Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/67827BDC0B8511EA97C80D52C4F9AE02.roa
File:                     67827BDC0B8511EA97C80D52C4F9AE02.roa (raw, json)
Hash identifier:          VY4FjeE4CY0mN3qvHnhMrNePWv9lXTQoF5HkCTfHV+M=
Subject key identifier:   D5:D4:D5:05:11:CF:52:97:56:51:D5:DF:55:0E:2E:1A:E6:66:83:72
Certificate issuer:       /CN=A914BF33/serialNumber=1F9A20289CE9316E65B3DB724E8C73606C8F864B
Certificate serial:       0CCD
Authority key identifier: 1F:9A:20:28:9C:E9:31:6E:65:B3:DB:72:4E:8C:73:60:6C:8F:86:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H5ogKJzpMW5ls9tyToxzYGyPhks.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/67827BDC0B8511EA97C80D52C4F9AE02.roa
Signing time:             Mon 02 Mar 2026 10:27:52 +0000
ROA not before:           Mon 02 Mar 2026 10:27:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137526
IP address blocks:        103.111.224.0/22 maxlen: 22
                          103.111.224.0/24 maxlen: 24
                          103.111.225.0/24 maxlen: 24
                          103.111.226.0/24 maxlen: 24
                          103.111.227.0/24 maxlen: 24
                          2402:a1c0::/32 maxlen: 32
                          2402:a1c0::/36 maxlen: 36
                          2402:a1c0:1000::/36 maxlen: 36
                          2402:a1c0:f000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/H5ogKJzpMW5ls9tyToxzYGyPhks.crl
                          rsync://rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/H5ogKJzpMW5ls9tyToxzYGyPhks.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H5ogKJzpMW5ls9tyToxzYGyPhks.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 09 Mar 2026 13:22:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3277 (0xccd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914BF33, serialNumber=1F9A20289CE9316E65B3DB724E8C73606C8F864B
        Validity
            Not Before: Mar  2 10:27:52 2026 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69a56628-9dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:77:58:1e:8c:ec:0b:f2:de:b0:cc:33:a0:
                    12:cb:54:31:07:0f:66:d5:1b:6f:16:a8:0d:05:53:
                    6e:04:5f:a7:fc:97:ee:75:5c:4a:d9:50:4b:33:25:
                    24:f9:c0:83:49:32:d3:28:03:d3:36:1b:78:11:1b:
                    e6:a2:87:87:7e:3f:59:00:74:77:47:27:4f:fb:b3:
                    bb:1a:34:c7:17:fc:72:2b:89:a8:a9:37:b4:30:4c:
                    62:b0:ca:db:27:8e:21:fe:28:98:73:52:3b:32:b1:
                    68:b7:10:6c:50:3d:bc:5d:0e:e3:0a:9e:e6:3b:28:
                    b9:2f:64:5d:ff:24:77:de:f9:e5:d0:90:69:eb:f6:
                    b2:01:f6:33:6b:d9:70:71:7d:8b:62:7f:2a:42:86:
                    06:ff:b2:95:48:35:09:17:8f:a7:ca:27:4c:98:1a:
                    f9:74:a0:f6:08:21:77:75:72:a4:61:1b:5d:7b:8f:
                    2e:f1:33:d0:b2:75:8a:cf:92:e7:78:b5:d3:a0:54:
                    92:15:f8:42:78:1a:e9:55:cc:7e:b2:2b:e0:66:a6:
                    d4:1b:13:ad:c4:ce:81:96:f6:27:08:77:9e:ba:4b:
                    79:d0:df:d5:7b:2e:84:fa:52:5a:e4:70:76:24:26:
                    15:9d:bc:30:ca:bb:bb:75:83:d3:af:77:ac:79:b0:
                    89:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D4:D5:05:11:CF:52:97:56:51:D5:DF:55:0E:2E:1A:E6:66:83:72
            X509v3 Authority Key Identifier:
                keyid:1F:9A:20:28:9C:E9:31:6E:65:B3:DB:72:4E:8C:73:60:6C:8F:86:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/H5ogKJzpMW5ls9tyToxzYGyPhks.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H5ogKJzpMW5ls9tyToxzYGyPhks.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914BF33/460661DC0B8311EA971A864DC4F9AE02/67827BDC0B8511EA97C80D52C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.111.224.0/22
                IPv6:
                  2402:a1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:4f:bd:1b:36:e1:05:4b:fd:8e:10:46:94:be:ac:8e:fe:bf:
         82:d5:b2:79:de:14:b2:86:37:df:bb:fd:be:f6:85:9d:d0:58:
         28:92:71:a2:d1:ad:98:a9:b1:03:e1:bb:45:fc:3a:e3:55:3a:
         fe:c8:d6:e4:37:71:3f:67:f3:96:78:ee:af:85:a7:62:1d:e1:
         72:27:5c:ed:a7:44:02:17:23:06:e8:a2:5a:59:28:14:d9:bf:
         4d:1d:85:5e:15:3d:0c:fc:69:24:d6:88:c1:47:95:ff:98:76:
         6c:04:25:01:43:f0:ad:8d:0e:f6:7c:08:e2:f2:97:65:0c:05:
         b6:fa:62:4b:25:62:8c:71:ec:2b:e0:0f:6a:67:f8:c6:f2:47:
         56:13:ed:d3:a5:76:ba:b3:81:4d:96:54:ed:97:d9:90:3e:f3:
         86:04:d8:79:3c:b1:96:87:6b:f0:35:5d:4e:24:25:96:54:37:
         14:1a:a9:81:27:0d:94:d9:4d:53:62:d9:a2:fc:f7:ae:c1:4c:
         44:84:bd:43:36:64:95:2e:22:2b:e2:09:6a:c9:5a:84:4f:c3:
         08:eb:79:b5:40:c7:ac:43:f7:44:80:78:8f:9b:06:14:5c:11:
         fa:df:7b:51:fa:31:d8:4a:e0:bd:f0:66:11:40:7d:4c:ac:ee:
         26:d1:82:b3
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICDM0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEJGMzMxMTAvBgNVBAUTKDFGOUEyMDI4OUNFOTMxNkU2NUIzREI3MjRFOEM3MzYw
NkM4Rjg2NEIwHhcNMjYwMzAyMTAyNzUyWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1NjYyOC05ZGQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwud3WB6M7Avy3rDMM6ASy1QxBw9m1RtvFqgNBVNuBF+n/JfudVxK2VBLMyUk
+cCDSTLTKAPTNht4ERvmooeHfj9ZAHR3RydP+7O7GjTHF/xyK4moqTe0MExisMrb
J44h/iiYc1I7MrFotxBsUD28XQ7jCp7mOyi5L2Rd/yR33vnl0JBp6/ayAfYza9lw
cX2LYn8qQoYG/7KVSDUJF4+nyidMmBr5dKD2CCF3dXKkYRtde48u8TPQsnWKz5Ln
eLXToFSSFfhCeBrpVcx+sivgZqbUGxOtxM6BlvYnCHeeukt50N/Vey6E+lJa5HB2
JCYVnbwwyru7dYPTr3esebCJhQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFNXU1QUR
z1KXVlHV31UOLhrmZoNyMB8GA1UdIwQYMBaAFB+aICic6TFuZbPbck6Mc2Bsj4ZL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QkYzMy80NjA2NjFEQzBC
ODMxMUVBOTcxQTg2NERDNEY5QUUwMi9INW9nS0p6cE1XNWxzOXR5VG94ellHeVBo
a3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0g1b2dLSnpwTVc1bHM5dHlUb3h6WUd5UGhrcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEJGMzMvNDYwNjYxREMwQjgzMTFFQTk3MUE4NjREQzRGOUFFMDIvNjc4MjdCREMw
Qjg1MTFFQTk3QzgwRDUyQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQCZ2/gMA0EAgACMAcDBQAkAqHAMA0GCSqGSIb3DQEBCwUAA4IBAQC0
T70bNuEFS/2OEEaUvqyO/r+C1bJ53hSyhjffu/2+9oWd0FgoknGi0a2YqbED4btF
/DrjVTr+yNbkN3E/Z/OWeO6vhadiHeFyJ1ztp0QCFyMG6KJaWSgU2b9NHYVeFT0M
/Gkk1ojBR5X/mHZsBCUBQ/CtjQ72fAji8pdlDAW2+mJLJWKMcewr4A9qZ/jG8kdW
E+3TpXa6s4FNllTtl9mQPvOGBNh5PLGWh2vwNV1OJCWWVDcUGqmBJw2U2U1TYtmi
/PeuwUxEhL1DNmSVLiIr4glqyVqET8MI63m1QMesQ/dEgHiPmwYUXBH633tR+jHY
SuC98GYRQH1MrO4m0YKz
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:51:39 2026 by rpki-client