Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
File: C61B734AB0AA11E580DBF725C4F9AE02.roa (raw, json)
Hash identifier: IUfyxffvy3cD3U2/JFftlJFRyd1Vin0nYf/0GsHHPYI=
Subject key identifier: 73:D3:D3:B3:68:B0:24:D5:F9:50:DE:E6:E7:75:1C:79:3F:A5:EA:57
Certificate issuer: /CN=A91B933A/serialNumber=6E8EA1E3240C0BB3D13B4D275C6C0326A568EC87
Certificate serial: 25BE
Authority key identifier: 6E:8E:A1:E3:24:0C:0B:B3:D1:3B:4D:27:5C:6C:03:26:A5:68:EC:87
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
Signing time: Sun 01 Mar 2026 16:58:44 +0000
ROA not before: Sun 14 Dec 2025 15:53:06 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 17993
IP address blocks: 110.5.112.0/22 maxlen: 22
110.5.112.0/24 maxlen: 24
110.5.113.0/24 maxlen: 24
110.5.114.0/24 maxlen: 24
110.5.115.0/24 maxlen: 24
202.4.32.0/19 maxlen: 19
202.4.32.0/21 maxlen: 21
202.4.32.0/24 maxlen: 24
202.4.33.0/24 maxlen: 24
202.4.34.0/24 maxlen: 24
202.4.35.0/24 maxlen: 24
202.4.36.0/24 maxlen: 24
202.4.37.0/24 maxlen: 24
202.4.38.0/24 maxlen: 24
202.4.39.0/24 maxlen: 24
202.4.40.0/21 maxlen: 21
202.4.40.0/24 maxlen: 24
202.4.41.0/24 maxlen: 24
202.4.42.0/24 maxlen: 24
202.4.43.0/24 maxlen: 24
202.4.44.0/24 maxlen: 24
202.4.45.0/24 maxlen: 24
202.4.46.0/24 maxlen: 24
202.4.47.0/24 maxlen: 24
202.4.48.0/20 maxlen: 20
202.4.48.0/24 maxlen: 24
202.4.49.0/24 maxlen: 24
202.4.50.0/24 maxlen: 24
202.4.51.0/24 maxlen: 24
202.4.52.0/24 maxlen: 24
202.4.53.0/24 maxlen: 24
202.4.54.0/24 maxlen: 24
202.4.55.0/24 maxlen: 24
202.4.56.0/24 maxlen: 24
202.4.57.0/24 maxlen: 24
202.4.58.0/24 maxlen: 24
202.4.59.0/24 maxlen: 24
202.4.60.0/24 maxlen: 24
202.4.61.0/24 maxlen: 24
202.4.62.0/24 maxlen: 24
202.4.63.0/24 maxlen: 24
203.99.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.crl
rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:03:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9662 (0x25be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B933A, serialNumber=6E8EA1E3240C0BB3D13B4D275C6C0326A568EC87
Validity
Not Before: Dec 14 15:53:06 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69a47044-afca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:02:17:65:bd:c8:c0:26:60:6b:94:a9:fb:78:
7d:9c:8b:e7:74:ed:f0:a9:bd:87:b5:76:51:8d:7f:
2e:ca:e2:d4:a2:91:f5:e1:e6:fc:11:a2:e1:ec:7e:
2f:b7:04:7f:10:98:f0:16:b0:5d:b5:c3:68:0f:2e:
9a:c1:b3:57:5f:f1:3a:fd:3c:3d:f5:5f:ea:ac:d8:
d4:ca:db:0c:28:99:66:76:39:33:9c:0f:6b:4c:2f:
39:d9:b6:3b:7f:75:ee:e7:d4:9b:65:b9:22:ff:53:
1b:de:fc:53:8a:8a:7e:83:f3:e6:16:40:6f:cb:40:
59:53:cf:fe:7b:4b:2b:e2:97:bd:80:5f:0b:10:85:
e8:85:0d:f8:31:5e:54:c4:d9:ae:cc:6b:6d:00:9c:
41:f2:58:98:30:ce:9f:fe:ab:e8:bd:fc:68:a6:5c:
43:8a:88:71:ac:6b:0a:32:7c:64:3b:ed:a1:5c:6a:
8d:b8:72:c8:16:71:76:7f:fd:94:ea:92:3b:d0:d6:
dd:a0:65:d1:a1:77:c8:71:bf:25:79:0f:88:cf:d4:
e9:5c:bd:46:c3:71:0d:cc:d6:2a:43:d9:3c:00:55:
08:23:ee:f5:89:20:4a:c1:e4:dc:8c:92:01:23:d2:
b2:1c:f1:18:d2:16:7e:b9:6f:87:d9:3e:d3:0c:2b:
a9:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D3:D3:B3:68:B0:24:D5:F9:50:DE:E6:E7:75:1C:79:3F:A5:EA:57
X509v3 Authority Key Identifier:
keyid:6E:8E:A1:E3:24:0C:0B:B3:D1:3B:4D:27:5C:6C:03:26:A5:68:EC:87
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
110.5.112.0/22
202.4.32.0/19
203.99.255.0/24
Signature Algorithm: sha256WithRSAEncryption
1f:ea:34:3e:88:a3:e0:32:14:8d:d1:8f:6e:c5:c1:1e:df:9e:
c1:73:78:3a:a5:e0:31:88:78:40:35:77:c6:35:71:bd:0f:07:
51:7a:ff:14:ec:1b:b4:6b:51:3b:ea:f4:98:9f:5e:57:cc:26:
60:71:cc:2e:48:8d:4e:c0:b0:ed:bc:f7:45:a4:f0:e1:96:a2:
da:cf:3f:0a:7a:4e:a6:c3:8a:c9:58:04:e6:a2:db:11:e6:e3:
b3:be:b4:50:d2:12:13:79:0b:3d:7e:cf:56:6e:16:a3:50:97:
ac:a8:a7:fc:46:6e:2d:34:76:fe:3c:17:39:8e:e4:b3:b7:1c:
01:61:16:f1:8c:ec:8e:ba:88:8f:14:08:ea:4e:0d:cd:13:3f:
08:8a:cb:8b:b0:63:7e:37:a0:f4:b9:00:c6:c3:ed:57:5d:97:
4b:1c:ed:a8:41:c2:34:cc:19:ed:e3:02:2a:e7:6b:0a:02:41:
d9:fc:7b:96:11:d9:31:9c:3f:11:8d:6f:3c:cf:05:fe:f0:3a:
cb:7f:21:da:f3:15:25:cf:01:24:ec:75:86:17:68:69:cb:9b:
fd:ee:c0:2f:e9:cc:ca:d1:df:c0:d8:d5:fd:10:f2:08:e5:14:
2d:3c:df:f1:5f:18:1b:39:24:64:85:61:d6:7b:f5:43:95:0c:
46:e9:23:12
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgICJb4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjkzM0ExMTAvBgNVBAUTKDZFOEVBMUUzMjQwQzBCQjNEMTNCNEQyNzVDNkMwMzI2
QTU2OEVDODcwHhcNMjUxMjE0MTU1MzA2WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzA0NC1hZmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0QIXZb3IwCZga5Sp+3h9nIvndO3wqb2HtXZRjX8uyuLUopH14eb8EaLh7H4v
twR/EJjwFrBdtcNoDy6awbNXX/E6/Tw99V/qrNjUytsMKJlmdjkznA9rTC852bY7
f3Xu59SbZbki/1Mb3vxTiop+g/PmFkBvy0BZU8/+e0sr4pe9gF8LEIXohQ34MV5U
xNmuzGttAJxB8liYMM6f/qvovfxoplxDiohxrGsKMnxkO+2hXGqNuHLIFnF2f/2U
6pI70NbdoGXRoXfIcb8leQ+Iz9TpXL1Gw3ENzNYqQ9k8AFUII+71iSBKweTcjJIB
I9KyHPEY0hZ+uW+H2T7TDCup3wIDAQABo4ICbDCCAmgwHQYDVR0OBBYEFHPT07No
sCTV+VDe5ud1HHk/pepXMB8GA1UdIwQYMBaAFG6OoeMkDAuz0TtNJ1xsAyalaOyH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOTMzQS81M0ZFMUVGQTJC
NjQxMUU1OEEyRjA3NTRDNEY5QUUwMi9ibzZoNHlRTUM3UFJPMDBuWEd3REpxVm83
SWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JvNmg0eVFNQzdQUk8wMG5YR3dESnFWbzdJYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjkzM0EvNTNGRTFFRkEyQjY0MTFFNThBMkYwNzU0QzRGOUFFMDIvQzYxQjczNEFC
MEFBMTFFNTgwREJGNzI1QzRGOUFFMDIucm9hMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQCbgVwAwQFygQgAwQAy2P/MA0GCSqGSIb3DQEBCwUAA4IBAQAf6jQ+
iKPgMhSN0Y9uxcEe357Bc3g6peAxiHhANXfGNXG9DwdRev8U7Bu0a1E76vSYn15X
zCZgccwuSI1OwLDtvPdFpPDhlqLazz8Kek6mw4rJWATmotsR5uOzvrRQ0hITeQs9
fs9WbhajUJesqKf8Rm4tNHb+PBc5juSztxwBYRbxjOyOuoiPFAjqTg3NEz8IisuL
sGN+N6D0uQDGw+1XXZdLHO2oQcI0zBnt4wIq52sKAkHZ/HuWEdkxnD8RjW88zwX+
8DrLfyHa8xUlzwEk7HWGF2hpy5v97sAv6czK0d/A2NX9EPII5RQtPN/xXxgbOSRk
hWHWe/VDlQxG6SMS
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:18:10 2026 by rpki-client