Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/3B8DEC18F67C11EFA12FD55AC4F9AE02.roa
File:                     3B8DEC18F67C11EFA12FD55AC4F9AE02.roa (raw, json)
Hash identifier:          kwS27iqUdzozELmi3BHRE2/ZPRJeJKNVCxwwLSR6dCI=
Subject key identifier:   BD:12:3E:96:02:25:4C:84:B6:0A:FD:74:74:B7:1B:5D:44:9D:5C:62
Certificate issuer:       /CN=A91A560A/serialNumber=86DB57E690F7D309293A28BA7C55FB8AF37D5DBD
Certificate serial:       3733
Authority key identifier: 86:DB:57:E6:90:F7:D3:09:29:3A:28:BA:7C:55:FB:8A:F3:7D:5D:BD
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/httX5pD30wkpOii6fFX7ivN9Xb0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/3B8DEC18F67C11EFA12FD55AC4F9AE02.roa
Signing time:             Mon 02 Mar 2026 04:24:05 +0000
ROA not before:           Mon 12 Jan 2026 01:46:44 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     140766
IP address blocks:        79.108.216.0/21 maxlen: 24
                          109.237.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/httX5pD30wkpOii6fFX7ivN9Xb0.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/httX5pD30wkpOii6fFX7ivN9Xb0.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/httX5pD30wkpOii6fFX7ivN9Xb0.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 09 Mar 2026 02:50:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14131 (0x3733)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A, serialNumber=86DB57E690F7D309293A28BA7C55FB8AF37D5DBD
        Validity
            Not Before: Jan 12 01:46:44 2026 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=69a510e5-af6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cf:a3:bd:b0:f6:d3:a0:42:33:9d:bd:6c:af:
                    3a:03:ee:f7:c1:34:b0:61:2d:93:b6:1c:8c:2f:4e:
                    06:7c:4c:66:ee:64:6f:e0:f5:f6:3c:ca:65:13:bf:
                    32:dc:82:17:b2:31:aa:45:1a:7d:dc:13:ba:0c:c8:
                    de:cf:83:7c:24:42:43:e9:d2:39:f6:33:ed:b6:e8:
                    49:0f:d9:9e:4c:d1:cc:49:b8:50:9c:de:9d:bb:49:
                    88:ca:17:33:73:2b:d0:f7:26:65:37:97:0e:7b:44:
                    fb:6d:c8:99:b5:c3:6b:ed:b1:25:80:a0:43:66:f8:
                    51:bd:f5:f0:ac:79:ee:21:01:b2:4a:64:34:d3:04:
                    96:79:2d:f6:b6:91:3c:ae:7f:18:ce:cc:62:a4:f1:
                    2d:d8:fd:d2:a4:e8:06:69:ee:c4:58:30:07:99:20:
                    fa:8e:af:4e:88:7a:e5:23:41:cb:b5:5c:5d:26:5a:
                    be:98:af:03:1f:2a:ec:4a:0d:25:45:fd:ff:30:4e:
                    64:f6:b5:28:ea:b2:25:7c:8c:37:94:f0:a3:67:c8:
                    f9:bb:32:e8:1c:aa:aa:42:ea:0c:a4:96:1d:96:c8:
                    9c:e6:bb:da:8b:b9:4b:4d:68:32:5e:ab:6d:cd:be:
                    fa:63:3a:7d:20:3d:69:88:38:df:9f:f6:8e:35:7b:
                    94:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:12:3E:96:02:25:4C:84:B6:0A:FD:74:74:B7:1B:5D:44:9D:5C:62
            X509v3 Authority Key Identifier:
                keyid:86:DB:57:E6:90:F7:D3:09:29:3A:28:BA:7C:55:FB:8A:F3:7D:5D:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/httX5pD30wkpOii6fFX7ivN9Xb0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/httX5pD30wkpOii6fFX7ivN9Xb0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/B9953DBA1D8A11E2A387D0E408B02CD2/3B8DEC18F67C11EFA12FD55AC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.108.216.0/21
                  109.237.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:68:4a:c3:57:ae:c1:32:a6:7d:30:f5:d9:33:a6:3f:20:d0:
         f7:1e:e0:6f:71:a9:0e:e7:d6:ef:1d:bc:0a:ab:98:33:5e:ae:
         5a:31:54:c6:31:27:d2:6c:c8:f8:89:d7:3d:c0:6e:7b:2f:c8:
         0f:71:d3:e2:5b:6e:90:0b:59:e6:4a:79:6c:5f:1a:21:df:b4:
         87:53:13:12:1e:c8:6b:02:92:cf:76:a5:01:eb:d7:36:29:4a:
         ed:ce:47:2c:06:47:07:66:fb:6a:2d:12:ba:eb:15:1d:76:06:
         4f:d1:8b:58:ac:20:dd:30:0b:90:81:6a:e1:75:c9:b4:62:cd:
         27:90:1b:b2:76:ee:ee:ec:92:f4:c4:bf:6d:cb:a8:94:ad:30:
         85:f9:74:e0:42:65:56:e4:58:42:5f:12:5c:17:06:bd:e2:d1:
         c3:cc:a5:82:4d:f3:4f:f3:27:9e:b0:42:13:c5:77:80:4a:ce:
         84:f5:6b:f5:fd:58:c7:0e:c0:88:ba:84:8d:ac:b7:3e:0d:44:
         68:5d:28:16:c9:59:47:7d:16:9b:d0:6b:b8:65:dd:c5:e2:02:
         54:00:63:c0:f6:48:07:72:6a:e2:e9:a6:cd:67:6d:c9:18:e2:
         bd:92:35:0c:03:6a:06:84:ae:07:0e:c8:06:52:01:3d:6c:2f:
         17:bd:c3:5a
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICNzMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDg2REI1N0U2OTBGN0QzMDkyOTNBMjhCQTdDNTVGQjhB
RjM3RDVEQkQwHhcNMjYwMTEyMDE0NjQ0WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1MTBlNS1hZjZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx8+jvbD206BCM529bK86A+73wTSwYS2TthyML04GfExm7mRv4PX2PMplE78y
3IIXsjGqRRp93BO6DMjez4N8JEJD6dI59jPttuhJD9meTNHMSbhQnN6du0mIyhcz
cyvQ9yZlN5cOe0T7bciZtcNr7bElgKBDZvhRvfXwrHnuIQGySmQ00wSWeS32tpE8
rn8YzsxipPEt2P3SpOgGae7EWDAHmSD6jq9OiHrlI0HLtVxdJlq+mK8DHyrsSg0l
Rf3/ME5k9rUo6rIlfIw3lPCjZ8j5uzLoHKqqQuoMpJYdlsic5rvai7lLTWgyXqtt
zb76Yzp9ID1piDjfn/aONXuUDwIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFL0SPpYC
JUyEtgr9dHS3G11EnVxiMB8GA1UdIwQYMBaAFIbbV+aQ99MJKToounxV+4rzfV29
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9COTk1M0RCQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9odHRYNXBEMzB3a3BPaWk2ZkZYN2l2TjlY
YjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL2h0dFg1cEQzMHdrcE9paTZmRlg3aXZOOVhiMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQjk5NTNEQkExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvM0I4REVDMThG
NjdDMTFFRkExMkZENTVBQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQDT2zYAwQDbe1AMA0GCSqGSIb3DQEBCwUAA4IBAQB3aErDV67BMqZ9
MPXZM6Y/IND3HuBvcakO59bvHbwKq5gzXq5aMVTGMSfSbMj4idc9wG57L8gPcdPi
W26QC1nmSnlsXxoh37SHUxMSHshrApLPdqUB69c2KUrtzkcsBkcHZvtqLRK66xUd
dgZP0YtYrCDdMAuQgWrhdcm0Ys0nkBuydu7u7JL0xL9ty6iUrTCF+XTgQmVW5FhC
XxJcFwa94tHDzKWCTfNP8yeesEITxXeASs6E9Wv1/VjHDsCIuoSNrLc+DURoXSgW
yVlHfRab0Gu4Zd3F4gJUAGPA9kgHcmri6abNZ23JGOK9kjUMA2oGhK4HDsgGUgE9
bC8XvcNa
-----END CERTIFICATE-----
Generated at Mon Mar 2 14:59:25 2026 by rpki-client