Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
File: 801B5CA0D49711EFBF7D3414C4F9AE02.roa (raw, json)
Hash identifier: Xzla+9ppUwpzAJZ58gGvDCqRc3koCm2xr8tcv9e/5Co=
Subject key identifier: 94:07:3C:46:1C:13:DF:30:F7:E8:FC:11:93:BF:EE:AE:A2:05:29:20
Certificate issuer: /CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Certificate serial: 1292
Authority key identifier: F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
Signing time: Fri 24 Oct 2025 10:12:13 +0000
ROA not before: Fri 24 Oct 2025 10:12:13 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 7600
IP address blocks: 14.102.136.0/21 maxlen: 24
43.247.116.0/22 maxlen: 24
103.237.160.0/22 maxlen: 22
103.237.160.0/22 maxlen: 24
103.237.160.0/24 maxlen: 24
115.42.0.0/20 maxlen: 24
115.42.16.0/20 maxlen: 24
122.129.221.0/24 maxlen: 24
122.129.222.0/24 maxlen: 24
122.129.223.0/24 maxlen: 24
123.136.32.0/19 maxlen: 19
203.18.23.0/24 maxlen: 24
203.25.185.0/24 maxlen: 24
203.57.0.0/23 maxlen: 23
210.56.80.0/20 maxlen: 20
210.56.80.0/21 maxlen: 24
210.56.88.0/21 maxlen: 21
210.56.88.0/24 maxlen: 24
210.56.90.0/24 maxlen: 24
210.56.90.192/26 maxlen: 26
210.56.91.0/24 maxlen: 24
210.56.95.0/24 maxlen: 24
2404:9600::/32 maxlen: 32
2404:9600:300::/40 maxlen: 40
2404:9601::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 17:11:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4754 (0x1292)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B268A, serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Validity
Not Before: Oct 24 10:12:13 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68fb50fd-7e6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:77:8b:f5:84:03:d5:0b:d1:ec:a2:f7:2f:ea:
e5:47:32:e4:b8:61:42:fe:00:bb:5b:8d:ea:73:d3:
a4:c1:c6:e7:1d:05:dd:02:7f:a0:b3:f4:43:c9:5f:
3f:36:2f:fc:61:db:5e:c1:c9:f2:4c:2b:4a:a9:41:
c6:d2:95:54:62:c7:64:89:b1:9e:26:43:f2:e0:bf:
df:c6:3e:6d:fc:14:b5:f3:2b:57:76:fd:c0:13:09:
a4:9e:94:1b:34:41:62:09:1b:1f:cf:67:37:7b:47:
c0:c7:d0:31:9c:7e:8a:aa:32:f0:c0:25:02:ac:82:
14:88:fd:30:0b:53:65:56:4d:19:59:e2:df:98:7b:
f8:17:bd:ca:16:96:f9:91:a3:90:98:16:8b:a9:e3:
cf:73:62:48:47:d6:5d:e3:b7:2f:d5:15:cd:71:9e:
2e:46:91:76:c1:85:fb:36:73:f7:c5:7c:a9:d9:32:
02:ea:20:93:fd:a3:c0:21:e8:11:01:a9:e8:3d:40:
9d:ae:87:2a:0c:17:18:6b:8c:9e:9b:07:54:f8:53:
a8:ef:c9:d5:0a:7d:85:7d:14:68:5c:6d:e1:35:08:
c5:4e:e6:7d:46:5d:76:bf:e5:0d:f2:eb:6f:22:25:
e5:b6:db:08:e2:85:63:d8:7f:39:62:94:c9:f5:2e:
10:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:07:3C:46:1C:13:DF:30:F7:E8:FC:11:93:BF:EE:AE:A2:05:29:20
X509v3 Authority Key Identifier:
keyid:F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.136.0/21
43.247.116.0/22
103.237.160.0/22
115.42.0.0/19
122.129.221.0-122.129.223.255
123.136.32.0/19
203.18.23.0/24
203.25.185.0/24
203.57.0.0/23
210.56.80.0/20
IPv6:
2404:9600::/31
Signature Algorithm: sha256WithRSAEncryption
c1:ce:3e:2f:f2:84:93:63:3d:41:30:c1:1f:73:9e:e8:d9:3d:
40:71:58:68:64:3a:3b:9e:5b:0e:67:65:e8:52:1e:54:17:d6:
90:e3:3e:26:06:81:91:5f:fd:00:a6:5b:de:f7:2c:38:ec:3c:
70:92:8b:e5:0d:a7:ba:96:64:5b:b4:e6:b5:d8:8a:18:3f:dc:
52:2e:41:ee:77:cd:37:cc:f3:b3:a7:aa:dd:f5:80:34:14:06:
47:cc:68:6f:8c:dc:27:c8:a1:8a:af:eb:51:d6:8b:f3:0e:d3:
c4:78:14:45:22:f8:24:1d:93:4b:bd:06:67:d8:e5:ec:5d:f4:
95:5b:75:ad:ce:62:15:9a:88:80:8e:dc:c6:33:8d:b6:dc:2c:
f3:64:58:55:33:ac:a1:60:9f:4e:7a:2a:6f:7c:f7:19:6b:c2:
95:b4:c2:5a:29:35:cf:ee:6d:c3:b0:85:07:7c:68:59:80:67:
46:ed:3f:63:cb:63:ac:c7:49:00:f6:68:f5:36:42:f1:10:b6:
c5:ac:49:97:e8:13:2e:cc:10:bc:00:15:f4:31:e6:73:4a:23:
36:22:c3:c2:7d:33:fd:8e:d2:12:2d:b8:9e:9c:83:df:c0:7d:
4d:93:34:0a:23:3c:60:ae:12:93:81:ac:d1:c3:b0:4e:c3:24:
5e:27:1a:64
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICEpIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI2OEExMTAvBgNVBAUTKEY4RUVDRTdEM0MwQ0Y1OTIyRUEzRDgwMzU1MzYzODgy
M0ZBRUVBMDgwHhcNMjUxMDI0MTAxMjEzWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGZiNTBmZC03ZTZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxHeL9YQD1QvR7KL3L+rlRzLkuGFC/gC7W43qc9OkwcbnHQXdAn+gs/RDyV8/
Ni/8YdtewcnyTCtKqUHG0pVUYsdkibGeJkPy4L/fxj5t/BS18ytXdv3AEwmknpQb
NEFiCRsfz2c3e0fAx9AxnH6KqjLwwCUCrIIUiP0wC1NlVk0ZWeLfmHv4F73KFpb5
kaOQmBaLqePPc2JIR9Zd47cv1RXNcZ4uRpF2wYX7NnP3xXyp2TIC6iCT/aPAIegR
AanoPUCdrocqDBcYa4yemwdU+FOo78nVCn2FfRRoXG3hNQjFTuZ9Rl12v+UN8utv
IiXlttsI4oVj2H85YpTJ9S4QcwIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFJQHPEYc
E98w9+j8EZO/7q6iBSkgMB8GA1UdIwQYMBaAFPjuzn08DPWSLqPYA1U2OII/ruoI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjY4QS84NEZCNEM5Q0RE
QTExMUU4QTJFNzhBNjlDNEY5QUUwMi8tTzdPZlR3TTlaSXVvOWdEVlRZNGdqLXU2
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1PN09mVHdNOVpJdW85Z0RWVFk0Z2otdTZnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI2OEEvODRGQjRDOUNEREExMTFFOEEyRTc4QTY5QzRGOUFFMDIvODAxQjVDQTBE
NDk3MTFFRkJGN0QzNDE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDBAMOZogDBAIr93QDBAJn7aADBAVzKgAwDAMEAHqB3QMEBXqB
wAMEBXuIIAMEAMsSFwMEAMsZuQMEAcs5AAMEBNI4UDANBAIAAjAHAwUBJASWADAN
BgkqhkiG9w0BAQsFAAOCAQEAwc4+L/KEk2M9QTDBH3Oe6Nk9QHFYaGQ6O55bDmdl
6FIeVBfWkOM+JgaBkV/9AKZb3vcsOOw8cJKL5Q2nupZkW7TmtdiKGD/cUi5B7nfN
N8zzs6eq3fWANBQGR8xob4zcJ8ihiq/rUdaL8w7TxHgURSL4JB2TS70GZ9jl7F30
lVt1rc5iFZqIgI7cxjONttws82RYVTOsoWCfTnoqb3z3GWvClbTCWik1z+5tw7CF
B3xoWYBnRu0/Y8tjrMdJAPZo9TZC8RC2xaxJl+gTLswQvAAV9DHmc0ojNiLDwn0z
/Y7SEi24npyD38B9TZM0CiM8YK4Sk4Gs0cOwTsMkXicaZA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:28:33 2025 by rpki-client