Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/5EDB6B50EE9311EF8EB9700BC4F9AE02.roa
File: 5EDB6B50EE9311EF8EB9700BC4F9AE02.roa (raw, json)
Hash identifier: FTTjUL10ToIc4MEgN67GxhQU6klz+xrvQNr4Q+Gwl4w=
Subject key identifier: B3:FA:6F:C8:25:BE:4E:0B:62:C6:65:7B:4F:0B:09:CE:57:4B:82:1D
Certificate issuer: /CN=A91F3FAF/serialNumber=1E85A860D62E26079233CB7A01DB0BACBB0369A6
Certificate serial: 0208
Authority key identifier: 1E:85:A8:60:D6:2E:26:07:92:33:CB:7A:01:DB:0B:AC:BB:03:69:A6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HoWoYNYuJgeSM8t6AdsLrLsDaaY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/5EDB6B50EE9311EF8EB9700BC4F9AE02.roa
Signing time: Wed 05 Nov 2025 03:47:53 +0000
ROA not before: Wed 05 Nov 2025 03:47:53 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 4609
IP address blocks: 27.109.128.0/17 maxlen: 24
45.64.20.0/22 maxlen: 24
60.246.0.0/16 maxlen: 24
103.233.188.0/22 maxlen: 24
113.52.64.0/18 maxlen: 24
122.100.128.0/17 maxlen: 24
125.31.0.0/18 maxlen: 24
180.94.128.0/18 maxlen: 24
182.93.0.0/18 maxlen: 24
202.86.128.0/18 maxlen: 24
202.174.0.0/22 maxlen: 24
202.175.0.0/17 maxlen: 18
202.175.0.0/19 maxlen: 24
202.175.32.0/19 maxlen: 24
202.175.64.0/19 maxlen: 24
202.175.96.0/19 maxlen: 24
202.175.160.0/19 maxlen: 24
2001:f90::/32 maxlen: 39
2001:f90::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/HoWoYNYuJgeSM8t6AdsLrLsDaaY.crl
rsync://rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/HoWoYNYuJgeSM8t6AdsLrLsDaaY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HoWoYNYuJgeSM8t6AdsLrLsDaaY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 12 Nov 2025 03:47:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 520 (0x208)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F3FAF, serialNumber=1E85A860D62E26079233CB7A01DB0BACBB0369A6
Validity
Not Before: Nov 5 03:47:53 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=690ac8e9-7c11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:c1:8b:48:3c:cf:b1:d2:82:bf:69:ff:13:99:
5c:42:40:e9:99:1d:c4:b0:95:bd:9b:e6:2a:eb:d3:
1a:70:31:e0:18:96:16:a0:5f:b4:78:31:d0:a0:34:
f2:d4:40:95:d0:bb:5c:c1:55:57:f0:d1:d8:55:e0:
09:0f:fd:c3:a3:16:61:ba:cc:9f:f2:68:3a:6b:b4:
2b:2c:13:10:46:b6:0a:99:73:3f:8f:c3:77:d4:cd:
8a:1a:12:01:96:38:72:7f:57:dd:6c:0e:e9:df:98:
d4:ad:44:3b:b1:04:75:b6:3a:81:bb:6b:40:d8:fb:
01:60:4c:ab:22:99:29:10:d6:a2:ca:51:86:00:42:
54:5d:97:37:87:31:e7:e7:09:4d:a3:53:cd:d2:1e:
58:04:6e:16:0a:07:79:f4:3e:e2:00:3a:9c:08:40:
ed:ab:2d:cd:2f:3f:8c:28:fc:50:45:63:07:b9:bc:
11:8d:54:2b:4d:90:36:64:26:a3:08:b7:9e:20:64:
8a:24:2b:6d:2a:9a:4a:d3:ad:53:6f:13:76:8e:4d:
f1:fe:2f:2b:91:80:62:09:dd:86:75:b3:da:bd:63:
7e:a5:72:f3:79:53:d4:4a:5e:3e:f5:f5:65:ce:f2:
94:6f:d7:d7:59:54:50:d3:a3:9b:d5:a0:32:7f:c5:
f5:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:FA:6F:C8:25:BE:4E:0B:62:C6:65:7B:4F:0B:09:CE:57:4B:82:1D
X509v3 Authority Key Identifier:
keyid:1E:85:A8:60:D6:2E:26:07:92:33:CB:7A:01:DB:0B:AC:BB:03:69:A6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/HoWoYNYuJgeSM8t6AdsLrLsDaaY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HoWoYNYuJgeSM8t6AdsLrLsDaaY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F3FAF/A90D1B96415C11EE9D355D2CC4F9AE02/5EDB6B50EE9311EF8EB9700BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.109.128.0/17
45.64.20.0/22
60.246.0.0/16
103.233.188.0/22
113.52.64.0/18
122.100.128.0/17
125.31.0.0/18
180.94.128.0/18
182.93.0.0/18
202.86.128.0/18
202.174.0.0/22
202.175.0.0/17
202.175.160.0/19
IPv6:
2001:f90::/32
Signature Algorithm: sha256WithRSAEncryption
7e:e9:3e:41:d1:46:6b:bd:13:cd:0b:8d:2c:d5:49:51:60:fe:
71:e6:36:4d:47:76:3b:ff:a5:e9:e5:2e:87:9f:e5:5f:6a:36:
62:fd:d5:3a:4c:b5:21:6d:8b:08:0c:df:5d:c6:f2:42:47:9f:
6c:59:a0:b8:3b:1b:56:af:77:b9:dc:2b:76:bc:78:74:79:43:
5a:bc:23:b6:70:f5:bd:dc:28:a8:da:fb:59:18:f3:4b:b3:86:
74:c0:88:5e:96:49:ac:82:a8:e8:fe:80:2e:8d:c3:e4:5f:95:
59:4f:8e:21:9a:db:b5:ee:d8:fa:a4:ed:e0:17:0a:b6:b3:70:
f2:09:02:b2:67:50:8f:d4:8d:81:cc:32:08:63:21:59:24:21:
e5:b1:f3:83:d9:dd:4b:16:57:42:1d:73:70:bd:fb:b0:3f:77:
ac:1d:e5:17:57:8a:be:de:b7:75:21:b7:5c:0c:c9:8d:7e:e7:
84:93:9d:1f:3e:df:1a:c0:03:3b:d1:7d:ca:2e:7b:ad:9e:fe:
23:84:61:32:14:0c:06:b6:69:e5:21:dc:a0:13:e8:1e:a9:f4:
27:4b:d7:b8:30:d4:0b:90:8c:0d:e3:25:d5:ae:aa:98:93:2e:
a2:5f:53:a3:5f:bc:4b:33:3d:8c:90:98:3d:6d:13:52:bd:7d:
75:20:f2:b6
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgICAggwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjNGQUYxMTAvBgNVBAUTKDFFODVBODYwRDYyRTI2MDc5MjMzQ0I3QTAxREIwQkFD
QkIwMzY5QTYwHhcNMjUxMTA1MDM0NzUzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTBhYzhlOS03YzExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4sGLSDzPsdKCv2n/E5lcQkDpmR3EsJW9m+Yq69MacDHgGJYWoF+0eDHQoDTy
1ECV0LtcwVVX8NHYVeAJD/3DoxZhusyf8mg6a7QrLBMQRrYKmXM/j8N31M2KGhIB
ljhyf1fdbA7p35jUrUQ7sQR1tjqBu2tA2PsBYEyrIpkpENaiylGGAEJUXZc3hzHn
5wlNo1PN0h5YBG4WCgd59D7iADqcCEDtqy3NLz+MKPxQRWMHubwRjVQrTZA2ZCaj
CLeeIGSKJCttKppK061TbxN2jk3x/i8rkYBiCd2GdbPavWN+pXLzeVPUSl4+9fVl
zvKUb9fXWVRQ06Ob1aAyf8X1CwIDAQABo4IC6zCCAucwHQYDVR0OBBYEFLP6b8gl
vk4LYsZle08LCc5XS4IdMB8GA1UdIwQYMBaAFB6FqGDWLiYHkjPLegHbC6y7A2mm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGM0ZBRi9BOTBEMUI5NjQx
NUMxMUVFOUQzNTVEMkNDNEY5QUUwMi9Ib1dvWU5ZdUpnZVNNOHQ2QWRzTHJMc0Rh
YVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hvV29ZTll1SmdlU004dDZBZHNMckxzRGFhWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjNGQUYvQTkwRDFCOTY0MTVDMTFFRTlEMzU1RDJDQzRGOUFFMDIvNUVEQjZCNTBF
RTkzMTFFRjhFQjk3MDBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdQYIKwYBBQUHAQcBAf8E
ZjBkMFMEAgABME0DBAcbbYADBAItQBQDAwA89gMEAmfpvAMEBnE0QAMEB3pkgAME
Bn0fAAMEBrRegAMEBrZdAAMEBspWgAMEAsquAAMEB8qvAAMEBcqvoDANBAIAAjAH
AwUAIAEPkDANBgkqhkiG9w0BAQsFAAOCAQEAfuk+QdFGa70TzQuNLNVJUWD+ceY2
TUd2O/+l6eUuh5/lX2o2Yv3VOky1IW2LCAzfXcbyQkefbFmguDsbVq93udwrdrx4
dHlDWrwjtnD1vdwoqNr7WRjzS7OGdMCIXpZJrIKo6P6ALo3D5F+VWU+OIZrbte7Y
+qTt4BcKtrNw8gkCsmdQj9SNgcwyCGMhWSQh5bHzg9ndSxZXQh1zcL37sD93rB3l
F1eKvt63dSG3XAzJjX7nhJOdHz7fGsADO9F9yi57rZ7+I4RhMhQMBrZp5SHcoBPo
Hqn0J0vXuDDUC5CMDeMl1a6qmJMuol9To1+8SzM9jJCYPW0TUr19dSDytg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 12:22:22 2025 by rpki-client