Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
File: 257E3B94E37B11EA84A20810C4F9AE02.roa (raw, json)
Hash identifier: pRbTKeqEtoUzJI70BiEpqSNXbm2Xvp823oGSK1ijj0U=
Subject key identifier: 73:BF:A2:0C:CE:6A:59:70:ED:1C:33:2D:62:BE:51:9A:E0:2E:94:1B
Certificate issuer: /CN=A91B3CB5/serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Certificate serial: 0CBD
Authority key identifier: 13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
Signing time: Wed 22 Oct 2025 19:07:17 +0000
ROA not before: Wed 22 Oct 2025 19:07:17 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 38280
IP address blocks: 59.191.192.0/20 maxlen: 20
59.191.192.0/24 maxlen: 24
59.191.193.0/24 maxlen: 24
59.191.194.0/24 maxlen: 24
59.191.195.0/24 maxlen: 24
59.191.196.0/24 maxlen: 24
59.191.197.0/24 maxlen: 24
59.191.198.0/24 maxlen: 24
59.191.199.0/24 maxlen: 24
59.191.200.0/24 maxlen: 24
59.191.201.0/24 maxlen: 24
59.191.202.0/24 maxlen: 24
59.191.203.0/24 maxlen: 24
59.191.204.0/24 maxlen: 24
59.191.205.0/24 maxlen: 24
59.191.206.0/24 maxlen: 24
59.191.207.0/24 maxlen: 24
118.139.128.0/19 maxlen: 19
118.139.128.0/24 maxlen: 24
118.139.129.0/24 maxlen: 24
118.139.130.0/24 maxlen: 24
118.139.131.0/24 maxlen: 24
118.139.132.0/24 maxlen: 24
118.139.133.0/24 maxlen: 24
118.139.134.0/24 maxlen: 24
118.139.135.0/24 maxlen: 24
118.139.136.0/24 maxlen: 24
118.139.137.0/24 maxlen: 24
118.139.138.0/24 maxlen: 24
118.139.139.0/24 maxlen: 24
118.139.140.0/24 maxlen: 24
118.139.141.0/24 maxlen: 24
118.139.142.0/24 maxlen: 24
118.139.143.0/24 maxlen: 24
118.139.144.0/24 maxlen: 24
118.139.145.0/24 maxlen: 24
118.139.146.0/24 maxlen: 24
118.139.147.0/24 maxlen: 24
118.139.148.0/24 maxlen: 24
118.139.149.0/24 maxlen: 24
118.139.150.0/24 maxlen: 24
118.139.151.0/24 maxlen: 24
118.139.152.0/24 maxlen: 24
118.139.153.0/24 maxlen: 24
118.139.154.0/24 maxlen: 24
118.139.155.0/24 maxlen: 24
118.139.156.0/24 maxlen: 24
118.139.157.0/24 maxlen: 24
118.139.158.0/24 maxlen: 24
118.139.159.0/24 maxlen: 24
2404:2400:200::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 18:24:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3261 (0xcbd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B3CB5, serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Validity
Not Before: Oct 22 19:07:17 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=68f92b65-f7ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:63:f4:a2:cb:f2:97:c3:e0:a9:db:e9:0c:8c:
e1:83:66:3a:e5:22:8a:7e:fe:b1:19:47:4a:2b:bf:
e2:75:b0:d7:80:24:07:48:44:9a:70:76:fc:d2:50:
a1:f5:db:9d:a3:4e:fa:94:89:87:39:4b:b9:af:fb:
22:ca:2c:69:ed:11:78:26:4f:eb:a2:f9:4b:6a:35:
35:1a:b8:bb:1e:7c:a3:6a:34:02:f8:59:8a:8d:98:
ea:41:b6:26:12:75:8b:32:89:db:8f:56:48:eb:ff:
b5:a0:05:30:dc:3d:7f:66:24:8b:60:dd:ac:85:05:
a8:65:d5:6a:fa:5b:b7:a7:49:98:d8:6b:fe:ce:8c:
46:40:d1:88:77:29:75:89:f1:2a:5d:d5:6a:6e:27:
05:fe:29:b6:73:d8:92:0d:da:06:a6:33:77:65:b1:
5e:17:62:ec:fe:e5:e7:8b:23:a0:a5:ca:5c:3f:ff:
a8:d5:1e:69:06:40:e3:36:82:19:bb:21:15:a8:7a:
57:fd:c0:bf:5d:37:8d:65:68:7e:8d:23:08:75:e0:
73:da:e7:d0:7f:0a:14:eb:c7:30:b0:23:8d:23:4d:
a6:36:83:42:fb:10:bb:d2:71:ac:0e:f6:72:16:8b:
51:c9:c4:9e:83:ef:ef:4a:6e:ba:be:46:4f:99:fe:
5d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:BF:A2:0C:CE:6A:59:70:ED:1C:33:2D:62:BE:51:9A:E0:2E:94:1B
X509v3 Authority Key Identifier:
keyid:13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.191.192.0/20
118.139.128.0/19
IPv6:
2404:2400:200::/48
Signature Algorithm: sha256WithRSAEncryption
3c:38:e9:a0:a0:ed:31:3e:05:25:f3:f6:a7:c2:85:12:cd:8c:
96:51:93:68:7c:03:9f:f8:d3:d6:a7:15:59:c2:55:fd:f9:d0:
bb:fd:5a:ad:d9:c8:82:f3:0d:d7:e5:67:7f:fd:de:5b:4a:d8:
b1:28:86:82:90:85:6d:9e:cc:5c:f5:63:87:f1:16:dc:5a:2e:
41:68:fb:d6:0a:3f:b7:0d:bf:f8:2c:34:18:dc:38:dc:a7:96:
d3:6d:86:f8:54:ae:c7:a3:d7:ea:a9:98:47:e0:99:11:63:c3:
2c:13:8a:33:99:80:7d:a2:64:26:f0:de:8f:b6:6d:38:f6:c8:
a8:84:4a:0c:45:c2:af:c3:6e:68:67:e6:12:ac:1e:49:b7:06:
93:a0:0d:93:7b:b5:bb:02:11:c5:40:40:7e:cc:b1:67:e1:8c:
4d:c9:90:c6:c0:3f:8f:46:a0:3e:1b:97:82:24:f9:a8:a0:f7:
e5:6f:97:63:4e:bd:39:8f:ad:13:d9:8c:bd:a0:a8:5d:a4:74:
70:96:6f:f9:f1:7a:bc:79:39:b4:6c:01:7b:fe:d5:b4:84:76:
72:c5:0f:ee:d9:0a:a5:0f:74:57:50:97:2e:ad:5d:d4:b8:42:
93:5f:ab:46:83:91:62:85:2e:24:18:03:a7:56:6b:b1:19:21:
45:80:39:b0
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICDL0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjNDQjUxMTAvBgNVBAUTKDEzNTVENTE4N0QyRTYzRDdFNkQ0OTA3OEQ4RTcxRkEw
NTFDNDU2RTMwHhcNMjUxMDIyMTkwNzE3WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGY5MmI2NS1mN2FkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4GP0osvyl8PgqdvpDIzhg2Y65SKKfv6xGUdKK7/idbDXgCQHSESacHb80lCh
9dudo076lImHOUu5r/siyixp7RF4Jk/rovlLajU1Gri7HnyjajQC+FmKjZjqQbYm
EnWLMonbj1ZI6/+1oAUw3D1/ZiSLYN2shQWoZdVq+lu3p0mY2Gv+zoxGQNGIdyl1
ifEqXdVqbicF/im2c9iSDdoGpjN3ZbFeF2Ls/uXniyOgpcpcP/+o1R5pBkDjNoIZ
uyEVqHpX/cC/XTeNZWh+jSMIdeBz2ufQfwoU68cwsCONI02mNoNC+xC70nGsDvZy
FotRycSeg+/vSm66vkZPmf5d5wIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFHO/ogzO
allw7RwzLWK+UZrgLpQbMB8GA1UdIwQYMBaAFBNV1Rh9LmPX5tSQeNjnH6BRxFbj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCM0NCNS82MzI2NTBGODA1
MDUxMUVBQUE5MzRDNDNDNEY5QUUwMi9FMVhWR0gwdVk5Zm0xSkI0Mk9jZm9GSEVW
dU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0UxWFZHSDB1WTlmbTFKQjQyT2Nmb0ZIRVZ1TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjNDQjUvNjMyNjUwRjgwNTA1MTFFQUFBOTM0QzQzQzRGOUFFMDIvMjU3RTNCOTRF
MzdCMTFFQTg0QTIwODEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBAQ7v8ADBAV2i4AwDwQCAAIwCQMHACQEJAACADANBgkqhkiG
9w0BAQsFAAOCAQEAPDjpoKDtMT4FJfP2p8KFEs2MllGTaHwDn/jT1qcVWcJV/fnQ
u/1ardnIgvMN1+Vnf/3eW0rYsSiGgpCFbZ7MXPVjh/EW3FouQWj71go/tw2/+Cw0
GNw43KeW022G+FSux6PX6qmYR+CZEWPDLBOKM5mAfaJkJvDej7ZtOPbIqIRKDEXC
r8NuaGfmEqweSbcGk6ANk3u1uwIRxUBAfsyxZ+GMTcmQxsA/j0agPhuXgiT5qKD3
5W+XY069OY+tE9mMvaCoXaR0cJZv+fF6vHk5tGwBe/7VtIR2csUP7tkKpQ90V1CX
Lq1d1LhCk1+rRoORYoUuJBgDp1ZrsRkhRYA5sA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 13:36:32 2025 by rpki-client