Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
File: CB598446EF1811ED96D1F733C4F9AE02.roa (raw, json)
Hash identifier: tY9T8lU5kcHY3u57MMofX3/O0BgwKesBYrVdBe32n74=
Subject key identifier: BB:3A:57:25:75:EC:38:7F:6B:3B:C4:01:30:54:12:72:2B:3C:75:72
Certificate issuer: /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial: 134C
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
Signing time: Thu 14 Aug 2025 17:26:51 +0000
ROA not before: Thu 14 Aug 2025 17:26:51 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 55430
IP address blocks: 27.125.128.0/18 maxlen: 24
39.109.128.0/17 maxlen: 24
58.96.192.0/18 maxlen: 24
101.127.0.0/17 maxlen: 24
101.127.128.0/18 maxlen: 24
101.127.240.0/21 maxlen: 24
103.17.146.0/24 maxlen: 24
182.19.128.0/17 maxlen: 24
182.55.0.0/16 maxlen: 24
183.90.0.0/17 maxlen: 24
2406:3003::/32 maxlen: 35
2406:3003::/32 maxlen: 36
2406:3003::/32 maxlen: 40
2406:3003::/36 maxlen: 39
2406:3003::/40 maxlen: 48
2406:3003:1000::/36 maxlen: 39
2406:3003:1000::/40 maxlen: 48
2406:3003:2000::/36 maxlen: 39
2406:3003:2000::/40 maxlen: 48
2406:3003:3000::/36 maxlen: 39
2406:3003:3000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Aug 2025 17:19:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4940 (0x134c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91402DC, serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Validity
Not Before: Aug 14 17:26:51 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=689e1c5a-37ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:2e:65:f6:b8:40:b5:3b:a4:cc:67:b4:10:c3:
05:a2:40:46:c8:15:9b:6f:65:d0:05:b7:cc:87:1a:
78:f1:51:13:0d:0a:6c:dc:fe:71:6d:5e:d2:88:87:
10:d5:e7:cc:31:3a:6f:ac:c6:2a:e7:9e:df:4f:55:
ba:4b:d5:a7:86:a6:17:02:d4:13:2f:21:59:fb:9b:
1d:ec:ab:27:ea:57:89:9d:d4:b5:9d:71:f3:09:19:
a5:a9:9d:a9:c5:ee:47:36:67:bf:05:8a:1e:f5:aa:
dc:93:48:06:9b:19:c9:2a:21:48:a3:38:34:11:07:
19:c1:e0:73:36:e2:52:10:3d:4e:2d:86:fe:60:a2:
02:9c:f3:43:af:e4:83:97:6e:54:8c:68:42:44:bd:
3f:d1:c5:06:cc:46:c1:75:60:cb:6d:e5:f3:91:b1:
b6:ac:5d:b0:8a:99:76:b2:78:32:e5:bf:e2:7f:57:
4a:d4:4a:04:8d:8f:6e:97:ba:cb:e0:b0:57:b2:bd:
1e:d0:75:bc:83:d4:fa:68:3c:6a:51:c4:95:ad:b8:
df:3e:b5:21:b3:09:5e:c0:d3:92:28:3d:36:69:92:
ea:93:7b:f0:0c:fa:34:89:e7:65:53:6f:4a:9d:81:
e9:34:28:81:5c:cb:0c:53:74:ab:0f:c3:5b:10:d6:
28:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:3A:57:25:75:EC:38:7F:6B:3B:C4:01:30:54:12:72:2B:3C:75:72
X509v3 Authority Key Identifier:
keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.125.128.0/18
39.109.128.0/17
58.96.192.0/18
101.127.0.0-101.127.191.255
101.127.240.0/21
103.17.146.0/24
182.19.128.0/17
182.55.0.0/16
183.90.0.0/17
IPv6:
2406:3003::/32
Signature Algorithm: sha256WithRSAEncryption
27:66:64:21:83:94:ba:e0:e2:04:46:fc:76:19:f3:49:8d:a4:
f7:bf:33:94:62:7b:e6:e9:cf:c9:d2:cb:52:7f:73:70:d7:c2:
81:ab:50:93:e9:01:36:04:10:80:07:3a:e4:2e:05:c4:8b:91:
f5:a9:8f:d1:bc:7a:cb:ce:4b:0e:6c:81:8f:f0:b4:89:6b:74:
63:15:61:af:11:8f:63:29:ef:81:f1:a5:d8:bb:4f:bd:61:52:
ee:70:64:ad:38:31:45:11:cd:10:39:8f:dc:b7:03:c2:6d:21:
e8:3c:e8:d2:56:1b:c8:0c:c0:8f:b0:fc:25:09:93:2f:0b:05:
58:d6:a9:8e:6d:71:12:3b:b7:b1:6b:4a:c8:56:c8:ac:6e:7e:
ad:37:f3:6a:55:ec:fc:7b:ee:1b:78:e6:9b:02:f1:13:83:42:
49:0e:1a:59:d5:fd:9f:f2:3d:d0:ea:06:39:69:46:22:73:78:
d6:22:d4:a2:da:10:79:04:3a:87:18:fc:13:ac:0f:b8:41:cc:
ec:46:87:98:fa:a7:c8:76:5d:18:52:ec:2d:62:2f:4d:7c:ea:
9c:c6:a5:db:4b:d6:81:1e:f2:72:a9:2d:e6:ed:f1:4e:cc:cf:
67:0d:06:6b:29:98:64:8f:58:ca:81:85:ef:f9:d1:40:2c:08:
b8:4b:94:f1
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICE0wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjUwODE0MTcyNjUxWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODllMWM1YS0zN2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8y5l9rhAtTukzGe0EMMFokBGyBWbb2XQBbfMhxp48VETDQps3P5xbV7SiIcQ
1efMMTpvrMYq557fT1W6S9WnhqYXAtQTLyFZ+5sd7Ksn6leJndS1nXHzCRmlqZ2p
xe5HNme/BYoe9arck0gGmxnJKiFIozg0EQcZweBzNuJSED1OLYb+YKICnPNDr+SD
l25UjGhCRL0/0cUGzEbBdWDLbeXzkbG2rF2wipl2sngy5b/if1dK1EoEjY9ul7rL
4LBXsr0e0HW8g9T6aDxqUcSVrbjfPrUhswlewNOSKD02aZLqk3vwDPo0iedlU29K
nYHpNCiBXMsMU3SrD8NbENYohQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFLs6VyV1
7Dh/azvEATBUEnIrPHVyMB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvQ0I1OTg0NDZF
RjE4MTFFRDk2RDFGNzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMEIEAgABMDwDBAYbfYADBAcnbYADBAY6YMAwCwMDAGV/AwQGZX+AAwQDZX/w
AwQAZxGSAwQHthOAAwMAtjcDBAe3WgAwDQQCAAIwBwMFACQGMAMwDQYJKoZIhvcN
AQELBQADggEBACdmZCGDlLrg4gRG/HYZ80mNpPe/M5Rie+bpz8nSy1J/c3DXwoGr
UJPpATYEEIAHOuQuBcSLkfWpj9G8esvOSw5sgY/wtIlrdGMVYa8Rj2Mp74Hxpdi7
T71hUu5wZK04MUURzRA5j9y3A8JtIeg86NJWG8gMwI+w/CUJky8LBVjWqY5tcRI7
t7FrSshWyKxufq0382pV7Px77ht45psC8RODQkkOGlnV/Z/yPdDqBjlpRiJzeNYi
1KLaEHkEOocY/BOsD7hBzOxGh5j6p8h2XRhS7C1iL0186pzGpdtL1oEe8nKpLebt
8U7Mz2cNBmspmGSPWMqBhe/50UAsCLhLlPE=
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:21:06 2025 by rpki-client