Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/1E110D7E1DA011EFBC90D55EC4F9AE02.roa
File:                     1E110D7E1DA011EFBC90D55EC4F9AE02.roa (raw, json)
Hash identifier:          +RRVmyu9T8wrCLDEDj/JvMmPQcvUjexzi+aqUNqlK/A=
Subject key identifier:   F7:2C:18:6F:B3:1D:30:44:69:B5:8F:7E:82:3E:4A:D7:2A:01:D6:B8
Certificate issuer:       /CN=A91F4091/serialNumber=83C90151BE178214FC16758334D3B6D5277A3CBF
Certificate serial:       018B
Authority key identifier: 83:C9:01:51:BE:17:82:14:FC:16:75:83:34:D3:B6:D5:27:7A:3C:BF
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/g8kBUb4XghT8FnWDNNO21Sd6PL8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/1E110D7E1DA011EFBC90D55EC4F9AE02.roa
Signing time:             Thu 25 Jun 2026 05:35:28 +0000
ROA not before:           Thu 25 Jun 2026 05:35:28 +0000
ROA not after:            Tue 31 Aug 2027 00:00:00 +0000
asID:                     152882
IP address blocks:        160.20.132.0/24 maxlen: 24
                          160.20.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/g8kBUb4XghT8FnWDNNO21Sd6PL8.crl
                          rsync://rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/g8kBUb4XghT8FnWDNNO21Sd6PL8.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/g8kBUb4XghT8FnWDNNO21Sd6PL8.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:24:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 395 (0x18b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F4091, serialNumber=83C90151BE178214FC16758334D3B6D5277A3CBF
        Validity
            Not Before: Jun 25 05:35:28 2026 GMT
            Not After : Aug 31 00:00:00 2027 GMT
        Subject: CN=6a3cbe20-c862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2d:f3:a0:ee:05:60:19:f2:3d:1d:b2:11:51:
                    3b:4d:1c:68:66:f4:c7:59:6c:46:8c:79:fa:87:3f:
                    cb:8f:e8:34:80:5d:dc:14:6a:da:c2:65:bf:a9:3c:
                    fb:1a:fc:02:65:c6:ee:9f:a3:0c:24:e1:98:0e:02:
                    75:51:62:38:3f:58:a4:af:c4:df:43:f3:01:b8:5e:
                    51:dd:db:94:54:c9:dd:d7:7c:3d:60:73:bf:37:49:
                    eb:e9:f2:b8:fa:7e:06:bd:38:6a:47:30:a0:5f:44:
                    df:de:06:84:88:d8:f9:13:fe:b7:48:22:30:b2:01:
                    ee:e4:0b:6d:fa:f1:cf:ef:a9:36:92:3f:e6:17:b6:
                    31:a7:c6:49:e9:2a:40:8b:f2:95:b5:f6:08:a6:1a:
                    fa:df:72:56:cf:61:c0:96:9f:f6:e3:da:da:ce:55:
                    44:ec:16:5a:ad:33:d8:e9:d6:8d:82:cd:98:97:d9:
                    b5:02:e2:4d:7b:fb:0d:0a:22:13:c1:2f:ea:bb:30:
                    8a:46:3b:68:81:9a:73:1c:6a:f7:dc:64:5e:5b:97:
                    5e:fb:66:60:54:e4:ac:4e:42:74:6f:61:7c:92:f6:
                    d6:e2:31:7e:3f:3f:ef:5e:69:c5:b6:e0:35:8a:4d:
                    49:06:38:b2:c7:9f:6b:b5:ad:6d:8e:cc:c8:1c:3c:
                    b2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:2C:18:6F:B3:1D:30:44:69:B5:8F:7E:82:3E:4A:D7:2A:01:D6:B8
            X509v3 Authority Key Identifier:
                keyid:83:C9:01:51:BE:17:82:14:FC:16:75:83:34:D3:B6:D5:27:7A:3C:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/g8kBUb4XghT8FnWDNNO21Sd6PL8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/g8kBUb4XghT8FnWDNNO21Sd6PL8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F4091/5A116BAA1D9D11EFA10F2D3AC4F9AE02/1E110D7E1DA011EFBC90D55EC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:52:43:2d:45:08:d4:fe:b0:e3:eb:01:28:b0:bc:73:0c:27:
         69:40:ae:e5:f2:19:92:65:13:c4:87:03:48:25:df:dc:ac:8e:
         9a:b2:3d:b9:c0:97:43:36:1b:d7:3d:2e:a6:dc:4f:2d:67:04:
         d3:1b:c2:b2:c4:19:02:09:d9:d5:1b:5b:c2:af:9a:ef:ef:70:
         44:e8:2a:e9:95:d2:6f:4c:70:90:e7:d9:c4:36:e0:fa:a7:66:
         c4:40:eb:30:5a:55:1d:c8:31:b5:c6:6e:ba:85:0a:7f:ca:70:
         0b:fa:7f:70:2b:14:0f:81:63:95:25:c9:f9:94:57:e1:55:32:
         71:cb:61:4d:a3:dc:c8:48:82:3d:48:8f:02:e6:c2:15:d3:b1:
         09:3d:62:d2:71:b2:04:1f:f4:43:2b:2b:c0:aa:2d:5d:5f:e4:
         a6:39:a9:38:f6:2e:88:0b:b2:3d:d1:6a:2c:86:aa:b0:f2:f3:
         e5:a1:07:5c:20:da:48:93:5f:90:2d:df:5d:1c:f2:a1:5f:47:
         10:e8:31:39:31:e9:61:d9:85:b9:91:51:d0:79:1d:5a:07:19:
         85:46:ce:35:f8:c4:5c:6e:10:0e:14:81:27:d9:7c:d0:0f:67:
         cf:85:3c:63:a2:59:52:81:f9:06:fc:91:91:ca:89:ad:51:c9:
         99:f0:4d:97
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICAYswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjQwOTExMTAvBgNVBAUTKDgzQzkwMTUxQkUxNzgyMTRGQzE2NzU4MzM0RDNCNkQ1
Mjc3QTNDQkYwHhcNMjYwNjI1MDUzNTI4WhcNMjcwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTNjYmUyMC1jODYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqy3zoO4FYBnyPR2yEVE7TRxoZvTHWWxGjHn6hz/Lj+g0gF3cFGrawmW/qTz7
GvwCZcbun6MMJOGYDgJ1UWI4P1ikr8TfQ/MBuF5R3duUVMnd13w9YHO/N0nr6fK4
+n4GvThqRzCgX0Tf3gaEiNj5E/63SCIwsgHu5Att+vHP76k2kj/mF7Yxp8ZJ6SpA
i/KVtfYIphr633JWz2HAlp/249razlVE7BZarTPY6daNgs2Yl9m1AuJNe/sNCiIT
wS/quzCKRjtogZpzHGr33GReW5de+2ZgVOSsTkJ0b2F8kvbW4jF+Pz/vXmnFtuA1
ik1JBjiyx59rta1tjszIHDyyDwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFPcsGG+z
HTBEabWPfoI+StcqAda4MB8GA1UdIwQYMBaAFIPJAVG+F4IU/BZ1gzTTttUnejy/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNDA5MS81QTExNkJBQTFE
OUQxMUVGQTEwRjJEM0FDNEY5QUUwMi9nOGtCVWI0WGdoVDhGbldETk5PMjFTZDZQ
TDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2c4a0JVYjRYZ2hUOEZuV0ROTk8yMVNkNlBMOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjQwOTEvNUExMTZCQUExRDlEMTFFRkExMEYyRDNBQzRGOUFFMDIvMUUxMTBEN0Ux
REEwMTFFRkJDOTBENTVFQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBoBSEMA0GCSqGSIb3DQEBCwUAA4IBAQB1UkMtRQjU/rDj6wEosLxz
DCdpQK7l8hmSZRPEhwNIJd/crI6asj25wJdDNhvXPS6m3E8tZwTTG8KyxBkCCdnV
G1vCr5rv73BE6CrpldJvTHCQ59nENuD6p2bEQOswWlUdyDG1xm66hQp/ynAL+n9w
KxQPgWOVJcn5lFfhVTJxy2FNo9zISII9SI8C5sIV07EJPWLScbIEH/RDKyvAqi1d
X+SmOak49i6IC7I90Woshqqw8vPloQdcINpIk1+QLd9dHPKhX0cQ6DE5Melh2YW5
kVHQeR1aBxmFRs41+MRcbhAOFIEn2XzQD2fPhTxjollSgfkG/JGRyomtUcmZ8E2X
-----END CERTIFICATE-----
Generated at Sat Jul 18 04:30:52 2026 by rpki-client