Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/1B8DE01C641911EF83FFBF3CC4F9AE02.roa
File:                     1B8DE01C641911EF83FFBF3CC4F9AE02.roa (raw, json)
Hash identifier:          xDjn+cobUE2agLkdimK21R3Sdz0e7azaiAPMZg9qQro=
Subject key identifier:   C1:DF:25:AA:B9:F5:C3:4F:BC:4F:0B:B3:89:DE:7C:CE:AB:0A:BF:94
Certificate issuer:       /CN=A91DC017/serialNumber=0AA5DE29265A08E27A581D894465BDCDB73709BB
Certificate serial:       02B9
Authority key identifier: 0A:A5:DE:29:26:5A:08:E2:7A:58:1D:89:44:65:BD:CD:B7:37:09:BB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/1B8DE01C641911EF83FFBF3CC4F9AE02.roa
Signing time:             Tue 07 Jul 2026 03:28:30 +0000
ROA not before:           Tue 07 Jul 2026 03:28:30 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     398704
IP address blocks:        103.251.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.crl
                          rsync://rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 14 Jul 2026 03:28:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 697 (0x2b9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC017, serialNumber=0AA5DE29265A08E27A581D894465BDCDB73709BB
        Validity
            Not Before: Jul  7 03:28:30 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a4c725e-4682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a3:aa:31:1e:cb:f6:6a:16:2d:eb:21:06:3c:
                    e2:6f:88:88:28:9b:01:e2:c0:2d:3e:f4:29:35:e3:
                    02:cf:30:84:a8:51:83:28:29:29:ec:93:0e:f7:9a:
                    42:ec:ce:30:af:4c:65:cd:cb:b4:94:69:a8:e8:b2:
                    5e:bf:1e:3c:bd:7b:93:b2:49:fc:f5:66:91:e9:2b:
                    3a:26:ce:d2:ab:ab:ae:f4:6a:64:49:c9:26:1f:9f:
                    b6:6a:42:74:38:a0:95:ec:52:13:76:5e:7f:f1:fc:
                    22:88:cb:6b:5f:b6:a7:2a:4c:a6:5d:89:6d:41:dc:
                    8d:5f:43:e9:3b:1d:67:8b:83:8e:0e:e1:99:01:2c:
                    30:3e:be:3c:73:2e:d7:d5:8a:3c:66:00:66:59:c2:
                    cf:e5:d5:b2:5a:03:02:49:5b:7f:05:fd:86:2d:a0:
                    36:9b:c5:e1:81:85:d0:76:f6:35:ed:e5:88:60:93:
                    06:6f:3f:73:6f:a8:10:b7:da:50:f0:43:07:85:e5:
                    b1:0d:74:60:0d:f4:c7:95:37:cc:e7:6f:44:21:86:
                    02:ca:d3:87:49:39:23:83:c7:d3:6e:9b:8c:9d:bd:
                    0c:5e:ad:3a:b2:68:49:4a:14:be:db:cf:6e:23:4d:
                    54:be:09:e6:e4:0f:16:1c:02:52:37:16:bf:0b:47:
                    a3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DF:25:AA:B9:F5:C3:4F:BC:4F:0B:B3:89:DE:7C:CE:AB:0A:BF:94
            X509v3 Authority Key Identifier:
                keyid:0A:A5:DE:29:26:5A:08:E2:7A:58:1D:89:44:65:BD:CD:B7:37:09:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CqXeKSZaCOJ6WB2JRGW9zbc3Cbs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC017/105AC8FC90C311EDBA1DCC23C4F9AE02/1B8DE01C641911EF83FFBF3CC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.251.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:1f:2e:49:d5:26:aa:7a:99:17:be:af:b0:14:49:6b:42:34:
         12:3f:5b:5a:f5:c3:00:0c:2a:8d:7f:29:a0:fd:52:16:ff:1d:
         85:b4:b6:00:47:3a:72:6e:36:d1:c6:a0:8e:53:b9:7d:42:e7:
         49:bf:c7:01:b9:29:a4:a4:81:5a:13:e0:77:de:72:83:d7:dc:
         fc:a4:f0:a3:a2:d8:f8:43:65:7e:31:cd:cd:97:b7:81:38:8a:
         a1:f7:06:ba:ee:e8:f3:a0:95:35:21:f8:7c:0e:9b:dc:f3:71:
         4d:b9:41:2a:b4:69:00:dc:08:31:be:64:95:5e:6a:7a:7a:92:
         c7:fe:63:13:78:88:d7:2c:11:28:5c:07:64:0d:73:b0:88:9e:
         53:28:f3:5b:85:a7:95:c6:e7:01:2b:ae:b3:94:b8:52:b2:40:
         0e:78:83:93:81:97:ef:50:57:8d:7f:13:07:e0:1e:28:1f:7b:
         b5:d4:85:33:73:e0:98:1d:48:4f:41:bb:f5:a0:95:b0:6d:e6:
         b3:47:b1:9b:cf:39:d9:b5:a4:20:8f:d6:ce:69:fb:d4:8e:42:
         b8:bf:50:ee:23:d8:71:4c:4c:9a:79:6e:a4:15:c0:69:86:6b:
         9c:3f:b3:cf:6f:fb:11:4b:a6:1b:52:83:34:e5:fb:c0:f3:85:
         87:9b:72:cd
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICArkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REMwMTcxMTAvBgNVBAUTKDBBQTVERTI5MjY1QTA4RTI3QTU4MUQ4OTQ0NjVCRENE
QjczNzA5QkIwHhcNMjYwNzA3MDMyODMwWhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRjNzI1ZS00NjgyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwKOqMR7L9moWLeshBjzib4iIKJsB4sAtPvQpNeMCzzCEqFGDKCkp7JMO95pC
7M4wr0xlzcu0lGmo6LJevx48vXuTskn89WaR6Ss6Js7Sq6uu9GpkSckmH5+2akJ0
OKCV7FITdl5/8fwiiMtrX7anKkymXYltQdyNX0PpOx1ni4OODuGZASwwPr48cy7X
1Yo8ZgBmWcLP5dWyWgMCSVt/Bf2GLaA2m8XhgYXQdvY17eWIYJMGbz9zb6gQt9pQ
8EMHheWxDXRgDfTHlTfM529EIYYCytOHSTkjg8fTbpuMnb0MXq06smhJShS+289u
I01Uvgnm5A8WHAJSNxa/C0ej8wIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFMHfJaq5
9cNPvE8Ls4nefM6rCr+UMB8GA1UdIwQYMBaAFAql3ikmWgjielgdiURlvc23Nwm7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzAxNy8xMDVBQzhGQzkw
QzMxMUVEQkExRENDMjNDNEY5QUUwMi9DcVhlS1NaYUNPSjZXQjJKUkdXOXpiYzND
YnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NxWGVLU1phQ09KNldCMkpSR1c5emJjM0Nicy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REMwMTcvMTA1QUM4RkM5MEMzMTFFREJBMURDQzIzQzRGOUFFMDIvMUI4REUwMUM2
NDE5MTFFRjgzRkZCRjNDQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZ/vvMA0GCSqGSIb3DQEBCwUAA4IBAQBzHy5J1SaqepkXvq+wFElr
QjQSP1ta9cMADCqNfymg/VIW/x2FtLYARzpybjbRxqCOU7l9QudJv8cBuSmkpIFa
E+B33nKD19z8pPCjotj4Q2V+Mc3Nl7eBOIqh9wa67ujzoJU1Ifh8Dpvc83FNuUEq
tGkA3AgxvmSVXmp6epLH/mMTeIjXLBEoXAdkDXOwiJ5TKPNbhaeVxucBK66zlLhS
skAOeIOTgZfvUFeNfxMH4B4oH3u11IUzc+CYHUhPQbv1oJWwbeazR7GbzznZtaQg
j9bOafvUjkK4v1DuI9hxTEyaeW6kFcBphmucP7PPb/sRS6YbUoM05fvA84WHm3LN
-----END CERTIFICATE-----
Generated at Wed Jul 8 19:03:48 2026 by rpki-client