Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/091C09EA9D9D11F09084BA7EC4F9AE02.roa
File: 091C09EA9D9D11F09084BA7EC4F9AE02.roa (raw, json)
Hash identifier: 399gzyQkvzXe5/U+lSe1+2T3bBtoxr8n8IVfmgbj6l8=
Subject key identifier: 37:5D:F9:E4:AB:CB:B3:6B:CC:E0:BF:89:90:F0:C1:57:5B:C6:8D:CC
Certificate issuer: /CN=A91D41AC/serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Certificate serial: 95
Authority key identifier: BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/091C09EA9D9D11F09084BA7EC4F9AE02.roa
Signing time: Tue 30 Sep 2025 01:33:28 +0000
ROA not before: Tue 30 Sep 2025 01:33:28 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 9336
IP address blocks: 27.113.240.0/21 maxlen: 24
45.64.56.0/22 maxlen: 24
45.113.244.0/22 maxlen: 24
103.18.124.0/22 maxlen: 24
103.53.200.0/22 maxlen: 24
103.233.224.0/22 maxlen: 24
118.127.96.0/19 maxlen: 24
121.200.208.0/22 maxlen: 24
121.200.214.0/24 maxlen: 24
202.90.48.0/21 maxlen: 21
203.153.192.0/20 maxlen: 24
218.185.232.0/21 maxlen: 24
2403:3600::/32 maxlen: 33
2403:3600::/33 maxlen: 40
2403:3600:8000::/34 maxlen: 34
2403:3600:8000::/35 maxlen: 37
2403:3600:8000::/36 maxlen: 40
2403:3600:9000::/37 maxlen: 40
2403:3600:9800::/38 maxlen: 38
2403:3600:9800::/39 maxlen: 39
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 09:57:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 149 (0x95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D41AC, serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Validity
Not Before: Sep 30 01:33:28 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=68db3368-773a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:7f:e9:4a:e9:ad:45:6e:92:44:33:6b:2e:dd:
fb:0b:1b:20:17:47:28:77:09:41:c1:dd:d8:8d:6a:
6d:7c:c1:e5:ae:32:55:db:06:43:da:09:0f:9f:d9:
79:47:21:9b:74:29:2e:8a:88:de:0d:ba:85:8b:96:
bd:3a:cf:3e:55:a9:81:34:92:f2:f2:04:1b:80:8a:
a4:8a:4b:9b:cf:73:a2:d2:26:66:d2:85:93:a4:99:
e4:c3:67:12:2e:75:90:5d:28:cd:cc:92:5c:13:42:
ed:0c:75:89:ca:52:29:1b:1f:81:6f:46:09:d2:ec:
bb:7f:ab:bb:c3:0b:ae:3c:f8:d4:65:52:96:5f:24:
c9:38:50:a3:f9:ea:8a:75:da:3f:b9:1b:0a:e1:d5:
47:1a:c6:cc:38:62:47:fa:c7:ca:f2:bc:5f:02:76:
cb:a6:91:aa:84:48:69:96:98:11:3c:9e:f6:79:6c:
e0:42:66:1c:c1:37:d7:f2:93:80:09:af:47:4b:ab:
b2:cf:e2:67:bc:42:16:6b:79:26:8c:bd:7f:cf:a6:
9c:cc:3e:49:e2:66:24:6b:c5:56:91:20:24:83:5a:
8f:d5:5c:d5:fa:d6:53:f4:ed:d4:55:d5:d7:d0:95:
82:0a:f0:eb:cf:59:43:2b:fe:e0:24:99:8d:fb:bc:
af:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:5D:F9:E4:AB:CB:B3:6B:CC:E0:BF:89:90:F0:C1:57:5B:C6:8D:CC
X509v3 Authority Key Identifier:
keyid:BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/091C09EA9D9D11F09084BA7EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.113.240.0/21
45.64.56.0/22
45.113.244.0/22
103.18.124.0/22
103.53.200.0/22
103.233.224.0/22
118.127.96.0/19
121.200.208.0/22
121.200.214.0/24
202.90.48.0/21
203.153.192.0/20
218.185.232.0/21
IPv6:
2403:3600::/32
Signature Algorithm: sha256WithRSAEncryption
af:a2:43:ee:73:b2:c9:d0:3b:cb:aa:2d:26:ea:c5:6e:44:aa:
63:3d:25:62:42:74:41:af:2e:67:8e:ea:7a:b4:52:db:a8:e0:
89:b2:ed:4d:90:c2:7c:94:af:f1:13:fa:03:da:e3:81:9c:1d:
a5:bd:e6:eb:a7:00:b9:67:75:37:22:69:95:83:85:5b:44:ed:
3a:99:79:4c:a4:a7:62:d7:79:1f:4f:e3:3e:77:57:f2:9b:2a:
05:d1:6d:a3:40:7e:bd:b8:47:24:cf:00:f9:bf:2e:11:24:5a:
3e:ec:d3:7b:59:7c:ac:37:8e:b7:29:52:05:8b:94:38:11:8f:
71:d6:a6:a5:0d:6b:09:6e:40:b4:78:cc:95:be:eb:74:70:4c:
01:cb:fc:07:1c:46:c7:c8:85:3e:2c:bc:62:29:f9:fe:0e:48:
08:c3:37:4f:d1:ca:93:79:5f:c5:2f:a7:2f:b4:21:e3:6e:3f:
c3:43:41:a1:b3:9a:85:f3:eb:0e:51:fd:94:09:47:0d:9a:e9:
33:b7:cc:c5:79:42:e5:5c:59:47:b3:58:ee:56:3f:0d:56:17:
07:b1:29:d6:ac:5a:72:ae:42:cc:69:b3:5d:d2:d1:ca:3d:07:
ca:47:47:ca:05:bf:91:a0:88:d9:da:da:ab:ef:25:8a:19:c3:
be:73:cf:03
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgICAJUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQxQUMxMTAvBgNVBAUTKEJGOTg2ODhFOThCMDFFODRENzM2NkY2Nzg2NENFOEYz
RUJCRDQzNzcwHhcNMjUwOTMwMDEzMzI4WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRiMzM2OC03NzNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9X/pSumtRW6SRDNrLt37CxsgF0codwlBwd3YjWptfMHlrjJV2wZD2gkPn9l5
RyGbdCkuiojeDbqFi5a9Os8+VamBNJLy8gQbgIqkikubz3Oi0iZm0oWTpJnkw2cS
LnWQXSjNzJJcE0LtDHWJylIpGx+Bb0YJ0uy7f6u7wwuuPPjUZVKWXyTJOFCj+eqK
ddo/uRsK4dVHGsbMOGJH+sfK8rxfAnbLppGqhEhplpgRPJ72eWzgQmYcwTfX8pOA
Ca9HS6uyz+JnvEIWa3kmjL1/z6aczD5J4mYka8VWkSAkg1qP1VzV+tZT9O3UVdXX
0JWCCvDrz1lDK/7gJJmN+7yvcwIDAQABo4IC5jCCAuIwHQYDVR0OBBYEFDdd+eSr
y7NrzOC/iZDwwVdbxo3MMB8GA1UdIwQYMBaAFL+YaI6YsB6E1zZvZ4ZM6PPrvUN3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDFBQy8yNDQ1QkNFMkU5
M0YxMUVGOERGMUUwMzVDNEY5QUUwMi92NWhvanBpd0hvVFhObTluaGt6bzgtdTlR
M2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Y1aG9qcGl3SG9UWE5tOW5oa3pvOC11OVEzYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQxQUMvMjQ0NUJDRTJFOTNGMTFFRjhERjFFMDM1QzRGOUFFMDIvMDkxQzA5RUE5
RDlEMTFGMDkwODRCQTdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcAYIKwYBBQUHAQcBAf8E
YTBfME4EAgABMEgDBAMbcfADBAItQDgDBAItcfQDBAJnEnwDBAJnNcgDBAJn6eAD
BAV2f2ADBAJ5yNADBAB5yNYDBAPKWjADBATLmcADBAPauegwDQQCAAIwBwMFACQD
NgAwDQYJKoZIhvcNAQELBQADggEBAK+iQ+5zssnQO8uqLSbqxW5EqmM9JWJCdEGv
LmeO6nq0Utuo4Imy7U2QwnyUr/ET+gPa44GcHaW95uunALlndTciaZWDhVtE7TqZ
eUykp2LXeR9P4z53V/KbKgXRbaNAfr24RyTPAPm/LhEkWj7s03tZfKw3jrcpUgWL
lDgRj3HWpqUNawluQLR4zJW+63RwTAHL/AccRsfIhT4svGIp+f4OSAjDN0/RypN5
X8Uvpy+0IeNuP8NDQaGzmoXz6w5R/ZQJRw2a6TO3zMV5QuVcWUezWO5WPw1WFwex
KdasWnKuQsxps13S0co9B8pHR8oFv5GgiNna2qvvJYoZw75zzwM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:58:48 2025 by rpki-client