Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
File: 257E3B94E37B11EA84A20810C4F9AE02.roa (raw, json)
Hash identifier: Dw3nMUxEhyHX5ev98aRNWPLfcsu+JByGF2YmsWZl+nQ=
Subject key identifier: 7B:C7:C2:0F:1A:F8:53:29:39:A4:C2:82:8D:2E:1D:7F:C5:7B:36:C8
Certificate issuer: /CN=A91B3CB5/serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Certificate serial: 0D16
Authority key identifier: 13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
Signing time: Mon 02 Mar 2026 13:47:52 +0000
ROA not before: Wed 22 Oct 2025 19:07:17 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 38280
IP address blocks: 59.191.192.0/20 maxlen: 20
59.191.192.0/24 maxlen: 24
59.191.193.0/24 maxlen: 24
59.191.194.0/24 maxlen: 24
59.191.195.0/24 maxlen: 24
59.191.196.0/24 maxlen: 24
59.191.197.0/24 maxlen: 24
59.191.198.0/24 maxlen: 24
59.191.199.0/24 maxlen: 24
59.191.200.0/24 maxlen: 24
59.191.201.0/24 maxlen: 24
59.191.202.0/24 maxlen: 24
59.191.203.0/24 maxlen: 24
59.191.204.0/24 maxlen: 24
59.191.205.0/24 maxlen: 24
59.191.206.0/24 maxlen: 24
59.191.207.0/24 maxlen: 24
118.139.128.0/19 maxlen: 19
118.139.128.0/24 maxlen: 24
118.139.129.0/24 maxlen: 24
118.139.130.0/24 maxlen: 24
118.139.131.0/24 maxlen: 24
118.139.132.0/24 maxlen: 24
118.139.133.0/24 maxlen: 24
118.139.134.0/24 maxlen: 24
118.139.135.0/24 maxlen: 24
118.139.136.0/24 maxlen: 24
118.139.137.0/24 maxlen: 24
118.139.138.0/24 maxlen: 24
118.139.139.0/24 maxlen: 24
118.139.140.0/24 maxlen: 24
118.139.141.0/24 maxlen: 24
118.139.142.0/24 maxlen: 24
118.139.143.0/24 maxlen: 24
118.139.144.0/24 maxlen: 24
118.139.145.0/24 maxlen: 24
118.139.146.0/24 maxlen: 24
118.139.147.0/24 maxlen: 24
118.139.148.0/24 maxlen: 24
118.139.149.0/24 maxlen: 24
118.139.150.0/24 maxlen: 24
118.139.151.0/24 maxlen: 24
118.139.152.0/24 maxlen: 24
118.139.153.0/24 maxlen: 24
118.139.154.0/24 maxlen: 24
118.139.155.0/24 maxlen: 24
118.139.156.0/24 maxlen: 24
118.139.157.0/24 maxlen: 24
118.139.158.0/24 maxlen: 24
118.139.159.0/24 maxlen: 24
2404:2400:200::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 18:05:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3350 (0xd16)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B3CB5, serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Validity
Not Before: Oct 22 19:07:17 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69a59508-8865
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:40:34:c7:7c:d1:35:36:ec:b9:6b:3c:14:b1:
91:98:cd:7d:25:22:e9:7d:84:83:a8:0a:c3:38:20:
a2:4f:ea:96:de:5a:1a:f6:f2:fa:ee:99:64:91:40:
60:04:86:7f:3d:f1:64:c0:29:59:d6:0d:18:98:d5:
69:b0:2d:62:39:ee:87:91:a7:68:67:b6:6a:09:5a:
24:f2:58:b0:5a:b0:e7:20:8e:e2:aa:88:c5:82:5b:
d5:c5:a8:63:a5:4c:61:79:4b:36:fb:c1:ac:c9:9a:
b1:21:f8:36:a2:81:33:e7:ab:d7:86:fa:76:8f:15:
8d:02:d1:3a:cb:27:8f:fa:a6:9c:47:e1:54:85:f3:
70:43:d7:6a:f3:bb:8d:98:7f:76:14:33:8e:b1:91:
7c:4c:4a:88:eb:4b:ee:27:8b:ea:9f:ea:09:50:d0:
19:89:44:a6:e9:f9:13:32:e2:33:61:7b:33:e8:26:
7d:91:a8:9b:73:80:ff:a1:eb:19:49:2c:72:79:be:
21:40:db:14:fa:ef:68:2f:bb:89:8d:08:60:45:6e:
64:c1:46:be:bc:7e:04:28:57:cb:51:b0:9a:26:1c:
cc:57:cc:c4:60:e4:14:b3:87:b0:ed:7a:dd:0f:09:
72:18:86:88:d5:9a:8b:4d:97:27:b3:1f:42:f4:8f:
6e:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C7:C2:0F:1A:F8:53:29:39:A4:C2:82:8D:2E:1D:7F:C5:7B:36:C8
X509v3 Authority Key Identifier:
keyid:13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
59.191.192.0/20
118.139.128.0/19
IPv6:
2404:2400:200::/48
Signature Algorithm: sha256WithRSAEncryption
48:da:41:46:cf:f6:29:53:b3:6a:1f:88:22:36:40:9e:0f:9d:
21:e8:79:dc:30:9d:45:4d:0b:f9:45:58:da:75:72:0c:f6:aa:
a7:02:2d:51:8e:a0:09:8f:77:77:07:b3:0e:10:48:78:b8:b0:
79:92:5a:ce:8d:f2:b4:84:0b:89:10:15:ba:74:41:e2:d5:18:
0f:d6:0d:22:d1:65:e6:f9:aa:11:e3:98:2a:59:e7:a3:cd:58:
2c:5e:ef:15:73:7f:47:34:cb:fb:01:e9:18:cc:15:c8:e2:3b:
c7:d2:4d:ca:d5:94:4d:40:48:5b:84:c1:8a:b2:f2:8a:07:58:
75:0f:6f:5a:3c:19:84:a7:cb:67:b6:b4:e3:5e:f8:5e:67:47:
6b:79:37:91:4c:c1:cd:87:76:fe:ed:91:3f:39:ac:de:e0:05:
0a:9b:bb:41:cd:dc:d7:f1:58:df:8b:37:53:3e:a1:5f:df:15:
57:61:49:82:22:f3:6e:e2:85:a9:cc:07:61:b3:70:23:88:fa:
9b:cc:c5:d2:e4:4a:b1:67:07:9a:56:74:be:90:d8:2b:d6:e7:
f8:99:88:1b:bc:7c:27:65:50:f4:55:c4:63:40:f0:ad:59:12:
15:17:a8:d5:3e:07:51:c4:bd:cc:46:7e:ad:9e:1d:db:9e:6a:
95:60:d5:a1
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgICDRYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjNDQjUxMTAvBgNVBAUTKDEzNTVENTE4N0QyRTYzRDdFNkQ0OTA3OEQ4RTcxRkEw
NTFDNDU2RTMwHhcNMjUxMDIyMTkwNzE3WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1OTUwOC04ODY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAukA0x3zRNTbsuWs8FLGRmM19JSLpfYSDqArDOCCiT+qW3loa9vL67plkkUBg
BIZ/PfFkwClZ1g0YmNVpsC1iOe6HkadoZ7ZqCVok8liwWrDnII7iqojFglvVxahj
pUxheUs2+8GsyZqxIfg2ooEz56vXhvp2jxWNAtE6yyeP+qacR+FUhfNwQ9dq87uN
mH92FDOOsZF8TEqI60vuJ4vqn+oJUNAZiUSm6fkTMuIzYXsz6CZ9kaibc4D/oesZ
SSxyeb4hQNsU+u9oL7uJjQhgRW5kwUa+vH4EKFfLUbCaJhzMV8zEYOQUs4ew7Xrd
DwlyGIaI1ZqLTZcnsx9C9I9uzwIDAQABo4ICdzCCAnMwHQYDVR0OBBYEFHvHwg8a
+FMpOaTCgo0uHX/FezbIMB8GA1UdIwQYMBaAFBNV1Rh9LmPX5tSQeNjnH6BRxFbj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCM0NCNS82MzI2NTBGODA1
MDUxMUVBQUE5MzRDNDNDNEY5QUUwMi9FMVhWR0gwdVk5Zm0xSkI0Mk9jZm9GSEVW
dU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0UxWFZHSDB1WTlmbTFKQjQyT2Nmb0ZIRVZ1TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjNDQjUvNjMyNjUwRjgwNTA1MTFFQUFBOTM0QzQzQzRGOUFFMDIvMjU3RTNCOTRF
MzdCMTFFQTg0QTIwODEwQzRGOUFFMDIucm9hMDYGCCsGAQUFBwEHAQH/BCcwJTAS
BAIAATAMAwQEO7/AAwQFdouAMA8EAgACMAkDBwAkBCQAAgAwDQYJKoZIhvcNAQEL
BQADggEBAEjaQUbP9ilTs2ofiCI2QJ4PnSHoedwwnUVNC/lFWNp1cgz2qqcCLVGO
oAmPd3cHsw4QSHi4sHmSWs6N8rSEC4kQFbp0QeLVGA/WDSLRZeb5qhHjmCpZ56PN
WCxe7xVzf0c0y/sB6RjMFcjiO8fSTcrVlE1ASFuEwYqy8ooHWHUPb1o8GYSny2e2
tONe+F5nR2t5N5FMwc2Hdv7tkT85rN7gBQqbu0HN3NfxWN+LN1M+oV/fFVdhSYIi
827ihanMB2GzcCOI+pvMxdLkSrFnB5pWdL6Q2CvW5/iZiBu8fCdlUPRVxGNA8K1Z
EhUXqNU+B1HEvcxGfq2eHdueapVg1aE=
-----END CERTIFICATE-----
Generated at Thu Mar 26 16:05:18 2026 by rpki-client