Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
File: 99CF729E221011ED980A6F47C4F9AE02.roa (raw, json)
Hash identifier: atHB41zC9ox7WEbx/oU2a0/b1MGieqCzosX2UKLPzlk=
Subject key identifier: FD:6E:B5:2E:AB:84:8B:95:7B:C9:A0:84:13:D6:22:1D:3A:B1:2A:E1
Certificate issuer: /CN=A91B6F47/serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Certificate serial: 35BD
Authority key identifier: 53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
Signing time: Tue 04 Nov 2025 14:30:20 +0000
ROA not before: Tue 04 Nov 2025 14:30:20 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 18042
IP address blocks: 58.114.0.0/15 maxlen: 16
58.114.0.0/17 maxlen: 17
58.114.0.0/18 maxlen: 18
58.114.64.0/18 maxlen: 18
58.114.128.0/18 maxlen: 18
58.114.192.0/18 maxlen: 18
58.115.0.0/18 maxlen: 21
58.115.64.0/18 maxlen: 18
58.115.128.0/18 maxlen: 18
58.115.192.0/18 maxlen: 18
61.70.0.0/15 maxlen: 15
61.70.0.0/16 maxlen: 24
61.71.0.0/16 maxlen: 24
111.184.0.0/15 maxlen: 24
182.233.0.0/16 maxlen: 24
182.234.0.0/15 maxlen: 24
202.2.52.0/22 maxlen: 24
203.133.0.0/17 maxlen: 24
203.187.80.0/20 maxlen: 24
203.203.0.0/16 maxlen: 24
203.204.0.0/16 maxlen: 24
219.68.0.0/16 maxlen: 24
219.69.0.0/17 maxlen: 24
219.69.128.0/17 maxlen: 24
219.70.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 14:30:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13757 (0x35bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B6F47, serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Validity
Not Before: Nov 4 14:30:20 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=690a0dfc-c475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:67:75:28:b9:5b:12:7f:22:05:2f:b9:dc:8e:
56:c9:5f:06:f5:30:45:1f:9b:c1:c7:32:d3:6b:55:
4d:2f:62:45:49:60:bd:44:c7:a5:a7:c6:15:7b:25:
d0:66:4f:f7:89:fb:d1:be:86:0f:04:10:42:47:a1:
f0:90:c7:29:4a:74:d6:85:28:99:22:ce:87:1e:63:
5d:1b:e9:dd:cd:72:19:c9:85:86:d4:dc:83:3c:c2:
9a:80:be:74:0b:4f:9b:c6:0a:3a:49:35:14:b0:43:
cb:b9:8c:16:00:a5:a9:02:bf:56:b3:af:0c:5c:f3:
a0:73:2a:19:08:1a:19:1b:a9:48:33:e4:a9:8c:cd:
d9:7c:3e:97:39:31:7e:f2:5c:3c:9b:57:ae:97:d1:
0e:c7:ed:68:a2:5a:f4:76:1f:d1:15:41:52:9c:ef:
92:19:6d:97:75:ee:6d:41:c8:c2:81:72:22:0d:d0:
84:02:32:6a:7b:3d:df:7b:c0:4c:ce:30:63:86:b0:
1b:1e:11:80:06:c6:36:bb:45:19:b6:8b:f4:d4:da:
36:09:6d:12:69:14:41:aa:51:df:3f:a5:02:af:9e:
e5:86:ff:20:d7:b2:f8:dd:07:4a:54:52:75:c0:53:
36:01:52:f2:3b:92:7f:ba:47:e6:f1:da:03:2c:53:
37:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:6E:B5:2E:AB:84:8B:95:7B:C9:A0:84:13:D6:22:1D:3A:B1:2A:E1
X509v3 Authority Key Identifier:
keyid:53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.114.0.0/15
61.70.0.0/15
111.184.0.0/15
182.233.0.0-182.235.255.255
202.2.52.0/22
203.133.0.0/17
203.187.80.0/20
203.203.0.0-203.204.255.255
219.68.0.0/14
Signature Algorithm: sha256WithRSAEncryption
5b:da:f9:9a:c2:0a:6c:0d:c8:1c:e4:fa:69:b4:bf:50:b8:92:
07:99:9e:77:cc:6a:1d:b3:10:66:0b:03:85:9c:01:06:74:f9:
36:d5:74:f0:4f:f4:a0:fe:7e:e4:6f:6b:69:77:ea:54:25:95:
9e:ba:36:59:f8:cf:51:8f:d0:c2:d8:b6:1d:d4:9c:43:bd:e4:
d0:df:f1:e2:5c:06:4f:d2:97:89:62:2f:9f:b9:49:49:7b:d5:
c0:27:78:d0:bc:12:b8:42:36:01:e9:99:e9:30:7c:c6:18:af:
08:84:76:1f:3e:d7:aa:bf:91:75:dc:01:c2:11:a0:45:22:45:
dd:2d:51:06:7b:a1:fc:f4:5c:c7:0e:0b:a6:6d:05:59:16:e7:
97:7b:c4:36:51:68:90:43:0f:f2:c7:91:db:50:a9:94:dc:f5:
9e:8e:3d:d2:e2:95:9a:59:ff:64:28:36:82:09:aa:04:4b:ef:
ee:10:36:fc:8d:ea:ad:39:f5:56:33:e0:6b:08:a2:23:f8:bd:
77:f5:4e:e9:2d:b4:11:08:12:59:d5:7c:7b:9f:e5:b8:67:17:
4f:4d:6f:50:29:c0:0d:76:04:a3:e2:23:4d:7e:df:29:50:52:
5c:49:3f:a5:e1:15:42:e5:ad:2d:67:cc:aa:a2:36:ae:6c:aa:
42:5f:1e:64
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICNb0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjZGNDcxMTAvBgNVBAUTKDUzOEIwNzZFMEFBREQ4RkFFMjk3MEM5NTQzRTg0OUE5
MEZFNzM3NTIwHhcNMjUxMTA0MTQzMDIwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTBhMGRmYy1jNDc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArWd1KLlbEn8iBS+53I5WyV8G9TBFH5vBxzLTa1VNL2JFSWC9RMelp8YVeyXQ
Zk/3ifvRvoYPBBBCR6HwkMcpSnTWhSiZIs6HHmNdG+ndzXIZyYWG1NyDPMKagL50
C0+bxgo6STUUsEPLuYwWAKWpAr9Ws68MXPOgcyoZCBoZG6lIM+SpjM3ZfD6XOTF+
8lw8m1eul9EOx+1oolr0dh/RFUFSnO+SGW2Xde5tQcjCgXIiDdCEAjJqez3fe8BM
zjBjhrAbHhGABsY2u0UZtov01No2CW0SaRRBqlHfP6UCr57lhv8g17L43QdKVFJ1
wFM2AVLyO5J/ukfm8doDLFM3WwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFP1utS6r
hIuVe8mghBPWIh06sSrhMB8GA1UdIwQYMBaAFFOLB24Krdj64pcMlUPoSakP5zdS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNkY0Ny9CNEE4NkMzODFE
ODQxMUUyOTY5RkM1REEwOEIwMkNEMi9VNHNIYmdxdDJQcmlsd3lWUS1oSnFRX25O
MUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1U0c0hiZ3F0MlByaWx3eVZRLWhKcVFfbk4xSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjZGNDcvQjRBODZDMzgxRDg0MTFFMjk2OUZDNURBMDhCMDJDRDIvOTlDRjcyOUUy
MjEwMTFFRDk4MEE2RjQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DAwE6cgMDAT1GAwMBb7gwCgMDALbpAwMCtugDBALKAjQDBAfL
hQADBATLu1AwCgMDAMvLAwMAy8wDAwLbRDANBgkqhkiG9w0BAQsFAAOCAQEAW9r5
msIKbA3IHOT6abS/ULiSB5med8xqHbMQZgsDhZwBBnT5NtV08E/0oP5+5G9raXfq
VCWVnro2WfjPUY/Qwti2HdScQ73k0N/x4lwGT9KXiWIvn7lJSXvVwCd40LwSuEI2
AemZ6TB8xhivCIR2Hz7Xqr+RddwBwhGgRSJF3S1RBnuh/PRcxw4Lpm0FWRbnl3vE
NlFokEMP8seR21CplNz1no490uKVmln/ZCg2ggmqBEvv7hA2/I3qrTn1VjPgawii
I/i9d/VO6S20EQgSWdV8e5/luGcXT01vUCnADXYEo+IjTX7fKVBSXEk/peEVQuWt
LWfMqqI2rmyqQl8eZA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 13:47:50 2025 by rpki-client