Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/AB9889725E5E11EDB5361D3BC4F9AE02.roa
File: AB9889725E5E11EDB5361D3BC4F9AE02.roa (raw, json)
Hash identifier: Co7SE3g9/ARrpsRXeCTg4P0jRRisbdn9kOGmwejTlBg=
Subject key identifier: 6D:88:49:71:3F:E9:6C:9A:40:A4:0D:07:38:3E:A0:65:F7:F0:13:34
Certificate issuer: /CN=A91B6F47/serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Certificate serial: 35C1
Authority key identifier: 53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/AB9889725E5E11EDB5361D3BC4F9AE02.roa
Signing time: Tue 04 Nov 2025 14:30:24 +0000
ROA not before: Tue 04 Nov 2025 14:30:24 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 9416
IP address blocks: 58.114.0.0/15 maxlen: 24
61.70.0.0/15 maxlen: 15
61.70.0.0/16 maxlen: 24
61.71.0.0/16 maxlen: 24
111.184.0.0/15 maxlen: 24
182.233.0.0/16 maxlen: 24
182.234.0.0/15 maxlen: 15
182.234.0.0/16 maxlen: 24
182.235.0.0/16 maxlen: 24
202.2.52.0/22 maxlen: 24
203.133.0.0/17 maxlen: 17
203.133.0.0/18 maxlen: 24
203.133.64.0/18 maxlen: 24
203.187.0.0/17 maxlen: 24
203.203.0.0/16 maxlen: 24
203.204.0.0/16 maxlen: 24
219.68.0.0/14 maxlen: 14
219.68.0.0/16 maxlen: 24
219.69.0.0/17 maxlen: 24
219.69.128.0/17 maxlen: 24
219.70.0.0/15 maxlen: 15
219.70.0.0/16 maxlen: 24
219.71.0.0/16 maxlen: 24
2001:d58::/32 maxlen: 56
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 14:30:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13761 (0x35c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B6F47, serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Validity
Not Before: Nov 4 14:30:24 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=690a0dff-cd27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:9f:01:9b:ef:e8:a7:3a:f3:ee:4d:dc:d3:55:
ef:21:6b:6c:65:ce:85:ca:a4:a9:6f:a7:5c:fb:82:
61:02:db:b1:f1:2f:d6:81:82:90:ee:81:f0:80:9c:
8b:18:9e:2e:fb:af:09:1e:ba:b2:e0:69:c5:8b:19:
07:d4:f9:45:40:a6:b1:af:82:46:25:2f:32:cd:b8:
a5:4f:d2:86:be:2e:66:ec:04:6d:b9:53:c8:47:69:
f6:08:29:b8:49:26:4a:a5:e6:39:2a:f1:4c:df:6b:
80:de:1f:96:00:45:b8:c0:c5:e2:f9:53:7d:fc:07:
16:14:85:34:67:50:64:46:e1:56:7f:42:fc:85:a8:
84:9c:b1:12:ee:3a:56:1a:8b:75:ae:03:ef:3d:e8:
2b:ed:e3:f5:65:bf:39:79:86:88:42:a0:40:ee:ab:
3e:41:e6:62:e4:0a:d6:53:8c:79:19:97:85:3b:0e:
b4:a7:7b:61:19:fd:46:23:02:e4:08:8d:08:d3:59:
79:f7:4e:e4:91:c4:52:c4:97:b4:52:db:4f:ea:5b:
53:cb:7f:55:e1:30:50:ee:4c:71:b6:4a:e0:0c:e6:
06:1c:6e:db:5b:ab:00:a8:de:bf:aa:8a:e4:c5:aa:
d3:8a:55:ff:59:8b:a2:1c:61:ad:a6:20:f6:b0:47:
63:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:88:49:71:3F:E9:6C:9A:40:A4:0D:07:38:3E:A0:65:F7:F0:13:34
X509v3 Authority Key Identifier:
keyid:53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/AB9889725E5E11EDB5361D3BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.114.0.0/15
61.70.0.0/15
111.184.0.0/15
182.233.0.0-182.235.255.255
202.2.52.0/22
203.133.0.0/17
203.187.0.0/17
203.203.0.0-203.204.255.255
219.68.0.0/14
IPv6:
2001:d58::/32
Signature Algorithm: sha256WithRSAEncryption
b3:db:3a:ab:3b:9a:9e:fa:e2:46:07:54:30:ba:75:c9:92:c2:
8e:63:c0:36:f9:1b:7a:98:f9:74:ce:a3:af:45:9d:3b:c4:8c:
4f:2f:c8:70:17:18:41:0b:58:a4:e6:14:72:05:66:ce:4d:66:
48:4a:82:dd:30:9e:17:50:b4:5c:db:be:28:b9:f2:27:7f:ac:
1d:b0:42:8d:39:52:0c:49:f5:63:35:3e:6f:a7:7b:04:ff:44:
5d:14:c9:a5:2a:c4:a8:5d:0f:a0:39:17:dd:24:39:a5:9f:8a:
97:93:a7:ff:93:d0:d5:4e:49:07:64:87:c3:b3:54:5c:97:b4:
14:60:94:92:b1:c5:ab:65:1b:ad:f9:51:d2:0e:72:3d:89:9b:
94:73:d7:39:dc:d1:34:c4:9b:c5:78:15:1d:14:57:21:93:67:
4c:7c:24:36:a2:ba:f6:71:de:c2:a6:07:34:dc:8e:26:9a:7d:
2b:09:d8:bb:26:75:e1:53:19:e1:1c:0d:ae:9a:31:a1:73:a2:
6c:e4:41:94:f1:db:4f:f7:37:28:32:b1:17:65:e8:99:c1:ed:
8b:ed:3b:98:52:02:30:3d:13:2c:79:e9:0f:ec:b2:01:18:5b:
18:c4:e7:22:0f:c6:72:dd:f0:a6:83:c3:c2:d3:b4:47:b6:6b:
47:e5:93:d1
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgICNcEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjZGNDcxMTAvBgNVBAUTKDUzOEIwNzZFMEFBREQ4RkFFMjk3MEM5NTQzRTg0OUE5
MEZFNzM3NTIwHhcNMjUxMTA0MTQzMDI0WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTBhMGRmZi1jZDI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAkp8Bm+/opzrz7k3c01XvIWtsZc6FyqSpb6dc+4JhAtux8S/WgYKQ7oHwgJyL
GJ4u+68JHrqy4GnFixkH1PlFQKaxr4JGJS8yzbilT9KGvi5m7ARtuVPIR2n2CCm4
SSZKpeY5KvFM32uA3h+WAEW4wMXi+VN9/AcWFIU0Z1BkRuFWf0L8haiEnLES7jpW
Got1rgPvPegr7eP1Zb85eYaIQqBA7qs+QeZi5ArWU4x5GZeFOw60p3thGf1GIwLk
CI0I01l5907kkcRSxJe0UttP6ltTy39V4TBQ7kxxtkrgDOYGHG7bW6sAqN6/qork
xarTilX/WYuiHGGtpiD2sEdj/QIDAQABo4IC3DCCAtgwHQYDVR0OBBYEFG2ISXE/
6WyaQKQNBzg+oGX38BM0MB8GA1UdIwQYMBaAFFOLB24Krdj64pcMlUPoSakP5zdS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNkY0Ny9CNEE4NkMzODFE
ODQxMUUyOTY5RkM1REEwOEIwMkNEMi9VNHNIYmdxdDJQcmlsd3lWUS1oSnFRX25O
MUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1U0c0hiZ3F0MlByaWx3eVZRLWhKcVFfbk4xSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjZGNDcvQjRBODZDMzgxRDg0MTFFMjk2OUZDNURBMDhCMDJDRDIvQUI5ODg5NzI1
RTVFMTFFREI1MzYxRDNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZgYIKwYBBQUHAQcBAf8E
VzBVMEQEAgABMD4DAwE6cgMDAT1GAwMBb7gwCgMDALbpAwMCtugDBALKAjQDBAfL
hQADBAfLuwAwCgMDAMvLAwMAy8wDAwLbRDANBAIAAjAHAwUAIAENWDANBgkqhkiG
9w0BAQsFAAOCAQEAs9s6qzuanvriRgdUMLp1yZLCjmPANvkbepj5dM6jr0WdO8SM
Ty/IcBcYQQtYpOYUcgVmzk1mSEqC3TCeF1C0XNu+KLnyJ3+sHbBCjTlSDEn1YzU+
b6d7BP9EXRTJpSrEqF0PoDkX3SQ5pZ+Kl5On/5PQ1U5JB2SHw7NUXJe0FGCUkrHF
q2UbrflR0g5yPYmblHPXOdzRNMSbxXgVHRRXIZNnTHwkNqK69nHewqYHNNyOJpp9
KwnYuyZ14VMZ4RwNrpoxoXOibORBlPHbT/c3KDKxF2XomcHti+07mFICMD0TLHnp
D+yyARhbGMTnIg/Gct3wpoPDwtO0R7ZrR+WT0Q==
-----END CERTIFICATE-----
Generated at Wed Nov 5 04:35:04 2025 by rpki-client