Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5F9FA12E0CA411ED96936D79C4F9AE02.roa
File:                     5F9FA12E0CA411ED96936D79C4F9AE02.roa (raw, json)
Hash identifier:          4kQpOwfQ9Vfzhi0bWN2KXN1yIQQ1TFWjddHQXPI30gs=
Subject key identifier:   28:2E:E3:06:B9:2D:28:A8:9E:FF:4B:91:1B:5F:05:5A:71:B8:81:3E
Certificate issuer:       /CN=A91E504E/serialNumber=E477D38AAAC4A37CC6DF1665BF1C880AF99B7B4F
Certificate serial:       0454
Authority key identifier: E4:77:D3:8A:AA:C4:A3:7C:C6:DF:16:65:BF:1C:88:0A:F9:9B:7B:4F
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/5HfTiqrEo3zG3xZlvxyICvmbe08.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5F9FA12E0CA411ED96936D79C4F9AE02.roa
Signing time:             Sun 01 Mar 2026 14:23:27 +0000
ROA not before:           Fri 01 Aug 2025 02:07:38 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     133861
IP address blocks:        208.87.200.0/24 maxlen: 24
                          208.87.201.0/24 maxlen: 24
                          208.87.202.0/24 maxlen: 24
                          208.87.203.0/24 maxlen: 24
                          208.87.204.0/24 maxlen: 24
                          208.87.205.0/24 maxlen: 24
                          208.87.206.0/24 maxlen: 24
                          208.87.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5HfTiqrEo3zG3xZlvxyICvmbe08.crl
                          rsync://rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5HfTiqrEo3zG3xZlvxyICvmbe08.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/5HfTiqrEo3zG3xZlvxyICvmbe08.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 08 Mar 2026 22:54:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1108 (0x454)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E504E, serialNumber=E477D38AAAC4A37CC6DF1665BF1C880AF99B7B4F
        Validity
            Not Before: Aug  1 02:07:38 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=69a44bdf-df1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fb:dc:1f:be:aa:11:16:ab:02:00:61:fa:5a:
                    ca:3d:a2:9f:1b:bc:b1:95:38:4d:cd:39:4c:93:ab:
                    93:17:4e:b4:41:8a:bc:5c:59:20:76:bb:6f:8c:64:
                    92:5b:12:6a:bf:c9:f1:81:d2:77:61:5d:a9:f0:9d:
                    e2:bb:33:14:78:09:13:42:8d:52:1d:7c:01:3e:08:
                    cd:af:1e:97:50:56:93:ca:3d:4b:67:03:f7:2d:32:
                    27:33:9e:87:36:65:ba:2d:ff:a3:f3:e9:fa:15:69:
                    29:3b:78:62:ab:5a:ec:7a:d7:39:72:59:52:7e:df:
                    d0:cf:20:55:58:2d:70:22:da:04:a7:52:be:b7:8a:
                    3c:e2:ea:6e:48:3b:b8:4e:70:4b:6f:c3:51:43:f3:
                    e9:49:5b:76:65:32:c1:ba:a1:f3:d0:da:f5:90:59:
                    d6:7c:3f:a1:75:db:52:64:4e:53:a3:13:3a:3f:2f:
                    0f:ca:77:a1:bc:56:31:f9:ee:fd:c7:70:e6:8b:f8:
                    56:14:e2:28:bb:01:24:c5:d1:ac:a7:07:66:a1:e3:
                    9e:27:e2:54:66:54:f5:69:15:db:1d:f7:c6:46:28:
                    6e:14:08:27:0a:11:52:17:ef:85:18:93:32:cc:a3:
                    46:cf:5b:d6:b9:82:e9:15:f3:1c:c6:33:c1:c1:54:
                    ee:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:2E:E3:06:B9:2D:28:A8:9E:FF:4B:91:1B:5F:05:5A:71:B8:81:3E
            X509v3 Authority Key Identifier:
                keyid:E4:77:D3:8A:AA:C4:A3:7C:C6:DF:16:65:BF:1C:88:0A:F9:9B:7B:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5HfTiqrEo3zG3xZlvxyICvmbe08.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/5HfTiqrEo3zG3xZlvxyICvmbe08.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E504E/4E3E367E960811ECA04A0086C4F9AE02/5F9FA12E0CA411ED96936D79C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.87.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:33:54:9c:8c:95:8c:8e:be:52:53:73:ff:d4:1a:f6:0b:73:
         31:c9:7d:89:4a:30:f4:fe:a0:92:8e:a5:d3:a4:3d:ec:10:0f:
         4e:95:b6:93:0b:ed:8e:c4:9a:4c:53:cb:12:6e:16:f3:ef:50:
         9a:7e:a6:2d:2e:00:c5:f1:e1:c2:18:97:1e:fb:a3:61:3d:5d:
         1d:ef:eb:01:10:24:2e:26:82:30:77:ef:78:14:bd:bb:63:ae:
         9b:f7:48:e5:93:ed:ad:b5:f7:59:a6:3c:e4:a6:35:67:80:16:
         06:61:41:27:1c:2b:05:05:4a:e0:ab:57:45:2c:e8:f3:41:3f:
         94:b9:a3:2b:99:1b:c9:0b:57:08:f9:5f:8a:bf:af:dd:0e:60:
         da:62:1f:13:2b:5c:74:1d:fd:15:f8:32:52:dd:40:2e:63:ae:
         04:04:fb:0b:3d:ab:c6:1d:10:57:fe:3b:dd:38:d6:b2:be:ea:
         45:ac:12:30:ff:7c:46:c0:38:f2:46:85:1c:6f:54:80:f3:ec:
         05:74:ba:f2:2c:1e:cd:24:b7:0d:60:7f:fa:b2:89:5a:92:c6:
         e7:c0:32:aa:22:2b:0b:23:bc:ea:e9:df:2b:57:eb:97:73:b7:
         50:20:59:b5:24:0e:b0:de:ed:69:2c:83:2e:95:84:48:38:25:
         76:4b:d9:5c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgICBFQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTUwNEUxMTAvBgNVBAUTKEU0NzdEMzhBQUFDNEEzN0NDNkRGMTY2NUJGMUM4ODBB
Rjk5QjdCNEYwHhcNMjUwODAxMDIwNzM4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NGJkZi1kZjFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlvvcH76qERarAgBh+lrKPaKfG7yxlThNzTlMk6uTF060QYq8XFkgdrtvjGSS
WxJqv8nxgdJ3YV2p8J3iuzMUeAkTQo1SHXwBPgjNrx6XUFaTyj1LZwP3LTInM56H
NmW6Lf+j8+n6FWkpO3hiq1rsetc5cllSft/QzyBVWC1wItoEp1K+t4o84upuSDu4
TnBLb8NRQ/PpSVt2ZTLBuqHz0Nr1kFnWfD+hddtSZE5ToxM6Py8PynehvFYx+e79
x3Dmi/hWFOIouwEkxdGspwdmoeOeJ+JUZlT1aRXbHffGRihuFAgnChFSF++FGJMy
zKNGz1vWuYLpFfMcxjPBwVTu6QIDAQABo4ICYDCCAlwwHQYDVR0OBBYEFCgu4wa5
LSionv9LkRtfBVpxuIE+MB8GA1UdIwQYMBaAFOR304qqxKN8xt8WZb8ciAr5m3tP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNTA0RS80RTNFMzY3RTk2
MDgxMUVDQTA0QTAwODZDNEY5QUUwMi81SGZUaXFyRW8zekczeFpsdnh5SUN2bWJl
MDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzVIZlRpcXJFbzN6RzN4Wmx2eHlJQ3ZtYmUwOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTUwNEUvNEUzRTM2N0U5NjA4MTFFQ0EwNEEwMDg2QzRGOUFFMDIvNUY5RkExMkUw
Q0E0MTFFRDk2OTM2RDc5QzRGOUFFMDIucm9hMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQD0FfIMA0GCSqGSIb3DQEBCwUAA4IBAQBSM1ScjJWMjr5SU3P/1Br2
C3MxyX2JSjD0/qCSjqXTpD3sEA9OlbaTC+2OxJpMU8sSbhbz71CafqYtLgDF8eHC
GJce+6NhPV0d7+sBECQuJoIwd+94FL27Y66b90jlk+2ttfdZpjzkpjVngBYGYUEn
HCsFBUrgq1dFLOjzQT+UuaMrmRvJC1cI+V+Kv6/dDmDaYh8TK1x0Hf0V+DJS3UAu
Y64EBPsLPavGHRBX/jvdONayvupFrBIw/3xGwDjyRoUcb1SA8+wFdLryLB7NJLcN
YH/6solaksbnwDKqIisLI7zq6d8rV+uXc7dQIFm1JA6w3u1pLIMulYRIOCV2S9lc
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:42:18 2026 by rpki-client