Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/0134DE8CC77211EC9B377B2DC4F9AE02.roa
File:                     0134DE8CC77211EC9B377B2DC4F9AE02.roa (raw, json)
Hash identifier:          msTMJE6mBxD5mA2gV0ptJywyNL3ivHirT04vALlCZ80=
Subject key identifier:   0F:1E:B7:E1:CE:4C:F2:62:94:CD:87:0D:08:E5:19:0A:77:1D:CF:F5
Certificate issuer:       /CN=A91CFFA0/serialNumber=ADD9418F0F9B55F3B7376A093DB11DBAD3AEFEC8
Certificate serial:       105C
Authority key identifier: AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/0134DE8CC77211EC9B377B2DC4F9AE02.roa
Signing time:             Tue 14 Jul 2026 23:20:40 +0000
ROA not before:           Tue 14 Jul 2026 23:20:40 +0000
ROA not after:            Wed 31 Mar 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        61.8.33.0/24 maxlen: 24
                          61.47.0.0/24 maxlen: 24
                          61.47.3.0/24 maxlen: 24
                          61.47.4.0/23 maxlen: 24
                          61.47.15.0/24 maxlen: 24
                          61.47.17.0/24 maxlen: 24
                          61.47.21.0/24 maxlen: 24
                          61.47.22.0/24 maxlen: 24
                          61.47.24.0/24 maxlen: 24
                          61.47.27.0/24 maxlen: 24
                          61.47.29.0/24 maxlen: 24
                          61.47.44.0/23 maxlen: 24
                          61.47.46.0/24 maxlen: 24
                          61.47.49.0/24 maxlen: 24
                          61.47.50.0/23 maxlen: 24
                          61.47.53.0/24 maxlen: 24
                          61.47.54.0/23 maxlen: 24
                          61.47.56.0/24 maxlen: 24
                          61.47.64.0/23 maxlen: 24
                          61.47.66.0/24 maxlen: 24
                          61.47.72.0/21 maxlen: 24
                          61.47.102.0/23 maxlen: 24
                          61.47.108.0/22 maxlen: 24
                          122.152.164.0/24 maxlen: 24
                          203.120.52.0/24 maxlen: 24
                          221.128.0.0/18 maxlen: 24
                          221.128.71.0/24 maxlen: 24
                          221.128.73.0/24 maxlen: 24
                          221.128.77.0/24 maxlen: 24
                          221.128.79.0/24 maxlen: 24
                          221.128.81.0/24 maxlen: 24
                          221.128.87.0/24 maxlen: 24
                          221.128.88.0/22 maxlen: 24
                          221.128.97.0/24 maxlen: 24
                          221.128.98.0/23 maxlen: 24
                          221.128.104.0/22 maxlen: 24
                          221.128.108.0/23 maxlen: 24
                          221.128.110.0/24 maxlen: 24
                          221.128.115.0/24 maxlen: 24
                          221.128.116.0/24 maxlen: 24
                          221.128.118.0/23 maxlen: 24
                          221.128.121.0/24 maxlen: 24
                          221.128.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/rdlBjw-bVfO3N2oJPbEdutOu_sg.crl
                          rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/rdlBjw-bVfO3N2oJPbEdutOu_sg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 17:56:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4188 (0x105c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CFFA0, serialNumber=ADD9418F0F9B55F3B7376A093DB11DBAD3AEFEC8
        Validity
            Not Before: Jul 14 23:20:40 2026 GMT
            Not After : Mar 31 00:00:00 2027 GMT
        Subject: CN=6a56c448-2ea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b4:26:65:f3:9f:0b:0f:a9:a1:b3:49:20:06:
                    70:82:44:48:e0:f7:fc:70:60:35:b1:5c:38:36:4d:
                    bf:0d:48:f6:b8:0c:4a:4b:24:50:8b:08:46:cc:d4:
                    96:df:1b:3e:13:17:ce:d5:c4:d7:52:3e:62:d0:e5:
                    04:f7:17:ba:cf:e1:e8:55:ae:e4:bd:a0:6c:cd:56:
                    30:80:b1:aa:2c:54:7f:04:39:8b:0c:ad:a8:02:bf:
                    42:da:14:45:18:1b:79:7b:d7:4c:60:d0:57:d6:a9:
                    27:1c:10:df:e8:05:6b:00:3f:38:c4:16:08:24:74:
                    0e:9d:15:52:ab:0f:03:03:e6:a4:fc:d1:93:88:9d:
                    01:f8:ce:83:0f:69:83:8b:38:85:96:2f:40:a8:28:
                    80:76:9d:4b:1f:27:b4:bc:eb:8f:27:ac:64:a7:54:
                    09:88:df:c6:75:8f:72:a0:ee:13:f3:ae:bf:cf:f3:
                    63:72:af:c6:b3:43:9e:74:4c:36:91:df:4b:34:ca:
                    e9:28:3f:f2:c1:8b:03:35:b3:2d:e8:2f:f9:b7:41:
                    cb:df:11:e5:26:ec:52:ef:55:8b:00:60:fb:3d:0a:
                    63:79:9a:72:6f:f4:3e:14:a5:c7:c0:81:33:c9:91:
                    91:0b:81:36:5a:ff:c5:ed:6c:65:b1:10:f9:9f:c4:
                    ca:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1E:B7:E1:CE:4C:F2:62:94:CD:87:0D:08:E5:19:0A:77:1D:CF:F5
            X509v3 Authority Key Identifier:
                keyid:AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/rdlBjw-bVfO3N2oJPbEdutOu_sg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/0134DE8CC77211EC9B377B2DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.8.33.0/24
                  61.47.0.0/24
                  61.47.3.0-61.47.5.255
                  61.47.15.0/24
                  61.47.17.0/24
                  61.47.21.0-61.47.22.255
                  61.47.24.0/24
                  61.47.27.0/24
                  61.47.29.0/24
                  61.47.44.0-61.47.46.255
                  61.47.49.0-61.47.51.255
                  61.47.53.0-61.47.56.255
                  61.47.64.0-61.47.66.255
                  61.47.72.0/21
                  61.47.102.0/23
                  61.47.108.0/22
                  122.152.164.0/24
                  203.120.52.0/24
                  221.128.0.0/18
                  221.128.71.0/24
                  221.128.73.0/24
                  221.128.77.0/24
                  221.128.79.0/24
                  221.128.81.0/24
                  221.128.87.0-221.128.91.255
                  221.128.97.0-221.128.99.255
                  221.128.104.0-221.128.110.255
                  221.128.115.0-221.128.116.255
                  221.128.118.0/23
                  221.128.121.0/24
                  221.128.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ff:d8:41:00:0f:35:f0:9d:d2:c4:97:48:99:67:5c:50:8e:
         37:06:ad:e4:82:cf:e4:9b:a3:35:2a:44:f8:41:d0:cb:34:49:
         eb:4e:6f:da:6d:96:8f:09:27:12:10:ba:dd:73:55:d6:57:b8:
         57:40:0d:74:bb:63:7d:38:ad:ba:e5:82:43:f0:15:33:ec:18:
         96:e6:07:47:17:b9:de:79:68:93:e9:c8:4a:25:db:90:ee:36:
         71:0f:f5:16:b5:d9:9b:45:16:2d:bc:2b:8f:7a:57:fa:d0:02:
         69:30:3a:e6:5e:4f:d4:4f:0e:64:36:ea:46:ac:0a:d9:9a:ed:
         ac:4a:d4:21:31:fa:39:c9:bc:fd:0c:55:9b:f0:14:ca:db:c7:
         d7:bb:66:52:10:04:1b:f4:8f:85:c0:fc:64:24:c2:32:4a:1a:
         be:ff:55:b5:db:00:e5:f9:5a:d4:fb:bd:db:4c:6c:52:f6:6b:
         a9:75:48:59:2a:a2:60:75:94:ea:62:db:b8:e7:6c:fd:c6:70:
         3a:2b:79:d6:06:63:c3:18:94:e1:79:a3:79:9d:a3:11:4a:3f:
         61:af:8d:fc:27:33:29:20:5e:c4:2e:66:9a:08:e5:d2:b9:5b:
         9b:2a:fd:94:7a:6e:b2:62:8e:44:33:6d:81:93:c1:ca:11:6d:
         f2:a0:45:99
-----BEGIN CERTIFICATE-----
MIIGSjCCBTKgAwIBAgICEFwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0ZGQTAxMTAvBgNVBAUTKEFERDk0MThGMEY5QjU1RjNCNzM3NkEwOTNEQjExREJB
RDNBRUZFQzgwHhcNMjYwNzE0MjMyMDQwWhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTU2YzQ0OC0yZWE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAk7QmZfOfCw+pobNJIAZwgkRI4Pf8cGA1sVw4Nk2/DUj2uAxKSyRQiwhGzNSW
3xs+ExfO1cTXUj5i0OUE9xe6z+HoVa7kvaBszVYwgLGqLFR/BDmLDK2oAr9C2hRF
GBt5e9dMYNBX1qknHBDf6AVrAD84xBYIJHQOnRVSqw8DA+ak/NGTiJ0B+M6DD2mD
iziFli9AqCiAdp1LHye0vOuPJ6xkp1QJiN/GdY9yoO4T866/z/Njcq/Gs0OedEw2
kd9LNMrpKD/ywYsDNbMt6C/5t0HL3xHlJuxS71WLAGD7PQpjeZpyb/Q+FKXHwIEz
yZGRC4E2Wv/F7WxlsRD5n8TK5wIDAQABo4IDbjCCA2owHQYDVR0OBBYEFA8et+HO
TPJilM2HDQjlGQp3Hc/1MB8GA1UdIwQYMBaAFK3ZQY8Pm1XztzdqCT2xHbrTrv7I
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRkZBMC8xRDY2RDQ4NkQ4
Q0IxMUU5QkFFMjREMjFDNEY5QUUwMi9yZGxCanctYlZmTzNOMm9KUGJFZHV0T3Vf
c2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JkbEJqdy1iVmZPM04yb0pQYkVkdXRPdV9zZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0ZGQTAvMUQ2NkQ0ODZEOENCMTFFOUJBRTI0RDIxQzRGOUFFMDIvMDEzNERFOEND
NzcyMTFFQzlCMzc3QjJEQzRGOUFFMDIucm9hMIIBKwYIKwYBBQUHAQcBAf8EggEa
MIIBFjCCARIEAgABMIIBCgMEAD0IIQMEAD0vADAMAwQAPS8DAwQBPS8EAwQAPS8P
AwQAPS8RMAwDBAA9LxUDBAA9LxYDBAA9LxgDBAA9LxsDBAA9Lx0wDAMEAj0vLAME
AD0vLjAMAwQAPS8xAwQCPS8wMAwDBAA9LzUDBAA9LzgwDAMEBj0vQAMEAD0vQgME
Az0vSAMEAT0vZgMEAj0vbAMEAHqYpAMEAMt4NAMEBt2AAAMEAN2ARwMEAN2ASQME
AN2ATQMEAN2ATwMEAN2AUTAMAwQA3YBXAwQC3YBYMAwDBADdgGEDBALdgGAwDAME
A92AaAMEAN2AbjAMAwQA3YBzAwQA3YB0AwQB3YB2AwQA3YB5AwQA3YB7MA0GCSqG
SIb3DQEBCwUAA4IBAQCL/9hBAA818J3SxJdImWdcUI43Bq3kgs/km6M1KkT4QdDL
NEnrTm/abZaPCScSELrdc1XWV7hXQA10u2N9OK265YJD8BUz7BiW5gdHF7neeWiT
6chKJduQ7jZxD/UWtdmbRRYtvCuPelf60AJpMDrmXk/UTw5kNupGrArZmu2sStQh
Mfo5ybz9DFWb8BTK28fXu2ZSEAQb9I+FwPxkJMIyShq+/1W12wDl+VrU+73bTGxS
9mupdUhZKqJgdZTqYtu452z9xnA6K3nWBmPDGJTheaN5naMRSj9hr438JzMpIF7E
LmaaCOXSuVubKv2Uem6yYo5EM22Bk8HKEW3yoEWZ
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:49:48 2026 by rpki-client