Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/0D5F2416B5B811EEA8ACF557C4F9AE02.roa
File:                     0D5F2416B5B811EEA8ACF557C4F9AE02.roa (raw, json)
Hash identifier:          qfFd1OkdxxfsdrGhnn3dqFBraYFvXPIV0iQiCI0Bu+U=
Subject key identifier:   7D:0D:6F:9B:88:F6:85:C3:8F:CF:F1:BD:6F:4A:81:51:17:51:68:9A
Certificate issuer:       /CN=A91B8F34/serialNumber=64943B1D2BE2F93DD640E024EB94D8D38DCE6A83
Certificate serial:       01F1
Authority key identifier: 64:94:3B:1D:2B:E2:F9:3D:D6:40:E0:24:EB:94:D8:D3:8D:CE:6A:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZJQ7HSvi-T3WQOAk65TY043OaoM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/0D5F2416B5B811EEA8ACF557C4F9AE02.roa
Signing time:             Mon 29 Jun 2026 04:35:42 +0000
ROA not before:           Mon 29 Jun 2026 04:35:42 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     135069
IP address blocks:        103.63.92.0/22 maxlen: 22
                          103.63.92.0/23 maxlen: 23
                          103.63.92.0/24 maxlen: 24
                          103.63.94.0/23 maxlen: 23
                          103.63.94.0/24 maxlen: 24
                          103.63.95.0/24 maxlen: 24
                          103.153.120.0/23 maxlen: 23
                          103.153.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/ZJQ7HSvi-T3WQOAk65TY043OaoM.crl
                          rsync://rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/ZJQ7HSvi-T3WQOAk65TY043OaoM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZJQ7HSvi-T3WQOAk65TY043OaoM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 04:35:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 497 (0x1f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B8F34, serialNumber=64943B1D2BE2F93DD640E024EB94D8D38DCE6A83
        Validity
            Not Before: Jun 29 04:35:42 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a41f61e-10ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:86:12:10:a5:ea:ad:a9:59:94:d9:3d:fd:20:
                    93:e1:81:97:94:52:93:c2:1d:f6:a6:a8:96:4f:a4:
                    56:91:57:c1:63:02:40:91:f8:04:c4:7d:9e:97:21:
                    f0:7e:20:8a:6d:97:49:a8:cf:2b:bd:97:b8:de:7d:
                    d5:7d:53:86:a9:4b:38:b1:22:bc:b1:24:4c:60:f9:
                    60:24:8e:bc:a0:92:6a:13:b5:23:ad:46:fb:9c:54:
                    79:f1:ed:af:f0:46:85:79:4b:d3:02:e3:4d:1f:3d:
                    dc:aa:51:c9:de:fe:77:0f:aa:9f:61:53:6f:9d:79:
                    bb:12:e1:fe:f0:8d:e6:fa:0a:0b:78:b6:36:23:84:
                    eb:c2:8a:3c:2c:76:14:84:dc:eb:c5:9d:a1:f8:22:
                    79:39:25:5f:36:20:d2:e2:b5:70:23:f4:d2:e5:1d:
                    04:38:d3:b4:eb:23:09:68:e4:4d:f7:0c:31:64:1f:
                    5a:cc:78:51:69:58:de:1e:f7:88:78:81:10:dd:73:
                    ab:84:1b:58:b8:cb:03:aa:5e:c2:c4:fd:0b:f0:2e:
                    89:c4:23:65:b7:cc:e5:69:ac:20:e6:8c:d0:e5:eb:
                    a4:25:03:71:06:b7:7f:ac:ee:10:c8:78:de:96:3c:
                    7d:94:0f:fc:d4:ec:41:4c:2c:11:eb:63:fa:de:ae:
                    d2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0D:6F:9B:88:F6:85:C3:8F:CF:F1:BD:6F:4A:81:51:17:51:68:9A
            X509v3 Authority Key Identifier:
                keyid:64:94:3B:1D:2B:E2:F9:3D:D6:40:E0:24:EB:94:D8:D3:8D:CE:6A:83

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/ZJQ7HSvi-T3WQOAk65TY043OaoM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZJQ7HSvi-T3WQOAk65TY043OaoM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B8F34/81DAEC5AB59811EE9A18F95FC4F9AE02/0D5F2416B5B811EEA8ACF557C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.63.92.0/22
                  103.153.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:71:ad:3e:76:b6:da:6c:99:78:ba:e6:e3:6f:22:fe:ac:42:
         b8:9b:8c:fd:c3:c8:24:17:d5:7f:59:cc:17:8c:d0:73:c5:8a:
         e3:49:f6:66:de:dc:1b:09:7f:33:49:68:b1:7d:5c:a8:72:6f:
         e3:14:21:d3:fa:00:57:99:88:ab:b9:a3:25:a2:4d:e3:0e:9a:
         0c:8e:a6:d5:ce:98:a4:56:d0:1a:f1:b4:b5:2e:8c:94:c7:ab:
         cb:04:68:b6:ca:f4:0e:93:c0:23:d8:ff:16:86:a7:0e:7a:b2:
         15:e1:09:a3:c9:6e:93:f4:a1:fd:9c:76:bb:1b:11:4d:f5:91:
         30:37:a0:03:82:05:12:2f:ef:92:fd:49:fc:36:80:cf:db:6d:
         1b:c7:4a:aa:37:e1:ca:1e:04:0a:7d:27:15:4f:79:1e:e6:0d:
         d5:e7:29:56:38:51:9e:db:1c:ab:40:38:49:ff:77:55:ac:5b:
         16:cb:01:d2:67:15:f4:13:36:ef:7f:71:10:5a:c0:fe:10:e8:
         3a:00:33:42:56:da:cd:ca:ad:68:b4:39:98:70:48:ea:8c:ca:
         81:56:f1:92:8b:dc:4a:32:b0:c1:04:d5:87:2d:d7:f0:46:83:
         27:1d:22:29:2a:b1:ff:40:3f:44:d9:e8:2d:1b:1c:d3:2d:2a:
         3c:b9:00:b0
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICAfEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjhGMzQxMTAvBgNVBAUTKDY0OTQzQjFEMkJFMkY5M0RENjQwRTAyNEVCOTREOEQz
OERDRTZBODMwHhcNMjYwNjI5MDQzNTQyWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQxZjYxZS0xMGNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnYYSEKXqralZlNk9/SCT4YGXlFKTwh32pqiWT6RWkVfBYwJAkfgExH2elyHw
fiCKbZdJqM8rvZe43n3VfVOGqUs4sSK8sSRMYPlgJI68oJJqE7UjrUb7nFR58e2v
8EaFeUvTAuNNHz3cqlHJ3v53D6qfYVNvnXm7EuH+8I3m+goLeLY2I4Trwoo8LHYU
hNzrxZ2h+CJ5OSVfNiDS4rVwI/TS5R0EONO06yMJaORN9wwxZB9azHhRaVjeHveI
eIEQ3XOrhBtYuMsDql7CxP0L8C6JxCNlt8zlaawg5ozQ5eukJQNxBrd/rO4QyHje
ljx9lA/81OxBTCwR62P63q7SwQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFH0Nb5uI
9oXDj8/xvW9KgVEXUWiaMB8GA1UdIwQYMBaAFGSUOx0r4vk91kDgJOuU2NONzmqD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOEYzNC84MURBRUM1QUI1
OTgxMUVFOUExOEY5NUZDNEY5QUUwMi9aSlE3SFN2aS1UM1dRT0FrNjVUWTA0M09h
b00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pKUTdIU3ZpLVQzV1FPQWs2NVRZMDQzT2FvTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjhGMzQvODFEQUVDNUFCNTk4MTFFRTlBMThGOTVGQzRGOUFFMDIvMEQ1RjI0MTZC
NUI4MTFFRUE4QUNGNTU3QzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQCZz9cAwQBZ5l4MA0GCSqGSIb3DQEBCwUAA4IBAQCYca0+drbabJl4
uubjbyL+rEK4m4z9w8gkF9V/WcwXjNBzxYrjSfZm3twbCX8zSWixfVyocm/jFCHT
+gBXmYiruaMlok3jDpoMjqbVzpikVtAa8bS1LoyUx6vLBGi2yvQOk8Aj2P8WhqcO
erIV4QmjyW6T9KH9nHa7GxFN9ZEwN6ADggUSL++S/Un8NoDP220bx0qqN+HKHgQK
fScVT3ke5g3V5ylWOFGe2xyrQDhJ/3dVrFsWywHSZxX0Ezbvf3EQWsD+EOg6ADNC
VtrNyq1otDmYcEjqjMqBVvGSi9xKMrDBBNWHLdfwRoMnHSIpKrH/QD9E2egtGxzT
LSo8uQCw
-----END CERTIFICATE-----
Generated at Sat Jul 18 02:18:36 2026 by rpki-client