Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/3D04EA589D9211EF8083B245C4F9AE02.roa
File:                     3D04EA589D9211EF8083B245C4F9AE02.roa (raw, json)
Hash identifier:          RSaSAh/XcXWb7NPffCS/FqPJSo+pa7sKXOVuZOVTa+Q=
Subject key identifier:   54:9D:56:11:C1:06:0F:2D:9C:67:E9:3C:98:8C:C5:22:E1:74:4F:32
Certificate issuer:       /CN=A91C1025/serialNumber=5F004D57EB36F42672E66F3005F6469B6289171B
Certificate serial:       0141
Authority key identifier: 5F:00:4D:57:EB:36:F4:26:72:E6:6F:30:05:F6:46:9B:62:89:17:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XwBNV-s29CZy5m8wBfZGm2KJFxs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/3D04EA589D9211EF8083B245C4F9AE02.roa
Signing time:             Wed 01 Jul 2026 07:32:11 +0000
ROA not before:           Wed 01 Jul 2026 07:32:11 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     153167
IP address blocks:        2401:b3a0::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/XwBNV-s29CZy5m8wBfZGm2KJFxs.crl
                          rsync://rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/XwBNV-s29CZy5m8wBfZGm2KJFxs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XwBNV-s29CZy5m8wBfZGm2KJFxs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 14 Jul 2026 06:33:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321 (0x141)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C1025, serialNumber=5F004D57EB36F42672E66F3005F6469B6289171B
        Validity
            Not Before: Jul  1 07:32:11 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a44c27b-301a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:15:76:07:f7:75:c9:aa:95:6a:b2:0a:81:47:
                    e1:4b:b7:54:dc:ea:e6:fd:33:66:2e:9a:73:1f:a8:
                    e3:2d:f9:a0:42:d1:a4:b3:af:68:f9:42:1e:53:3f:
                    c1:a6:cc:b9:f5:13:9c:fe:76:a5:28:24:0e:27:36:
                    b6:f1:d9:e2:5c:bd:d9:de:c2:87:05:69:c6:18:93:
                    4b:c3:29:74:07:b6:46:11:01:6a:dd:d0:a8:fa:d7:
                    64:6a:c8:58:fd:dd:c5:ea:42:77:53:3d:48:24:79:
                    b7:2d:86:0c:78:18:25:95:4b:b4:35:94:74:a4:fd:
                    d6:98:51:85:78:47:d7:82:09:03:81:5f:5e:2a:37:
                    0e:c5:a9:fa:0e:d0:cd:c6:08:ef:65:4a:1b:0d:2d:
                    93:93:e7:8a:2c:a7:47:76:a4:63:c4:2d:91:fa:1b:
                    a8:00:5e:6c:1e:5d:86:74:aa:97:ea:8e:f9:7e:3c:
                    25:d0:6b:cf:71:c0:11:07:56:79:f2:94:bb:95:fd:
                    fa:b9:9f:18:d5:a2:a5:5f:4d:d0:2c:34:7b:62:2a:
                    ec:b1:e6:a2:c3:72:2e:17:66:a1:b5:61:30:80:a0:
                    41:0e:bd:22:15:2e:e9:7f:a1:01:45:d7:8d:d5:fe:
                    8a:64:a0:4f:f7:ff:83:d4:98:77:cd:be:30:22:ac:
                    18:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:9D:56:11:C1:06:0F:2D:9C:67:E9:3C:98:8C:C5:22:E1:74:4F:32
            X509v3 Authority Key Identifier:
                keyid:5F:00:4D:57:EB:36:F4:26:72:E6:6F:30:05:F6:46:9B:62:89:17:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/XwBNV-s29CZy5m8wBfZGm2KJFxs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XwBNV-s29CZy5m8wBfZGm2KJFxs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1025/956F662C9D8411EF817E1420C4F9AE02/3D04EA589D9211EF8083B245C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:b3a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:e5:3f:9a:0a:0e:a1:71:06:57:12:d9:ee:ed:5a:62:bc:e0:
         2e:31:bf:a6:85:67:80:7a:af:c4:0d:cb:3d:1f:f9:41:1c:7f:
         ed:ac:5e:bc:69:65:f7:c1:c0:28:39:7d:0a:ce:4c:29:cf:3e:
         0a:4f:2d:2f:15:ac:df:98:2d:67:a4:86:f9:e0:d4:b4:f9:7d:
         a6:ef:7a:4b:86:d7:e3:9c:50:fe:ef:8c:21:37:b4:0b:6e:3a:
         78:8c:5e:b3:59:d9:8b:b8:13:03:24:fa:75:b2:e3:2f:20:b0:
         43:93:4c:de:ce:46:0c:e9:90:70:be:df:6f:fc:87:ab:fb:19:
         b7:29:2a:53:c2:13:62:2d:3e:15:87:61:78:25:55:8b:e6:e7:
         c5:ca:2d:ec:ab:d9:e9:1b:06:05:68:f6:ed:0b:86:71:f8:a5:
         92:57:4f:89:9c:a6:79:63:fa:1b:f7:1b:f6:14:0c:22:e0:4a:
         b6:90:eb:df:d1:2d:75:30:f5:20:02:43:97:ac:36:94:eb:e0:
         ee:7e:c0:b7:34:91:c0:a9:72:8c:2a:6d:78:48:4e:b1:1e:19:
         73:62:ab:1f:90:5a:08:34:25:fa:7a:97:db:8d:b4:05:36:a1:
         98:5e:0b:a5:64:7e:0d:79:fc:fe:18:cb:f9:f9:24:ba:87:73:
         e6:74:0a:bf
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgICAUEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzEwMjUxMTAvBgNVBAUTKDVGMDA0RDU3RUIzNkY0MjY3MkU2NkYzMDA1RjY0NjlC
NjI4OTE3MUIwHhcNMjYwNzAxMDczMjExWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0YzI3Yi0zMDFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuxV2B/d1yaqVarIKgUfhS7dU3Orm/TNmLppzH6jjLfmgQtGks69o+UIeUz/B
psy59ROc/nalKCQOJza28dniXL3Z3sKHBWnGGJNLwyl0B7ZGEQFq3dCo+tdkashY
/d3F6kJ3Uz1IJHm3LYYMeBgllUu0NZR0pP3WmFGFeEfXggkDgV9eKjcOxan6DtDN
xgjvZUobDS2Tk+eKLKdHdqRjxC2R+huoAF5sHl2GdKqX6o75fjwl0GvPccARB1Z5
8pS7lf36uZ8Y1aKlX03QLDR7Yirsseaiw3IuF2ahtWEwgKBBDr0iFS7pf6EBRdeN
1f6KZKBP9/+D1Jh3zb4wIqwYPwIDAQABo4ICYTCCAl0wHQYDVR0OBBYEFFSdVhHB
Bg8tnGfpPJiMxSLhdE8yMB8GA1UdIwQYMBaAFF8ATVfrNvQmcuZvMAX2RptiiRcb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMTAyNS85NTZGNjYyQzlE
ODQxMUVGODE3RTE0MjBDNEY5QUUwMi9Yd0JOVi1zMjlDWnk1bTh3QmZaR20yS0pG
eHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1h3Qk5WLXMyOUNaeTVtOHdCZlpHbTJLSkZ4cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzEwMjUvOTU2RjY2MkM5RDg0MTFFRjgxN0UxNDIwQzRGOUFFMDIvM0QwNEVBNTg5
RDkyMTFFRjgwODNCMjQ1QzRGOUFFMDIucm9hMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAGzoDANBgkqhkiG9w0BAQsFAAOCAQEAXeU/mgoOoXEGVxLZ7u1a
YrzgLjG/poVngHqvxA3LPR/5QRx/7axevGll98HAKDl9Cs5MKc8+Ck8tLxWs35gt
Z6SG+eDUtPl9pu96S4bX45xQ/u+MITe0C246eIxes1nZi7gTAyT6dbLjLyCwQ5NM
3s5GDOmQcL7fb/yHq/sZtykqU8ITYi0+FYdheCVVi+bnxcot7KvZ6RsGBWj27QuG
cfilkldPiZymeWP6G/cb9hQMIuBKtpDr39EtdTD1IAJDl6w2lOvg7n7AtzSRwKly
jCpteEhOsR4Zc2KrH5BaCDQl+nqX2420BTahmF4LpWR+DXn8/hjL+fkkuodz5nQK
vw==
-----END CERTIFICATE-----
Generated at Wed Jul 8 22:05:02 2026 by rpki-client