03 Jul 2026 00:25:19 +0000
ROA not after:            Sun 01 Nov 2026 00:00:00 +0000
asID:                     137040
IP address blocks:        103.102.221.0/24 maxlen: 24
                          103.133.75.0/24 maxlen: 24
                          103.133.82.0/23 maxlen: 23
                          103.133.82.0/24 maxlen: 24
                          103.133.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/jxHEfi_qGZwnJ8hrSZDzv66CAWI.crl
                          rsync://rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/jxHEfi_qGZwnJ8hrSZDzv66CAWI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jxHEfi_qGZwnJ8hrSZDzv66CAWI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 00:25:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1235 (0x4d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B8265, serialNumber=8F11C47E2FEA199C2727C86B4990F3BFAE820162
        Validity
            Not Before: Jul  3 00:25:19 2026 GMT
            Not After : Nov  1 00:00:00 2026 GMT
        Subject: CN=6a47016f-5c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e3:6c:a6:37:25:4e:16:41:f3:2a:c1:d5:3c:
                    57:8e:0a:a0:be:b6:dc:b0:1e:f7:5d:c2:97:bd:0f:
                    d1:3c:f5:39:49:d1:db:27:2d:bb:9a:59:6f:c8:6f:
                    e2:af:f3:77:6e:a2:4a:87:9f:e6:5a:35:c1:6a:73:
                    5d:9a:b9:7c:cc:57:bf:54:6a:e3:34:03:2c:55:e8:
                    8f:0f:54:5b:61:d8:e7:8e:c2:b4:31:fe:d2:a5:78:
                    22:30:a8:27:13:a8:72:d4:f0:fc:d5:5d:c0:79:c1:
                    de:94:7d:82:4c:6d:a9:b7:25:b9:8a:74:a0:c5:08:
                    65:0f:89:7e:bf:6a:e7:14:cc:e1:ff:a7:dc:6b:d3:
                    cb:29:4e:68:96:a2:ea:b6:98:ee:b0:ca:da:ba:c5:
                    57:83:09:f8:b9:70:30:1a:eb:51:37:f6:58:2c:c7:
                    9b:96:57:6d:ca:c7:38:12:ab:d7:76:0a:59:72:d1:
                    2d:24:14:f8:cb:8d:7f:30:b7:06:65:b2:85:63:fa:
                    93:cf:76:3a:39:4e:70:9e:d5:c7:fd:c1:fe:c4:cf:
                    62:c6:6f:5e:2b:56:72:72:9c:25:4f:ce:c8:cd:bd:
                    2d:75:7e:a2:69:85:37:f9:3d:5f:ac:3c:13:7c:34:
                    bf:01:93:95:bf:25:d2:ba:f7:b7:b3:89:73:6e:d2:
                    7f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2A:E6:79:09:38:17:85:2F:7A:AC:34:12:AE:2B:67:55:64:41:07
            X509v3 Authority Key Identifier:
                keyid:8F:11:C4:7E:2F:EA:19:9C:27:27:C8:6B:49:90:F3:BF:AE:82:01:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/jxHEfi_qGZwnJ8hrSZDzv66CAWI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jxHEfi_qGZwnJ8hrSZDzv66CAWI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B8265/4CD5FE0E7DC411ECA9C4431DC4F9AE02/D9470BFE7DC811ECB84BD174C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.221.0/24
                  103.133.75.0/24
                  103.133.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:02:21:b1:f0:97:c3:c9:fd:0c:78:60:df:85:1d:4f:8a:45:
         42:c2:82:70:12:24:05:3b:4c:41:ed:ee:e0:1d:ef:1f:cf:63:
         6e:52:53:71:0c:e7:97:be:5e:65:61:60:54:4b:97:7c:a4:0f:
         7a:e7:a6:cc:5b:c3:31:d9:33:a6:33:68:19:9c:51:eb:9c:ed:
         eb:34:d6:f0:dd:51:16:c2:34:2f:3b:be:15:38:18:5b:1a:0e:
         6c:68:b0:ef:95:55:5f:87:18:9a:3c:44:02:c9:bf:c7:a9:bc:
         f0:6e:e9:1c:a8:0c:c9:58:e8:a2:96:d7:3c:f4:8a:10:f9:dd:
         69:d6:71:c9:f1:20:e3:c4:d5:6a:8f:43:f9:0b:cf:4a:0d:b3:
         36:7d:a1:7f:30:63:aa:15:e9:13:be:29:e7:2c:2a:ad:bc:2a:
         71:97:3d:a3:4c:08:29:c5:3a:6d:89:be:59:b1:fc:19:93:16:
         de:eb:d8:8d:41:7f:55:33:4c:bf:1b:62:56:c5:12:64:8e:66:
         2a:07:82:33:8a:05:37:8b:dd:4f:37:fa:46:d6:5e:1f:ec:d2:
         59:fa:23:4f:58:a1:f2:32:b1:91:49:64:b8:87:b0:ec:aa:70:
         1a:06:01:3c:ec:48:f6:9c:5a:92:e4:13:32:76:a8:bf:eb:5d:
         aa:63:5c:4c
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgICBNMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjgyNjUxMTAvBgNVBAUTKDhGMTFDNDdFMkZFQTE5OUMyNzI3Qzg2QjQ5OTBGM0JG
QUU4MjAxNjIwHhcNMjYwNzAzMDAyNTE5WhcNMjYxMTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3MDE2Zi01YzdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5uNspjclThZB8yrB1TxXjgqgvrbcsB73XcKXvQ/RPPU5SdHbJy27mllvyG/i
r/N3bqJKh5/mWjXBanNdmrl8zFe/VGrjNAMsVeiPD1RbYdjnjsK0Mf7SpXgiMKgn
E6hy1PD81V3AecHelH2CTG2ptyW5inSgxQhlD4l+v2rnFMzh/6fca9PLKU5olqLq
tpjusMrausVXgwn4uXAwGutRN/ZYLMeblldtysc4EqvXdgpZctEtJBT4y41/MLcG
ZbKFY/qTz3Y6OU5wntXH/cH+xM9ixm9eK1ZycpwlT87Izb0tdX6iaYU3+T1frDwT
fDS/AZOVvyXSuve3s4lzbtJ/SwIDAQABo4ICbDCCAmgwHQYDVR0OBBYEFMcq5nkJ
OBeFL3qsNBKuK2dVZEEHMB8GA1UdIwQYMBaAFI8RxH4v6hmcJyfIa0mQ87+uggFi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCODI2NS80Q0Q1RkUwRTdE
QzQxMUVDQTlDNDQzMURDNEY5QUUwMi9qeEhFZmlfcUdad25KOGhyU1pEenY2NkNB
V0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p4SEVmaV9xR1p3bko4aHJTWkR6djY2Q0FXSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjgyNjUvNENENUZFMEU3REM0MTFFQ0E5QzQ0MzFEQzRGOUFFMDIvRDk0NzBCRkU3
REM4MTFFQ0I4NEJEMTc0QzRGOUFFMDIucm9hMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQAZ2bdAwQAZ4VLAwQBZ4VSMA0GCSqGSIb3DQEBCwUAA4IBAQCTAiGx
8JfDyf0MeGDfhR1PikVCwoJwEiQFO0xB7e7gHe8fz2NuUlNxDOeXvl5lYWBUS5d8
pA9656bMW8Mx2TOmM2gZnFHrnO3rNNbw3VEWwjQvO74VOBhbGg5saLDvlVVfhxia
PEQCyb/HqbzwbukcqAzJWOiiltc89IoQ+d1p1nHJ8SDjxNVqj0P5C89KDbM2faF/
MGOqFekTvinnLCqtvCpxlz2jTAgpxTptib5ZsfwZkxbe69iNQX9VM0y/G2JWxRJk
jmYqB4IzigU3i91PN/pG1l4f7NJZ+iNPWKHyMrGRSWS4h7DsqnAaBgE87Ej2nFqS
5BMydqi/612qY1xM
-----END CERTIFICATE-----
Generated at Sat Jul 18 12:33:33 2026 by rpki-client