Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
File: E3A38380A1C811EA8C425C58C4F9AE02.roa (raw, json)
Hash identifier: 6ELYEf//xgOmHmrw5674KJknvEDN6uqGmjP7VLTouxc=
Subject key identifier: BC:EC:F2:D1:9A:BA:1C:06:EA:2B:8C:83:24:EB:56:D2:5B:6B:6E:0E
Certificate issuer: /CN=A91733A8/serialNumber=8DC66A64753643B0E70FB9B2BD4009CBEC705441
Certificate serial: 0A2E
Authority key identifier: 8D:C6:6A:64:75:36:43:B0:E7:0F:B9:B2:BD:40:09:CB:EC:70:54:41
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
Signing time: Thu 04 Jun 2026 20:24:42 +0000
ROA not before: Thu 04 Jun 2026 20:24:42 +0000
ROA not after: Fri 30 Jul 2027 00:00:00 +0000
asID: 135523
IP address blocks: 125.209.66.0/24 maxlen: 24
125.209.69.0/24 maxlen: 24
125.209.71.0/24 maxlen: 24
125.209.72.0/24 maxlen: 24
125.209.81.0/24 maxlen: 24
125.209.83.0/24 maxlen: 24
125.209.84.0/24 maxlen: 24
125.209.90.0/24 maxlen: 24
125.209.92.0/24 maxlen: 24
125.209.93.0/24 maxlen: 24
125.209.117.0/24 maxlen: 24
125.209.119.0/24 maxlen: 24
202.141.230.0/24 maxlen: 24
202.141.236.0/24 maxlen: 24
202.141.244.0/24 maxlen: 24
202.141.251.0/24 maxlen: 24
202.142.178.0/24 maxlen: 24
202.142.181.0/24 maxlen: 24
202.142.183.0/24 maxlen: 24
202.142.190.0/24 maxlen: 24
202.142.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.crl
rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 19 Jun 2026 19:52:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2606 (0xa2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91733A8, serialNumber=8DC66A64753643B0E70FB9B2BD4009CBEC705441
Validity
Not Before: Jun 4 20:24:42 2026 GMT
Not After : Jul 30 00:00:00 2027 GMT
Subject: CN=6a21df0a-6e0f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a1:c8:72:29:ba:26:01:ff:65:d3:a8:62:8c:
41:c0:57:e7:5a:12:e3:4d:ed:33:a7:d5:03:b6:48:
29:55:f1:c2:42:32:53:b5:38:5d:b6:06:80:93:d4:
69:d9:93:65:c9:b3:67:52:10:f9:46:ab:03:42:8b:
e5:26:47:6d:33:89:5f:5c:74:27:78:68:a0:d1:99:
46:1d:d6:40:61:7f:3a:2b:bb:99:d0:37:0e:e8:7d:
f0:0c:12:24:7e:10:da:08:06:0d:d5:ba:dc:1d:5f:
48:67:0c:51:e3:07:59:13:ff:8d:0f:7d:a9:c3:20:
3c:1c:a3:cb:8b:66:1f:24:8a:bd:63:eb:f5:ce:bc:
8e:cc:5b:b6:f0:a3:e9:f5:f9:aa:41:61:39:fc:d3:
cc:39:96:d6:3c:ff:5a:47:22:d6:91:11:5f:8c:be:
df:9d:7a:93:c1:cd:80:ca:77:57:18:d6:fa:10:2e:
33:4a:26:25:85:01:03:f9:ed:67:d7:93:16:ba:3f:
d4:e2:c1:a0:95:93:0d:b1:07:76:fd:10:52:18:02:
65:3d:bb:62:40:09:d2:67:36:bf:5f:9e:a5:ef:5b:
3b:63:8b:15:f4:79:4c:ca:77:7e:53:bb:d7:ac:d0:
93:31:5b:85:94:2d:e7:a5:58:79:e6:6a:ca:1e:8b:
c3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:EC:F2:D1:9A:BA:1C:06:EA:2B:8C:83:24:EB:56:D2:5B:6B:6E:0E
X509v3 Authority Key Identifier:
keyid:8D:C6:6A:64:75:36:43:B0:E7:0F:B9:B2:BD:40:09:CB:EC:70:54:41
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
125.209.66.0/24
125.209.69.0/24
125.209.71.0-125.209.72.255
125.209.81.0/24
125.209.83.0-125.209.84.255
125.209.90.0/24
125.209.92.0/23
125.209.117.0/24
125.209.119.0/24
202.141.230.0/24
202.141.236.0/24
202.141.244.0/24
202.141.251.0/24
202.142.178.0/24
202.142.181.0/24
202.142.183.0/24
202.142.190.0/23
Signature Algorithm: sha256WithRSAEncryption
67:70:85:fe:e5:6f:c6:e8:01:b0:c4:09:90:7d:88:aa:fd:9d:
c2:d2:7d:7c:be:51:f9:18:7f:2c:04:a5:75:c6:fa:2b:19:7f:
64:18:86:9e:10:4e:39:4a:64:39:21:95:84:52:cd:71:e3:4d:
e7:e3:17:5a:05:f0:08:03:9d:18:68:07:8b:9e:32:34:31:30:
99:29:d7:f2:47:3f:8c:e2:7f:cc:c5:ef:95:e8:a9:6d:d3:5a:
c2:49:1c:df:67:cc:33:15:a6:e6:e4:95:25:81:90:b9:50:e4:
2a:c8:4c:2a:29:44:8a:8a:31:6e:a1:d8:f9:fe:90:e2:bb:1a:
0f:16:91:97:0e:3e:fc:6d:6b:ed:97:0b:be:92:29:86:d3:4c:
8c:f0:ac:4c:d5:c4:28:c2:d3:4d:6b:ff:7b:3b:1e:54:32:91:
9c:be:1a:a2:98:60:67:4e:1d:7b:64:a3:43:3d:e7:9a:de:4e:
9b:df:f6:3a:cc:af:b7:d9:45:8e:54:83:bd:3c:3b:0e:0d:b3:
34:08:2f:9d:6b:1d:d9:7f:b1:75:d2:4e:2b:0e:c5:d9:28:75:
87:d0:f9:3e:3b:9c:77:43:6d:b5:34:cd:65:d6:08:09:04:36:
91:11:d3:3f:d7:a3:6a:ca:2f:14:19:ac:8f:6d:b7:03:c3:49:
96:36:14:cf
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgICCi4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzMzQTgxMTAvBgNVBAUTKDhEQzY2QTY0NzUzNjQzQjBFNzBGQjlCMkJENDAwOUNC
RUM3MDU0NDEwHhcNMjYwNjA0MjAyNDQyWhcNMjcwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTIxZGYwYS02ZTBmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3aHIcim6JgH/ZdOoYoxBwFfnWhLjTe0zp9UDtkgpVfHCQjJTtThdtgaAk9Rp
2ZNlybNnUhD5RqsDQovlJkdtM4lfXHQneGig0ZlGHdZAYX86K7uZ0DcO6H3wDBIk
fhDaCAYN1brcHV9IZwxR4wdZE/+ND32pwyA8HKPLi2YfJIq9Y+v1zryOzFu28KPp
9fmqQWE5/NPMOZbWPP9aRyLWkRFfjL7fnXqTwc2AyndXGNb6EC4zSiYlhQED+e1n
15MWuj/U4sGglZMNsQd2/RBSGAJlPbtiQAnSZza/X56l71s7Y4sV9HlMynd+U7vX
rNCTMVuFlC3npVh55mrKHovDbwIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFLzs8tGa
uhwG6iuMgyTrVtJba24OMB8GA1UdIwQYMBaAFI3GamR1NkOw5w+5sr1ACcvscFRB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MzNBOC8xNDIwMjM4NEEx
QjQxMUVBQUYyRTYzMEZDNEY5QUUwMi9qY1pxWkhVMlE3RG5EN215dlVBSnkteHdW
RUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pjWnFaSFUyUTdEbkQ3bXl2VUFKeS14d1ZFRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzMzQTgvMTQyMDIzODRBMUI0MTFFQUFGMkU2MzBGQzRGOUFFMDIvRTNBMzgzODBB
MUM4MTFFQThDNDI1QzU4QzRGOUFFMDIucm9hMIGQBggrBgEFBQcBBwEB/wSBgDB+
MHwEAgABMHYDBAB90UIDBAB90UUwDAMEAH3RRwMEAH3RSAMEAH3RUTAMAwQAfdFT
AwQAfdFUAwQAfdFaAwQBfdFcAwQAfdF1AwQAfdF3AwQAyo3mAwQAyo3sAwQAyo30
AwQAyo37AwQAyo6yAwQAyo61AwQAyo63AwQByo6+MA0GCSqGSIb3DQEBCwUAA4IB
AQBncIX+5W/G6AGwxAmQfYiq/Z3C0n18vlH5GH8sBKV1xvorGX9kGIaeEE45SmQ5
IZWEUs1x403n4xdaBfAIA50YaAeLnjI0MTCZKdfyRz+M4n/Mxe+V6Klt01rCSRzf
Z8wzFabm5JUlgZC5UOQqyEwqKUSKijFuodj5/pDiuxoPFpGXDj78bWvtlwu+kimG
00yM8KxM1cQowtNNa/97Ox5UMpGcvhqimGBnTh17ZKNDPeea3k6b3/Y6zK+32UWO
VIO9PDsODbM0CC+dax3Zf7F10k4rDsXZKHWH0Pk+O5x3Q221NM1l1ggJBDaREdM/
16Nqyi8UGayPbbcDw0mWNhTP
-----END CERTIFICATE-----
Generated at Sat Jun 13 23:50:19 2026 by rpki-client