Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/67BED8CA760911F19399FA927BA30FBC.roa
File:                     67BED8CA760911F19399FA927BA30FBC.roa (raw, json)
Hash identifier:          YyyALpI3Lw8dM5NZb40HSHcBSIvoWXZFh98HIuyioXk=
Subject key identifier:   56:87:D0:3A:85:0F:A7:27:10:15:85:B1:44:3D:77:ED:C8:50:68:D0
Certificate issuer:       /CN=A91E208A/serialNumber=681B2E54CEB5402CA8116037B15416B1E65ED4DA
Certificate serial:       02
Authority key identifier: 68:1B:2E:54:CE:B5:40:2C:A8:11:60:37:B1:54:16:B1:E6:5E:D4:DA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aBsuVM61QCyoEWA3sVQWseZe1No.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/67BED8CA760911F19399FA927BA30FBC.roa
Signing time:             Thu 02 Jul 2026 11:30:19 +0000
ROA not before:           Thu 02 Jul 2026 11:30:19 +0000
ROA not after:            Sun 31 Oct 2027 00:00:00 +0000
asID:                     151954
IP address blocks:        2001:df7:2bc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/aBsuVM61QCyoEWA3sVQWseZe1No.crl
                          rsync://rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/aBsuVM61QCyoEWA3sVQWseZe1No.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aBsuVM61QCyoEWA3sVQWseZe1No.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:09:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E208A, serialNumber=681B2E54CEB5402CA8116037B15416B1E65ED4DA
        Validity
            Not Before: Jul  2 11:30:19 2026 GMT
            Not After : Oct 31 00:00:00 2027 GMT
        Subject: CN=6a464bcb-3882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:af:fb:c4:60:b7:50:5c:9a:be:6c:9f:12:f2:
                    73:27:92:33:ae:3b:e4:0b:a6:2a:b9:d6:1e:a2:2f:
                    1a:a9:86:40:29:26:85:94:64:f0:4a:3a:01:a3:3e:
                    5d:63:4b:06:42:2b:ca:0a:7d:7d:b5:20:d1:44:e8:
                    53:74:c2:f7:a0:8e:d7:f3:f8:9a:2d:90:23:da:2b:
                    4f:fa:9b:b8:e5:24:35:f3:45:82:5a:d4:2b:7e:dc:
                    96:f5:e7:47:34:b6:14:d1:d8:93:1a:80:13:3d:c9:
                    90:30:ac:03:16:d9:79:d8:c5:25:58:c1:f4:25:01:
                    9e:d8:50:f5:f0:d2:7d:9b:70:b2:0d:30:46:53:28:
                    75:da:ee:6a:57:9d:cc:af:99:5c:a1:8f:02:a9:59:
                    1a:54:66:7c:42:24:c8:61:5c:9b:c5:08:0c:fb:fc:
                    bd:ef:91:0e:a0:44:8f:cc:c7:bf:d0:42:f1:34:14:
                    86:fb:ad:c2:f2:c1:3d:0b:d1:87:40:30:d9:17:67:
                    cb:e9:53:d2:ca:f6:79:f3:d4:b5:82:be:57:4d:14:
                    bb:6e:23:41:ff:2d:35:bf:73:a7:6c:1d:3c:10:b4:
                    28:76:bd:b6:ad:6e:3e:17:fd:87:68:93:15:ab:47:
                    cf:67:bd:03:60:bf:75:df:f1:f7:a5:8e:d6:9c:0a:
                    32:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:87:D0:3A:85:0F:A7:27:10:15:85:B1:44:3D:77:ED:C8:50:68:D0
            X509v3 Authority Key Identifier:
                keyid:68:1B:2E:54:CE:B5:40:2C:A8:11:60:37:B1:54:16:B1:E6:5E:D4:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/aBsuVM61QCyoEWA3sVQWseZe1No.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aBsuVM61QCyoEWA3sVQWseZe1No.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E208A/7AA2475A760511F1B63166DF79A30FBC/67BED8CA760911F19399FA927BA30FBC.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df7:2bc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:b9:82:40:13:d9:ce:1d:53:00:6f:e5:bc:df:4d:ee:79:bd:
         8d:41:c9:06:77:14:52:ef:1a:5d:cf:03:2d:7d:27:d9:d4:16:
         07:dc:0b:d0:14:d8:f5:20:df:c8:af:49:91:aa:49:1b:2c:df:
         95:8d:87:30:dd:26:5a:ea:be:36:db:33:32:0c:d8:9e:66:a3:
         af:7a:c6:c0:e6:72:42:d6:06:ed:49:e3:8a:80:f8:e5:08:2b:
         49:d2:82:09:5a:4e:19:3d:b8:fe:b6:9a:0b:e2:21:6a:c6:3a:
         5a:8c:0b:29:33:d9:6e:fa:8b:7f:33:1e:10:e6:dd:85:84:c1:
         f4:63:72:10:9d:04:55:9b:76:fd:aa:39:e1:45:59:5e:8c:50:
         ac:f6:22:98:7a:b9:af:eb:6f:e7:aa:c8:1a:58:06:af:16:03:
         36:c1:d5:e4:0b:fe:91:0c:30:2b:b9:7d:42:e2:cf:3e:44:11:
         61:f5:e3:f3:b2:67:b9:28:26:48:52:36:7d:3b:45:84:94:1b:
         f6:b9:07:77:4f:0b:02:8c:4a:c2:df:45:7f:86:3d:59:92:72:
         75:e7:94:26:37:2d:f5:74:00:12:7e:0a:66:a0:f3:1d:be:62:
         73:46:31:90:5a:64:2c:9b:68:59:1e:cd:e4:e7:f2:19:b2:8f:
         69:e5:af:94
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
MjA4QTExMC8GA1UEBRMoNjgxQjJFNTRDRUI1NDAyQ0E4MTE2MDM3QjE1NDE2QjFF
NjVFRDREQTAeFw0yNjA3MDIxMTMwMTlaFw0yNzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhNDY0YmNiLTM4ODIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIr/vEYLdQXJq+bJ8S8nMnkjOuO+QLpiq51h6iLxqphkApJoWUZPBKOgGjPl1j
SwZCK8oKfX21INFE6FN0wvegjtfz+JotkCPaK0/6m7jlJDXzRYJa1Ct+3Jb150c0
thTR2JMagBM9yZAwrAMW2XnYxSVYwfQlAZ7YUPXw0n2bcLINMEZTKHXa7mpXncyv
mVyhjwKpWRpUZnxCJMhhXJvFCAz7/L3vkQ6gRI/Mx7/QQvE0FIb7rcLywT0L0YdA
MNkXZ8vpU9LK9nnz1LWCvldNFLtuI0H/LTW/c6dsHTwQtCh2vbatbj4X/YdokxWr
R89nvQNgv3Xf8feljtacCjJ7AgMBAAGjggJjMIICXzAdBgNVHQ4EFgQUVofQOoUP
pycQFYWxRD137chQaNAwHwYDVR0jBBgwFoAUaBsuVM61QCyoEWA3sVQWseZe1Now
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUUyMDhBLzdBQTI0NzVBNzYw
NTExRjFCNjMxNjZERjc5QTMwRkJDL2FCc3VWTTYxUUN5b0VXQTNzVlFXc2VaZTFO
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYUJzdVZNNjFRQ3lvRVdBM3NWUVdzZVplMU5vLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
MjA4QS83QUEyNDc1QTc2MDUxMUYxQjYzMTY2REY3OUEzMEZCQy82N0JFRDhDQTc2
MDkxMUYxOTM5OUZBOTI3QkEzMEZCQy5yb2EwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAgAQ33K8AwDQYJKoZIhvcNAQELBQADggEBAFS5gkAT2c4dUwBv5bzf
Te55vY1ByQZ3FFLvGl3PAy19J9nUFgfcC9AU2PUg38ivSZGqSRss35WNhzDdJlrq
vjbbMzIM2J5mo696xsDmckLWBu1J44qA+OUIK0nSgglaThk9uP62mgviIWrGOlqM
Cykz2W76i38zHhDm3YWEwfRjchCdBFWbdv2qOeFFWV6MUKz2Iph6ua/rb+eqyBpY
Bq8WAzbB1eQL/pEMMCu5fULizz5EEWH14/OyZ7koJkhSNn07RYSUG/a5B3dPCwKM
SsLfRX+GPVmScnXnlCY3LfV0ABJ+Cmag8x2+YnNGMZBaZCybaFkezeTn8hmyj2nl
r5Q=
-----END CERTIFICATE-----
Generated at Sun Jul 5 08:36:04 2026 by rpki-client