Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/C0743AE8A6B611E9AB731B69C4F9AE02.roa
File:                     C0743AE8A6B611E9AB731B69C4F9AE02.roa (raw, json)
Hash identifier:          KpHP3J6wffkQyJYpj3PgvrHuC90SNYDQDGnCB+spAtI=
Subject key identifier:   B5:38:49:20:F2:B3:06:37:0F:3C:D5:28:36:51:91:A8:C1:0B:61:A5
Certificate issuer:       /CN=A91D58F6/serialNumber=65D9190FFC869C94F582190FAAD40F0514A5BA4E
Certificate serial:       0F05
Authority key identifier: 65:D9:19:0F:FC:86:9C:94:F5:82:19:0F:AA:D4:0F:05:14:A5:BA:4E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZdkZD_yGnJT1ghkPqtQPBRSluk4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/C0743AE8A6B611E9AB731B69C4F9AE02.roa
Signing time:             Tue 30 Jun 2026 18:23:06 +0000
ROA not before:           Tue 30 Jun 2026 18:23:06 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     23881
IP address blocks:        45.121.196.0/24 maxlen: 24
                          45.121.197.0/24 maxlen: 24
                          45.121.198.0/24 maxlen: 24
                          45.121.199.0/24 maxlen: 24
                          103.15.196.0/24 maxlen: 24
                          103.15.197.0/24 maxlen: 24
                          103.15.198.0/24 maxlen: 24
                          103.15.199.0/24 maxlen: 24
                          103.19.24.0/24 maxlen: 24
                          103.19.25.0/24 maxlen: 24
                          103.19.26.0/24 maxlen: 24
                          103.19.27.0/24 maxlen: 24
                          203.135.128.0/24 maxlen: 24
                          203.135.129.0/24 maxlen: 24
                          203.135.130.0/24 maxlen: 24
                          203.135.131.0/24 maxlen: 24
                          203.135.132.0/24 maxlen: 24
                          203.135.133.0/24 maxlen: 24
                          203.135.134.0/24 maxlen: 24
                          203.135.135.0/24 maxlen: 24
                          203.135.136.0/24 maxlen: 24
                          203.135.137.0/24 maxlen: 24
                          203.135.138.0/24 maxlen: 24
                          203.135.139.0/24 maxlen: 24
                          203.135.140.0/24 maxlen: 24
                          203.135.141.0/24 maxlen: 24
                          203.135.142.0/24 maxlen: 24
                          203.135.143.0/24 maxlen: 24
                          203.135.144.0/24 maxlen: 24
                          203.135.145.0/24 maxlen: 24
                          203.135.146.0/24 maxlen: 24
                          203.135.147.0/24 maxlen: 24
                          203.135.148.0/24 maxlen: 24
                          203.135.149.0/24 maxlen: 24
                          203.135.150.0/24 maxlen: 24
                          203.135.151.0/24 maxlen: 24
                          203.135.152.0/24 maxlen: 24
                          203.135.153.0/24 maxlen: 24
                          203.135.154.0/24 maxlen: 24
                          203.135.155.0/24 maxlen: 24
                          203.135.156.0/24 maxlen: 24
                          203.135.157.0/24 maxlen: 24
                          203.135.158.0/24 maxlen: 24
                          203.135.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/ZdkZD_yGnJT1ghkPqtQPBRSluk4.crl
                          rsync://rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/ZdkZD_yGnJT1ghkPqtQPBRSluk4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZdkZD_yGnJT1ghkPqtQPBRSluk4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 13 Jul 2026 17:58:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3845 (0xf05)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D58F6, serialNumber=65D9190FFC869C94F582190FAAD40F0514A5BA4E
        Validity
            Not Before: Jun 30 18:23:06 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a44098a-61ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7e:7f:cd:e8:22:a5:b1:ef:8c:80:fd:a8:c6:
                    5e:9a:f1:62:66:0b:b2:58:69:12:cf:d7:db:38:8e:
                    5b:76:ef:71:e6:fe:47:26:95:d9:f0:a8:35:72:dc:
                    60:c1:7e:89:09:dd:dd:c0:9d:37:6d:92:3e:25:1e:
                    d6:ed:cd:f8:33:68:fb:83:85:ca:28:4e:99:6b:c5:
                    de:c2:9a:df:85:69:69:33:9f:e3:1e:9f:4f:91:98:
                    3a:61:f6:be:83:11:c2:97:ff:1a:5c:1e:9d:40:a4:
                    d9:c8:39:46:60:f6:4e:bf:a9:2b:12:53:57:3f:0e:
                    5e:ad:30:a8:6e:e3:23:87:d6:c4:d8:3b:96:41:34:
                    95:71:6e:90:24:71:dc:61:40:c9:28:62:3d:e4:7c:
                    6e:0b:e3:61:c2:7c:66:6f:fb:ca:d1:af:b4:32:74:
                    0d:70:c8:29:40:39:ff:0f:cd:f7:ef:c7:d2:77:6a:
                    1c:2a:7c:2b:90:e5:0e:2d:4b:58:db:10:60:df:15:
                    f0:a7:e7:35:ae:19:98:06:76:04:1a:83:b2:fc:a5:
                    72:20:1a:57:d6:80:29:82:75:91:aa:45:c0:73:75:
                    7c:a5:83:bc:4d:21:bc:d8:bf:4a:ad:70:2a:9e:07:
                    6d:9e:c1:88:84:10:5d:bf:69:b3:46:1f:e7:ab:ac:
                    6c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:38:49:20:F2:B3:06:37:0F:3C:D5:28:36:51:91:A8:C1:0B:61:A5
            X509v3 Authority Key Identifier:
                keyid:65:D9:19:0F:FC:86:9C:94:F5:82:19:0F:AA:D4:0F:05:14:A5:BA:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/ZdkZD_yGnJT1ghkPqtQPBRSluk4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZdkZD_yGnJT1ghkPqtQPBRSluk4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D58F6/56BE0C7CA6B211E9AACFB45BC4F9AE02/C0743AE8A6B611E9AB731B69C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.121.196.0/22
                  103.15.196.0/22
                  103.19.24.0/22
                  203.135.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4b:79:78:26:54:ae:dc:c8:da:72:71:9a:ee:23:f4:01:00:fb:
         bb:98:2d:c5:58:a9:d5:6c:39:39:1e:3c:45:26:d7:68:80:c8:
         ce:36:78:99:43:20:28:61:e9:78:8f:b8:b2:9c:e5:5d:cd:29:
         15:a9:40:1b:21:8f:6e:25:10:24:7e:0e:12:34:f1:9a:75:b1:
         ac:12:b6:45:68:f3:0b:30:76:c6:55:d7:c4:81:3b:c7:cc:c7:
         6a:9a:43:aa:0d:5f:1e:0c:ca:b1:1a:64:e9:06:14:3b:5f:43:
         56:85:9a:48:2e:d6:95:1d:4f:43:2d:21:69:4f:95:19:27:67:
         34:9d:ce:f8:f0:94:3c:39:6b:d2:dc:79:c8:77:b6:10:16:5f:
         bc:11:dc:90:aa:f6:ee:f3:5e:a2:f6:61:1d:27:a8:7f:a4:45:
         41:a3:3a:8a:9c:c4:42:83:d1:3d:1c:50:9d:e6:dd:25:54:56:
         42:6b:9d:e3:ff:12:5e:02:4c:1d:da:1f:cf:44:45:7d:d5:ba:
         12:27:08:d8:69:47:c5:16:92:de:32:ed:bd:20:8c:24:67:3b:
         fa:5c:55:63:4c:37:d6:9b:7f:a1:c1:ed:4e:9e:f3:08:99:e4:
         0a:5d:87:ba:54:36:6c:34:60:38:2b:d9:83:38:c5:48:bc:53:
         42:cd:ed:ce
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgICDwUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDU4RjYxMTAvBgNVBAUTKDY1RDkxOTBGRkM4NjlDOTRGNTgyMTkwRkFBRDQwRjA1
MTRBNUJBNEUwHhcNMjYwNjMwMTgyMzA2WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0MDk4YS02MWZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy35/zegipbHvjID9qMZemvFiZguyWGkSz9fbOI5bdu9x5v5HJpXZ8Kg1ctxg
wX6JCd3dwJ03bZI+JR7W7c34M2j7g4XKKE6Za8XewprfhWlpM5/jHp9PkZg6Yfa+
gxHCl/8aXB6dQKTZyDlGYPZOv6krElNXPw5erTCobuMjh9bE2DuWQTSVcW6QJHHc
YUDJKGI95HxuC+Nhwnxmb/vK0a+0MnQNcMgpQDn/D83378fSd2ocKnwrkOUOLUtY
2xBg3xXwp+c1rhmYBnYEGoOy/KVyIBpX1oApgnWRqkXAc3V8pYO8TSG82L9KrXAq
ngdtnsGIhBBdv2mzRh/nq6xsAwIDAQABo4ICcjCCAm4wHQYDVR0OBBYEFLU4SSDy
swY3DzzVKDZRkajBC2GlMB8GA1UdIwQYMBaAFGXZGQ/8hpyU9YIZD6rUDwUUpbpO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENThGNi81NkJFMEM3Q0E2
QjIxMUU5QUFDRkI0NUJDNEY5QUUwMi9aZGtaRF95R25KVDFnaGtQcXRRUEJSU2x1
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pka1pEX3lHbkpUMWdoa1BxdFFQQlJTbHVrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDU4RjYvNTZCRTBDN0NBNkIyMTFFOUFBQ0ZCNDVCQzRGOUFFMDIvQzA3NDNBRThB
NkI2MTFFOUFCNzMxQjY5QzRGOUFFMDIucm9hMDEGCCsGAQUFBwEHAQH/BCIwIDAe
BAIAATAYAwQCLXnEAwQCZw/EAwQCZxMYAwQFy4eAMA0GCSqGSIb3DQEBCwUAA4IB
AQBLeXgmVK7cyNpycZruI/QBAPu7mC3FWKnVbDk5HjxFJtdogMjONniZQyAoYel4
j7iynOVdzSkVqUAbIY9uJRAkfg4SNPGadbGsErZFaPMLMHbGVdfEgTvHzMdqmkOq
DV8eDMqxGmTpBhQ7X0NWhZpILtaVHU9DLSFpT5UZJ2c0nc748JQ8OWvS3HnId7YQ
Fl+8EdyQqvbu816i9mEdJ6h/pEVBozqKnMRCg9E9HFCd5t0lVFZCa53j/xJeAkwd
2h/PREV91boSJwjYaUfFFpLeMu29IIwkZzv6XFVjTDfWm3+hwe1OnvMImeQKXYe6
VDZsNGA4K9mDOMVIvFNCze3O
-----END CERTIFICATE-----
Generated at Tue Jul 7 14:44:40 2026 by rpki-client