Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
File: E3A38380A1C811EA8C425C58C4F9AE02.roa (raw, json)
Hash identifier: GS8FiTHe76tR+EGLanHlCxxJBZXlT9b5WZ9G9Dgo+Hw=
Subject key identifier: 29:1B:96:A4:6E:E0:C5:B8:77:1B:D2:21:AF:EA:FF:88:15:3B:08:8B
Certificate issuer: /CN=A91733A8/serialNumber=8DC66A64753643B0E70FB9B2BD4009CBEC705441
Certificate serial: 09F5
Authority key identifier: 8D:C6:6A:64:75:36:43:B0:E7:0F:B9:B2:BD:40:09:CB:EC:70:54:41
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
Signing time: Sun 01 Mar 2026 12:20:15 +0000
ROA not before: Thu 22 May 2025 20:09:49 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 135523
IP address blocks: 125.209.66.0/24 maxlen: 24
125.209.69.0/24 maxlen: 24
125.209.71.0/24 maxlen: 24
125.209.72.0/24 maxlen: 24
125.209.81.0/24 maxlen: 24
125.209.83.0/24 maxlen: 24
125.209.84.0/24 maxlen: 24
125.209.90.0/24 maxlen: 24
125.209.92.0/24 maxlen: 24
125.209.93.0/24 maxlen: 24
125.209.117.0/24 maxlen: 24
125.209.119.0/24 maxlen: 24
202.141.230.0/24 maxlen: 24
202.141.236.0/24 maxlen: 24
202.141.244.0/24 maxlen: 24
202.141.251.0/24 maxlen: 24
202.142.178.0/24 maxlen: 24
202.142.181.0/24 maxlen: 24
202.142.183.0/24 maxlen: 24
202.142.190.0/24 maxlen: 24
202.142.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.crl
rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:57:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2549 (0x9f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91733A8, serialNumber=8DC66A64753643B0E70FB9B2BD4009CBEC705441
Validity
Not Before: May 22 20:09:49 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=69a42eff-e34c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:5d:50:27:4f:90:64:f9:9f:e2:0c:c6:88:d2:
8b:bd:33:2b:3c:a7:cd:70:89:78:f5:a1:1a:38:53:
b2:b2:dc:ae:73:ce:46:a4:de:17:17:73:c8:68:e3:
af:b7:f4:06:f3:e9:6e:a4:70:67:04:a3:25:6d:5b:
48:cc:b9:93:d2:e5:94:27:25:45:3d:b2:c8:ec:71:
24:a7:0a:1b:74:df:ad:03:60:be:2c:49:75:9b:87:
5d:1b:2e:d9:4e:f7:de:0f:d2:12:20:ce:7c:58:ec:
3c:6d:66:65:c9:de:52:f9:15:35:2e:6d:b1:f5:fc:
7c:05:5a:19:4f:bb:20:08:59:3a:6e:78:8c:30:a4:
59:cc:dd:12:15:27:59:00:6b:3b:16:67:97:ea:c7:
ff:62:d4:25:d2:25:26:ca:fe:db:a0:04:84:7e:e6:
59:f6:b0:5f:10:4a:97:29:25:cd:6b:d3:c3:64:ab:
0a:f7:e2:71:1b:85:78:15:bd:61:b5:0e:fb:1c:24:
c4:24:c9:d6:b2:5b:7f:68:c8:68:97:0e:63:16:95:
a8:fa:5e:e8:47:66:56:f8:08:67:2e:81:b7:a7:00:
60:b7:68:84:6c:e1:1a:19:a7:90:4d:65:10:c3:6a:
0e:ea:c9:40:18:93:6d:d5:0f:d9:a0:2f:17:f1:a4:
97:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:1B:96:A4:6E:E0:C5:B8:77:1B:D2:21:AF:EA:FF:88:15:3B:08:8B
X509v3 Authority Key Identifier:
keyid:8D:C6:6A:64:75:36:43:B0:E7:0F:B9:B2:BD:40:09:CB:EC:70:54:41
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/jcZqZHU2Q7DnD7myvUAJy-xwVEE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jcZqZHU2Q7DnD7myvUAJy-xwVEE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91733A8/14202384A1B411EAAF2E630FC4F9AE02/E3A38380A1C811EA8C425C58C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
125.209.66.0/24
125.209.69.0/24
125.209.71.0-125.209.72.255
125.209.81.0/24
125.209.83.0-125.209.84.255
125.209.90.0/24
125.209.92.0/23
125.209.117.0/24
125.209.119.0/24
202.141.230.0/24
202.141.236.0/24
202.141.244.0/24
202.141.251.0/24
202.142.178.0/24
202.142.181.0/24
202.142.183.0/24
202.142.190.0/23
Signature Algorithm: sha256WithRSAEncryption
37:cb:4d:66:3d:ed:7e:d5:f0:59:c2:7a:e9:78:b7:ff:16:92:
03:f7:bc:9b:0e:75:8c:c6:9f:99:8a:98:cf:78:55:cd:00:36:
87:27:3a:d1:20:c1:fa:74:86:f2:2f:1e:44:8e:b0:f4:55:17:
ad:d1:d9:0d:35:c0:c2:51:17:13:d4:f5:a8:34:a0:3d:b2:29:
8e:28:9e:c4:0c:41:97:16:38:dc:5e:cf:4e:ef:a3:89:37:57:
7e:c1:83:a5:cc:6e:6c:7b:49:1c:3f:11:4c:a1:58:0c:e3:08:
08:14:12:5f:0e:18:5a:87:8d:e2:bf:9b:0c:23:2a:51:da:0b:
08:31:84:d9:bf:e7:4a:72:75:54:b6:dd:37:36:f9:a5:96:43:
c4:08:4a:85:91:50:99:16:70:13:e7:16:4d:f5:6e:a6:58:08:
e3:00:9a:34:4b:48:01:ad:b2:b1:ec:92:42:b9:24:db:ef:e5:
8d:8d:3a:a0:34:e4:71:e4:ba:15:34:06:4d:0b:24:70:38:e1:
64:e5:98:21:20:95:a0:8a:2f:b1:d3:13:0a:39:d8:0d:a3:9c:
ac:d5:64:d9:f2:49:35:72:51:20:4f:1d:62:61:85:11:bc:02:
e9:00:5d:7c:37:b0:aa:e5:61:15:e3:06:e2:a1:d4:09:bd:20:
72:d0:e3:80
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgICCfUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzMzQTgxMTAvBgNVBAUTKDhEQzY2QTY0NzUzNjQzQjBFNzBGQjlCMkJENDAwOUNC
RUM3MDU0NDEwHhcNMjUwNTIyMjAwOTQ5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MmVmZi1lMzRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsF1QJ0+QZPmf4gzGiNKLvTMrPKfNcIl49aEaOFOystyuc85GpN4XF3PIaOOv
t/QG8+lupHBnBKMlbVtIzLmT0uWUJyVFPbLI7HEkpwobdN+tA2C+LEl1m4ddGy7Z
TvfeD9ISIM58WOw8bWZlyd5S+RU1Lm2x9fx8BVoZT7sgCFk6bniMMKRZzN0SFSdZ
AGs7FmeX6sf/YtQl0iUmyv7boASEfuZZ9rBfEEqXKSXNa9PDZKsK9+JxG4V4Fb1h
tQ77HCTEJMnWslt/aMholw5jFpWo+l7oR2ZW+AhnLoG3pwBgt2iEbOEaGaeQTWUQ
w2oO6slAGJNt1Q/ZoC8X8aSX+QIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFCkblqRu
4MW4dxvSIa/q/4gVOwiLMB8GA1UdIwQYMBaAFI3GamR1NkOw5w+5sr1ACcvscFRB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MzNBOC8xNDIwMjM4NEEx
QjQxMUVBQUYyRTYzMEZDNEY5QUUwMi9qY1pxWkhVMlE3RG5EN215dlVBSnkteHdW
RUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pjWnFaSFUyUTdEbkQ3bXl2VUFKeS14d1ZFRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzMzQTgvMTQyMDIzODRBMUI0MTFFQUFGMkU2MzBGQzRGOUFFMDIvRTNBMzgzODBB
MUM4MTFFQThDNDI1QzU4QzRGOUFFMDIucm9hMIGQBggrBgEFBQcBBwEB/wSBgDB+
MHwEAgABMHYDBAB90UIDBAB90UUwDAMEAH3RRwMEAH3RSAMEAH3RUTAMAwQAfdFT
AwQAfdFUAwQAfdFaAwQBfdFcAwQAfdF1AwQAfdF3AwQAyo3mAwQAyo3sAwQAyo30
AwQAyo37AwQAyo6yAwQAyo61AwQAyo63AwQByo6+MA0GCSqGSIb3DQEBCwUAA4IB
AQA3y01mPe1+1fBZwnrpeLf/FpID97ybDnWMxp+ZipjPeFXNADaHJzrRIMH6dIby
Lx5EjrD0VRet0dkNNcDCURcT1PWoNKA9simOKJ7EDEGXFjjcXs9O76OJN1d+wYOl
zG5se0kcPxFMoVgM4wgIFBJfDhhah43iv5sMIypR2gsIMYTZv+dKcnVUtt03Nvml
lkPECEqFkVCZFnAT5xZN9W6mWAjjAJo0S0gBrbKx7JJCuSTb7+WNjTqgNORx5LoV
NAZNCyRwOOFk5ZghIJWgii+x0xMKOdgNo5ys1WTZ8kk1clEgTx1iYYURvALpAF18
N7Cq5WEV4wbiodQJvSBy0OOA
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:06:34 2026 by rpki-client