Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/4D9099E66F9411F18CD406106EA30FBC.roa
File:                     4D9099E66F9411F18CD406106EA30FBC.roa (raw, json)
Hash identifier:          AUe4L3FSY7eR7HjxCrv4iq3eH0yBUYRwMyqn5Ail/2M=
Subject key identifier:   14:D6:89:9C:70:88:7C:F6:5C:05:81:4F:D6:3E:FB:13:E5:68:16:11
Certificate issuer:       /CN=A91F832B/serialNumber=246828778202CDBB82C567253BA9C39C3CB9D42B
Certificate serial:       04
Authority key identifier: 24:68:28:77:82:02:CD:BB:82:C5:67:25:3B:A9:C3:9C:3C:B9:D4:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JGgod4ICzbuCxWclO6nDnDy51Cs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/4D9099E66F9411F18CD406106EA30FBC.roa
Signing time:             Wed 24 Jun 2026 06:16:57 +0000
ROA not before:           Wed 24 Jun 2026 06:16:57 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     140325
IP address blocks:        103.151.224.0/23 maxlen: 24
                          103.247.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/JGgod4ICzbuCxWclO6nDnDy51Cs.crl
                          rsync://rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/JGgod4ICzbuCxWclO6nDnDy51Cs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JGgod4ICzbuCxWclO6nDnDy51Cs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:06:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F832B, serialNumber=246828778202CDBB82C567253BA9C39C3CB9D42B
        Validity
            Not Before: Jun 24 06:16:57 2026 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6a3b7659-5b78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:77:0f:66:e6:64:13:bd:85:f3:c1:d3:3d:06:
                    da:74:e2:35:56:9b:74:97:39:4f:7c:08:e0:01:31:
                    2b:c6:be:24:6e:a2:76:38:bc:fe:6e:79:4d:17:47:
                    9a:d4:07:b1:fa:d9:b4:ee:1a:fb:91:5c:d0:cb:71:
                    3b:33:9d:55:5f:05:64:51:6b:99:76:29:52:04:60:
                    de:b9:83:57:39:c8:1f:00:4b:5a:4b:d8:d9:7d:14:
                    8c:3e:3a:15:99:84:26:8b:69:3c:63:67:b5:52:22:
                    fb:2c:65:94:71:4e:0b:f1:54:86:f3:aa:9e:9e:48:
                    70:1e:f4:b9:d4:99:54:76:ab:25:ab:ab:dd:ed:fd:
                    5b:c7:74:80:20:f4:99:4b:94:d3:63:bf:ac:d6:4a:
                    7c:ca:9a:d9:66:72:57:42:0c:da:7b:d8:9e:bc:43:
                    da:d2:00:88:1d:80:6e:42:5f:50:02:f0:1e:11:ee:
                    4e:4f:7f:5c:da:86:34:81:84:52:c1:2b:57:f4:79:
                    e7:1d:e8:42:fa:e1:a1:95:44:e3:13:51:6a:83:2d:
                    db:39:cc:c7:46:0d:ef:ac:d0:e8:6b:ad:de:61:ee:
                    75:18:99:93:f7:a9:dc:29:91:a8:10:f0:53:ad:7e:
                    c3:ee:95:61:8b:44:b2:fd:2f:c3:b5:4e:09:b0:de:
                    61:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D6:89:9C:70:88:7C:F6:5C:05:81:4F:D6:3E:FB:13:E5:68:16:11
            X509v3 Authority Key Identifier:
                keyid:24:68:28:77:82:02:CD:BB:82:C5:67:25:3B:A9:C3:9C:3C:B9:D4:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/JGgod4ICzbuCxWclO6nDnDy51Cs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JGgod4ICzbuCxWclO6nDnDy51Cs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F832B/DF16A04C6F8D11F192EBA0236BA30FBC/4D9099E66F9411F18CD406106EA30FBC.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.224.0/23
                  103.247.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:55:46:8b:03:24:f5:40:85:5f:88:90:83:36:35:66:d7:b3:
         74:b3:8c:43:51:ce:fc:ed:3b:c1:cc:6f:fb:61:31:2c:00:ca:
         b5:1e:4a:53:0d:6d:09:02:10:02:40:de:30:6f:2f:bb:80:81:
         82:e6:c4:aa:33:22:53:fb:f6:bd:d6:54:12:6a:e3:5a:05:a2:
         52:db:e2:ca:6d:3e:46:aa:3a:95:bf:f5:e1:0c:68:1b:97:02:
         dc:66:0c:83:f1:03:4a:63:bb:73:ab:ea:12:ad:a6:95:61:6a:
         bf:f1:4a:ff:7f:0f:18:94:a9:dd:2b:58:ae:aa:e9:86:a4:29:
         33:a7:2a:2f:3a:c4:d1:be:18:6c:a7:69:29:bc:be:4d:4c:ff:
         6b:78:25:99:03:e7:22:c9:6c:98:f0:c2:eb:73:a9:f9:26:1d:
         9c:18:db:f4:c2:d7:62:9a:b0:55:1b:98:41:0e:1d:e2:02:8b:
         5b:cf:9c:1d:c7:0a:7b:e2:c4:dd:a8:75:a3:69:aa:15:ba:72:
         7a:72:eb:a9:b6:1f:22:f6:b9:9f:db:d4:16:ae:85:64:4f:76:
         13:8e:5a:28:0f:89:0b:72:f5:6a:f3:ce:5d:9b:5a:36:aa:69:
         f9:30:61:76:f3:fd:d7:6f:34:82:9f:c9:bb:82:2d:a9:a1:63:
         85:7a:6d:a7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
ODMyQjExMC8GA1UEBRMoMjQ2ODI4Nzc4MjAyQ0RCQjgyQzU2NzI1M0JBOUMzOUMz
Q0I5RDQyQjAeFw0yNjA2MjQwNjE2NTdaFw0yNjA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhM2I3NjU5LTViNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCqdw9m5mQTvYXzwdM9Btp04jVWm3SXOU98COABMSvGviRuonY4vP5ueU0XR5rU
B7H62bTuGvuRXNDLcTsznVVfBWRRa5l2KVIEYN65g1c5yB8AS1pL2Nl9FIw+OhWZ
hCaLaTxjZ7VSIvssZZRxTgvxVIbzqp6eSHAe9LnUmVR2qyWrq93t/VvHdIAg9JlL
lNNjv6zWSnzKmtlmcldCDNp72J68Q9rSAIgdgG5CX1AC8B4R7k5Pf1zahjSBhFLB
K1f0eecd6EL64aGVROMTUWqDLds5zMdGDe+s0Ohrrd5h7nUYmZP3qdwpkagQ8FOt
fsPulWGLRLL9L8O1Tgmw3mGrAgMBAAGjggJmMIICYjAdBgNVHQ4EFgQUFNaJnHCI
fPZcBYFP1j77E+VoFhEwHwYDVR0jBBgwFoAUJGgod4ICzbuCxWclO6nDnDy51Csw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY4MzJCL0RGMTZBMDRDNkY4
RDExRjE5MkVCQTAyMzZCQTMwRkJDL0pHZ29kNElDemJ1Q3hXY2xPNm5EbkR5NTFD
cy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSkdnb2Q0SUN6YnVDeFdjbE82bkRuRHk1MUNzLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
ODMyQi9ERjE2QTA0QzZGOEQxMUYxOTJFQkEwMjM2QkEzMEZCQy80RDkwOTlFNjZG
OTQxMUYxOENENDA2MTA2RUEzMEZCQy5yb2EwJQYIKwYBBQUHAQcBAf8EFjAUMBIE
AgABMAwDBAFnl+ADBAJn90wwDQYJKoZIhvcNAQELBQADggEBAElVRosDJPVAhV+I
kIM2NWbXs3SzjENRzvztO8HMb/thMSwAyrUeSlMNbQkCEAJA3jBvL7uAgYLmxKoz
IlP79r3WVBJq41oFolLb4sptPkaqOpW/9eEMaBuXAtxmDIPxA0pju3Or6hKtppVh
ar/xSv9/DxiUqd0rWK6q6YakKTOnKi86xNG+GGynaSm8vk1M/2t4JZkD5yLJbJjw
wutzqfkmHZwY2/TC12KasFUbmEEOHeICi1vPnB3HCnvixN2odaNpqhW6cnpy66m2
HyL2uZ/b1BauhWRPdhOOWigPiQty9Wrzzl2bWjaqafkwYXbz/ddvNIKfybuCLamh
Y4V6bac=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:20:48 2026 by rpki-client