Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/3A371ADC6EBE11F085F17D3AC4F9AE02.roa
File: 3A371ADC6EBE11F085F17D3AC4F9AE02.roa (raw, json)
Hash identifier: lBpcvgH1EVPmL9AGa9SmGGk5uCpEQgFCvirH/9iS5nU=
Subject key identifier: 71:CA:9B:90:FC:88:08:DC:37:D9:50:82:C5:13:42:00:1D:AE:1C:FC
Certificate issuer: /CN=A91E6134/serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Certificate serial: 1143
Authority key identifier: 9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/3A371ADC6EBE11F085F17D3AC4F9AE02.roa
Signing time: Tue 05 Aug 2025 06:25:10 +0000
ROA not before: Tue 05 Aug 2025 06:25:10 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 138241
IP address blocks: 139.190.0.0/22 maxlen: 24
139.190.4.0/22 maxlen: 24
139.190.8.0/24 maxlen: 24
139.190.9.0/24 maxlen: 24
139.190.10.0/24 maxlen: 24
139.190.11.0/24 maxlen: 24
139.190.12.0/24 maxlen: 24
139.190.13.0/24 maxlen: 24
139.190.14.0/24 maxlen: 24
139.190.15.0/24 maxlen: 24
139.190.16.0/24 maxlen: 24
139.190.17.0/24 maxlen: 24
139.190.18.0/24 maxlen: 24
139.190.19.0/24 maxlen: 24
139.190.20.0/24 maxlen: 24
139.190.21.0/24 maxlen: 24
139.190.22.0/24 maxlen: 24
139.190.23.0/24 maxlen: 24
139.190.24.0/22 maxlen: 22
139.190.24.0/24 maxlen: 24
139.190.28.0/24 maxlen: 24
139.190.29.0/24 maxlen: 24
139.190.30.0/24 maxlen: 24
139.190.31.0/24 maxlen: 24
139.190.32.0/24 maxlen: 24
139.190.33.0/24 maxlen: 24
139.190.34.0/24 maxlen: 24
139.190.35.0/24 maxlen: 24
139.190.36.0/22 maxlen: 24
139.190.40.0/22 maxlen: 22
139.190.44.0/22 maxlen: 22
139.190.48.0/24 maxlen: 24
139.190.49.0/24 maxlen: 24
139.190.50.0/24 maxlen: 24
139.190.51.0/24 maxlen: 24
139.190.52.0/24 maxlen: 24
139.190.53.0/24 maxlen: 24
139.190.54.0/24 maxlen: 24
139.190.55.0/24 maxlen: 24
139.190.56.0/22 maxlen: 22
139.190.60.0/22 maxlen: 22
139.190.64.0/22 maxlen: 24
139.190.68.0/24 maxlen: 24
139.190.69.0/24 maxlen: 24
139.190.70.0/24 maxlen: 24
139.190.71.0/24 maxlen: 24
139.190.72.0/21 maxlen: 21
139.190.80.0/21 maxlen: 24
139.190.88.0/21 maxlen: 21
139.190.96.0/20 maxlen: 24
139.190.112.0/21 maxlen: 21
139.190.120.0/22 maxlen: 24
139.190.124.0/22 maxlen: 24
139.190.235.0/24 maxlen: 24
139.190.238.0/24 maxlen: 24
139.190.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.crl
rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 14 Aug 2025 05:57:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4419 (0x1143)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E6134, serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Validity
Not Before: Aug 5 06:25:10 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=6891a3c6-e412
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:19:a1:cc:69:e2:8c:87:c2:38:a8:4c:db:a0:
1d:6f:ad:12:d4:6f:02:4b:8d:4a:1b:08:63:7e:0c:
1c:6e:f0:8c:0e:26:b9:ee:1d:a1:81:c2:fb:87:d1:
cf:51:94:44:ac:16:4e:cf:7d:13:2a:c8:f2:ca:e4:
e3:d2:25:45:9e:4f:dc:71:1d:43:b8:a0:80:1f:07:
a4:6d:e7:2b:99:25:cb:90:09:14:f0:e2:6d:9f:65:
c2:d2:bb:7c:32:a3:24:13:e0:f7:b8:ed:b8:95:6d:
7e:29:65:8c:fd:4c:82:3d:fb:42:9f:d7:a3:05:fc:
da:7b:0a:6f:ea:6b:0e:ec:27:75:c1:fd:a6:c6:97:
73:9a:1a:55:c6:27:9e:ca:bb:49:91:77:03:8d:63:
33:60:2a:8c:79:d5:9c:4c:bb:69:2e:e6:b2:73:cc:
a8:f8:64:58:ae:bf:7f:57:75:9b:9c:90:33:13:fe:
07:57:1a:89:20:94:09:e1:a7:b7:18:f5:6e:99:2d:
5f:0a:38:ba:39:e5:80:3f:07:9b:c2:99:c4:66:a1:
67:ff:44:f2:ac:7d:6d:da:cc:2c:45:73:4f:06:8d:
a7:d2:e6:1b:11:16:6d:ef:3d:66:0b:ff:ee:ae:87:
e5:82:08:40:a5:74:53:99:90:88:99:cd:76:a8:a6:
7e:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:CA:9B:90:FC:88:08:DC:37:D9:50:82:C5:13:42:00:1D:AE:1C:FC
X509v3 Authority Key Identifier:
keyid:9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/3A371ADC6EBE11F085F17D3AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
139.190.0.0/17
139.190.235.0/24
139.190.238.0/23
Signature Algorithm: sha256WithRSAEncryption
38:f9:24:ae:70:3d:1a:26:26:5c:de:da:63:ae:a0:7b:e3:1a:
65:b9:8b:2d:62:7f:96:85:de:b5:9c:01:d2:a4:18:5f:f2:85:
e4:2d:3f:9d:54:bd:8f:96:4c:ca:ce:e6:8c:b9:9e:b5:9c:67:
5b:40:9a:27:31:cd:f8:1b:b9:93:d9:10:45:33:7a:81:5f:74:
f4:1a:cb:66:04:46:36:e3:1b:71:4b:b3:47:4e:80:27:bb:15:
11:43:9a:14:a5:fe:f8:50:44:90:f7:b7:00:d7:c8:b9:93:ca:
1d:9d:b7:b3:bf:bc:45:a6:ef:24:87:28:0e:98:01:64:22:f3:
c5:af:19:cc:c0:a0:89:ad:f1:34:96:7e:69:2d:59:c4:aa:eb:
9d:d2:a1:f2:11:da:e8:52:23:d8:2c:e5:e0:24:0a:62:07:44:
15:53:dd:ff:42:84:90:b7:a9:5e:2d:e5:0f:c9:f6:b5:23:46:
b2:a1:e1:16:14:60:ee:e5:04:af:c7:f2:40:23:26:2a:66:ce:
a4:ba:c7:f8:49:4f:2e:24:ae:77:b2:04:ce:b3:01:93:f2:2d:
cc:34:36:87:98:68:c6:1a:17:31:8d:09:d5:65:a8:fd:93:f7:
41:fe:93:21:12:e7:ee:a7:ee:da:1e:fa:98:93:96:2a:0a:b3:
86:d9:a9:58
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICEUMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDlBNzNGMUE5MTlGQkY0NkM4NzJFMzg4MDVCMTY1MEI1
Rjg4Mjc2RDMwHhcNMjUwODA1MDYyNTEwWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkxYTNjNi1lNDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlhmhzGnijIfCOKhM26Adb60S1G8CS41KGwhjfgwcbvCMDia57h2hgcL7h9HP
UZRErBZOz30TKsjyyuTj0iVFnk/ccR1DuKCAHwekbecrmSXLkAkU8OJtn2XC0rt8
MqMkE+D3uO24lW1+KWWM/UyCPftCn9ejBfzaewpv6msO7Cd1wf2mxpdzmhpVxiee
yrtJkXcDjWMzYCqMedWcTLtpLuayc8yo+GRYrr9/V3WbnJAzE/4HVxqJIJQJ4ae3
GPVumS1fCji6OeWAPwebwpnEZqFn/0TyrH1t2swsRXNPBo2n0uYbERZt7z1mC//u
roflgghApXRTmZCImc12qKZ+9wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFHHKm5D8
iAjcN9lQgsUTQgAdrhz8MB8GA1UdIwQYMBaAFJpz8akZ+/Rshy44gFsWULX4gnbT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81N0IzRTBCQ0My
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9tblB4cVJuNzlHeUhMamlBV3haUXRmaUNk
dE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL21uUHhxUm43OUd5SExqaUFXeFpRdGZpQ2R0TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNTdCM0UwQkNDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvM0EzNzFBREM2
RUJFMTFGMDg1RjE3RDNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAeLvgADBACLvusDBAGLvu4wDQYJKoZIhvcNAQELBQADggEB
ADj5JK5wPRomJlze2mOuoHvjGmW5iy1if5aF3rWcAdKkGF/yheQtP51UvY+WTMrO
5oy5nrWcZ1tAmicxzfgbuZPZEEUzeoFfdPQay2YERjbjG3FLs0dOgCe7FRFDmhSl
/vhQRJD3twDXyLmTyh2dt7O/vEWm7ySHKA6YAWQi88WvGczAoImt8TSWfmktWcSq
653SofIR2uhSI9gs5eAkCmIHRBVT3f9ChJC3qV4t5Q/J9rUjRrKh4RYUYO7lBK/H
8kAjJipmzqS6x/hJTy4krneyBM6zAZPyLcw0NoeYaMYaFzGNCdVlqP2T90H+kyES
5+6n7toe+piTlioKs4bZqVg=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:39:35 2025 by rpki-client