Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/A3AA461082BE11EB93A19A35C4F9AE02.roa
File:                     A3AA461082BE11EB93A19A35C4F9AE02.roa (raw, json)
Hash identifier:          9HJlbi50cF2Fxh6WrQDmZeGcmpmSEkLRIgCF7xNLfio=
Subject key identifier:   54:53:7C:FB:E6:6A:C0:03:71:39:95:AD:CD:EF:20:84:BC:39:8F:1A
Certificate issuer:       /CN=A91E1ED2/serialNumber=A48A939B67DB22BAF77E007B21DF3B745B628390
Certificate serial:       0731
Authority key identifier: A4:8A:93:9B:67:DB:22:BA:F7:7E:00:7B:21:DF:3B:74:5B:62:83:90
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pIqTm2fbIrr3fgB7Id87dFtig5A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/A3AA461082BE11EB93A19A35C4F9AE02.roa
Signing time:             Mon 22 Jun 2026 22:25:57 +0000
ROA not before:           Mon 22 Jun 2026 22:25:57 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     138013
IP address blocks:        103.150.77.0/24 maxlen: 24
                          103.151.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/pIqTm2fbIrr3fgB7Id87dFtig5A.crl
                          rsync://rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/pIqTm2fbIrr3fgB7Id87dFtig5A.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pIqTm2fbIrr3fgB7Id87dFtig5A.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 22:07:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1841 (0x731)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E1ED2, serialNumber=A48A939B67DB22BAF77E007B21DF3B745B628390
        Validity
            Not Before: Jun 22 22:25:57 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a39b675-de00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f0:40:41:23:4c:95:8d:c0:42:4b:a1:23:03:
                    61:3d:f7:4a:69:4f:5f:e8:3a:35:78:4e:5b:3a:7d:
                    7f:6e:04:38:22:12:4a:f3:39:a5:0d:9c:2f:b4:ec:
                    12:f3:11:35:21:b3:34:c0:19:58:de:40:fa:48:31:
                    d3:46:0e:17:a2:92:b7:32:4a:a7:18:e8:c5:e7:45:
                    28:35:6b:9b:07:1d:72:1c:4c:af:ac:c0:ad:5b:28:
                    6a:fe:86:c3:30:80:e2:30:11:6a:8f:b8:e8:65:8a:
                    5f:92:8b:55:a4:ee:72:fc:67:06:0d:1b:bc:c5:58:
                    2f:49:09:da:8a:30:36:47:a9:f3:bd:fe:87:38:71:
                    b5:0b:6e:ea:54:ea:66:98:f3:b7:18:39:0c:97:f9:
                    af:00:63:b6:82:b4:56:b6:b1:7e:d2:74:ed:37:0e:
                    f7:5c:f9:79:d3:c6:de:d9:c7:0b:80:eb:0f:17:eb:
                    97:16:a9:64:e3:55:5c:b5:62:d4:e7:07:63:07:67:
                    6d:fb:13:f6:a7:6b:20:42:8c:23:68:90:8f:d0:26:
                    56:1c:dc:38:78:c6:02:53:16:8b:d7:6e:9a:14:9d:
                    71:80:21:96:09:9c:48:b3:89:5b:d6:06:4c:d9:d6:
                    3c:0e:73:2d:56:3b:c5:d6:5c:cd:c6:7d:51:63:ec:
                    79:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:53:7C:FB:E6:6A:C0:03:71:39:95:AD:CD:EF:20:84:BC:39:8F:1A
            X509v3 Authority Key Identifier:
                keyid:A4:8A:93:9B:67:DB:22:BA:F7:7E:00:7B:21:DF:3B:74:5B:62:83:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/pIqTm2fbIrr3fgB7Id87dFtig5A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pIqTm2fbIrr3fgB7Id87dFtig5A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E1ED2/3FE8DE6C82BD11EB9BC5D334C4F9AE02/A3AA461082BE11EB93A19A35C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.150.77.0/24
                  103.151.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3e:da:ff:fa:0f:34:9e:c6:09:15:00:51:b6:2f:a6:36:db:
         81:11:a7:43:95:24:29:0d:0c:52:10:fb:16:0c:46:33:26:dd:
         76:57:27:fe:2d:c5:7a:6f:5d:20:d7:ff:b1:e6:27:84:0a:8a:
         06:21:7c:e2:ba:91:7f:37:f1:94:da:82:54:59:0a:a3:9e:a7:
         06:73:9e:b5:57:cd:8e:3a:f2:a8:d7:fd:88:e5:8c:ca:2b:e5:
         37:4b:51:c4:3b:f8:23:28:a0:30:76:39:fd:71:64:bb:6c:83:
         83:a6:f0:e2:9a:ec:12:0e:0f:ee:d5:9b:d9:06:d6:73:c8:c3:
         2d:0c:95:4a:19:61:aa:73:4a:92:4f:2b:ca:31:30:8e:31:49:
         6b:30:35:2d:23:c4:35:64:65:79:6d:8a:a1:b0:84:32:8a:b7:
         1b:41:78:9c:d2:78:74:98:8d:c9:19:ac:96:8f:97:a9:cc:60:
         34:45:02:f8:f3:29:6a:7f:a9:ec:32:c5:fc:ed:90:b9:b3:24:
         0f:95:cb:ba:81:16:8b:59:e6:d4:8f:45:3b:e5:2d:50:6e:be:
         48:5d:97:e2:d4:6a:dd:a8:ce:f4:ca:bb:da:05:12:66:c6:49:
         64:92:6c:84:ee:40:1f:a0:26:f3:e3:31:d9:dc:4a:3d:da:66:
         a8:e9:e9:fd
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICBzEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTFFRDIxMTAvBgNVBAUTKEE0OEE5MzlCNjdEQjIyQkFGNzdFMDA3QjIxREYzQjc0
NUI2MjgzOTAwHhcNMjYwNjIyMjIyNTU3WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTM5YjY3NS1kZTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxvBAQSNMlY3AQkuhIwNhPfdKaU9f6Do1eE5bOn1/bgQ4IhJK8zmlDZwvtOwS
8xE1IbM0wBlY3kD6SDHTRg4XopK3MkqnGOjF50UoNWubBx1yHEyvrMCtWyhq/obD
MIDiMBFqj7joZYpfkotVpO5y/GcGDRu8xVgvSQnaijA2R6nzvf6HOHG1C27qVOpm
mPO3GDkMl/mvAGO2grRWtrF+0nTtNw73XPl508be2ccLgOsPF+uXFqlk41VctWLU
5wdjB2dt+xP2p2sgQowjaJCP0CZWHNw4eMYCUxaL126aFJ1xgCGWCZxIs4lb1gZM
2dY8DnMtVjvF1lzNxn1RY+x5YQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFFRTfPvm
asADcTmVrc3vIIS8OY8aMB8GA1UdIwQYMBaAFKSKk5tn2yK6934AeyHfO3RbYoOQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMUVEMi8zRkU4REU2Qzgy
QkQxMUVCOUJDNUQzMzRDNEY5QUUwMi9wSXFUbTJmYklycjNmZ0I3SWQ4N2RGdGln
NUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BJcVRtMmZiSXJyM2ZnQjdJZDg3ZEZ0aWc1QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTFFRDIvM0ZFOERFNkM4MkJEMTFFQjlCQzVEMzM0QzRGOUFFMDIvQTNBQTQ2MTA4
MkJFMTFFQjkzQTE5QTM1QzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQAZ5ZNAwQAZ5dUMA0GCSqGSIb3DQEBCwUAA4IBAQAqPtr/+g80nsYJ
FQBRti+mNtuBEadDlSQpDQxSEPsWDEYzJt12Vyf+LcV6b10g1/+x5ieECooGIXzi
upF/N/GU2oJUWQqjnqcGc561V82OOvKo1/2I5YzKK+U3S1HEO/gjKKAwdjn9cWS7
bIODpvDimuwSDg/u1ZvZBtZzyMMtDJVKGWGqc0qSTyvKMTCOMUlrMDUtI8Q1ZGV5
bYqhsIQyircbQXic0nh0mI3JGayWj5epzGA0RQL48ylqf6nsMsX87ZC5syQPlcu6
gRaLWebUj0U75S1Qbr5IXZfi1GrdqM70yrvaBRJmxklkkmyE7kAfoCbz4zHZ3Eo9
2mao6en9
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:42:40 2026 by rpki-client