Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/29D2F7BE0CA711ED98CF681AC4F9AE02.roa
File:                     29D2F7BE0CA711ED98CF681AC4F9AE02.roa (raw, json)
Hash identifier:          GtQPW+0e7a9FnyPg8T2wu8tuzciWg5rc8/4mZ8GgK5I=
Subject key identifier:   91:5C:31:FC:98:95:14:FD:48:B1:B2:BF:1F:6C:B0:5A:80:B8:96:27
Certificate issuer:       /CN=A91E504E/serialNumber=04EE076A5DFA948C38F83C8CAC20FE0E8E86D80B
Certificate serial:       0455
Authority key identifier: 04:EE:07:6A:5D:FA:94:8C:38:F8:3C:8C:AC:20:FE:0E:8E:86:D8:0B
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BO4Hal36lIw4-DyMrCD-Do6G2As.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/29D2F7BE0CA711ED98CF681AC4F9AE02.roa
Signing time:             Sun 01 Mar 2026 14:23:38 +0000
ROA not before:           Fri 01 Aug 2025 02:07:36 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     133861
IP address blocks:        217.194.132.0/24 maxlen: 24
                          217.194.133.0/24 maxlen: 24
                          217.194.134.0/24 maxlen: 24
                          217.194.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/BO4Hal36lIw4-DyMrCD-Do6G2As.crl
                          rsync://rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/BO4Hal36lIw4-DyMrCD-Do6G2As.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BO4Hal36lIw4-DyMrCD-Do6G2As.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 08 Mar 2026 22:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1109 (0x455)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E504E, serialNumber=04EE076A5DFA948C38F83C8CAC20FE0E8E86D80B
        Validity
            Not Before: Aug  1 02:07:36 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=69a44bea-76ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c2:45:20:b8:8b:18:06:70:0e:73:cd:11:a8:
                    8f:67:2b:4b:bd:2a:50:5f:0d:eb:e1:07:1e:a2:c1:
                    df:2c:0f:01:b0:39:62:51:42:d5:96:6d:1f:9a:4b:
                    62:2c:26:08:f7:fa:aa:2d:d9:db:a2:bd:1a:fc:a3:
                    34:15:82:81:62:0d:dd:4d:da:2d:bf:60:bb:a5:eb:
                    34:5e:95:41:a9:87:f8:5f:41:ad:bc:65:b6:f6:0d:
                    60:7c:cc:36:c6:f6:dd:65:84:38:2d:66:2c:85:72:
                    01:22:33:93:63:10:13:6d:9d:fc:32:81:87:41:e4:
                    11:af:4e:af:5a:b2:c4:fa:47:b3:e6:21:37:52:a5:
                    57:01:58:45:43:42:77:36:00:c8:77:29:02:63:de:
                    28:49:88:6f:5b:a4:88:db:10:49:dc:fa:c4:9b:1c:
                    d5:45:32:c3:63:7a:18:aa:ba:f8:fd:72:9d:82:80:
                    e0:69:0e:83:9a:54:5c:0a:2d:9a:b7:51:ca:d7:36:
                    bb:02:ae:12:67:a3:87:af:ab:82:46:6c:25:37:69:
                    a2:1e:c9:54:a7:77:63:c7:e8:12:18:30:bb:e1:f9:
                    c5:fc:a1:dd:a5:9e:5c:6c:27:79:43:d2:e2:70:03:
                    f2:e6:4d:b4:d9:c1:5c:73:be:5f:61:b7:7b:c0:26:
                    37:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:5C:31:FC:98:95:14:FD:48:B1:B2:BF:1F:6C:B0:5A:80:B8:96:27
            X509v3 Authority Key Identifier:
                keyid:04:EE:07:6A:5D:FA:94:8C:38:F8:3C:8C:AC:20:FE:0E:8E:86:D8:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/BO4Hal36lIw4-DyMrCD-Do6G2As.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BO4Hal36lIw4-DyMrCD-Do6G2As.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E504E/44A51948960811ECA04A0086C4F9AE02/29D2F7BE0CA711ED98CF681AC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:6e:20:08:95:13:58:0d:9c:f6:d9:eb:c7:0d:02:ff:77:7d:
         d1:5b:9d:7d:0e:ad:a0:03:d2:77:43:c6:11:84:79:9c:e2:7e:
         56:f2:5b:2f:9e:df:ce:14:df:96:aa:86:4e:f7:50:8b:3b:21:
         8a:02:35:5e:d8:d1:9c:39:58:97:6c:89:7c:50:48:7b:68:f2:
         5b:54:6a:52:5e:33:50:94:50:53:80:18:d7:e2:33:49:c6:3d:
         87:a3:54:72:e2:6d:b1:52:aa:ab:22:39:53:4e:f2:02:66:a7:
         77:52:50:87:28:1c:df:5e:a3:2e:05:db:b5:c8:2b:6a:38:cf:
         7e:e8:9d:2a:69:14:d9:cf:8f:89:69:cd:b6:34:48:46:0f:ed:
         6c:42:c9:0e:9c:b5:4e:a0:0d:1a:09:64:30:b4:4d:e4:de:3b:
         42:e6:7e:94:94:cb:b5:0b:52:39:16:31:f0:cb:37:be:ad:85:
         36:e4:8b:e4:12:c1:3f:bd:e7:d6:02:7a:79:2d:d0:43:db:05:
         1a:0d:e4:c3:de:c3:32:18:1f:6f:51:d4:fb:a7:fd:ba:32:14:
         dc:06:89:92:d6:69:ce:e8:0c:39:4c:be:c0:aa:9b:65:f9:8a:
         8c:f2:33:c6:dc:d5:ce:13:fd:b7:3a:8a:4a:fc:34:d6:b7:b1:
         ab:5e:4c:41
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICBFUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTUwNEUxMTAvBgNVBAUTKDA0RUUwNzZBNURGQTk0OEMzOEY4M0M4Q0FDMjBGRTBF
OEU4NkQ4MEIwHhcNMjUwODAxMDIwNzM2WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NGJlYS03NmFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxsJFILiLGAZwDnPNEaiPZytLvSpQXw3r4QceosHfLA8BsDliUULVlm0fmkti
LCYI9/qqLdnbor0a/KM0FYKBYg3dTdotv2C7pes0XpVBqYf4X0GtvGW29g1gfMw2
xvbdZYQ4LWYshXIBIjOTYxATbZ38MoGHQeQRr06vWrLE+kez5iE3UqVXAVhFQ0J3
NgDIdykCY94oSYhvW6SI2xBJ3PrEmxzVRTLDY3oYqrr4/XKdgoDgaQ6DmlRcCi2a
t1HK1za7Aq4SZ6OHr6uCRmwlN2miHslUp3djx+gSGDC74fnF/KHdpZ5cbCd5Q9Li
cAPy5k202cFcc75fYbd7wCY3NQIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFJFcMfyY
lRT9SLGyvx9ssFqAuJYnMB8GA1UdIwQYMBaAFATuB2pd+pSMOPg8jKwg/g6OhtgL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNTA0RS80NEE1MTk0ODk2
MDgxMUVDQTA0QTAwODZDNEY5QUUwMi9CTzRIYWwzNmxJdzQtRHlNckNELURvNkcy
QXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0JPNEhhbDM2bEl3NC1EeU1yQ0QtRG82RzJBcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTUwNEUvNDRBNTE5NDg5NjA4MTFFQ0EwNEEwMDg2QzRGOUFFMDIvMjlEMkY3QkUw
Q0E3MTFFRDk4Q0Y2ODFBQzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQC2cKEMA0GCSqGSIb3DQEBCwUAA4IBAQAMbiAIlRNYDZz22evHDQL/
d33RW519Dq2gA9J3Q8YRhHmc4n5W8lsvnt/OFN+WqoZO91CLOyGKAjVe2NGcOViX
bIl8UEh7aPJbVGpSXjNQlFBTgBjX4jNJxj2Ho1Ry4m2xUqqrIjlTTvICZqd3UlCH
KBzfXqMuBdu1yCtqOM9+6J0qaRTZz4+Jac22NEhGD+1sQskOnLVOoA0aCWQwtE3k
3jtC5n6UlMu1C1I5FjHwyze+rYU25IvkEsE/vefWAnp5LdBD2wUaDeTD3sMyGB9v
UdT7p/26MhTcBomS1mnO6Aw5TL7Aqptl+YqM8jPG3NXOE/23OopK/DTWt7GrXkxB
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:25:02 2026 by rpki-client