Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/0940732E0E6311EDB98DEA0DC4F9AE02.roa
File: 0940732E0E6311EDB98DEA0DC4F9AE02.roa (raw, json)
Hash identifier: LjX/y1bmr7lUb6+mhBpoHtfDQ+zCLBR7g1pGcdMOf00=
Subject key identifier: 21:A7:B7:7E:71:B3:72:8E:F8:B1:9B:DC:53:91:BD:48:6F:12:8C:2C
Certificate issuer: /CN=A91A654C/serialNumber=5EA11C8A3A29E06973C1F121611D5A5C2A1B069D
Certificate serial: 0791
Authority key identifier: 5E:A1:1C:8A:3A:29:E0:69:73:C1:F1:21:61:1D:5A:5C:2A:1B:06:9D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XqEcijop4GlzwfEhYR1aXCobBp0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/0940732E0E6311EDB98DEA0DC4F9AE02.roa
Signing time: Mon 06 Oct 2025 22:22:50 +0000
ROA not before: Mon 06 Oct 2025 22:22:50 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 136969
IP address blocks: 103.12.196.0/24 maxlen: 24
103.12.197.0/24 maxlen: 24
103.12.198.0/24 maxlen: 24
103.12.199.0/24 maxlen: 24
103.73.100.0/24 maxlen: 24
103.73.101.0/24 maxlen: 24
103.73.102.0/24 maxlen: 24
103.73.103.0/24 maxlen: 24
103.125.176.0/24 maxlen: 24
103.125.177.0/24 maxlen: 24
103.125.178.0/24 maxlen: 24
103.125.179.0/24 maxlen: 24
103.150.208.0/23 maxlen: 23
103.150.208.0/24 maxlen: 24
103.150.209.0/24 maxlen: 24
103.151.236.0/24 maxlen: 24
103.151.237.0/24 maxlen: 24
2406:f480::/32 maxlen: 32
2406:f480::/64 maxlen: 64
2406:f480:0:1::/64 maxlen: 64
2406:f480:0:2::/64 maxlen: 64
2406:f480:0:3::/64 maxlen: 64
2406:f480:800::/38 maxlen: 38
2406:f480:2000::/35 maxlen: 35
2406:f480:8000::/35 maxlen: 35
2406:f480:8000::/64 maxlen: 64
2406:f480:8000:40::/64 maxlen: 64
2406:f480:8000:41::/64 maxlen: 64
2406:f480:8000:42::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/XqEcijop4GlzwfEhYR1aXCobBp0.crl
rsync://rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/XqEcijop4GlzwfEhYR1aXCobBp0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XqEcijop4GlzwfEhYR1aXCobBp0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 23:04:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1937 (0x791)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A654C, serialNumber=5EA11C8A3A29E06973C1F121611D5A5C2A1B069D
Validity
Not Before: Oct 6 22:22:50 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68e4413a-d59b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:21:db:d2:78:69:e9:bc:16:96:6d:d2:fb:dd:
2c:9b:8d:b3:87:02:90:a9:4b:3d:06:02:24:82:e2:
3b:4d:e2:80:03:a8:fe:d0:80:da:86:c8:ad:0a:35:
8b:ec:78:af:61:a1:0e:b5:a7:6b:07:84:b9:99:62:
22:28:63:4a:64:a1:de:49:59:24:d4:28:75:e4:e5:
a4:fc:02:fe:2f:09:39:ef:13:86:8b:a2:fc:fd:fe:
5a:ef:6b:b6:06:bc:8b:fd:64:73:cf:cd:98:b6:7a:
2d:dd:9c:ce:18:c9:a2:fb:0c:13:0a:95:08:e7:91:
47:0a:e2:59:9a:8d:8f:33:95:42:b2:f9:59:80:fa:
1b:23:7b:c2:1e:51:27:24:1e:67:a4:7d:08:b6:6f:
7e:77:9b:e6:d8:ab:54:14:e0:07:ce:38:a5:8d:f1:
c3:7c:7e:55:94:a5:0e:fd:0e:70:0f:7f:64:46:db:
b1:ac:4e:45:da:40:df:95:8e:50:7d:77:ce:28:e1:
84:52:fa:c4:98:54:b0:03:87:34:28:d0:d5:59:cd:
86:5f:7b:66:9c:af:cc:6a:4c:94:89:7b:b8:5d:ff:
5d:37:53:c8:ca:ae:9b:79:ac:ec:19:de:2f:5a:09:
2f:1b:bd:b5:6c:40:00:76:38:fd:a3:4b:8c:e2:85:
c2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:A7:B7:7E:71:B3:72:8E:F8:B1:9B:DC:53:91:BD:48:6F:12:8C:2C
X509v3 Authority Key Identifier:
keyid:5E:A1:1C:8A:3A:29:E0:69:73:C1:F1:21:61:1D:5A:5C:2A:1B:06:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/XqEcijop4GlzwfEhYR1aXCobBp0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XqEcijop4GlzwfEhYR1aXCobBp0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A654C/51A9EACC416011EB90874450C4F9AE02/0940732E0E6311EDB98DEA0DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.12.196.0/22
103.73.100.0/22
103.125.176.0/22
103.150.208.0/23
103.151.236.0/23
IPv6:
2406:f480::/32
Signature Algorithm: sha256WithRSAEncryption
36:e6:0a:f9:95:17:b3:50:f9:c2:aa:d5:1b:14:34:9d:a1:6f:
f6:76:97:f0:6f:e8:89:80:34:dd:42:9e:5b:14:c1:49:05:85:
ac:d9:76:d1:f3:d2:1c:0e:8a:52:31:de:6d:23:dc:5e:8b:cc:
f3:0e:d9:e6:a4:c1:60:2b:3e:03:f8:76:20:d6:76:27:a5:51:
ec:6a:ef:cd:41:28:3e:ea:87:3e:89:ca:8c:09:64:c4:b5:38:
92:17:36:43:ba:83:27:6a:26:ad:b0:5f:76:7f:7f:b9:78:aa:
a6:3c:b1:c7:8d:e4:90:e0:07:3c:02:cf:2d:9c:75:33:02:25:
a6:f3:b5:b9:8d:c8:1a:18:e1:c3:bf:7c:d6:37:e3:74:7b:ac:
c1:c9:62:5d:4b:ca:3f:91:75:46:a6:4b:1f:1b:bf:d1:b6:2a:
ff:7c:43:c6:ff:0b:cd:ec:e7:7f:d6:a5:ca:d2:65:7d:cc:c7:
39:77:99:aa:6f:f2:30:91:ff:2b:16:73:2d:db:4f:bd:20:34:
02:b5:95:85:c9:92:c0:52:07:60:67:5c:08:e3:6f:10:27:cd:
f3:62:04:06:37:a9:a5:28:aa:bd:9b:3e:52:b6:44:7e:f6:a3:
89:5f:67:7a:61:e6:fc:f0:c3:42:c3:63:b8:f5:e0:b3:67:27:
a7:a0:cc:f4
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICB5EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTY1NEMxMTAvBgNVBAUTKDVFQTExQzhBM0EyOUUwNjk3M0MxRjEyMTYxMUQ1QTVD
MkExQjA2OUQwHhcNMjUxMDA2MjIyMjUwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU0NDEzYS1kNTliMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4yHb0nhp6bwWlm3S+90sm42zhwKQqUs9BgIkguI7TeKAA6j+0IDahsitCjWL
7HivYaEOtadrB4S5mWIiKGNKZKHeSVkk1Ch15OWk/AL+Lwk57xOGi6L8/f5a72u2
BryL/WRzz82Ytnot3ZzOGMmi+wwTCpUI55FHCuJZmo2PM5VCsvlZgPobI3vCHlEn
JB5npH0Itm9+d5vm2KtUFOAHzjiljfHDfH5VlKUO/Q5wD39kRtuxrE5F2kDflY5Q
fXfOKOGEUvrEmFSwA4c0KNDVWc2GX3tmnK/MakyUiXu4Xf9dN1PIyq6beazsGd4v
WgkvG721bEAAdjj9o0uM4oXCZQIDAQABo4ICvDCCArgwHQYDVR0OBBYEFCGnt35x
s3KO+LGb3FORvUhvEowsMB8GA1UdIwQYMBaAFF6hHIo6KeBpc8HxIWEdWlwqGwad
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNjU0Qy81MUE5RUFDQzQx
NjAxMUVCOTA4NzQ0NTBDNEY5QUUwMi9YcUVjaWpvcDRHbHp3ZkVoWVIxYVhDb2JC
cDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hxRWNpam9wNEdsendmRWhZUjFhWENvYkJwMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTY1NEMvNTFBOUVBQ0M0MTYwMTFFQjkwODc0NDUwQzRGOUFFMDIvMDk0MDczMkUw
RTYzMTFFREI5OERFQTBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJnDMQDBAJnSWQDBAJnfbADBAFnltADBAFnl+wwDQQCAAIw
BwMFACQG9IAwDQYJKoZIhvcNAQELBQADggEBADbmCvmVF7NQ+cKq1RsUNJ2hb/Z2
l/Bv6ImANN1CnlsUwUkFhazZdtHz0hwOilIx3m0j3F6LzPMO2eakwWArPgP4diDW
dielUexq781BKD7qhz6JyowJZMS1OJIXNkO6gydqJq2wX3Z/f7l4qqY8sceN5JDg
BzwCzy2cdTMCJabztbmNyBoY4cO/fNY343R7rMHJYl1Lyj+RdUamSx8bv9G2Kv98
Q8b/C83s53/WpcrSZX3Mxzl3mapv8jCR/ysWcy3bT70gNAK1lYXJksBSB2BnXAjj
bxAnzfNiBAY3qaUoqr2bPlK2RH72o4lfZ3ph5vzww0LDY7j14LNnJ6egzPQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 22:43:42 2025 by rpki-client