Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
File: 24252532B84711EA8A7F036DC4F9AE02.roa (raw, json)
Hash identifier: i9uCa/jnhktxFdjqViYAybuthNUR7oD6rAf8exjN1kI=
Subject key identifier: 99:64:55:71:3E:6C:9D:82:33:5D:58:12:A2:C0:F8:D7:D6:FA:1B:1E
Certificate issuer: /CN=A91B37E3/serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Certificate serial: 0D34
Authority key identifier: A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:09:48 +0000
ROA not before: Thu 26 Feb 2026 18:15:42 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 24342
IP address blocks: 115.127.0.0/17 maxlen: 22
115.127.0.0/18 maxlen: 23
115.127.0.0/19 maxlen: 24
115.127.32.0/22 maxlen: 24
115.127.36.0/23 maxlen: 24
115.127.39.0/24 maxlen: 24
115.127.40.0/21 maxlen: 24
115.127.48.0/20 maxlen: 24
115.127.64.0/20 maxlen: 24
115.127.80.0/21 maxlen: 24
115.127.88.0/22 maxlen: 24
115.127.92.0/23 maxlen: 24
115.127.94.0/24 maxlen: 24
115.127.95.0/24 maxlen: 24
115.127.96.0/19 maxlen: 24
115.127.128.0/18 maxlen: 24
115.127.192.0/19 maxlen: 24
202.168.224.0/19 maxlen: 24
2406:1400::/32 maxlen: 32
2406:1400::/40 maxlen: 40
2406:1400::/48 maxlen: 48
2406:1400:100::/40 maxlen: 40
2406:1400:200::/40 maxlen: 40
2406:1400:300::/40 maxlen: 40
2406:1400:400::/40 maxlen: 40
2406:1400:c00::/48 maxlen: 48
2406:1400:c07::/48 maxlen: 48
2406:1400:c6b::/48 maxlen: 48
2406:1400:8386::/48 maxlen: 48
2406:1400:8387::/48 maxlen: 48
2406:1400:c100::/48 maxlen: 48
2406:1400:c109::/48 maxlen: 48
2406:1400:c174::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 07:55:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3380 (0xd34)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B37E3, serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Validity
Not Before: Feb 26 18:15:42 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69a472dc-1b77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:24:e1:98:01:83:f4:88:77:51:e0:41:49:3e:
6f:21:1d:84:2f:d0:eb:20:80:cc:23:1d:a5:3d:fb:
c5:71:4d:92:47:a5:68:66:14:1a:ef:b1:d5:ad:6d:
22:21:5d:23:47:af:e7:1f:8e:9b:91:ad:22:f6:b2:
d1:2a:45:ba:67:b3:5b:36:bf:6c:31:1d:f7:75:0d:
23:c3:1d:18:27:ad:44:b5:40:e4:5e:0d:2c:81:42:
57:3a:fa:97:74:e6:37:05:55:30:4c:b8:78:91:44:
e9:4a:7f:a0:41:01:f7:14:61:89:b8:1e:b1:4e:70:
de:ee:24:90:bd:9f:4e:7b:29:a8:73:82:cb:34:c4:
f9:05:63:88:ca:53:75:b7:8d:c3:45:d5:db:3e:64:
ba:63:cc:c9:12:1b:00:b1:cb:cc:74:d7:94:51:83:
42:00:be:8c:53:b9:c9:00:1b:a8:9a:6a:56:aa:08:
88:1d:fb:8f:cd:1f:5e:10:47:dc:b3:e7:9a:90:33:
6b:a8:81:32:eb:15:b9:88:0c:b1:a7:04:84:d9:69:
95:8a:51:75:e3:be:57:d9:df:8e:d2:62:53:03:e5:
59:b9:af:3f:c3:e7:f1:5d:e3:db:e4:96:47:23:6c:
a6:fc:5c:0c:81:2b:aa:b9:3f:97:f4:47:0d:bd:45:
5d:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:64:55:71:3E:6C:9D:82:33:5D:58:12:A2:C0:F8:D7:D6:FA:1B:1E
X509v3 Authority Key Identifier:
keyid:A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
115.127.0.0-115.127.223.255
202.168.224.0/19
IPv6:
2406:1400::/32
Signature Algorithm: sha256WithRSAEncryption
36:ae:79:52:51:ff:1c:b5:f8:e0:64:67:18:2e:a8:cd:db:23:
15:66:e5:97:01:79:70:54:16:2b:22:b6:d0:da:59:a9:a5:44:
e9:4c:b9:d1:9f:28:cb:8a:eb:13:91:b6:56:f1:1f:23:5d:e8:
40:08:5d:c2:55:f0:6f:2b:f4:70:b5:c9:47:0d:00:ff:06:0f:
ed:71:86:7d:98:eb:a3:98:9f:7c:06:00:4e:03:95:d1:9e:d3:
e0:ae:0b:0d:68:10:15:5a:28:9d:ae:2a:76:ba:17:56:e2:b0:
2d:40:9f:93:c7:d6:12:eb:49:e2:db:9e:31:93:26:e0:e0:53:
24:6e:e0:bc:92:f3:7b:5a:ed:fa:74:2d:37:86:38:36:b8:82:
5e:3e:a0:94:54:7c:ef:9d:c7:35:da:00:79:e6:16:1b:0a:81:
bb:49:e2:61:25:df:e5:7e:50:25:0c:6f:aa:28:3e:a4:b4:17:
cf:a0:ca:65:aa:75:3b:6c:42:2b:f0:b5:9f:06:96:76:e8:9f:
cd:62:2f:88:a1:ac:44:a3:fd:3d:15:15:d1:76:28:d0:06:e6:
42:d9:b6:00:20:26:7a:a4:67:ae:b0:8d:aa:21:4e:95:c7:af:
01:29:33:c2:b1:e9:96:54:70:48:22:53:b2:0c:51:35:b4:c8:
b3:37:73:67
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgICDTQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjM3RTMxMTAvBgNVBAUTKEE3NTcwRENGMzcyMEE4RDVBODg1NkE0QkI2NTgzRjFC
QUVBRTAwOTMwHhcNMjYwMjI2MTgxNTQyWhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzJkYy0xYjc3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxSThmAGD9Ih3UeBBST5vIR2EL9DrIIDMIx2lPfvFcU2SR6VoZhQa77HVrW0i
IV0jR6/nH46bka0i9rLRKkW6Z7NbNr9sMR33dQ0jwx0YJ61EtUDkXg0sgUJXOvqX
dOY3BVUwTLh4kUTpSn+gQQH3FGGJuB6xTnDe7iSQvZ9Oeymoc4LLNMT5BWOIylN1
t43DRdXbPmS6Y8zJEhsAscvMdNeUUYNCAL6MU7nJABuommpWqgiIHfuPzR9eEEfc
s+eakDNrqIEy6xW5iAyxpwSE2WmVilF1475X2d+O0mJTA+VZua8/w+fxXePb5JZH
I2ym/FwMgSuquT+X9EcNvUVd0wIDAQABo4ICfDCCAngwHQYDVR0OBBYEFJlkVXE+
bJ2CM11YEqLA+NfW+hseMB8GA1UdIwQYMBaAFKdXDc83IKjVqIVqS7ZYPxuurgCT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMzdFMy8wQUZFQTdDRTAz
QTAxMUVBQjRDNUQyN0NDNEY5QUUwMi9wMWNOenpjZ3FOV29oV3BMdGxnX0c2NnVB
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3AxY056emNncU5Xb2hXcEx0bGdfRzY2dUFKTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjM3RTMvMEFGRUE3Q0UwM0EwMTFFQUI0QzVEMjdDQzRGOUFFMDIvMjQyNTI1MzJC
ODQ3MTFFQThBN0YwMzZEQzRGOUFFMDIucm9hMDsGCCsGAQUFBwEHAQH/BCwwKjAZ
BAIAATATMAsDAwBzfwMEBXN/wAMEBcqo4DANBAIAAjAHAwUAJAYUADANBgkqhkiG
9w0BAQsFAAOCAQEANq55UlH/HLX44GRnGC6ozdsjFWbllwF5cFQWKyK20NpZqaVE
6Uy50Z8oy4rrE5G2VvEfI13oQAhdwlXwbyv0cLXJRw0A/wYP7XGGfZjro5iffAYA
TgOV0Z7T4K4LDWgQFVoona4qdroXVuKwLUCfk8fWEutJ4tueMZMm4OBTJG7gvJLz
e1rt+nQtN4Y4NriCXj6glFR8753HNdoAeeYWGwqBu0niYSXf5X5QJQxvqig+pLQX
z6DKZap1O2xCK/C1nwaWduifzWIviKGsRKP9PRUV0XYo0AbmQtm2ACAmeqRnrrCN
qiFOlcevASkzwrHpllRwSCJTsgxRNbTIszdzZw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:36:43 2026 by rpki-client