Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/3F9CDA68179911EDB9008D18C4F9AE02.roa
File:                     3F9CDA68179911EDB9008D18C4F9AE02.roa (raw, json)
Hash identifier:          3KdJBt5Az7ze/HG9V9IojtdUchiSKe82xWVeI+BorLo=
Subject key identifier:   B6:AD:17:B5:EA:48:54:E8:E1:B7:29:51:84:77:D2:67:1C:54:2A:41
Certificate issuer:       /CN=A91B9B0D/serialNumber=E4D62D31297F17E49C42FA7A7B6623624AD94175
Certificate serial:       0725
Authority key identifier: E4:D6:2D:31:29:7F:17:E4:9C:42:FA:7A:7B:66:23:62:4A:D9:41:75
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5NYtMSl_F-ScQvp6e2YjYkrZQXU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/3F9CDA68179911EDB9008D18C4F9AE02.roa
Signing time:             Wed 24 Jun 2026 22:27:48 +0000
ROA not before:           Wed 24 Jun 2026 22:27:48 +0000
ROA not after:            Fri 30 Jul 2027 00:00:00 +0000
asID:                     24390
IP address blocks:        2001:dd8::/48 maxlen: 48
                          2402:2940::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/5NYtMSl_F-ScQvp6e2YjYkrZQXU.crl
                          rsync://rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/5NYtMSl_F-ScQvp6e2YjYkrZQXU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5NYtMSl_F-ScQvp6e2YjYkrZQXU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 22:23:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1829 (0x725)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B9B0D, serialNumber=E4D62D31297F17E49C42FA7A7B6623624AD94175
        Validity
            Not Before: Jun 24 22:27:48 2026 GMT
            Not After : Jul 30 00:00:00 2027 GMT
        Subject: CN=6a3c59e3-4198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:30:59:c5:af:a6:88:67:ea:a1:c9:15:42:42:
                    d2:5f:10:de:c0:b2:8b:fc:98:e3:58:16:eb:83:15:
                    b1:0b:78:5d:f1:7c:49:51:30:cd:89:39:9d:94:50:
                    78:bf:a2:58:a6:bd:81:9c:29:b9:00:3e:25:da:7b:
                    bd:df:45:a9:f9:34:c6:ef:9d:4a:15:e8:04:bd:f7:
                    de:40:82:15:0a:ff:be:19:5b:0d:12:ff:41:b5:49:
                    e8:a8:b3:d7:95:d5:c7:50:b6:e9:6d:98:b3:59:29:
                    03:89:67:6a:a0:49:07:61:e5:3d:97:52:f2:46:18:
                    dc:20:5b:9a:c6:ec:9c:59:b1:5a:f5:8c:01:a7:76:
                    c3:fe:cf:cc:f5:58:15:b7:75:d3:1f:9b:f6:86:5e:
                    7e:e3:80:39:ef:df:74:78:49:55:8c:c2:7a:45:dd:
                    02:70:83:0f:90:7a:71:69:a4:bf:2f:d1:fd:ab:b8:
                    49:3d:25:eb:04:03:a0:13:a5:5f:0e:5e:0d:d1:8f:
                    43:53:9d:e7:a5:01:ab:13:26:38:a5:79:1c:7c:53:
                    8a:63:2f:45:1d:4c:13:6b:80:48:c7:d6:9b:9e:4e:
                    72:5d:66:8e:5a:41:14:c3:aa:c6:4e:eb:1c:fb:2f:
                    57:4f:8f:86:15:66:5b:95:99:dc:7d:05:0e:b1:cf:
                    7a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AD:17:B5:EA:48:54:E8:E1:B7:29:51:84:77:D2:67:1C:54:2A:41
            X509v3 Authority Key Identifier:
                keyid:E4:D6:2D:31:29:7F:17:E4:9C:42:FA:7A:7B:66:23:62:4A:D9:41:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/5NYtMSl_F-ScQvp6e2YjYkrZQXU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5NYtMSl_F-ScQvp6e2YjYkrZQXU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B9B0D/A28ECBC08AB611EB8237D414C4F9AE02/3F9CDA68179911EDB9008D18C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:dd8::/48
                  2402:2940::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:bd:b1:bf:25:9a:e4:e5:36:6f:c6:1a:e4:34:60:86:46:59:
         4c:d3:d2:6e:8c:b5:4a:9c:fa:b1:b2:ce:98:5d:16:a6:51:f1:
         a0:b2:a3:bb:b2:30:39:73:e0:43:c3:58:b9:de:df:21:57:13:
         2b:55:9c:68:98:f8:c1:2c:c2:ce:9a:1b:8a:40:96:d9:9f:93:
         22:ee:30:8d:16:91:64:51:ad:34:ef:41:60:d8:2b:b3:01:05:
         ed:01:18:c7:e4:ba:70:a2:4f:e0:fb:e3:46:45:26:b4:64:01:
         bb:7e:54:36:15:8c:6e:97:60:8f:4a:13:7f:24:b7:e9:57:9a:
         81:a4:44:73:72:60:3c:a1:c1:8a:91:37:10:a9:17:1d:9d:81:
         8b:e3:7c:37:45:51:de:1f:32:fe:00:e2:4b:d5:ce:9e:bc:c9:
         c2:1c:b8:08:8a:67:6b:24:de:72:43:c9:81:1e:8b:61:89:c8:
         d0:60:75:58:b7:1b:b7:fe:81:52:b7:97:61:1b:16:5f:fb:9c:
         02:a3:34:06:88:ff:52:c0:c7:49:ef:da:0e:c9:74:cf:b6:61:
         89:ec:0c:95:38:d7:3b:68:e8:2c:20:4d:42:b8:49:cb:80:5a:
         92:8a:47:95:82:33:4f:28:62:d5:c1:3f:2a:08:a9:c5:25:14:
         1c:13:0d:bd
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgICByUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjlCMEQxMTAvBgNVBAUTKEU0RDYyRDMxMjk3RjE3RTQ5QzQyRkE3QTdCNjYyMzYy
NEFEOTQxNzUwHhcNMjYwNjI0MjIyNzQ4WhcNMjcwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNjNTllMy00MTk4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2TBZxa+miGfqockVQkLSXxDewLKL/JjjWBbrgxWxC3hd8XxJUTDNiTmdlFB4
v6JYpr2BnCm5AD4l2nu930Wp+TTG751KFegEvffeQIIVCv++GVsNEv9BtUnoqLPX
ldXHULbpbZizWSkDiWdqoEkHYeU9l1LyRhjcIFuaxuycWbFa9YwBp3bD/s/M9VgV
t3XTH5v2hl5+44A57990eElVjMJ6Rd0CcIMPkHpxaaS/L9H9q7hJPSXrBAOgE6Vf
Dl4N0Y9DU53npQGrEyY4pXkcfFOKYy9FHUwTa4BIx9abnk5yXWaOWkEUw6rGTusc
+y9XT4+GFWZblZncfQUOsc96jwIDAQABo4ICajCCAmYwHQYDVR0OBBYEFLatF7Xq
SFTo4bcpUYR30mccVCpBMB8GA1UdIwQYMBaAFOTWLTEpfxfknEL6entmI2JK2UF1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOUIwRC9BMjhFQ0JDMDhB
QjYxMUVCODIzN0Q0MTRDNEY5QUUwMi81Tll0TVNsX0YtU2NRdnA2ZTJZallrclpR
WFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVOWXRNU2xfRi1TY1F2cDZlMllqWWtyWlFYVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjlCMEQvQTI4RUNCQzA4QUI2MTFFQjgyMzdENDE0QzRGOUFFMDIvM0Y5Q0RBNjgx
Nzk5MTFFREI5MDA4RDE4QzRGOUFFMDIucm9hMCkGCCsGAQUFBwEHAQH/BBowGDAW
BAIAAjAQAwcAIAEN2AAAAwUAJAIpQDANBgkqhkiG9w0BAQsFAAOCAQEAar2xvyWa
5OU2b8Ya5DRghkZZTNPSboy1Spz6sbLOmF0WplHxoLKju7IwOXPgQ8NYud7fIVcT
K1WcaJj4wSzCzpobikCW2Z+TIu4wjRaRZFGtNO9BYNgrswEF7QEYx+S6cKJP4Pvj
RkUmtGQBu35UNhWMbpdgj0oTfyS36VeagaREc3JgPKHBipE3EKkXHZ2Bi+N8N0VR
3h8y/gDiS9XOnrzJwhy4CIpnayTeckPJgR6LYYnI0GB1WLcbt/6BUreXYRsWX/uc
AqM0Boj/UsDHSe/aDsl0z7ZhiewMlTjXO2joLCBNQrhJy4BakopHlYIzTyhi1cE/
KgipxSUUHBMNvQ==
-----END CERTIFICATE-----
Generated at Sat Jul 18 07:14:28 2026 by rpki-client