Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/DCEF2F3CFFD611EFA348445FC4F9AE02.roa
File:                     DCEF2F3CFFD611EFA348445FC4F9AE02.roa (raw, json)
Hash identifier:          CtlN2Faru+xDk/jym7szi2Dss5+eT2ey7yUoE46ChWo=
Subject key identifier:   38:52:74:12:07:DC:CA:B2:B4:B2:7E:D5:03:C1:70:BB:18:8C:34:DE
Certificate issuer:       /CN=A91BAE34/serialNumber=EF6678DC0CEB34141C64A18AB24BF86CAB2FBD35
Certificate serial:       058E
Authority key identifier: EF:66:78:DC:0C:EB:34:14:1C:64:A1:8A:B2:4B:F8:6C:AB:2F:BD:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72Z43AzrNBQcZKGKskv4bKsvvTU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/DCEF2F3CFFD611EFA348445FC4F9AE02.roa
Signing time:             Thu 25 Jun 2026 08:02:48 +0000
ROA not before:           Thu 25 Jun 2026 08:02:48 +0000
ROA not after:            Tue 02 Mar 2027 00:00:00 +0000
asID:                     963
IP address blocks:        103.203.48.0/22 maxlen: 24
                          116.213.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/72Z43AzrNBQcZKGKskv4bKsvvTU.crl
                          rsync://rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/72Z43AzrNBQcZKGKskv4bKsvvTU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72Z43AzrNBQcZKGKskv4bKsvvTU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 23:48:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1422 (0x58e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BAE34, serialNumber=EF6678DC0CEB34141C64A18AB24BF86CAB2FBD35
        Validity
            Not Before: Jun 25 08:02:48 2026 GMT
            Not After : Mar  2 00:00:00 2027 GMT
        Subject: CN=6a3ce0a7-56e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:34:fa:65:f7:d1:0f:2f:b7:d4:71:46:93:97:
                    55:0c:76:bd:0f:98:80:c3:c1:90:77:cd:b7:00:18:
                    5d:f6:27:9d:e7:7a:2c:08:af:9e:64:4b:de:7f:76:
                    5b:9e:c9:ca:fd:1b:2d:19:f9:88:10:f0:fa:ea:32:
                    ce:e0:81:97:1e:71:93:b9:a8:8b:75:ea:d8:ca:05:
                    8f:fa:35:af:96:d3:e7:e8:32:5d:57:7d:19:28:47:
                    2c:21:64:bb:ad:b0:01:1a:d1:7a:a1:6c:cd:ea:61:
                    f2:f1:cc:ae:fa:ae:64:68:bb:2f:9b:01:97:04:d1:
                    ec:80:97:10:25:44:9b:bd:0a:6d:3a:f9:9c:e9:6b:
                    06:40:28:95:41:76:e5:cf:81:93:59:58:fe:29:78:
                    6a:e7:98:8a:fa:fc:a6:1c:e6:99:58:54:e3:c5:b8:
                    c5:73:ef:a7:60:f8:71:19:ee:24:90:33:7e:57:85:
                    f4:50:dd:da:eb:96:9d:16:06:ab:a4:5c:fb:7f:fd:
                    35:da:79:d3:fc:97:6a:00:12:39:51:36:7b:64:c6:
                    6e:8e:09:5b:d4:e6:94:f4:42:e3:2e:a7:69:f9:fc:
                    27:c2:67:8c:a6:8c:d7:47:3d:61:b1:01:e2:b2:ce:
                    cc:1c:95:bf:79:89:a5:2b:54:ef:70:23:6c:e5:a9:
                    b2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:52:74:12:07:DC:CA:B2:B4:B2:7E:D5:03:C1:70:BB:18:8C:34:DE
            X509v3 Authority Key Identifier:
                keyid:EF:66:78:DC:0C:EB:34:14:1C:64:A1:8A:B2:4B:F8:6C:AB:2F:BD:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/72Z43AzrNBQcZKGKskv4bKsvvTU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72Z43AzrNBQcZKGKskv4bKsvvTU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BAE34/4BEFBECA30C211EC91A1701DC4F9AE02/DCEF2F3CFFD611EFA348445FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.203.48.0/22
                  116.213.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:5b:3e:ef:19:4f:fe:b7:54:52:03:41:60:ce:c2:3c:18:b3:
         cf:af:f0:70:c2:b7:e3:19:81:74:16:7e:e0:15:0e:64:de:f2:
         ca:28:bc:ac:74:b8:25:66:34:21:94:ae:44:9b:97:40:0a:92:
         75:de:a9:79:3a:c9:2d:9f:98:21:62:a7:ac:2a:81:a2:3b:89:
         81:41:26:67:a0:ba:20:b4:46:df:ba:39:c3:11:27:06:76:d7:
         46:3f:d1:fe:c0:f6:b5:2b:00:87:11:cc:4c:70:04:4f:e6:a2:
         f8:a2:02:31:0a:32:41:0d:57:c4:66:ec:f0:45:1a:a5:f8:9f:
         1d:5a:da:57:05:a9:7e:23:43:65:d0:0b:e4:43:aa:13:ad:fc:
         33:f9:23:ad:f0:ed:5d:93:75:63:a7:f2:47:e5:74:f1:dc:e7:
         68:23:76:7b:40:e2:ae:47:46:0c:fa:e2:59:4c:0f:63:f8:c5:
         67:97:db:98:17:e2:61:d9:49:11:72:7f:39:bd:d0:ab:ee:58:
         21:ac:fc:78:36:42:d9:12:1d:a6:7a:19:9b:87:2f:c0:87:0e:
         27:ef:15:91:08:cb:8d:29:c9:37:d6:77:d8:4d:48:73:c4:d8:
         75:35:be:19:3a:08:41:7c:12:1a:c9:b0:b5:8c:13:1b:a2:53:
         b1:42:57:36
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICBY4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkFFMzQxMTAvBgNVBAUTKEVGNjY3OERDMENFQjM0MTQxQzY0QTE4QUIyNEJGODZD
QUIyRkJEMzUwHhcNMjYwNjI1MDgwMjQ4WhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNjZTBhNy01NmU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0TT6ZffRDy+31HFGk5dVDHa9D5iAw8GQd823ABhd9ied53osCK+eZEvef3Zb
nsnK/RstGfmIEPD66jLO4IGXHnGTuaiLderYygWP+jWvltPn6DJdV30ZKEcsIWS7
rbABGtF6oWzN6mHy8cyu+q5kaLsvmwGXBNHsgJcQJUSbvQptOvmc6WsGQCiVQXbl
z4GTWVj+KXhq55iK+vymHOaZWFTjxbjFc++nYPhxGe4kkDN+V4X0UN3a65adFgar
pFz7f/012nnT/JdqABI5UTZ7ZMZujglb1OaU9ELjLqdp+fwnwmeMpozXRz1hsQHi
ss7MHJW/eYmlK1TvcCNs5amyPQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFDhSdBIH
3MqytLJ+1QPBcLsYjDTeMB8GA1UdIwQYMBaAFO9meNwM6zQUHGShirJL+GyrL701
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQUUzNC80QkVGQkVDQTMw
QzIxMUVDOTFBMTcwMURDNEY5QUUwMi83Mlo0M0F6ck5CUWNaS0dLc2t2NGJLc3Z2
VFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzcyWjQzQXpyTkJRY1pLR0tza3Y0YktzdnZUVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkFFMzQvNEJFRkJFQ0EzMEMyMTFFQzkxQTE3MDFEQzRGOUFFMDIvRENFRjJGM0NG
RkQ2MTFFRkEzNDg0NDVGQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQCZ8swAwQCdNUkMA0GCSqGSIb3DQEBCwUAA4IBAQBXWz7vGU/+t1RS
A0FgzsI8GLPPr/BwwrfjGYF0Fn7gFQ5k3vLKKLysdLglZjQhlK5Em5dACpJ13ql5
Osktn5ghYqesKoGiO4mBQSZnoLogtEbfujnDEScGdtdGP9H+wPa1KwCHEcxMcARP
5qL4ogIxCjJBDVfEZuzwRRql+J8dWtpXBal+I0Nl0AvkQ6oTrfwz+SOt8O1dk3Vj
p/JH5XTx3OdoI3Z7QOKuR0YM+uJZTA9j+MVnl9uYF+Jh2UkRcn85vdCr7lghrPx4
NkLZEh2mehmbhy/Ahw4n7xWRCMuNKck31nfYTUhzxNh1Nb4ZOghBfBIaybC1jBMb
olOxQlc2
-----END CERTIFICATE-----
Generated at Sat Jul 18 08:20:17 2026 by rpki-client