Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/A0DEDD52FDF811EEA4D57274C4F9AE02.roa
File:                     A0DEDD52FDF811EEA4D57274C4F9AE02.roa (raw, json)
Hash identifier:          rm62Zobf+vSIv757GLuOQnassUi+6YwaOUBaAetb62A=
Subject key identifier:   D1:67:08:F4:BE:8F:39:56:91:B5:88:DF:DB:86:1D:B5:F8:9F:37:80
Certificate issuer:       /CN=A91BEBE9/serialNumber=0FAB4EF9828F4AF267C16D8AD4710A8EEC9BBBAE
Certificate serial:       0256
Authority key identifier: 0F:AB:4E:F9:82:8F:4A:F2:67:C1:6D:8A:D4:71:0A:8E:EC:9B:BB:AE
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D6tO-YKPSvJnwW2K1HEKjuybu64.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/A0DEDD52FDF811EEA4D57274C4F9AE02.roa
Signing time:             Mon 29 Jun 2026 03:33:10 +0000
ROA not before:           Mon 29 Jun 2026 03:33:10 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        217.10.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/D6tO-YKPSvJnwW2K1HEKjuybu64.crl
                          rsync://rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/D6tO-YKPSvJnwW2K1HEKjuybu64.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D6tO-YKPSvJnwW2K1HEKjuybu64.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 12 Jul 2026 02:55:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 598 (0x256)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BEBE9, serialNumber=0FAB4EF9828F4AF267C16D8AD4710A8EEC9BBBAE
        Validity
            Not Before: Jun 29 03:33:10 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a41e776-bc3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5d:11:25:48:d4:a6:e8:3d:2d:88:ef:b6:98:
                    b7:be:22:e5:37:38:f8:52:1a:ee:1c:f8:7a:7a:f7:
                    e5:6f:30:99:fd:82:9f:42:ca:67:9f:ff:98:7a:58:
                    2d:af:b7:88:9d:aa:35:a7:21:35:9d:cb:eb:bf:c6:
                    0e:af:0a:bd:65:73:68:d6:ab:4b:71:e5:d7:40:08:
                    86:0f:ac:8a:c1:a8:1f:e6:da:97:9c:dc:8e:6c:81:
                    67:09:fb:93:b6:bb:97:e6:69:5e:ee:f3:24:35:0a:
                    7a:a3:7e:23:4c:da:09:ae:20:6b:d3:c1:0a:e3:db:
                    87:a7:af:5e:c1:5b:8c:f2:7d:4f:e1:d9:fd:ec:e3:
                    28:df:25:99:9b:8c:cf:75:0b:48:34:8c:b2:f0:0c:
                    99:84:46:7e:72:24:53:8e:10:34:6b:60:c7:5b:1e:
                    cd:89:b2:9c:86:a9:4a:ba:b3:fb:25:eb:0a:0f:e8:
                    c7:1b:87:54:ce:38:ad:54:8b:9f:f5:72:25:54:a9:
                    c8:a6:5c:d3:ee:4f:6a:60:49:8c:82:85:bd:d8:ff:
                    d4:24:ba:c9:c4:78:20:8e:45:e5:db:c4:16:83:ab:
                    bd:74:dc:c8:19:f6:66:91:9c:46:24:47:26:58:b9:
                    27:48:59:e6:42:50:06:1b:79:7b:78:43:76:52:81:
                    c1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:67:08:F4:BE:8F:39:56:91:B5:88:DF:DB:86:1D:B5:F8:9F:37:80
            X509v3 Authority Key Identifier:
                keyid:0F:AB:4E:F9:82:8F:4A:F2:67:C1:6D:8A:D4:71:0A:8E:EC:9B:BB:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/D6tO-YKPSvJnwW2K1HEKjuybu64.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D6tO-YKPSvJnwW2K1HEKjuybu64.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BEBE9/94C9B878005D11EEBE7A9241C4F9AE02/A0DEDD52FDF811EEA4D57274C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.10.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:36:2b:d3:eb:93:b8:44:6d:4e:68:bf:30:3c:26:47:e7:77:
         91:68:42:44:a7:de:97:d5:d4:67:65:74:25:8a:e5:b4:70:7f:
         56:4d:d8:b0:17:8a:9a:32:b6:4c:b4:f1:cf:3b:ab:2e:bf:6c:
         31:0f:aa:bf:27:50:f2:83:bf:1f:76:4f:2e:0d:26:9c:f2:ea:
         88:eb:ce:0f:45:f1:1d:e3:2c:5b:c0:78:b6:62:6d:4c:53:0e:
         ad:7f:54:8d:07:46:66:6b:bb:0a:c9:fa:cb:02:af:3d:c9:b1:
         9b:16:b9:ce:61:8e:0b:bd:17:76:a5:7c:e9:fb:c6:18:c0:fc:
         96:22:cd:c7:8d:1d:1a:eb:a7:eb:ba:e0:96:b7:7a:8c:1f:d4:
         c4:e7:b8:11:67:78:67:53:f1:4f:ca:53:3e:fb:9b:ec:25:5a:
         3d:7c:2b:ca:d4:0f:51:c5:d3:46:d7:c5:0d:ca:0e:de:a2:33:
         73:ab:57:bd:31:46:0b:b8:b7:8f:66:b6:8f:44:fe:5c:94:e0:
         cd:db:99:7d:e0:c1:2b:31:dc:25:be:21:c0:69:b6:7c:55:97:
         3d:bc:e2:80:75:53:3b:ff:59:33:f1:bf:46:ac:c1:90:fd:84:
         ab:6a:99:7d:96:70:95:ac:90:81:b8:30:0f:f0:1b:1b:5b:91:
         2c:2d:53:1c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAlYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkVCRTkxMTAvBgNVBAUTKDBGQUI0RUY5ODI4RjRBRjI2N0MxNkQ4QUQ0NzEwQThF
RUM5QkJCQUUwHhcNMjYwNjI5MDMzMzEwWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQxZTc3Ni1iYzNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsF0RJUjUpug9LYjvtpi3viLlNzj4UhruHPh6evflbzCZ/YKfQspnn/+Yelgt
r7eInao1pyE1ncvrv8YOrwq9ZXNo1qtLceXXQAiGD6yKwagf5tqXnNyObIFnCfuT
truX5mle7vMkNQp6o34jTNoJriBr08EK49uHp69ewVuM8n1P4dn97OMo3yWZm4zP
dQtINIyy8AyZhEZ+ciRTjhA0a2DHWx7NibKchqlKurP7JesKD+jHG4dUzjitVIuf
9XIlVKnIplzT7k9qYEmMgoW92P/UJLrJxHggjkXl28QWg6u9dNzIGfZmkZxGJEcm
WLknSFnmQlAGG3l7eEN2UoHB5QIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFNFnCPS+
jzlWkbWI39uGHbX4nzeAMB8GA1UdIwQYMBaAFA+rTvmCj0ryZ8FtitRxCo7sm7uu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRUJFOS85NEM5Qjg3ODAw
NUQxMUVFQkU3QTkyNDFDNEY5QUUwMi9ENnRPLVlLUFN2Sm53VzJLMUhFS2p1eWJ1
NjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0Q2dE8tWUtQU3ZKbndXMksxSEVLanV5YnU2NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkVCRTkvOTRDOUI4NzgwMDVEMTFFRUJFN0E5MjQxQzRGOUFFMDIvQTBERURENTJG
REY4MTFFRUE0RDU3Mjc0QzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQA2QrnMA0GCSqGSIb3DQEBCwUAA4IBAQCMNivT65O4RG1OaL8wPCZH
53eRaEJEp96X1dRnZXQliuW0cH9WTdiwF4qaMrZMtPHPO6suv2wxD6q/J1Dyg78f
dk8uDSac8uqI684PRfEd4yxbwHi2Ym1MUw6tf1SNB0Zma7sKyfrLAq89ybGbFrnO
YY4LvRd2pXzp+8YYwPyWIs3HjR0a66fruuCWt3qMH9TE57gRZ3hnU/FPylM++5vs
JVo9fCvK1A9RxdNG18UNyg7eojNzq1e9MUYLuLePZraPRP5clODN25l94MErMdwl
viHAabZ8VZc9vOKAdVM7/1kz8b9GrMGQ/YSrapl9lnCVrJCBuDAP8BsbW5EsLVMc
-----END CERTIFICATE-----
Generated at Mon Jul 6 18:16:50 2026 by rpki-client