Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
File: 67A60C64441E11EB861F005AC4F9AE02.roa (raw, json)
Hash identifier: bLMWy/WEur79MEO/O2/GZ0IXxMO+pW6RHNFaprA5JhQ=
Subject key identifier: 30:46:FD:B3:2F:DD:0E:AD:E1:43:8B:E9:1A:C1:FA:F2:17:DD:B1:97
Certificate issuer: /CN=A91B5AD4/serialNumber=3352886A8394F3ACF5E635E3C4756F4D0A6E45E9
Certificate serial: 0A20
Authority key identifier: 33:52:88:6A:83:94:F3:AC:F5:E6:35:E3:C4:75:6F:4D:0A:6E:45:E9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
Signing time: Sun 01 Mar 2026 14:45:51 +0000
ROA not before: Fri 02 Jan 2026 19:16:08 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 138654
IP address blocks: 120.88.96.0/24 maxlen: 24
120.88.97.0/24 maxlen: 24
120.88.98.0/24 maxlen: 24
120.88.99.0/24 maxlen: 24
120.88.100.0/24 maxlen: 24
120.88.101.0/24 maxlen: 24
120.88.102.0/24 maxlen: 24
120.88.103.0/24 maxlen: 24
120.88.104.0/24 maxlen: 24
120.88.105.0/24 maxlen: 24
120.88.106.0/24 maxlen: 24
120.88.107.0/24 maxlen: 24
120.88.108.0/24 maxlen: 24
120.88.109.0/24 maxlen: 24
120.88.110.0/24 maxlen: 24
120.88.111.0/24 maxlen: 24
2406:f0c0::/32 maxlen: 32
2406:f0c0::/32 maxlen: 40
2406:f0c0:96::/48 maxlen: 48
2406:f0c0:97::/48 maxlen: 48
2406:f0c0:98::/48 maxlen: 48
2406:f0c0:99::/48 maxlen: 48
2406:f0c0:100::/48 maxlen: 48
2406:f0c0:101::/48 maxlen: 48
2406:f0c0:102::/48 maxlen: 48
2406:f0c0:103::/48 maxlen: 48
2406:f0c0:104::/48 maxlen: 48
2406:f0c0:105::/48 maxlen: 48
2406:f0c0:106::/48 maxlen: 48
2406:f0c0:107::/48 maxlen: 48
2406:f0c0:108::/48 maxlen: 48
2406:f0c0:109::/48 maxlen: 48
2406:f0c0:110::/48 maxlen: 48
2406:f0c0:111::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.crl
rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 01:10:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2592 (0xa20)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B5AD4, serialNumber=3352886A8394F3ACF5E635E3C4756F4D0A6E45E9
Validity
Not Before: Jan 2 19:16:08 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69a4511f-a9b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:bf:2c:a8:08:95:6e:b9:30:b0:37:9a:65:b7:
8f:38:90:ce:dd:85:0c:b8:d2:b0:0a:72:6d:ae:bf:
ca:a3:be:ab:a3:28:f0:29:1a:96:11:de:c6:29:2e:
68:c5:8b:e0:ee:76:b0:4d:1e:d2:ef:a0:e3:dc:96:
d3:2a:3c:79:23:ac:77:b5:7a:5c:c9:cd:1d:3d:ff:
96:72:c9:76:b7:5b:44:56:2f:0a:01:d3:0f:76:04:
bb:1a:79:b7:9d:65:62:2f:5b:c7:d0:07:4f:3b:6a:
82:c4:ce:21:65:b9:6e:be:ec:89:d9:d1:d3:05:f3:
74:0c:0c:b3:8c:08:31:8b:d0:7e:73:b4:dc:d7:25:
14:3d:ad:49:83:96:2e:90:4a:e5:89:1e:42:0f:c7:
c4:a4:a2:56:a5:da:e3:b4:e7:41:a8:70:25:63:4f:
72:df:87:96:f0:c5:fb:e2:7b:77:9b:83:81:a7:d9:
fc:28:18:61:8d:bf:14:11:e5:93:9b:62:48:bc:5f:
0c:f5:95:0c:6d:08:72:05:9b:26:5b:75:cf:a0:21:
16:c8:73:3a:a9:c3:a4:b0:79:52:8e:ce:b9:29:f5:
ec:18:6d:11:1e:d2:1e:79:09:e9:76:91:09:cd:ec:
89:28:7f:7c:ac:a9:7a:59:50:a6:33:f6:94:15:66:
72:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:46:FD:B3:2F:DD:0E:AD:E1:43:8B:E9:1A:C1:FA:F2:17:DD:B1:97
X509v3 Authority Key Identifier:
keyid:33:52:88:6A:83:94:F3:AC:F5:E6:35:E3:C4:75:6F:4D:0A:6E:45:E9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
120.88.96.0/20
IPv6:
2406:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
08:eb:23:c6:c4:b0:ce:04:23:12:df:ac:0a:79:70:88:76:e9:
4e:1b:62:f7:de:71:cf:e1:df:c7:fc:c7:a1:f3:b2:2f:d3:2b:
54:d0:73:25:c4:e6:48:d8:d3:a0:f8:5d:b1:a6:c1:45:39:ee:
21:8a:f1:15:05:f6:7f:01:09:15:29:d1:6f:1b:21:9a:1d:9d:
6c:71:0d:7a:20:f6:87:b5:9e:66:c9:b7:6c:dc:9f:b4:6e:74:
bc:48:da:02:c3:0d:21:12:8f:b7:f6:a0:89:a6:52:63:75:24:
82:97:a6:a4:a4:03:5b:4b:1c:2d:3b:27:78:bd:c7:19:fe:3b:
08:bd:3a:2e:2c:bb:fe:74:d0:af:8c:06:bb:77:f8:17:57:ca:
48:f2:04:ae:d3:e7:79:9d:2c:35:49:8b:8e:74:5b:b0:1a:cb:
0a:eb:8f:cb:11:5a:57:0e:14:1a:8e:38:a4:26:e4:63:19:65:
d1:2d:fb:a0:28:34:cd:d9:47:1d:66:ee:5c:50:45:f4:4d:d4:
29:fb:98:d9:37:c3:ff:0d:3b:ea:48:19:d3:d8:12:5d:93:cd:
28:5f:26:53:3f:2f:90:0d:21:02:7b:6a:67:23:d2:88:95:c0:
d7:b0:a9:cb:dd:7d:03:67:fe:a6:0f:5f:9f:7c:84:07:12:1b:
fe:c8:d0:6d
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICCiAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjVBRDQxMTAvBgNVBAUTKDMzNTI4ODZBODM5NEYzQUNGNUU2MzVFM0M0NzU2RjRE
MEE2RTQ1RTkwHhcNMjYwMTAyMTkxNjA4WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NTExZi1hOWI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0r8sqAiVbrkwsDeaZbePOJDO3YUMuNKwCnJtrr/Ko76royjwKRqWEd7GKS5o
xYvg7nawTR7S76Dj3JbTKjx5I6x3tXpcyc0dPf+Wcsl2t1tEVi8KAdMPdgS7Gnm3
nWViL1vH0AdPO2qCxM4hZbluvuyJ2dHTBfN0DAyzjAgxi9B+c7Tc1yUUPa1Jg5Yu
kErliR5CD8fEpKJWpdrjtOdBqHAlY09y34eW8MX74nt3m4OBp9n8KBhhjb8UEeWT
m2JIvF8M9ZUMbQhyBZsmW3XPoCEWyHM6qcOksHlSjs65KfXsGG0RHtIeeQnpdpEJ
zeyJKH98rKl6WVCmM/aUFWZypQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFDBG/bMv
3Q6t4UOL6RrB+vIX3bGXMB8GA1UdIwQYMBaAFDNSiGqDlPOs9eY148R1b00KbkXp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNUFENC8xMTIyNkI3RThG
OEExMUVBOTgyOEM2NURDNEY5QUUwMi9NMUtJYW9PVTg2ejE1alhqeEhWdlRRcHVS
ZWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL00xS0lhb09VODZ6MTVqWGp4SFZ2VFFwdVJlay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjVBRDQvMTEyMjZCN0U4RjhBMTFFQTk4MjhDNjVEQzRGOUFFMDIvNjdBNjBDNjQ0
NDFFMTFFQjg2MUYwMDVBQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQEeFhgMA0EAgACMAcDBQAkBvDAMA0GCSqGSIb3DQEBCwUAA4IBAQAI
6yPGxLDOBCMS36wKeXCIdulOG2L33nHP4d/H/Meh87Iv0ytU0HMlxOZI2NOg+F2x
psFFOe4hivEVBfZ/AQkVKdFvGyGaHZ1scQ16IPaHtZ5mybds3J+0bnS8SNoCww0h
Eo+39qCJplJjdSSCl6akpANbSxwtOyd4vccZ/jsIvTouLLv+dNCvjAa7d/gXV8pI
8gSu0+d5nSw1SYuOdFuwGssK64/LEVpXDhQajjikJuRjGWXRLfugKDTN2UcdZu5c
UEX0TdQp+5jZN8P/DTvqSBnT2BJdk80oXyZTPy+QDSECe2pnI9KIlcDXsKnL3X0D
Z/6mD1+ffIQHEhv+yNBt
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:04:56 2026 by rpki-client