Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
File: 7E0AB01C782C11EBB0B71971C4F9AE02.roa (raw, json)
Hash identifier: StZZUcpTqb1W1S9eXsQ5qcrkA/Ri8svuc1kgwSxho5k=
Subject key identifier: 59:24:43:B1:D0:F0:6C:E4:AF:62:FA:F2:58:7C:E5:7C:07:E8:D0:3C
Certificate issuer: /CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Certificate serial: 071B
Authority key identifier: 05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
Signing time: Mon 27 Oct 2025 03:14:35 +0000
ROA not before: Mon 27 Oct 2025 03:14:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56201
IP address blocks: 169.148.132.0/24 maxlen: 24
169.148.133.0/24 maxlen: 24
169.148.134.0/23 maxlen: 23
169.148.134.0/24 maxlen: 24
169.148.135.0/24 maxlen: 24
169.148.136.0/23 maxlen: 23
169.148.136.0/24 maxlen: 24
169.148.137.0/24 maxlen: 24
169.148.138.0/23 maxlen: 24
169.148.140.0/23 maxlen: 24
169.148.142.0/23 maxlen: 23
169.148.142.0/24 maxlen: 24
169.148.143.0/24 maxlen: 24
169.148.144.0/23 maxlen: 23
169.148.144.0/24 maxlen: 24
169.148.145.0/24 maxlen: 24
169.148.146.0/23 maxlen: 23
169.148.146.0/24 maxlen: 24
169.148.147.0/24 maxlen: 24
169.148.148.0/23 maxlen: 23
169.148.148.0/24 maxlen: 24
169.148.149.0/24 maxlen: 24
169.148.150.0/24 maxlen: 24
169.148.172.0/23 maxlen: 24
169.148.174.0/23 maxlen: 24
169.148.176.0/23 maxlen: 24
169.148.180.0/24 maxlen: 24
199.67.76.0/23 maxlen: 23
199.67.76.0/24 maxlen: 24
199.67.77.0/24 maxlen: 24
199.67.78.0/23 maxlen: 23
199.67.78.0/24 maxlen: 24
199.67.79.0/24 maxlen: 24
199.67.94.0/23 maxlen: 23
199.67.94.0/24 maxlen: 24
199.67.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 21:38:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1819 (0x71b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FF74B, serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Validity
Not Before: Oct 27 03:14:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68fee39b-0405
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:1d:3e:f8:89:86:ab:ef:e7:93:89:15:1f:b9:
e7:b8:dc:20:80:02:c1:39:60:a2:3d:71:f0:43:00:
43:dc:24:ad:db:2d:16:ec:9f:b1:15:2f:c3:96:e6:
14:ea:5b:6c:64:4d:a2:a3:65:8e:41:3c:4a:93:1e:
33:c2:c3:f5:a2:53:89:99:1d:a1:2c:f4:1e:dd:78:
dc:12:d4:71:32:d4:36:db:38:c7:5f:f5:7a:33:71:
42:30:08:d4:d2:91:da:df:fb:a0:96:75:6b:fe:18:
33:6d:35:35:a6:79:1d:52:ed:53:6e:3e:db:d3:54:
3e:7c:be:6b:89:31:76:44:46:db:e7:c4:72:0b:48:
f3:04:42:8a:1d:dc:7b:cb:5b:7e:f7:15:a4:17:3e:
18:75:1e:35:32:84:86:cc:c3:24:77:e7:e7:7a:05:
fe:39:45:41:71:df:52:84:3d:51:3f:37:af:bb:9d:
5e:ac:e1:64:67:c3:eb:0c:db:8b:28:3a:2b:9a:e0:
dc:33:6c:73:1d:ba:c6:2c:15:f0:25:d7:d8:84:b7:
9a:fb:47:3b:58:7b:0d:eb:e0:79:11:2e:e8:36:1a:
01:92:65:2c:a0:1c:f3:70:5d:89:a9:7d:1c:f1:cb:
91:f6:e2:ba:d3:ee:9f:ee:38:46:df:1a:8e:61:e3:
f7:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:24:43:B1:D0:F0:6C:E4:AF:62:FA:F2:58:7C:E5:7C:07:E8:D0:3C
X509v3 Authority Key Identifier:
keyid:05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
169.148.132.0-169.148.150.255
169.148.172.0-169.148.177.255
169.148.180.0/24
199.67.76.0/22
199.67.94.0/23
Signature Algorithm: sha256WithRSAEncryption
a5:15:22:ef:a0:13:7d:42:4a:58:1c:38:85:e5:b7:6f:db:ec:
b2:f2:18:ac:22:4c:81:e4:08:7f:e7:50:ce:7b:7a:2a:dd:89:
d5:18:fd:ed:76:6d:93:27:0f:0c:f3:d5:e3:6e:bd:4e:4e:f0:
a2:9a:50:11:db:ff:bf:0a:c7:fa:d6:ab:12:51:40:ed:ed:e2:
50:3e:85:e4:11:de:92:6f:32:4d:87:7b:d6:a9:24:7c:38:4c:
9d:05:29:86:f8:c8:c2:84:e5:e7:fa:bb:15:c5:91:10:fb:e2:
e9:14:e7:70:24:fa:ef:b9:4a:8e:03:64:9e:b4:ce:b6:52:c9:
8a:54:b3:72:4f:f6:b7:f8:26:33:a0:49:cd:e9:ba:a5:7b:dc:
a3:f1:19:c5:23:7d:82:65:b7:bc:a9:33:82:f1:97:fc:7e:f5:
11:a3:0f:ac:04:24:9a:14:00:42:8d:25:20:fb:ed:ce:27:63:
1e:1f:71:64:6f:d6:93:70:2a:5f:99:fe:9a:c4:03:81:eb:c9:
f4:c3:73:35:bb:8f:1b:3a:ea:2a:43:0b:a0:7a:7e:ad:18:e7:
81:4e:3f:a4:ee:10:9d:ae:40:9f:e1:dc:a4:21:ec:80:e6:7a:
2f:e8:97:91:18:0f:80:27:86:9f:46:b4:64:26:6a:50:ed:e0:
49:62:8e:71
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICBxswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY3NEIxMTAvBgNVBAUTKDA1OUU2RjAzQUU3Njc2QTlEMEYwOUQ1RjZDQkRCOTA4
NjE4NTVBNTcwHhcNMjUxMDI3MDMxNDM1WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGZlZTM5Yi0wNDA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8R0++ImGq+/nk4kVH7nnuNwggALBOWCiPXHwQwBD3CSt2y0W7J+xFS/DluYU
6ltsZE2io2WOQTxKkx4zwsP1olOJmR2hLPQe3XjcEtRxMtQ22zjHX/V6M3FCMAjU
0pHa3/uglnVr/hgzbTU1pnkdUu1Tbj7b01Q+fL5riTF2REbb58RyC0jzBEKKHdx7
y1t+9xWkFz4YdR41MoSGzMMkd+fnegX+OUVBcd9ShD1RPzevu51erOFkZ8PrDNuL
KDormuDcM2xzHbrGLBXwJdfYhLea+0c7WHsN6+B5ES7oNhoBkmUsoBzzcF2JqX0c
8cuR9uK60+6f7jhG3xqOYeP3hQIDAQABo4ICvTCCArkwHQYDVR0OBBYEFFkkQ7HQ
8Gzkr2L68lh85XwH6NA8MB8GA1UdIwQYMBaAFAWebwOudnap0PCdX2y9uQhhhVpX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjc0Qi82MUEzMzg0QTc4
MkMxMUVCQUMwNEY2NzJDNEY5QUUwMi9CWjV2QTY1MmRxblE4SjFmYkwyNUNHR0ZX
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0JaNXZBNjUyZHFuUThKMWZiTDI1Q0dHRldsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY3NEIvNjFBMzM4NEE3ODJDMTFFQkFDMDRGNjcyQzRGOUFFMDIvN0UwQUIwMUM3
ODJDMTFFQkIwQjcxOTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4wDAMEAqmUhAMEAKmUljAMAwQCqZSsAwQBqZSwAwQAqZS0AwQC
x0NMAwQBx0NeMA0GCSqGSIb3DQEBCwUAA4IBAQClFSLvoBN9QkpYHDiF5bdv2+yy
8hisIkyB5Ah/51DOe3oq3YnVGP3tdm2TJw8M89Xjbr1OTvCimlAR2/+/Csf61qsS
UUDt7eJQPoXkEd6SbzJNh3vWqSR8OEydBSmG+MjChOXn+rsVxZEQ++LpFOdwJPrv
uUqOA2SetM62UsmKVLNyT/a3+CYzoEnN6bqle9yj8RnFI32CZbe8qTOC8Zf8fvUR
ow+sBCSaFABCjSUg++3OJ2MeH3Fkb9aTcCpfmf6axAOB68n0w3M1u48bOuoqQwug
en6tGOeBTj+k7hCdrkCf4dykIeyA5nov6JeRGA+AJ4afRrRkJmpQ7eBJYo5x
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:33:08 2025 by rpki-client