Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
File:                     7E0AB01C782C11EBB0B71971C4F9AE02.roa (raw, json)
Hash identifier:          Bnf+utMQMnh8zQjddBOCbwOT7nCJfAIRhLCPTrWZ8Xc=
Subject key identifier:   B7:DA:3E:44:EE:CD:63:77:07:7C:08:AE:3A:C7:4A:F1:A8:23:88:9C
Certificate issuer:       /CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Certificate serial:       07B9
Authority key identifier: 05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
Signing time:             Fri 03 Jul 2026 13:34:14 +0000
ROA not before:           Fri 03 Jul 2026 13:34:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56201
IP address blocks:        74.188.224.0/23 maxlen: 23
                          74.188.224.0/24 maxlen: 24
                          74.188.225.0/24 maxlen: 24
                          74.188.226.0/23 maxlen: 23
                          74.188.226.0/24 maxlen: 24
                          74.188.227.0/24 maxlen: 24
                          74.188.228.0/23 maxlen: 23
                          74.188.230.0/23 maxlen: 23
                          74.188.232.0/23 maxlen: 23
                          74.188.234.0/23 maxlen: 23
                          74.188.236.0/23 maxlen: 23
                          74.188.238.0/23 maxlen: 23
                          169.148.132.0/24 maxlen: 24
                          169.148.133.0/24 maxlen: 24
                          169.148.134.0/23 maxlen: 23
                          169.148.134.0/24 maxlen: 24
                          169.148.135.0/24 maxlen: 24
                          169.148.136.0/23 maxlen: 23
                          169.148.136.0/24 maxlen: 24
                          169.148.137.0/24 maxlen: 24
                          169.148.138.0/23 maxlen: 24
                          169.148.140.0/23 maxlen: 24
                          169.148.142.0/23 maxlen: 23
                          169.148.142.0/24 maxlen: 24
                          169.148.143.0/24 maxlen: 24
                          169.148.144.0/23 maxlen: 23
                          169.148.144.0/24 maxlen: 24
                          169.148.145.0/24 maxlen: 24
                          169.148.146.0/23 maxlen: 23
                          169.148.146.0/24 maxlen: 24
                          169.148.147.0/24 maxlen: 24
                          169.148.148.0/23 maxlen: 23
                          169.148.148.0/24 maxlen: 24
                          169.148.149.0/24 maxlen: 24
                          169.148.150.0/24 maxlen: 24
                          169.148.172.0/23 maxlen: 24
                          169.148.174.0/23 maxlen: 24
                          169.148.176.0/23 maxlen: 24
                          169.148.180.0/24 maxlen: 24
                          199.67.76.0/23 maxlen: 23
                          199.67.76.0/24 maxlen: 24
                          199.67.77.0/24 maxlen: 24
                          199.67.78.0/23 maxlen: 23
                          199.67.78.0/24 maxlen: 24
                          199.67.79.0/24 maxlen: 24
                          199.67.94.0/23 maxlen: 23
                          199.67.94.0/24 maxlen: 24
                          199.67.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
                          rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 21:35:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1977 (0x7b9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FF74B, serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
        Validity
            Not Before: Jul  3 13:34:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a47ba56-b3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ea:b1:43:63:96:e9:1f:c2:01:c2:ed:fb:c6:
                    1d:fe:85:e8:3c:43:d7:3e:34:0b:ac:c7:24:93:dd:
                    c4:b5:13:ea:42:72:06:42:e9:5a:41:b8:97:ad:51:
                    44:ea:0c:57:7a:57:31:03:a2:9f:9c:2f:1d:f5:88:
                    8d:c9:d2:df:1d:0c:8a:8d:e9:77:f7:0c:76:94:eb:
                    9a:3b:c3:a3:da:c6:70:83:4e:b5:d5:e1:02:76:66:
                    0d:f6:15:e2:34:5e:b0:e9:8c:71:00:dd:c1:c6:4e:
                    21:1f:23:05:b5:c9:8e:b0:8e:34:3a:b9:73:2e:39:
                    34:1d:07:f7:24:5c:83:d1:eb:bd:ad:6b:94:e6:f4:
                    7e:d4:c0:13:cd:c1:db:20:29:9e:71:2e:eb:3a:6a:
                    64:9a:93:f6:81:9c:81:53:7b:ba:16:cf:39:c0:ea:
                    b7:d9:ee:b5:23:9b:32:45:f3:e3:02:00:dc:cd:b8:
                    9c:ba:71:a9:7b:84:fe:73:5f:48:6b:d7:8b:9b:0e:
                    f9:0b:1b:b3:6c:ec:17:76:1f:68:3b:dd:07:e7:7e:
                    cf:bc:06:ab:aa:8e:ca:de:93:27:f2:b2:6f:88:69:
                    09:de:3a:a5:51:2d:cd:84:bd:fe:a7:0d:3c:5e:35:
                    d2:78:52:45:ea:03:3b:f0:18:2e:2d:8d:c8:0d:33:
                    50:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:DA:3E:44:EE:CD:63:77:07:7C:08:AE:3A:C7:4A:F1:A8:23:88:9C
            X509v3 Authority Key Identifier:
                keyid:05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.188.224.0/20
                  169.148.132.0-169.148.150.255
                  169.148.172.0-169.148.177.255
                  169.148.180.0/24
                  199.67.76.0/22
                  199.67.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:e1:92:b7:fe:e4:86:c1:45:21:04:bc:c6:fa:fc:f5:28:d6:
         42:38:e3:af:c1:e8:bb:f2:e0:34:67:ca:0f:26:9a:e7:6f:9a:
         59:ba:61:55:3a:f8:5b:83:e4:3a:84:f0:42:8c:a7:4a:cf:9b:
         5d:28:51:48:aa:61:c4:b8:8a:29:d6:70:1f:13:b4:a1:8d:e0:
         f3:d9:0c:d6:5c:03:8a:85:7c:23:c4:8e:37:a3:54:df:5c:72:
         11:3f:83:07:14:75:8a:a3:fc:cb:59:33:e7:9a:79:b1:69:fd:
         f4:5e:de:15:e0:1f:94:01:82:30:10:fc:4d:65:e0:35:3c:07:
         0f:ab:b5:bc:aa:0c:9b:6b:02:94:f8:81:98:00:3a:bd:1e:75:
         bb:30:0e:5b:ed:23:e7:95:7c:85:36:3b:0d:c0:09:c4:53:bc:
         11:37:7c:b3:dd:58:28:20:cb:72:f7:89:af:3f:3c:1d:ed:4d:
         4b:f2:bf:f4:91:9c:be:85:3b:d3:68:ee:cb:7b:34:f2:68:21:
         88:d8:55:45:86:92:4f:b8:34:e4:ce:2c:b1:29:83:8b:5e:41:
         70:97:fb:83:e6:5b:70:1d:63:4b:b7:ed:ef:dc:43:14:1e:49:
         67:37:65:a4:4c:aa:1a:17:16:6e:93:52:5b:f2:47:ea:e7:94:
         46:21:f3:50
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgICB7kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY3NEIxMTAvBgNVBAUTKDA1OUU2RjAzQUU3Njc2QTlEMEYwOUQ1RjZDQkRCOTA4
NjE4NTVBNTcwHhcNMjYwNzAzMTMzNDE0WhcNMjcwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTQ3YmE1Ni1iM2I5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr+qxQ2OW6R/CAcLt+8Yd/oXoPEPXPjQLrMckk93EtRPqQnIGQulaQbiXrVFE
6gxXelcxA6KfnC8d9YiNydLfHQyKjel39wx2lOuaO8Oj2sZwg0611eECdmYN9hXi
NF6w6YxxAN3Bxk4hHyMFtcmOsI40OrlzLjk0HQf3JFyD0eu9rWuU5vR+1MATzcHb
ICmecS7rOmpkmpP2gZyBU3u6Fs85wOq32e61I5syRfPjAgDczbicunGpe4T+c19I
a9eLmw75CxuzbOwXdh9oO90H537PvAarqo7K3pMn8rJviGkJ3jqlUS3NhL3+pw08
XjXSeFJF6gM78BguLY3IDTNQSQIDAQABo4ICjjCCAoowHQYDVR0OBBYEFLfaPkTu
zWN3B3wIrjrHSvGoI4icMB8GA1UdIwQYMBaAFAWebwOudnap0PCdX2y9uQhhhVpX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjc0Qi82MUEzMzg0QTc4
MkMxMUVCQUMwNEY2NzJDNEY5QUUwMi9CWjV2QTY1MmRxblE4SjFmYkwyNUNHR0ZX
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0JaNXZBNjUyZHFuUThKMWZiTDI1Q0dHRldsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY3NEIvNjFBMzM4NEE3ODJDMTFFQkFDMDRGNjcyQzRGOUFFMDIvN0UwQUIwMUM3
ODJDMTFFQkIwQjcxOTcxQzRGOUFFMDIucm9hME0GCCsGAQUFBwEHAQH/BD4wPDA6
BAIAATA0AwQESrzgMAwDBAKplIQDBACplJYwDAMEAqmUrAMEAamUsAMEAKmUtAME
AsdDTAMEAcdDXjANBgkqhkiG9w0BAQsFAAOCAQEAcOGSt/7khsFFIQS8xvr89SjW
Qjjjr8Hou/LgNGfKDyaa52+aWbphVTr4W4PkOoTwQoynSs+bXShRSKphxLiKKdZw
HxO0oY3g89kM1lwDioV8I8SON6NU31xyET+DBxR1iqP8y1kz55p5sWn99F7eFeAf
lAGCMBD8TWXgNTwHD6u1vKoMm2sClPiBmAA6vR51uzAOW+0j55V8hTY7DcAJxFO8
ETd8s91YKCDLcveJrz88He1NS/K/9JGcvoU702juy3s08mghiNhVRYaST7g05M4s
sSmDi15BcJf7g+ZbcB1jS7ft79xDFB5JZzdlpEyqGhcWbpNSW/JH6ueURiHzUA==
-----END CERTIFICATE-----
Generated at Sat Jul 18 05:22:33 2026 by rpki-client