Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
File: 33A6DBFAD31C11EFA728D52FC4F9AE02.roa (raw, json)
Hash identifier: crauIdoFo8FqP4AIxqn95j5eYVlmfWGZzqMxVxceWVU=
Subject key identifier: D0:52:52:4F:AD:00:3F:EA:3C:F2:EF:4F:3A:E1:82:24:CD:93:9C:FA
Certificate issuer: /CN=A916AC30/serialNumber=576790244CC29275C112356FF620F2620D7D615E
Certificate serial: 014B
Authority key identifier: 57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:16:05 +0000
ROA not before: Mon 09 Feb 2026 11:22:45 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 59253
IP address blocks: 23.106.48.0/21 maxlen: 21
23.106.50.0/24 maxlen: 24
23.106.64.0/20 maxlen: 20
23.106.67.0/24 maxlen: 24
23.106.120.0/21 maxlen: 21
23.106.248.0/21 maxlen: 21
23.106.248.0/22 maxlen: 22
23.106.252.0/22 maxlen: 22
23.108.96.0/21 maxlen: 21
23.108.96.0/22 maxlen: 22
23.108.100.0/22 maxlen: 22
23.111.12.0/22 maxlen: 22
23.111.14.0/23 maxlen: 23
64.120.92.0/22 maxlen: 22
64.120.110.0/23 maxlen: 24
142.91.96.0/23 maxlen: 23
142.91.98.0/23 maxlen: 23
142.91.100.0/23 maxlen: 23
142.91.102.0/23 maxlen: 23
172.255.208.0/22 maxlen: 22
173.234.0.0/23 maxlen: 23
173.234.2.0/23 maxlen: 23
173.234.4.0/22 maxlen: 22
173.234.8.0/22 maxlen: 22
173.234.12.0/23 maxlen: 23
173.234.14.0/23 maxlen: 23
209.58.160.0/20 maxlen: 20
209.58.160.0/21 maxlen: 21
209.58.168.0/21 maxlen: 21
209.58.176.0/21 maxlen: 21
209.58.176.0/22 maxlen: 22
209.58.180.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl
rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:38:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 331 (0x14b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916AC30, serialNumber=576790244CC29275C112356FF620F2620D7D615E
Validity
Not Before: Feb 9 11:22:45 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69a47455-2db7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:e3:d7:4c:29:8d:ac:cb:57:dd:f5:4f:07:6d:
0c:37:02:f0:8f:34:36:4d:1c:4e:2e:7a:57:ff:b7:
f5:a5:43:98:78:a4:a9:b2:29:05:47:98:78:68:75:
92:a3:ee:9b:c7:a7:c0:85:e8:5d:fb:38:c0:04:f9:
87:86:bf:4f:43:70:a3:4a:30:2c:66:b1:67:41:ea:
33:28:f2:b1:48:4e:ce:83:b3:f5:5f:78:ff:11:f6:
ed:ff:f1:47:29:79:51:b9:58:23:b7:8d:54:22:21:
b0:fc:c1:e1:11:3d:45:c2:10:b2:29:11:5b:0d:52:
57:a0:06:a3:93:77:ff:a1:26:f1:3e:86:f4:8f:12:
41:e5:b3:9b:81:2a:23:f9:af:fc:32:22:ac:28:e8:
53:84:a1:a0:79:50:24:74:91:5a:e2:af:ab:ed:3e:
64:94:fd:c3:d8:ef:38:d5:24:df:36:a0:c1:3b:3c:
5b:a4:53:b1:6e:f1:61:d4:22:a3:72:56:41:e7:83:
9c:9e:08:49:05:6f:43:4c:6c:b2:98:dd:24:35:1e:
dd:00:59:3f:49:37:51:94:b2:d3:9d:40:5b:30:ab:
92:3a:1b:31:a2:af:df:55:0e:8c:c1:39:89:0f:34:
99:34:d6:f3:8a:73:22:b4:43:6b:a4:5c:05:89:84:
85:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:52:52:4F:AD:00:3F:EA:3C:F2:EF:4F:3A:E1:82:24:CD:93:9C:FA
X509v3 Authority Key Identifier:
keyid:57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
23.106.48.0/21
23.106.64.0/20
23.106.120.0/21
23.106.248.0/21
23.108.96.0/21
23.111.12.0/22
64.120.92.0/22
64.120.110.0/23
142.91.96.0/21
172.255.208.0/22
173.234.0.0/20
209.58.160.0-209.58.183.255
Signature Algorithm: sha256WithRSAEncryption
bf:a6:a5:97:e2:b2:90:ec:65:dc:38:4a:46:62:d6:ff:07:7f:
b2:4c:fe:b9:9c:60:35:43:13:30:20:30:9e:7a:b7:ca:e9:d6:
86:4d:a4:6a:d0:a0:50:ac:d3:b9:c6:0c:5e:07:96:ce:f0:fc:
bb:bd:4d:ba:e9:ad:17:f8:0d:d0:19:5e:0c:1c:52:4b:d3:26:
c6:e0:04:d0:e8:86:36:31:ca:08:6d:9e:6c:d2:8d:00:d4:dd:
e9:8f:97:f9:60:e6:53:76:b7:7f:01:33:ae:88:a3:b5:3a:c0:
c0:c5:7d:38:f3:b6:ea:e0:d0:5f:04:39:e9:a0:92:99:6c:c6:
70:48:e8:77:71:26:4b:63:3f:93:eb:e6:42:44:01:45:52:80:
74:40:ef:08:da:78:8b:d1:4b:52:0a:89:3e:68:be:ab:6c:5e:
00:c4:71:40:10:24:a7:22:2c:a2:91:9a:61:cf:a8:60:55:db:
3e:e1:3d:6e:1f:0e:b6:b4:53:c7:a5:92:72:82:ed:77:1b:86:
d2:65:27:36:f3:cd:78:90:ab:f1:c6:a2:95:c1:23:4a:c0:f6:
94:1a:7b:e2:1d:07:f8:21:19:7b:ed:9a:26:2d:11:61:2c:dd:
62:b7:bd:31:2f:55:5c:45:19:b0:e6:73:12:57:54:35:0b:3b:
a7:1a:b6:1b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAUswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkFDMzAxMTAvBgNVBAUTKDU3Njc5MDI0NENDMjkyNzVDMTEyMzU2RkY2MjBGMjYy
MEQ3RDYxNUUwHhcNMjYwMjA5MTEyMjQ1WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzQ1NS0yZGI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAruPXTCmNrMtX3fVPB20MNwLwjzQ2TRxOLnpX/7f1pUOYeKSpsikFR5h4aHWS
o+6bx6fAhehd+zjABPmHhr9PQ3CjSjAsZrFnQeozKPKxSE7Og7P1X3j/Efbt//FH
KXlRuVgjt41UIiGw/MHhET1FwhCyKRFbDVJXoAajk3f/oSbxPob0jxJB5bObgSoj
+a/8MiKsKOhThKGgeVAkdJFa4q+r7T5klP3D2O841STfNqDBOzxbpFOxbvFh1CKj
clZB54OcnghJBW9DTGyymN0kNR7dAFk/STdRlLLTnUBbMKuSOhsxoq/fVQ6MwTmJ
DzSZNNbzinMitENrpFwFiYSFFwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNBSUk+t
AD/qPPLvTzrhgiTNk5z6MB8GA1UdIwQYMBaAFFdnkCRMwpJ1wRI1b/Yg8mINfWFe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QUMzMC82QkM0Q0RGRThD
NjIxMUVGOTk0NjQwODVDNEY5QUUwMi9WMmVRSkV6Q2tuWEJFalZ2OWlEeVlnMTlZ
VjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1YyZVFKRXpDa25YQkVqVnY5aUR5WWcxOVlWNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkFDMzAvNkJDNENERkU4QzYyMTFFRjk5NDY0MDg1QzRGOUFFMDIvMzNBNkRCRkFE
MzFDMTFFRkE3MjhENTJGQzRGOUFFMDIucm9hMGkGCCsGAQUFBwEHAQH/BFowWDBW
BAIAATBQAwQDF2owAwQEF2pAAwQDF2p4AwQDF2r4AwQDF2xgAwQCF28MAwQCQHhc
AwQBQHhuAwQDjltgAwQCrP/QAwQEreoAMAwDBAXROqADBAPROrAwDQYJKoZIhvcN
AQELBQADggEBAL+mpZfispDsZdw4SkZi1v8Hf7JM/rmcYDVDEzAgMJ56t8rp1oZN
pGrQoFCs07nGDF4Hls7w/Lu9TbrprRf4DdAZXgwcUkvTJsbgBNDohjYxyghtnmzS
jQDU3emPl/lg5lN2t38BM66Io7U6wMDFfTjzturg0F8EOemgkplsxnBI6HdxJktj
P5Pr5kJEAUVSgHRA7wjaeIvRS1IKiT5ovqtsXgDEcUAQJKciLKKRmmHPqGBV2z7h
PW4fDra0U8elknKC7XcbhtJlJzbzzXiQq/HGopXBI0rA9pQae+IdB/ghGXvtmiYt
EWEs3WK3vTEvVVxFGbDmcxJXVDULO6caths=
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:41:34 2026 by rpki-client