Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/53AD6F32DA5E11EBA323F462C4F9AE02.roa
File:                     53AD6F32DA5E11EBA323F462C4F9AE02.roa (raw, json)
Hash identifier:          cye1hIVFGwa2LCmeYD2ib4pZaHJ8xh8Jr5cItjYasmo=
Subject key identifier:   00:51:76:E6:AC:F2:67:5E:BE:73:EE:CB:24:10:11:03:A2:04:88:75
Certificate issuer:       /CN=A91E2B66/serialNumber=B013B972B42CA5AD9F6A162BF3B5C74F933C1E05
Certificate serial:       065A
Authority key identifier: B0:13:B9:72:B4:2C:A5:AD:9F:6A:16:2B:F3:B5:C7:4F:93:3C:1E:05
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sBO5crQspa2fahYr87XHT5M8HgU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/53AD6F32DA5E11EBA323F462C4F9AE02.roa
Signing time:             Fri 26 Jun 2026 23:27:54 +0000
ROA not before:           Fri 26 Jun 2026 23:27:54 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        103.168.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/sBO5crQspa2fahYr87XHT5M8HgU.crl
                          rsync://rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/sBO5crQspa2fahYr87XHT5M8HgU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sBO5crQspa2fahYr87XHT5M8HgU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 Jul 2026 22:58:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1626 (0x65a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E2B66, serialNumber=B013B972B42CA5AD9F6A162BF3B5C74F933C1E05
        Validity
            Not Before: Jun 26 23:27:54 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3f0af9-0be6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4c:ea:35:df:d2:ca:1a:11:d4:c9:12:d3:17:
                    ec:74:ba:28:26:04:91:8d:e1:6a:74:97:d2:c8:84:
                    ab:9b:43:41:97:07:4d:e8:ba:43:bb:22:e5:bc:65:
                    5d:ec:dd:7e:dd:33:c1:da:49:86:a7:07:8d:33:95:
                    0c:66:28:e1:b0:d3:37:60:5d:19:cf:e4:ae:a8:0d:
                    80:7d:e5:b9:67:a1:c9:7f:b4:ac:ae:b8:a5:88:f8:
                    8f:4f:64:ae:5c:be:b7:97:f6:0e:25:57:19:7c:9c:
                    c9:7a:85:fc:a2:04:35:0e:c3:28:90:9e:5c:f9:90:
                    2a:da:18:09:7e:c0:9c:56:31:56:6a:8c:8b:b4:14:
                    0b:24:0e:ac:f4:d6:68:9e:43:34:c4:e0:54:81:43:
                    eb:3a:60:1e:63:ff:6a:48:cb:c1:2d:bd:71:54:da:
                    32:98:b4:c1:8a:e0:81:9b:95:75:2d:57:30:18:1b:
                    58:ac:b9:b2:c6:e8:22:88:24:00:02:b9:ac:67:15:
                    16:d6:15:9d:5c:a3:7b:cf:ad:c1:45:b0:cb:5a:c0:
                    89:4a:10:48:3b:cc:65:e0:c2:77:21:30:8a:99:48:
                    d6:f8:01:e8:41:2b:29:8e:f4:b0:9d:db:62:fc:ce:
                    73:e2:22:56:25:20:85:73:80:2e:ed:8c:92:6c:a6:
                    c3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:51:76:E6:AC:F2:67:5E:BE:73:EE:CB:24:10:11:03:A2:04:88:75
            X509v3 Authority Key Identifier:
                keyid:B0:13:B9:72:B4:2C:A5:AD:9F:6A:16:2B:F3:B5:C7:4F:93:3C:1E:05

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/sBO5crQspa2fahYr87XHT5M8HgU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sBO5crQspa2fahYr87XHT5M8HgU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E2B66/53E8FBEADA5B11EB83BE371AC4F9AE02/53AD6F32DA5E11EBA323F462C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.168.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:2d:aa:bb:4a:04:46:57:e4:eb:a8:c9:0a:a0:48:85:1d:e8:
         cc:b8:52:19:39:1c:5a:c1:5c:47:4b:7d:8c:95:d9:34:7b:20:
         16:b7:11:f7:97:69:ce:a2:ca:54:3e:72:53:56:c0:86:a5:a7:
         8f:27:30:b9:a8:9a:0f:85:5f:46:ff:b6:e3:1e:df:af:e5:fb:
         88:07:90:ce:5e:7d:ba:e4:d9:a6:d0:71:8d:5c:72:b7:d7:80:
         23:0a:6e:a3:6f:47:70:53:52:0e:e1:93:b3:ec:94:be:0e:a5:
         53:4f:11:97:ed:2f:39:73:11:a9:10:7c:31:ba:77:8c:8b:f6:
         b5:ca:a6:c5:69:34:9a:99:18:d2:cd:7d:91:2f:7a:2e:5a:b5:
         4b:1c:3e:45:e6:f9:d9:c2:9f:88:a0:b1:01:e9:4d:80:83:8f:
         6d:a9:b0:4d:2c:39:66:5d:4e:c2:e9:45:c0:1e:5a:e7:20:3e:
         00:bd:ae:61:8d:e5:c7:62:38:65:7c:bf:7a:65:ba:33:c3:70:
         f5:4f:6e:97:8d:dc:be:64:59:9b:09:5f:53:7d:71:48:bf:8f:
         30:c5:c8:d7:76:5a:f6:1f:13:09:a2:a4:4e:5c:26:60:e3:f1:
         c1:ec:33:38:64:9c:21:d5:ba:dc:c7:2b:6c:f9:f6:46:87:cf:
         25:b0:91:7a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICBlowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTJCNjYxMTAvBgNVBAUTKEIwMTNCOTcyQjQyQ0E1QUQ5RjZBMTYyQkYzQjVDNzRG
OTMzQzFFMDUwHhcNMjYwNjI2MjMyNzU0WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNmMGFmOS0wYmU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA30zqNd/SyhoR1MkS0xfsdLooJgSRjeFqdJfSyISrm0NBlwdN6LpDuyLlvGVd
7N1+3TPB2kmGpweNM5UMZijhsNM3YF0Zz+SuqA2AfeW5Z6HJf7SsrriliPiPT2Su
XL63l/YOJVcZfJzJeoX8ogQ1DsMokJ5c+ZAq2hgJfsCcVjFWaoyLtBQLJA6s9NZo
nkM0xOBUgUPrOmAeY/9qSMvBLb1xVNoymLTBiuCBm5V1LVcwGBtYrLmyxugiiCQA
ArmsZxUW1hWdXKN7z63BRbDLWsCJShBIO8xl4MJ3ITCKmUjW+AHoQSspjvSwndti
/M5z4iJWJSCFc4Au7YySbKbDHwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFABRduas
8mdevnPuyyQQEQOiBIh1MB8GA1UdIwQYMBaAFLATuXK0LKWtn2oWK/O1x0+TPB4F
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMkI2Ni81M0U4RkJFQURB
NUIxMUVCODNCRTM3MUFDNEY5QUUwMi9zQk81Y3JRc3BhMmZhaFlyODdYSFQ1TThI
Z1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3NCTzVjclFzcGEyZmFoWXI4N1hIVDVNOEhnVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTJCNjYvNTNFOEZCRUFEQTVCMTFFQjgzQkUzNzFBQzRGOUFFMDIvNTNBRDZGMzJE
QTVFMTFFQkEzMjNGNDYyQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZ6jRMA0GCSqGSIb3DQEBCwUAA4IBAQCKLaq7SgRGV+TrqMkKoEiF
HejMuFIZORxawVxHS32Mldk0eyAWtxH3l2nOospUPnJTVsCGpaePJzC5qJoPhV9G
/7bjHt+v5fuIB5DOXn265Nmm0HGNXHK314AjCm6jb0dwU1IO4ZOz7JS+DqVTTxGX
7S85cxGpEHwxuneMi/a1yqbFaTSamRjSzX2RL3ouWrVLHD5F5vnZwp+IoLEB6U2A
g49tqbBNLDlmXU7C6UXAHlrnID4Ava5hjeXHYjhlfL96Zbozw3D1T26Xjdy+ZFmb
CV9TfXFIv48wxcjXdlr2HxMJoqROXCZg4/HB7DM4ZJwh1brcxyts+fZGh88lsJF6
-----END CERTIFICATE-----
Generated at Mon Jul 6 21:08:29 2026 by rpki-client