Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/D0F5F16EBFB811F0B09C3E14C4F9AE02.roa
File:                     D0F5F16EBFB811F0B09C3E14C4F9AE02.roa (raw, json)
Hash identifier:          1WAgyDVr7T/ZzAZxntulyNT3jzkimem9SBFbIz5amdM=
Subject key identifier:   1F:7E:9E:36:94:6F:4C:59:49:F0:DA:1D:40:5E:E2:CF:76:14:E6:16
Certificate issuer:       /CN=A91EB002/serialNumber=9EF3E604A63F2CEF4BDDE37DCA890D0451967AEC
Certificate serial:       01CE
Authority key identifier: 9E:F3:E6:04:A6:3F:2C:EF:4B:DD:E3:7D:CA:89:0D:04:51:96:7A:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvPmBKY_LO9L3eN9yokNBFGWeuw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/D0F5F16EBFB811F0B09C3E14C4F9AE02.roa
Signing time:             Wed 01 Jul 2026 06:31:10 +0000
ROA not before:           Wed 01 Jul 2026 06:31:10 +0000
ROA not after:            Fri 30 Oct 2026 00:00:00 +0000
asID:                     134186
IP address blocks:        103.40.166.0/24 maxlen: 24
                          103.40.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/nvPmBKY_LO9L3eN9yokNBFGWeuw.crl
                          rsync://rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/nvPmBKY_LO9L3eN9yokNBFGWeuw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvPmBKY_LO9L3eN9yokNBFGWeuw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 04:56:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 462 (0x1ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB002, serialNumber=9EF3E604A63F2CEF4BDDE37DCA890D0451967AEC
        Validity
            Not Before: Jul  1 06:31:10 2026 GMT
            Not After : Oct 30 00:00:00 2026 GMT
        Subject: CN=6a44b42e-f311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bd:b6:c9:e1:39:d4:9e:68:3e:15:d5:9c:a0:
                    d0:79:d3:ee:33:ce:11:50:47:7f:96:ad:ef:82:b2:
                    64:69:fa:47:c5:a0:50:32:7e:00:7e:67:c1:2c:8c:
                    25:65:df:cd:72:f6:e5:b3:19:0d:ae:b6:ed:7f:53:
                    71:b6:a6:85:5a:fc:16:c2:6b:5f:06:9f:0f:8e:3a:
                    c7:7b:e7:47:50:21:b4:f9:74:32:ac:ed:dc:02:bc:
                    7a:ad:31:f8:5e:aa:4e:44:58:8a:ec:7c:08:d4:39:
                    9c:07:5a:42:95:ee:11:88:f2:70:61:cc:55:b1:57:
                    af:e9:f9:26:b4:1d:9e:19:5b:2d:68:d5:80:7e:ec:
                    b7:5b:bb:49:a8:57:55:94:d5:c9:fc:86:00:46:38:
                    ab:d7:0c:b9:fd:53:5c:37:c3:c2:58:b9:95:3c:99:
                    25:64:e5:ae:35:4c:e5:44:65:68:f8:b2:17:38:be:
                    9e:de:c5:be:f6:ee:63:ba:68:53:f8:86:82:03:ee:
                    4e:ad:67:44:8e:2b:ff:fe:dc:6a:6c:fe:c9:ba:af:
                    ca:12:45:96:2f:45:e4:41:be:6f:d7:48:81:f7:d5:
                    7c:3a:54:7b:c8:14:c4:1f:df:c7:6a:d0:63:16:c3:
                    54:46:51:24:30:5b:e9:cd:d5:4c:de:2a:d2:33:77:
                    bd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7E:9E:36:94:6F:4C:59:49:F0:DA:1D:40:5E:E2:CF:76:14:E6:16
            X509v3 Authority Key Identifier:
                keyid:9E:F3:E6:04:A6:3F:2C:EF:4B:DD:E3:7D:CA:89:0D:04:51:96:7A:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/nvPmBKY_LO9L3eN9yokNBFGWeuw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvPmBKY_LO9L3eN9yokNBFGWeuw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB002/E24F8234022E11EF856F5132C4F9AE02/D0F5F16EBFB811F0B09C3E14C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.40.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:a2:4c:ba:27:1c:ac:e9:59:81:a1:e3:eb:0e:36:fa:a1:79:
         97:c6:ed:aa:cd:af:64:fe:c6:5e:03:0b:ef:63:bd:38:84:0f:
         89:d7:80:90:b3:59:fe:59:c9:51:c9:7a:6e:bf:04:59:96:bf:
         4f:ed:de:d4:31:79:3a:c9:35:57:7d:20:ef:3b:11:d0:87:0f:
         5d:41:8b:de:0f:de:cb:5a:5e:c6:1b:88:40:3a:bd:27:a3:6f:
         c3:b5:49:77:73:71:26:51:2d:59:f3:72:39:c8:76:30:3d:95:
         1b:8e:1c:0d:91:79:26:71:36:cd:fd:cc:64:c4:e8:7b:7d:da:
         72:38:4f:b6:6e:4f:51:d6:9d:a8:cd:94:36:24:ba:bc:52:1d:
         cc:6f:be:5c:ef:7a:8d:20:f0:49:1c:37:07:f7:cd:10:cc:20:
         b5:3d:94:ad:54:93:75:29:b1:ff:df:49:cb:18:a4:5f:11:04:
         a8:88:61:41:58:37:07:a4:ae:73:54:cf:86:67:96:c5:7d:7d:
         c2:59:78:7a:71:e3:41:20:1d:5a:b4:33:99:aa:22:75:a7:86:
         d9:ae:82:ef:54:91:b9:e3:29:bd:db:dd:32:f0:73:e2:e0:eb:
         c1:1e:73:4e:23:ab:c2:ec:93:ec:a0:c0:6f:a3:88:04:a5:66:
         a4:d7:0d:f1
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAc4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUIwMDIxMTAvBgNVBAUTKDlFRjNFNjA0QTYzRjJDRUY0QkRERTM3RENBODkwRDA0
NTE5NjdBRUMwHhcNMjYwNzAxMDYzMTEwWhcNMjYxMDMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ0YjQyZS1mMzExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs722yeE51J5oPhXVnKDQedPuM84RUEd/lq3vgrJkafpHxaBQMn4AfmfBLIwl
Zd/NcvblsxkNrrbtf1NxtqaFWvwWwmtfBp8PjjrHe+dHUCG0+XQyrO3cArx6rTH4
XqpORFiK7HwI1DmcB1pCle4RiPJwYcxVsVev6fkmtB2eGVstaNWAfuy3W7tJqFdV
lNXJ/IYARjir1wy5/VNcN8PCWLmVPJklZOWuNUzlRGVo+LIXOL6e3sW+9u5jumhT
+IaCA+5OrWdEjiv//txqbP7Juq/KEkWWL0XkQb5v10iB99V8OlR7yBTEH9/HatBj
FsNURlEkMFvpzdVM3irSM3e9BQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFB9+njaU
b0xZSfDaHUBe4s92FOYWMB8GA1UdIwQYMBaAFJ7z5gSmPyzvS93jfcqJDQRRlnrs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjAwMi9FMjRGODIzNDAy
MkUxMUVGODU2RjUxMzJDNEY5QUUwMi9udlBtQktZX0xPOUwzZU45eW9rTkJGR1dl
dXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL252UG1CS1lfTE85TDNlTjl5b2tOQkZHV2V1dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUIwMDIvRTI0RjgyMzQwMjJFMTFFRjg1NkY1MTMyQzRGOUFFMDIvRDBGNUYxNkVC
RkI4MTFGMEIwOUMzRTE0QzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBZyimMA0GCSqGSIb3DQEBCwUAA4IBAQAboky6Jxys6VmBoePrDjb6
oXmXxu2qza9k/sZeAwvvY704hA+J14CQs1n+WclRyXpuvwRZlr9P7d7UMXk6yTVX
fSDvOxHQhw9dQYveD97LWl7GG4hAOr0no2/DtUl3c3EmUS1Z83I5yHYwPZUbjhwN
kXkmcTbN/cxkxOh7fdpyOE+2bk9R1p2ozZQ2JLq8Uh3Mb75c73qNIPBJHDcH980Q
zCC1PZStVJN1KbH/30nLGKRfEQSoiGFBWDcHpK5zVM+GZ5bFfX3CWXh6ceNBIB1a
tDOZqiJ1p4bZroLvVJG54ym9290y8HPi4OvBHnNOI6vC7JPsoMBvo4gEpWak1w3x
-----END CERTIFICATE-----
Generated at Sat Jul 4 00:40:29 2026 by rpki-client