Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/FA3FF1D4F13D11EC9B673A2AC4F9AE02.roa
File:                     FA3FF1D4F13D11EC9B673A2AC4F9AE02.roa (raw, json)
Hash identifier:          8YdQLsUZCKBzraMiXXqY3e6CtfbysTpmjgszsI0exrg=
Subject key identifier:   C3:D0:C3:7D:A8:8E:F5:09:D6:B8:24:75:CC:9F:A4:44:5D:A6:E9:3F
Certificate issuer:       /CN=A91F0C73/serialNumber=5E709949BAA40A7D47D44D211690B377E051C45F
Certificate serial:       039C
Authority key identifier: 5E:70:99:49:BA:A4:0A:7D:47:D4:4D:21:16:90:B3:77:E0:51:C4:5F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XnCZSbqkCn1H1E0hFpCzd-BRxF8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/FA3FF1D4F13D11EC9B673A2AC4F9AE02.roa
Signing time:             Fri 03 Jul 2026 01:27:04 +0000
ROA not before:           Fri 03 Jul 2026 01:27:04 +0000
ROA not after:            Thu 30 Sep 2027 00:00:00 +0000
asID:                     58057
IP address blocks:        103.189.238.0/23 maxlen: 24
                          2001:df0:de40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/XnCZSbqkCn1H1E0hFpCzd-BRxF8.crl
                          rsync://rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/XnCZSbqkCn1H1E0hFpCzd-BRxF8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XnCZSbqkCn1H1E0hFpCzd-BRxF8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Jul 2026 01:24:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 924 (0x39c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F0C73, serialNumber=5E709949BAA40A7D47D44D211690B377E051C45F
        Validity
            Not Before: Jul  3 01:27:04 2026 GMT
            Not After : Sep 30 00:00:00 2027 GMT
        Subject: CN=6a470fe7-6dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d8:8c:0f:1b:d0:6c:75:99:fb:e6:23:b0:9d:
                    7e:27:2a:23:17:23:72:87:3e:78:d7:bf:35:01:a5:
                    73:8c:1c:73:7a:ba:db:3f:1c:11:0a:b7:b2:53:aa:
                    b1:e6:ee:87:a2:14:da:23:9a:21:f5:3a:8d:88:52:
                    d9:e3:f9:92:08:a8:ec:c9:80:c8:ec:65:02:73:20:
                    98:0b:14:5d:79:0c:bf:ae:c1:2e:45:3a:b1:f3:cb:
                    7f:8f:f8:f6:0f:05:26:a4:22:2c:90:f7:0a:64:62:
                    7c:d4:20:94:0e:5b:3d:87:ee:da:bc:9d:a7:fc:52:
                    79:fa:c1:5f:39:1a:83:9b:c8:ba:c2:70:f5:d1:c8:
                    79:bb:85:9c:a6:7e:b8:d5:ff:c6:35:4c:1d:d0:b8:
                    bc:3e:07:67:f7:a4:be:3b:37:d2:7a:3c:d3:dd:f7:
                    86:1d:36:2c:93:4b:a1:83:6e:43:bc:c5:49:fe:3e:
                    80:72:c6:51:52:9e:00:52:a9:20:e8:21:f2:97:f2:
                    8d:99:44:50:f7:58:ca:10:46:ca:1b:60:bb:e7:bb:
                    c2:fa:69:f2:4c:dc:ac:e3:79:75:af:48:0f:09:07:
                    9e:c2:b3:ae:0a:7b:33:ba:f3:22:30:0c:a2:d8:32:
                    4f:0d:cd:a8:54:e2:0d:de:d6:a7:26:02:48:90:9a:
                    bc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D0:C3:7D:A8:8E:F5:09:D6:B8:24:75:CC:9F:A4:44:5D:A6:E9:3F
            X509v3 Authority Key Identifier:
                keyid:5E:70:99:49:BA:A4:0A:7D:47:D4:4D:21:16:90:B3:77:E0:51:C4:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/XnCZSbqkCn1H1E0hFpCzd-BRxF8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XnCZSbqkCn1H1E0hFpCzd-BRxF8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F0C73/821457D2F13711EC97F74F0CC4F9AE02/FA3FF1D4F13D11EC9B673A2AC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.189.238.0/23
                IPv6:
                  2001:df0:de40::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:a8:0b:72:00:82:33:2c:06:6b:66:29:cb:4a:7a:bf:c3:bd:
         8d:d9:8c:32:21:3e:5c:20:5e:ff:82:6b:5c:3d:c0:5c:29:9c:
         52:dd:8a:4f:40:e9:4c:3e:fe:f9:1d:5f:19:28:29:5a:28:62:
         9d:0f:e2:3c:4f:7a:53:c1:1c:72:ef:47:76:7b:c3:d8:23:df:
         ae:db:f2:92:91:51:6c:ae:63:14:a2:e7:06:5a:e7:3d:91:94:
         9e:47:b7:c5:90:f8:cd:d7:4d:a4:f9:fb:34:f2:5c:04:85:7f:
         f2:77:5a:94:80:1d:76:b8:cd:a6:06:22:b5:89:f6:69:55:74:
         06:ad:71:a7:ed:66:ac:a6:17:f7:6d:0b:04:eb:b9:7b:f1:1e:
         95:c3:16:8e:1e:5f:80:68:d1:a6:5d:98:1d:93:ef:67:e9:a8:
         35:86:b1:4e:cb:10:18:9c:e3:65:ff:69:e7:71:11:4d:d7:2d:
         35:d0:fe:ab:c9:96:1c:5b:70:bb:90:b9:2b:e7:4c:21:fa:75:
         b2:87:a8:55:6e:4e:d7:e3:c0:85:4d:ad:fc:0a:37:8d:06:ff:
         ca:7a:52:df:17:f3:c3:b8:7f:5d:fc:07:4b:61:88:e8:91:de:
         34:af:30:eb:17:76:41:12:78:4c:b8:c3:7c:e6:0f:52:6f:3b:
         4a:a0:19:17
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgICA5wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjBDNzMxMTAvBgNVBAUTKDVFNzA5OTQ5QkFBNDBBN0Q0N0Q0NEQyMTE2OTBCMzc3
RTA1MUM0NUYwHhcNMjYwNzAzMDEyNzA0WhcNMjcwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3MGZlNy02ZGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4diMDxvQbHWZ++YjsJ1+JyojFyNyhz541781AaVzjBxzerrbPxwRCreyU6qx
5u6HohTaI5oh9TqNiFLZ4/mSCKjsyYDI7GUCcyCYCxRdeQy/rsEuRTqx88t/j/j2
DwUmpCIskPcKZGJ81CCUDls9h+7avJ2n/FJ5+sFfORqDm8i6wnD10ch5u4Wcpn64
1f/GNUwd0Li8Pgdn96S+OzfSejzT3feGHTYsk0uhg25DvMVJ/j6AcsZRUp4AUqkg
6CHyl/KNmURQ91jKEEbKG2C757vC+mnyTNys43l1r0gPCQeewrOuCnszuvMiMAyi
2DJPDc2oVOIN3tanJgJIkJq8vwIDAQABo4ICcTCCAm0wHQYDVR0OBBYEFMPQw32o
jvUJ1rgkdcyfpERdpuk/MB8GA1UdIwQYMBaAFF5wmUm6pAp9R9RNIRaQs3fgUcRf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMEM3My84MjE0NTdEMkYx
MzcxMUVDOTdGNzRGMENDNEY5QUUwMi9YbkNaU2Jxa0NuMUgxRTBoRnBDemQtQlJ4
RjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1huQ1pTYnFrQ24xSDFFMGhGcEN6ZC1CUnhGOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjBDNzMvODIxNDU3RDJGMTM3MTFFQzk3Rjc0RjBDQzRGOUFFMDIvRkEzRkYxRDRG
MTNEMTFFQzlCNjczQTJBQzRGOUFFMDIucm9hMDAGCCsGAQUFBwEHAQH/BCEwHzAM
BAIAATAGAwQBZ73uMA8EAgACMAkDBwAgAQ3w3kAwDQYJKoZIhvcNAQELBQADggEB
ADGoC3IAgjMsBmtmKctKer/DvY3ZjDIhPlwgXv+Ca1w9wFwpnFLdik9A6Uw+/vkd
XxkoKVooYp0P4jxPelPBHHLvR3Z7w9gj367b8pKRUWyuYxSi5wZa5z2RlJ5Ht8WQ
+M3XTaT5+zTyXASFf/J3WpSAHXa4zaYGIrWJ9mlVdAatcaftZqymF/dtCwTruXvx
HpXDFo4eX4Bo0aZdmB2T72fpqDWGsU7LEBic42X/aedxEU3XLTXQ/qvJlhxbcLuQ
uSvnTCH6dbKHqFVuTtfjwIVNrfwKN40G/8p6Ut8X88O4f138B0thiOiR3jSvMOsX
dkESeEy4w3zmD1JvO0qgGRc=
-----END CERTIFICATE-----
Generated at Wed Jul 15 13:19:42 2026 by rpki-client