Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/656CB24EC9F611ED9853C583C4F9AE02.roa
File:                     656CB24EC9F611ED9853C583C4F9AE02.roa (raw, json)
Hash identifier:          vsNlGQ11CWIdF534rGVVHSBQnNLB5S6nlxZqLQOrOlM=
Subject key identifier:   0A:06:8D:0C:73:CE:9B:3A:DD:24:06:23:CD:72:AA:41:EB:75:09:28
Certificate issuer:       /CN=A91BBF7F/serialNumber=D5F6DD63C0381060AFFBC9D20ED30F07FBDE88EA
Certificate serial:       0FB9
Authority key identifier: D5:F6:DD:63:C0:38:10:60:AF:FB:C9:D2:0E:D3:0F:07:FB:DE:88:EA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1fbdY8A4EGCv-8nSDtMPB_veiOo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/656CB24EC9F611ED9853C583C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 18:22:30 +0000
ROA not before:           Tue 30 Jun 2026 18:22:30 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     149855
IP address blocks:        103.138.252.0/24 maxlen: 24
                          2001:df0:5f80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/1fbdY8A4EGCv-8nSDtMPB_veiOo.crl
                          rsync://rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/1fbdY8A4EGCv-8nSDtMPB_veiOo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1fbdY8A4EGCv-8nSDtMPB_veiOo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 17:34:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4025 (0xfb9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BBF7F, serialNumber=D5F6DD63C0381060AFFBC9D20ED30F07FBDE88EA
        Validity
            Not Before: Jun 30 18:22:30 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a440966-4267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c3:66:5a:8c:09:48:aa:69:12:f4:61:de:fa:
                    60:81:b1:8d:f2:50:c8:8f:2e:00:21:12:1e:d2:4a:
                    e9:25:2f:3e:c6:1a:7d:03:3f:41:aa:be:bc:9c:32:
                    1a:63:bf:93:3d:fc:40:60:2a:bd:f3:31:83:27:be:
                    d1:73:7e:79:7b:c2:64:44:ed:25:e8:8d:05:e6:54:
                    f6:5b:a8:ff:b2:bc:84:e9:c3:1c:49:85:08:53:b6:
                    cb:18:eb:3f:92:3e:c6:f6:26:d1:a0:42:d1:a9:5f:
                    63:41:4d:b9:ed:f4:3e:a0:ff:f1:c8:8f:70:06:c9:
                    19:68:eb:e1:29:3d:03:96:51:03:32:30:71:b0:52:
                    8b:b2:af:78:9d:fd:f5:75:f1:ce:2a:b0:ea:64:e7:
                    9d:78:ef:72:a1:d0:9b:eb:a8:41:2d:48:b8:57:23:
                    33:a4:8e:37:db:f5:61:80:08:20:50:0f:bc:ba:5a:
                    12:c9:53:46:f7:fa:bf:a9:92:57:e5:b6:cb:23:4e:
                    7b:7e:65:14:72:d0:5e:3a:c5:d5:b5:8b:81:aa:bb:
                    d2:19:73:d5:d9:83:63:8d:36:7b:67:3c:c4:e7:87:
                    f5:33:45:aa:94:18:60:bb:2e:66:f8:20:6c:18:45:
                    40:d0:e2:be:38:9f:ee:f4:cc:f5:26:3c:53:bc:6d:
                    5f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:06:8D:0C:73:CE:9B:3A:DD:24:06:23:CD:72:AA:41:EB:75:09:28
            X509v3 Authority Key Identifier:
                keyid:D5:F6:DD:63:C0:38:10:60:AF:FB:C9:D2:0E:D3:0F:07:FB:DE:88:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/1fbdY8A4EGCv-8nSDtMPB_veiOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1fbdY8A4EGCv-8nSDtMPB_veiOo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BBF7F/453EB6F4874511E9BF86445CC4F9AE02/656CB24EC9F611ED9853C583C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.252.0/24
                IPv6:
                  2001:df0:5f80::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:2b:62:2c:16:0f:43:3b:1a:a0:e1:4f:21:89:3f:9c:b0:85:
         92:bb:b5:52:99:80:d7:4d:70:bb:7f:14:71:6d:8b:fa:60:48:
         ca:3e:8a:2c:43:19:09:68:fd:36:14:45:e3:9b:c1:e1:60:31:
         0f:54:fe:46:1b:eb:26:1b:62:e1:0f:d1:17:82:e2:a5:f1:cc:
         cf:f0:dc:23:02:e9:65:d7:7e:d1:b2:ac:97:f1:77:f4:1f:2b:
         21:19:ac:ac:ff:c3:42:43:9f:ae:f8:c8:3b:88:12:50:8d:61:
         22:d2:e5:07:2e:a7:d0:86:cd:f7:8a:81:21:7e:a4:01:67:54:
         6b:3b:4d:07:22:21:aa:39:99:9e:bb:54:22:d1:02:f1:26:6a:
         df:a0:20:63:a7:bb:f7:97:43:4a:c7:f2:97:c5:2a:b5:3a:0c:
         82:91:a3:d3:3a:b8:30:46:68:0c:16:a3:2f:d3:c2:21:77:3a:
         4b:f3:97:45:b5:a6:88:00:9b:95:45:7d:8e:94:30:99:75:b5:
         65:4f:d0:a8:87:bb:6d:b0:ec:91:d7:83:c9:cf:d3:4b:51:82:
         f1:7d:b3:1d:b9:7e:1f:72:87:ab:5d:0a:be:ec:72:78:93:34:
         b7:b4:bd:de:ba:c3:e6:b6:09:4d:a1:9d:f5:78:0d:af:14:65:
         d5:1f:6e:97
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgICD7kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkJGN0YxMTAvBgNVBAUTKEQ1RjZERDYzQzAzODEwNjBBRkZCQzlEMjBFRDMwRjA3
RkJERTg4RUEwHhcNMjYwNjMwMTgyMjMwWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0MDk2Ni00MjY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAucNmWowJSKppEvRh3vpggbGN8lDIjy4AIRIe0krpJS8+xhp9Az9Bqr68nDIa
Y7+TPfxAYCq98zGDJ77Rc355e8JkRO0l6I0F5lT2W6j/sryE6cMcSYUIU7bLGOs/
kj7G9ibRoELRqV9jQU257fQ+oP/xyI9wBskZaOvhKT0DllEDMjBxsFKLsq94nf31
dfHOKrDqZOedeO9yodCb66hBLUi4VyMzpI432/VhgAggUA+8uloSyVNG9/q/qZJX
5bbLI057fmUUctBeOsXVtYuBqrvSGXPV2YNjjTZ7ZzzE54f1M0WqlBhguy5m+CBs
GEVA0OK+OJ/u9Mz1JjxTvG1fxQIDAQABo4ICcTCCAm0wHQYDVR0OBBYEFAoGjQxz
zps63SQGI81yqkHrdQkoMB8GA1UdIwQYMBaAFNX23WPAOBBgr/vJ0g7TDwf73ojq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQkY3Ri80NTNFQjZGNDg3
NDUxMUU5QkY4NjQ0NUNDNEY5QUUwMi8xZmJkWThBNEVHQ3YtOG5TRHRNUEJfdmVp
T28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFmYmRZOEE0RUdDdi04blNEdE1QQl92ZWlPby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkJGN0YvNDUzRUI2RjQ4NzQ1MTFFOUJGODY0NDVDQzRGOUFFMDIvNjU2Q0IyNEVD
OUY2MTFFRDk4NTNDNTgzQzRGOUFFMDIucm9hMDAGCCsGAQUFBwEHAQH/BCEwHzAM
BAIAATAGAwQAZ4r8MA8EAgACMAkDBwAgAQ3wX4AwDQYJKoZIhvcNAQELBQADggEB
AJIrYiwWD0M7GqDhTyGJP5ywhZK7tVKZgNdNcLt/FHFti/pgSMo+iixDGQlo/TYU
ReObweFgMQ9U/kYb6yYbYuEP0ReC4qXxzM/w3CMC6WXXftGyrJfxd/QfKyEZrKz/
w0JDn674yDuIElCNYSLS5Qcup9CGzfeKgSF+pAFnVGs7TQciIao5mZ67VCLRAvEm
at+gIGOnu/eXQ0rH8pfFKrU6DIKRo9M6uDBGaAwWoy/TwiF3Okvzl0W1pogAm5VF
fY6UMJl1tWVP0KiHu22w7JHXg8nP00tRgvF9sx25fh9yh6tdCr7scniTNLe0vd66
w+a2CU2hnfV4Da8UZdUfbpc=
-----END CERTIFICATE-----
Generated at Sat Jul 18 10:31:23 2026 by rpki-client