Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/1A8C65506B6E11F0AEECA858C4F9AE02.roa
File: 1A8C65506B6E11F0AEECA858C4F9AE02.roa (raw, json)
Hash identifier: krOpio4wz9zZ7mzvOOi6fz/jljv3s2vU7Ok4eA4dM3Q=
Subject key identifier: 87:EA:C1:92:E6:D0:E7:1C:FC:00:C0:58:7F:F2:42:F8:6D:FA:BC:C1
Certificate issuer: /CN=A91A546E/serialNumber=6C5A589F924CE9BED1FD89F5AFF630C927574420
Certificate serial: 093B
Authority key identifier: 6C:5A:58:9F:92:4C:E9:BE:D1:FD:89:F5:AF:F6:30:C9:27:57:44:20
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/1A8C65506B6E11F0AEECA858C4F9AE02.roa
Signing time: Mon 28 Jul 2025 04:48:29 +0000
ROA not before: Mon 28 Jul 2025 04:48:29 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 45577
IP address blocks: 101.234.132.0/23 maxlen: 24
101.234.134.0/24 maxlen: 24
101.234.135.0/24 maxlen: 24
101.234.136.0/24 maxlen: 24
101.234.140.0/23 maxlen: 24
101.234.144.0/23 maxlen: 24
101.234.146.0/23 maxlen: 24
101.234.148.0/24 maxlen: 24
101.234.149.0/24 maxlen: 24
101.234.150.0/24 maxlen: 24
101.234.151.0/24 maxlen: 24
101.234.152.0/24 maxlen: 24
101.234.153.0/24 maxlen: 24
101.234.154.0/24 maxlen: 24
101.234.155.0/24 maxlen: 24
101.234.156.0/23 maxlen: 24
101.234.158.0/24 maxlen: 24
101.234.159.0/24 maxlen: 24
101.234.160.0/24 maxlen: 24
101.234.170.0/24 maxlen: 24
101.234.171.0/24 maxlen: 24
111.125.160.0/24 maxlen: 24
111.125.161.0/24 maxlen: 24
111.125.162.0/23 maxlen: 24
111.125.164.0/23 maxlen: 24
111.125.168.0/23 maxlen: 24
111.125.170.0/23 maxlen: 24
111.125.172.0/23 maxlen: 24
111.125.174.0/23 maxlen: 24
114.111.128.0/24 maxlen: 24
114.111.129.0/24 maxlen: 24
114.111.130.0/23 maxlen: 24
114.111.132.0/24 maxlen: 24
114.111.133.0/24 maxlen: 24
114.111.134.0/23 maxlen: 23
114.111.135.0/24 maxlen: 24
114.111.136.0/23 maxlen: 24
114.111.138.0/23 maxlen: 24
114.111.140.0/24 maxlen: 24
114.111.141.0/24 maxlen: 24
114.111.142.0/24 maxlen: 24
114.111.143.0/24 maxlen: 24
114.111.144.0/23 maxlen: 24
114.111.146.0/23 maxlen: 24
114.111.148.0/23 maxlen: 24
114.111.150.0/23 maxlen: 24
114.111.156.0/23 maxlen: 24
114.111.158.0/23 maxlen: 24
122.100.0.0/24 maxlen: 24
122.100.1.0/24 maxlen: 24
122.100.2.0/24 maxlen: 24
122.100.3.0/24 maxlen: 24
122.100.4.0/24 maxlen: 24
122.100.6.0/24 maxlen: 24
122.100.7.0/24 maxlen: 24
122.100.8.0/24 maxlen: 24
122.100.9.0/24 maxlen: 24
122.100.10.0/23 maxlen: 24
122.100.14.0/24 maxlen: 24
122.100.15.0/24 maxlen: 24
2406:5800:800::/38 maxlen: 48
2406:5800:c00::/38 maxlen: 56
2406:5800:ff00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.crl
rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 13 Aug 2025 20:44:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2363 (0x93b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A546E, serialNumber=6C5A589F924CE9BED1FD89F5AFF630C927574420
Validity
Not Before: Jul 28 04:48:29 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=6887011c-5c52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:0f:f4:73:0d:ed:82:bd:fa:44:9a:2a:bf:06:
8b:b7:f6:f1:4e:c3:56:12:de:f4:b6:6e:9d:58:ec:
29:b8:d0:4e:3f:16:f2:df:5b:45:ab:55:b0:c6:f9:
ad:1f:70:81:0c:5d:11:f9:f7:12:8e:cd:56:72:9d:
6b:e1:d8:20:18:d6:c2:9a:a9:fd:c8:ac:51:4f:4a:
f0:37:b5:39:71:11:07:13:b4:1b:93:2f:4a:ba:19:
40:e0:35:e9:8c:79:cd:04:68:3f:95:a6:9c:b0:16:
18:49:43:46:12:9d:dd:4c:fb:2c:fa:ae:44:6e:d7:
c1:88:60:23:6b:26:f5:a0:6f:4a:c4:29:98:ec:5a:
b5:ca:d4:b6:4f:0d:6a:f0:af:03:ba:e8:49:fd:e4:
ba:e9:88:67:9d:ed:16:59:c1:60:0e:30:a4:e5:4a:
fc:9d:54:8b:09:9f:95:d2:91:29:d0:35:e3:99:00:
76:ff:73:d5:ac:74:5f:64:48:3e:e6:d7:ae:de:17:
00:bc:78:f9:1c:46:e4:e3:7d:59:1e:81:56:be:8a:
29:0e:a4:a3:d8:94:cc:fa:db:48:52:b3:41:07:65:
18:e0:f2:f6:d0:eb:46:36:78:5c:0b:15:cc:b8:9c:
fd:fa:b8:5f:e2:f3:1d:21:e7:87:e2:66:1b:39:fc:
eb:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:EA:C1:92:E6:D0:E7:1C:FC:00:C0:58:7F:F2:42:F8:6D:FA:BC:C1
X509v3 Authority Key Identifier:
keyid:6C:5A:58:9F:92:4C:E9:BE:D1:FD:89:F5:AF:F6:30:C9:27:57:44:20
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/1A8C65506B6E11F0AEECA858C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.234.132.0-101.234.136.255
101.234.140.0/23
101.234.144.0-101.234.160.255
101.234.170.0/23
111.125.160.0-111.125.165.255
111.125.168.0/21
114.111.128.0-114.111.151.255
114.111.156.0/22
122.100.0.0-122.100.4.255
122.100.6.0-122.100.11.255
122.100.14.0/23
IPv6:
2406:5800:800::/37
2406:5800:ff00::/48
Signature Algorithm: sha256WithRSAEncryption
d8:84:44:7a:bf:a3:97:3e:f2:86:70:60:6a:33:8d:cd:d2:fc:
7c:58:56:f9:b8:e0:ec:e5:96:c2:b4:b3:3d:02:38:a0:a1:de:
b8:86:e9:a0:95:1d:f3:91:b3:ce:04:e1:04:4a:57:d1:7f:88:
1d:ac:19:2f:3e:1b:27:2a:36:ae:f8:17:20:8e:2d:6a:0f:fe:
99:32:42:71:c0:2c:fc:bf:a7:4b:b6:f6:27:53:f3:4f:75:79:
70:16:3c:03:31:db:82:66:01:66:56:86:bb:e6:43:59:42:59:
81:9f:46:98:37:ad:c2:8b:4b:9c:46:a9:f5:73:80:3b:39:04:
0a:59:0f:2b:6d:b5:a1:c7:91:55:c3:f3:0a:4b:e1:e9:3b:66:
85:2e:a3:fd:f4:60:aa:c8:bc:03:5e:a2:a8:e7:3e:a2:d9:d8:
9e:0e:6b:02:a0:fd:41:e7:29:8b:a7:f5:58:ed:29:45:09:63:
46:a1:27:11:9b:d0:5d:a9:81:55:e0:8d:c1:8f:b8:c6:53:6c:
1d:54:35:a7:00:88:35:ad:e1:19:be:43:66:4c:2e:33:e3:fd:
81:88:53:fa:67:b1:48:88:f0:2d:ae:af:2b:b7:93:aa:af:d8:
e2:ad:76:45:b5:8e:a2:fc:38:71:e4:6d:58:c9:76:31:de:28:
82:35:a4:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgICCTswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU0NkUxMTAvBgNVBAUTKDZDNUE1ODlGOTI0Q0U5QkVEMUZEODlGNUFGRjYzMEM5
Mjc1NzQ0MjAwHhcNMjUwNzI4MDQ0ODI5WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg3MDExYy01YzUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAug/0cw3tgr36RJoqvwaLt/bxTsNWEt70tm6dWOwpuNBOPxby31tFq1Wwxvmt
H3CBDF0R+fcSjs1Wcp1r4dggGNbCmqn9yKxRT0rwN7U5cREHE7Qbky9KuhlA4DXp
jHnNBGg/laacsBYYSUNGEp3dTPss+q5EbtfBiGAjayb1oG9KxCmY7Fq1ytS2Tw1q
8K8DuuhJ/eS66Yhnne0WWcFgDjCk5Ur8nVSLCZ+V0pEp0DXjmQB2/3PVrHRfZEg+
5teu3hcAvHj5HEbk431ZHoFWvoopDqSj2JTM+ttIUrNBB2UY4PL20OtGNnhcCxXM
uJz9+rhf4vMdIeeH4mYbOfzrMQIDAQABo4IDHDCCAxgwHQYDVR0OBBYEFIfqwZLm
0Occ/ADAWH/yQvht+rzBMB8GA1UdIwQYMBaAFGxaWJ+STOm+0f2J9a/2MMknV0Qg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTQ2RS8wQ0Q0MURBOEI3
NkExMUVBODE0RjUwODRDNEY5QUUwMi9iRnBZbjVKTTZiN1JfWW4xcl9Zd3lTZFhS
Q0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JGcFluNUpNNmI3Ul9ZbjFyX1l3eVNkWFJDQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU0NkUvMENENDFEQThCNzZBMTFFQTgxNEY1MDg0QzRGOUFFMDIvMUE4QzY1NTA2
QjZFMTFGMEFFRUNBODU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaUGCCsGAQUFBwEHAQH/
BIGVMIGSMHcEAgABMHEwDAMEAmXqhAMEAGXqiAMEAWXqjDAMAwQEZeqQAwQAZeqg
AwQBZeqqMAwDBAVvfaADBAFvfaQDBANvfagwDAMEB3JvgAMEA3JvkAMEAnJvnDAL
AwMCemQDBAB6ZAQwDAMEAXpkBgMEAnpkCAMEAXpkDjAXBAIAAjARAwYDJAZYAAgD
BwAkBlgA/wAwDQYJKoZIhvcNAQELBQADggEBANiERHq/o5c+8oZwYGozjc3S/HxY
Vvm44OzllsK0sz0COKCh3riG6aCVHfORs84E4QRKV9F/iB2sGS8+GycqNq74FyCO
LWoP/pkyQnHALPy/p0u29idT8091eXAWPAMx24JmAWZWhrvmQ1lCWYGfRpg3rcKL
S5xGqfVzgDs5BApZDytttaHHkVXD8wpL4ek7ZoUuo/30YKrIvANeoqjnPqLZ2J4O
awKg/UHnKYun9VjtKUUJY0ahJxGb0F2pgVXgjcGPuMZTbB1UNacAiDWt4Rm+Q2ZM
LjPj/YGIU/pnsUiI8C2uryu3k6qv2OKtdkW1jqL8OHHkbVjJdjHeKII1pG0=
-----END CERTIFICATE-----
Generated at Fri Aug 8 12:56:27 2025 by rpki-client