Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/E2C181D2707111F1B7FB9D3F77A30FBC.roa
File:                     E2C181D2707111F1B7FB9D3F77A30FBC.roa (raw, json)
Hash identifier:          p0Y6X7NsZB/O737DROCXmx5nLd83zvDuQ7BcIQIr87I=
Subject key identifier:   2E:F5:8A:28:C4:54:95:F3:3A:31:FF:2E:E4:D4:3A:49:91:E9:BC:7C
Certificate issuer:       /CN=A91FF5DA/serialNumber=EB1203E6903813B30DF91B4C6979525DCB630815
Certificate serial:       03
Authority key identifier: EB:12:03:E6:90:38:13:B3:0D:F9:1B:4C:69:79:52:5D:CB:63:08:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6xID5pA4E7MN-RtMaXlSXctjCBU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/E2C181D2707111F1B7FB9D3F77A30FBC.roa
Signing time:             Thu 25 Jun 2026 08:43:07 +0000
ROA not before:           Thu 25 Jun 2026 08:43:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154575
IP address blocks:        203.34.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/6xID5pA4E7MN-RtMaXlSXctjCBU.crl
                          rsync://rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/6xID5pA4E7MN-RtMaXlSXctjCBU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6xID5pA4E7MN-RtMaXlSXctjCBU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 10 Jul 2026 10:06:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FF5DA, serialNumber=EB1203E6903813B30DF91B4C6979525DCB630815
        Validity
            Not Before: Jun 25 08:43:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a3cea1b-41d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1d:6a:0e:88:c7:8e:ac:41:db:7a:cd:8c:a8:
                    73:9d:3a:e3:59:c4:0f:10:80:ca:32:f1:af:2e:26:
                    a1:2d:d9:28:dc:54:2b:d3:61:47:55:d9:17:e9:f4:
                    14:36:5a:b2:d5:12:b6:82:3e:1e:74:7d:c0:25:44:
                    5b:c7:0a:66:59:7f:06:df:bf:4f:0d:db:6a:68:85:
                    45:17:66:92:f5:21:11:8b:79:50:af:8e:77:f3:3c:
                    23:20:4f:06:17:73:d7:c8:02:37:d8:fc:bd:ea:9a:
                    35:60:93:1d:4f:14:20:89:34:ea:ca:64:e7:10:9d:
                    27:0c:60:22:2e:3d:92:6a:26:9b:a2:dd:51:46:e0:
                    46:4c:8f:08:1c:05:78:27:f7:44:8e:7c:fe:38:fc:
                    04:6d:7b:6f:b9:1d:56:09:a0:04:42:b9:30:39:43:
                    76:8e:c6:c5:e8:3f:41:0f:04:8b:fd:8c:33:dc:b3:
                    c0:7d:6b:aa:e8:04:f5:20:a7:89:73:78:46:68:ed:
                    3f:ed:97:33:ac:da:ce:ec:56:28:47:96:69:83:d6:
                    0c:4e:ab:61:31:05:ef:51:e8:48:86:5e:24:b7:d0:
                    a9:0d:c2:45:92:9a:6c:50:94:6a:ed:15:e6:76:3b:
                    5b:30:ea:c7:80:dc:a7:94:d3:e5:e6:3f:1e:0b:18:
                    87:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F5:8A:28:C4:54:95:F3:3A:31:FF:2E:E4:D4:3A:49:91:E9:BC:7C
            X509v3 Authority Key Identifier:
                keyid:EB:12:03:E6:90:38:13:B3:0D:F9:1B:4C:69:79:52:5D:CB:63:08:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/6xID5pA4E7MN-RtMaXlSXctjCBU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6xID5pA4E7MN-RtMaXlSXctjCBU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF5DA/CB0B70B0706811F1B4A3E8BF73A30FBC/E2C181D2707111F1B7FB9D3F77A30FBC.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.34.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:9b:e5:9d:16:ac:60:38:59:34:ae:d2:2f:fc:5b:1c:74:25:
         db:a3:9a:8f:e0:dd:e1:74:6b:0b:5d:ba:ea:ab:1c:83:47:ff:
         f7:3d:b6:ff:51:57:73:52:02:46:0b:43:55:2b:f9:58:42:52:
         2e:3b:b9:f6:fd:6b:eb:23:bd:48:ce:a8:90:5a:0a:60:bd:80:
         ed:fa:cd:ec:0c:b0:1d:04:d4:85:0d:b4:86:44:35:b4:fd:a2:
         53:ab:de:32:79:10:88:2c:64:ec:5f:98:8e:4a:5b:96:06:26:
         20:e5:b5:d3:98:55:f4:b4:a2:ea:88:ad:4a:bd:72:09:fa:ee:
         6c:a3:4f:8a:db:5b:9d:1b:f0:8a:49:7b:91:d7:d8:e8:b2:dd:
         45:03:d0:9b:91:24:76:27:2c:d3:3b:ce:2a:bb:64:0a:64:61:
         ce:43:ed:2c:db:41:f2:70:fc:c3:d3:f5:be:59:99:02:13:bb:
         00:68:04:d5:a9:08:ec:4f:d7:36:0b:5b:3e:01:8a:d7:03:e3:
         1f:b3:7b:18:be:6c:b1:d7:89:37:9f:1e:e5:50:de:a3:f7:ba:
         e1:20:ab:bc:59:60:7d:a8:9d:63:53:21:fe:b6:d1:dc:d9:e8:
         a6:7b:4c:61:86:79:e3:81:2f:b6:86:df:7a:10:00:bd:d6:ea:
         3c:a3:22:4a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
RjVEQTExMC8GA1UEBRMoRUIxMjAzRTY5MDM4MTNCMzBERjkxQjRDNjk3OTUyNURD
QjYzMDgxNTAeFw0yNjA2MjUwODQzMDdaFw0yNzA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTZhM2NlYTFiLTQxZDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCdHWoOiMeOrEHbes2MqHOdOuNZxA8QgMoy8a8uJqEt2SjcVCvTYUdV2Rfp9BQ2
WrLVEraCPh50fcAlRFvHCmZZfwbfv08N22pohUUXZpL1IRGLeVCvjnfzPCMgTwYX
c9fIAjfY/L3qmjVgkx1PFCCJNOrKZOcQnScMYCIuPZJqJpui3VFG4EZMjwgcBXgn
90SOfP44/ARte2+5HVYJoARCuTA5Q3aOxsXoP0EPBIv9jDPcs8B9a6roBPUgp4lz
eEZo7T/tlzOs2s7sVihHlmmD1gxOq2ExBe9R6EiGXiS30KkNwkWSmmxQlGrtFeZ2
O1sw6seA3KeU0+XmPx4LGIcdAgMBAAGjggJgMIICXDAdBgNVHQ4EFgQULvWKKMRU
lfM6Mf8u5NQ6SZHpvHwwHwYDVR0jBBgwFoAU6xID5pA4E7MN+RtMaXlSXctjCBUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUZGNURBL0NCMEI3MEIwNzA2
ODExRjFCNEEzRThCRjczQTMwRkJDLzZ4SUQ1cEE0RTdNTi1SdE1hWGxTWGN0akNC
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNnhJRDVwQTRFN01OLVJ0TWFYbFNYY3RqQ0JVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
RjVEQS9DQjBCNzBCMDcwNjgxMUYxQjRBM0U4QkY3M0EzMEZCQy9FMkMxODFEMjcw
NzExMUYxQjdGQjlEM0Y3N0EzMEZCQy5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAHLItwwDQYJKoZIhvcNAQELBQADggEBAFmb5Z0WrGA4WTSu0i/8Wxx0
Jdujmo/g3eF0awtduuqrHINH//c9tv9RV3NSAkYLQ1Ur+VhCUi47ufb9a+sjvUjO
qJBaCmC9gO36zewMsB0E1IUNtIZENbT9olOr3jJ5EIgsZOxfmI5KW5YGJiDltdOY
VfS0ouqIrUq9cgn67myjT4rbW50b8IpJe5HX2Oiy3UUD0JuRJHYnLNM7ziq7ZApk
Yc5D7SzbQfJw/MPT9b5ZmQITuwBoBNWpCOxP1zYLWz4BitcD4x+zexi+bLHXiTef
HuVQ3qP3uuEgq7xZYH2onWNTIf620dzZ6KZ7TGGGeeOBL7aG33oQAL3W6jyjIko=
-----END CERTIFICATE-----
Generated at Sun Jul 5 09:20:45 2026 by rpki-client