Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/CB0F28626A3D11F18BEDC8237D47A888.roa
File:                     CB0F28626A3D11F18BEDC8237D47A888.roa (raw, json)
Hash identifier:          9aLbjRQRMYIzYencq0lATGqFcBhPNKrd9K7Wus4HUHU=
Subject key identifier:   14:FC:B4:83:F2:BF:C4:C5:9A:A8:E2:0C:CE:D9:20:73:DB:69:32:0B
Certificate issuer:       /CN=A91F52E8/serialNumber=C7C91D96FA7E8D2D92219522A64044237511E051
Certificate serial:       0443
Authority key identifier: C7:C9:1D:96:FA:7E:8D:2D:92:21:95:22:A6:40:44:23:75:11:E0:51
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x8kdlvp-jS2SIZUipkBEI3UR4FE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/CB0F28626A3D11F18BEDC8237D47A888.roa
Signing time:             Wed 17 Jun 2026 11:15:06 +0000
ROA not before:           Wed 17 Jun 2026 11:15:06 +0000
ROA not after:            Fri 28 May 2027 00:00:00 +0000
asID:                     153038
IP address blocks:        103.181.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/x8kdlvp-jS2SIZUipkBEI3UR4FE.crl
                          rsync://rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/x8kdlvp-jS2SIZUipkBEI3UR4FE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x8kdlvp-jS2SIZUipkBEI3UR4FE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 00:41:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1091 (0x443)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F52E8, serialNumber=C7C91D96FA7E8D2D92219522A64044237511E051
        Validity
            Not Before: Jun 17 11:15:06 2026 GMT
            Not After : May 28 00:00:00 2027 GMT
        Subject: CN=6a3281ba-d2ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:96:7a:19:cd:d2:b9:1d:20:8d:f0:19:12:42:
                    d6:55:28:34:10:24:5b:6c:1d:70:2a:2a:e3:ef:c2:
                    61:36:81:54:da:38:1d:ad:6a:95:55:ae:7a:c0:7c:
                    1f:8d:66:0a:fa:12:a5:ac:82:b5:5c:8a:9b:a0:8d:
                    3d:53:2d:9e:17:26:3a:d0:c3:18:85:79:0f:91:4c:
                    f9:a9:b6:08:8c:03:82:0e:7a:48:4d:7c:9d:6f:ab:
                    9e:0a:96:db:a5:bd:0b:97:d0:14:4f:bf:ed:50:52:
                    70:c8:93:47:1c:99:dc:9e:d6:3d:ec:b2:dd:2b:49:
                    01:d1:b3:05:56:ba:f9:5f:e9:9d:46:e5:f3:c0:13:
                    8f:e4:aa:42:a2:1f:66:43:75:f6:d4:6e:83:e1:90:
                    5f:b5:a1:8d:00:57:1d:26:81:0f:19:84:3d:db:cd:
                    0e:62:f2:80:a6:20:60:2e:59:6f:7e:c1:a5:f0:87:
                    56:91:7b:f4:a9:18:2c:45:63:73:04:3d:cf:f0:9a:
                    53:a6:a6:a6:60:28:b1:bf:60:d9:60:86:65:f7:ec:
                    a7:18:c9:54:3d:01:73:88:99:1f:16:d1:12:e1:bb:
                    e8:f3:13:fd:dc:18:c9:68:d6:5d:3e:17:aa:3b:b9:
                    cc:16:ec:c9:ae:80:4f:44:fc:ab:18:7c:66:04:8d:
                    25:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:FC:B4:83:F2:BF:C4:C5:9A:A8:E2:0C:CE:D9:20:73:DB:69:32:0B
            X509v3 Authority Key Identifier:
                keyid:C7:C9:1D:96:FA:7E:8D:2D:92:21:95:22:A6:40:44:23:75:11:E0:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/x8kdlvp-jS2SIZUipkBEI3UR4FE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x8kdlvp-jS2SIZUipkBEI3UR4FE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F52E8/1127CD3EAE6511ECBCF8C64CC4F9AE02/CB0F28626A3D11F18BEDC8237D47A888.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.181.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:2f:92:61:c4:e5:d4:e5:b7:64:62:37:e8:60:e4:66:4b:92:
         25:d3:cc:f1:11:e7:39:d3:31:93:1e:d1:fc:46:30:65:75:45:
         1a:9c:94:3d:f8:d2:2d:12:91:0a:be:ae:2a:b9:05:b7:48:92:
         0d:e0:df:dd:2d:7c:50:ca:4b:9f:53:4d:99:24:78:2a:b3:06:
         d2:74:0e:7d:73:c2:8c:ed:a7:42:08:de:ef:ad:1d:9e:9c:74:
         c0:44:64:b9:b2:37:77:64:f9:43:d1:96:92:dc:de:a7:1e:60:
         a8:4b:5a:4e:96:ec:a4:73:2e:12:39:94:b3:46:41:f3:21:e9:
         4b:c5:63:07:45:3e:d7:92:0e:5e:34:db:19:b2:da:fa:8f:37:
         5f:bc:cf:1e:59:21:0d:0b:78:94:41:53:65:48:7b:fb:01:b5:
         55:d5:81:0e:1a:ba:e3:8e:44:95:d9:49:78:50:6a:8a:c2:32:
         f2:1c:f8:26:4f:d9:9f:8f:88:b4:b3:f1:be:a3:30:6b:f8:f8:
         9e:fa:35:f8:5c:a5:4e:d1:6e:58:c6:2d:9f:ea:be:83:95:d3:
         be:f4:e9:9e:6a:2f:45:e4:b3:41:d0:25:65:a4:5b:84:a3:5a:
         8a:f1:7d:db:0a:23:f8:8f:ca:27:25:cb:87:0b:10:8c:3b:40:
         11:b5:11:aa
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICBEMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjUyRTgxMTAvBgNVBAUTKEM3QzkxRDk2RkE3RThEMkQ5MjIxOTUyMkE2NDA0NDIz
NzUxMUUwNTEwHhcNMjYwNjE3MTExNTA2WhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02YTMyODFiYS1kMmZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5JZ6Gc3SuR0gjfAZEkLWVSg0ECRbbB1wKirj78JhNoFU2jgdrWqVVa56wHwf
jWYK+hKlrIK1XIqboI09Uy2eFyY60MMYhXkPkUz5qbYIjAOCDnpITXydb6ueCpbb
pb0Ll9AUT7/tUFJwyJNHHJncntY97LLdK0kB0bMFVrr5X+mdRuXzwBOP5KpCoh9m
Q3X21G6D4ZBftaGNAFcdJoEPGYQ9280OYvKApiBgLllvfsGl8IdWkXv0qRgsRWNz
BD3P8JpTpqamYCixv2DZYIZl9+ynGMlUPQFziJkfFtES4bvo8xP93BjJaNZdPheq
O7nMFuzJroBPRPyrGHxmBI0lYwIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFBT8tIPy
v8TFmqjiDM7ZIHPbaTILMB8GA1UdIwQYMBaAFMfJHZb6fo0tkiGVIqZARCN1EeBR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNTJFOC8xMTI3Q0QzRUFF
NjUxMUVDQkNGOEM2NENDNEY5QUUwMi94OGtkbHZwLWpTMlNJWlVpcGtCRUkzVVI0
RkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3g4a2RsdnAtalMyU0laVWlwa0JFSTNVUjRGRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjUyRTgvMTEyN0NEM0VBRTY1MTFFQ0JDRjhDNjRDQzRGOUFFMDIvQ0IwRjI4NjI2
QTNEMTFGMThCRURDODIzN0Q0N0E4ODgucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZ7WiMA0GCSqGSIb3DQEBCwUAA4IBAQCwL5JhxOXU5bdkYjfoYORm
S5Il08zxEec50zGTHtH8RjBldUUanJQ9+NItEpEKvq4quQW3SJIN4N/dLXxQykuf
U02ZJHgqswbSdA59c8KM7adCCN7vrR2enHTARGS5sjd3ZPlD0ZaS3N6nHmCoS1pO
luykcy4SOZSzRkHzIelLxWMHRT7Xkg5eNNsZstr6jzdfvM8eWSENC3iUQVNlSHv7
AbVV1YEOGrrjjkSV2Ul4UGqKwjLyHPgmT9mfj4i0s/G+ozBr+Pie+jX4XKVO0W5Y
xi2f6r6DldO+9Omeai9F5LNB0CVlpFuEo1qK8X3bCiP4j8onJcuHCxCMO0ARtRGq
-----END CERTIFICATE-----
Generated at Fri Jul 3 22:29:35 2026 by rpki-client