Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
File: 24252532B84711EA8A7F036DC4F9AE02.roa (raw, json)
Hash identifier: 5MqZOZoSVhwobP4LcJgxINFesjcjTvuIMp43rKBprmw=
Subject key identifier: 00:AA:3B:E7:32:69:2D:2B:57:70:7D:9A:E2:4A:1B:41:6E:9F:DB:99
Certificate issuer: /CN=A91B37E3/serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Certificate serial: 0CB5
Authority key identifier: A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
Signing time: Mon 21 Jul 2025 10:10:20 +0000
ROA not before: Mon 21 Jul 2025 10:10:20 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 24342
IP address blocks: 115.127.0.0/17 maxlen: 22
115.127.0.0/18 maxlen: 23
115.127.0.0/19 maxlen: 24
115.127.32.0/22 maxlen: 24
115.127.36.0/23 maxlen: 24
115.127.39.0/24 maxlen: 24
115.127.40.0/21 maxlen: 24
115.127.48.0/20 maxlen: 24
115.127.64.0/20 maxlen: 24
115.127.80.0/21 maxlen: 24
115.127.88.0/22 maxlen: 24
115.127.92.0/23 maxlen: 24
115.127.94.0/24 maxlen: 24
115.127.95.0/24 maxlen: 24
115.127.96.0/19 maxlen: 24
115.127.128.0/18 maxlen: 24
115.127.192.0/19 maxlen: 24
202.168.224.0/19 maxlen: 24
2406:1400::/32 maxlen: 32
2406:1400::/40 maxlen: 40
2406:1400::/48 maxlen: 48
2406:1400:100::/40 maxlen: 40
2406:1400:200::/40 maxlen: 40
2406:1400:300::/40 maxlen: 40
2406:1400:400::/40 maxlen: 40
2406:1400:c00::/48 maxlen: 48
2406:1400:c07::/48 maxlen: 48
2406:1400:c6b::/48 maxlen: 48
2406:1400:8386::/48 maxlen: 48
2406:1400:8387::/48 maxlen: 48
2406:1400:c100::/48 maxlen: 48
2406:1400:c109::/48 maxlen: 48
2406:1400:c174::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 19 Aug 2025 18:30:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3253 (0xcb5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B37E3, serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Validity
Not Before: Jul 21 10:10:20 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=687e120c-5b90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:6a:85:80:9d:e5:27:df:31:aa:c3:61:42:ac:
8a:d4:13:c8:df:b9:d3:7a:19:76:c9:c3:64:c3:61:
4e:2b:4c:21:cc:56:8f:f2:69:63:b3:4d:18:fa:e2:
9c:95:29:46:28:00:f1:04:f3:a0:1a:4d:88:bb:f1:
80:97:d9:e7:ee:3c:65:d9:39:31:19:bd:01:4c:f6:
8d:e2:52:bd:95:e7:73:af:79:b3:8d:e8:e3:98:01:
ec:1d:fb:9a:49:ea:ed:d3:77:e0:e0:b7:12:2c:11:
5b:8d:fc:11:e4:46:d3:6d:47:90:97:7c:84:fa:88:
13:ee:e2:ec:27:c6:d0:49:a5:9f:8c:cf:63:ed:4a:
fd:70:29:74:ea:13:39:59:bf:8f:47:29:62:a7:ec:
94:bb:59:d9:35:fb:02:14:ad:df:3e:05:8f:d7:54:
7d:4c:4c:a5:51:37:d8:01:e4:64:a6:f4:ac:44:f0:
5b:17:f1:01:df:ec:25:6b:e8:62:73:1f:2b:39:b7:
5d:eb:3c:92:be:47:1b:d6:ca:65:28:9d:a7:6f:ca:
00:ea:74:55:1f:3f:af:d9:93:94:ea:41:42:a8:64:
89:02:a1:30:40:d7:76:34:2f:c4:b7:92:34:5b:af:
1c:98:c1:12:8f:37:c6:b7:a7:88:3a:82:fa:9e:ac:
fc:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:AA:3B:E7:32:69:2D:2B:57:70:7D:9A:E2:4A:1B:41:6E:9F:DB:99
X509v3 Authority Key Identifier:
keyid:A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
115.127.0.0-115.127.223.255
202.168.224.0/19
IPv6:
2406:1400::/32
Signature Algorithm: sha256WithRSAEncryption
35:e8:7f:9f:7b:de:a6:37:f7:38:b7:e2:77:61:bf:3e:10:4b:
d2:e8:ed:60:f2:69:38:f1:7e:ba:84:a4:87:e5:24:55:30:8a:
d3:80:b9:21:e2:d2:a0:e5:f2:bf:a9:5a:bf:84:2e:b6:3b:8c:
0a:42:05:90:af:68:d5:68:49:5b:65:98:44:a0:bd:17:f9:ba:
df:10:98:e5:60:53:db:fd:9b:63:c3:f5:fa:cb:7c:59:46:43:
29:b8:aa:09:de:ed:bd:9c:15:ff:16:1a:48:21:a2:64:5f:c5:
61:a4:f9:d9:97:f1:cc:e2:61:65:de:14:5c:18:3c:fe:20:b4:
89:bb:3c:41:1d:17:01:48:fb:80:d4:06:1b:62:5b:c3:9c:4e:
4b:bc:ea:94:97:29:4e:90:20:bc:48:f2:19:c8:1f:70:8f:52:
1b:cc:50:4c:c0:ca:59:49:df:eb:cd:e3:82:7b:ec:8d:fb:87:
ca:c8:6f:6f:f0:26:93:d7:43:7a:51:ca:b3:d1:d8:2c:ff:0e:
6c:3c:42:2f:a8:3f:15:c8:a0:ce:cf:07:ad:db:76:ea:7d:e5:
41:b8:30:58:03:76:a4:b9:d5:0b:bb:23:f1:0e:24:99:7b:f0:
62:f1:3a:0c:51:92:c5:ca:0c:e7:55:d8:c0:ef:85:c5:f2:74:
a0:a9:d7:a2
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICDLUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjM3RTMxMTAvBgNVBAUTKEE3NTcwRENGMzcyMEE4RDVBODg1NkE0QkI2NTgzRjFC
QUVBRTAwOTMwHhcNMjUwNzIxMTAxMDIwWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODdlMTIwYy01YjkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyWqFgJ3lJ98xqsNhQqyK1BPI37nTehl2ycNkw2FOK0whzFaP8mljs00Y+uKc
lSlGKADxBPOgGk2Iu/GAl9nn7jxl2TkxGb0BTPaN4lK9ledzr3mzjejjmAHsHfua
Sert03fg4LcSLBFbjfwR5EbTbUeQl3yE+ogT7uLsJ8bQSaWfjM9j7Ur9cCl06hM5
Wb+PRylip+yUu1nZNfsCFK3fPgWP11R9TEylUTfYAeRkpvSsRPBbF/EB3+wla+hi
cx8rObdd6zySvkcb1splKJ2nb8oA6nRVHz+v2ZOU6kFCqGSJAqEwQNd2NC/Et5I0
W68cmMESjzfGt6eIOoL6nqz8sQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFACqO+cy
aS0rV3B9muJKG0Fun9uZMB8GA1UdIwQYMBaAFKdXDc83IKjVqIVqS7ZYPxuurgCT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMzdFMy8wQUZFQTdDRTAz
QTAxMUVBQjRDNUQyN0NDNEY5QUUwMi9wMWNOenpjZ3FOV29oV3BMdGxnX0c2NnVB
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3AxY056emNncU5Xb2hXcEx0bGdfRzY2dUFKTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjM3RTMvMEFGRUE3Q0UwM0EwMTFFQUI0QzVEMjdDQzRGOUFFMDIvMjQyNTI1MzJC
ODQ3MTFFQThBN0YwMzZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBkEAgABMBMwCwMDAHN/AwQFc3/AAwQFyqjgMA0EAgACMAcDBQAkBhQAMA0G
CSqGSIb3DQEBCwUAA4IBAQA16H+fe96mN/c4t+J3Yb8+EEvS6O1g8mk48X66hKSH
5SRVMIrTgLkh4tKg5fK/qVq/hC62O4wKQgWQr2jVaElbZZhEoL0X+brfEJjlYFPb
/Ztjw/X6y3xZRkMpuKoJ3u29nBX/FhpIIaJkX8VhpPnZl/HM4mFl3hRcGDz+ILSJ
uzxBHRcBSPuA1AYbYlvDnE5LvOqUlylOkCC8SPIZyB9wj1IbzFBMwMpZSd/rzeOC
e+yN+4fKyG9v8CaT10N6Ucqz0dgs/w5sPEIvqD8VyKDOzwet23bqfeVBuDBYA3ak
udULuyPxDiSZe/Bi8ToMUZLFygznVdjA74XF8nSgqdei
-----END CERTIFICATE-----
Generated at Wed Aug 13 17:52:12 2025 by rpki-client