Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/56F533B4A63011EEA6054D52C4F9AE02.roa
File: 56F533B4A63011EEA6054D52C4F9AE02.roa (raw, json)
Hash identifier: dXPESe0AS5zU2YANDMu05Iuv4X+774tiDNq9FoG/6Go=
Subject key identifier: 07:23:7E:D9:B8:66:93:E3:F0:B1:EE:A1:67:78:4C:97:39:BE:A5:EF
Certificate issuer: /CN=A91DCAE8/serialNumber=AAB0E2B62F6343895730C05488E7FC4E26C51A6C
Certificate serial: 3515
Authority key identifier: AA:B0:E2:B6:2F:63:43:89:57:30:C0:54:88:E7:FC:4E:26:C5:1A:6C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/56F533B4A63011EEA6054D52C4F9AE02.roa
Signing time: Sat 20 Sep 2025 15:01:01 +0000
ROA not before: Sat 20 Sep 2025 15:01:01 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 38235
IP address blocks: 103.90.148.0/22 maxlen: 24
103.120.132.0/22 maxlen: 24
103.141.164.0/23 maxlen: 24
116.212.128.0/19 maxlen: 24
202.57.208.0/24 maxlen: 24
202.57.209.0/24 maxlen: 24
202.57.210.0/23 maxlen: 23
202.57.210.0/24 maxlen: 24
202.57.211.0/24 maxlen: 24
203.176.128.0/21 maxlen: 22
203.176.128.0/23 maxlen: 24
203.176.130.0/24 maxlen: 24
203.176.131.0/24 maxlen: 24
203.176.132.0/24 maxlen: 24
203.176.133.0/24 maxlen: 24
203.176.134.0/24 maxlen: 24
203.176.135.0/24 maxlen: 24
203.176.136.0/21 maxlen: 22
203.176.136.0/24 maxlen: 24
203.176.137.0/24 maxlen: 24
203.176.138.0/23 maxlen: 24
203.176.140.0/22 maxlen: 24
2405:da00::/32 maxlen: 36
2405:da00::/40 maxlen: 40
2405:da00::/48 maxlen: 48
2405:da00:1::/48 maxlen: 48
2405:da00:10::/44 maxlen: 44
2405:da00:99::/48 maxlen: 48
2405:da00:100::/40 maxlen: 40
2405:da00:200::/40 maxlen: 40
2405:da00:300::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.crl
rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 04:51:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13589 (0x3515)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DCAE8, serialNumber=AAB0E2B62F6343895730C05488E7FC4E26C51A6C
Validity
Not Before: Sep 20 15:01:01 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68cec1ac-04b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:06:e6:f6:f2:1b:8b:27:28:ae:ce:8d:5f:78:
eb:a4:72:fd:28:04:14:22:40:cd:9f:69:db:cc:b0:
ad:54:a1:cc:c5:c4:ef:2c:a7:d6:bf:88:3c:94:ae:
95:f6:5f:88:a7:19:3b:dc:2b:0b:4b:25:95:8f:50:
cb:f8:fd:ff:b7:79:72:2c:86:a7:de:b5:5f:b0:26:
f2:fa:da:5b:66:f7:6a:b8:ce:ca:32:58:d5:28:19:
e0:60:3b:2f:ad:c7:a7:27:16:a4:1d:de:c6:7c:55:
75:75:8c:e4:8c:d2:39:8e:00:96:b7:ba:02:1b:3f:
4c:06:ed:e7:6c:cf:9e:80:3d:d0:59:ec:a0:9f:eb:
68:f9:f7:ef:d2:7d:1e:ac:91:b8:cf:18:22:a7:64:
a6:97:2a:e8:ec:6f:e6:ef:20:70:c1:61:ad:08:18:
3a:d7:f6:dc:f0:b6:cb:54:3a:d3:1f:26:1e:63:f2:
a1:c8:9a:68:b7:03:96:9d:02:f1:bc:21:3b:06:60:
be:9f:78:a5:41:39:d6:ea:a6:ae:b9:b6:18:3c:e0:
ed:4a:eb:1b:4e:6c:9a:30:4e:d4:e9:d0:61:e3:a9:
35:9d:76:b7:ca:05:f3:92:5b:25:7e:c0:b5:08:10:
6a:fe:04:1f:19:3d:d3:d7:26:c3:dd:98:68:ca:23:
63:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:23:7E:D9:B8:66:93:E3:F0:B1:EE:A1:67:78:4C:97:39:BE:A5:EF
X509v3 Authority Key Identifier:
keyid:AA:B0:E2:B6:2F:63:43:89:57:30:C0:54:88:E7:FC:4E:26:C5:1A:6C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/qrDiti9jQ4lXMMBUiOf8TibFGmw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrDiti9jQ4lXMMBUiOf8TibFGmw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DCAE8/8B6ADE141D9311E292CB23F708B02CD2/56F533B4A63011EEA6054D52C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.90.148.0/22
103.120.132.0/22
103.141.164.0/23
116.212.128.0/19
202.57.208.0/22
203.176.128.0/20
IPv6:
2405:da00::/32
Signature Algorithm: sha256WithRSAEncryption
09:d3:91:30:f9:57:04:a1:be:e4:fa:2d:98:72:3a:ad:41:c4:
7a:8e:53:d2:22:27:2e:76:3b:1e:2a:7e:ef:4c:8f:31:08:1e:
9e:aa:f5:bb:20:f4:47:64:f4:01:d2:dc:4b:ab:39:c4:0d:29:
a3:5c:d3:e2:5b:56:9c:2e:5f:4e:41:2c:f0:b3:3d:0d:0c:7d:
57:2c:86:7b:b5:f1:0e:26:1a:7d:e7:c5:b6:fd:8d:85:c7:96:
82:29:52:f6:77:08:70:95:8a:b6:e3:99:49:d6:a7:29:da:ef:
cc:f2:47:6a:94:5d:54:16:eb:31:04:c3:b9:0c:f9:bc:92:a8:
43:37:7b:f6:38:b2:5a:49:83:5c:af:cd:ec:5f:cc:ed:03:39:
b2:0d:b7:90:a5:18:7c:e4:a5:4a:73:b7:da:4b:99:79:c7:d5:
ad:33:23:c7:62:37:ee:00:23:bd:16:e6:35:57:61:1a:9a:47:
fd:b8:b7:d8:0a:a4:1b:c4:2b:22:8b:24:bf:bb:56:9f:9e:c8:
bb:45:7d:c5:d4:ac:ad:32:d4:65:27:3b:63:bd:65:af:4f:97:
0b:ab:ce:ed:7f:ac:28:4d:ec:f4:e4:69:8a:47:38:15:c3:0b:
b3:59:8f:3c:8d:d4:a5:07:2f:a3:b0:6e:b4:bc:40:43:dd:bb:
93:8b:21:a9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICNRUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RENBRTgxMTAvBgNVBAUTKEFBQjBFMkI2MkY2MzQzODk1NzMwQzA1NDg4RTdGQzRF
MjZDNTFBNkMwHhcNMjUwOTIwMTUwMTAxWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGNlYzFhYy0wNGI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnQbm9vIbiycors6NX3jrpHL9KAQUIkDNn2nbzLCtVKHMxcTvLKfWv4g8lK6V
9l+Ipxk73CsLSyWVj1DL+P3/t3lyLIan3rVfsCby+tpbZvdquM7KMljVKBngYDsv
rcenJxakHd7GfFV1dYzkjNI5jgCWt7oCGz9MBu3nbM+egD3QWeygn+to+ffv0n0e
rJG4zxgip2Smlyro7G/m7yBwwWGtCBg61/bc8LbLVDrTHyYeY/KhyJpotwOWnQLx
vCE7BmC+n3ilQTnW6qauubYYPODtSusbTmyaME7U6dBh46k1nXa3ygXzklslfsC1
CBBq/gQfGT3T1ybD3ZhoyiNjJwIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFAcjftm4
ZpPj8LHuoWd4TJc5vqXvMB8GA1UdIwQYMBaAFKqw4rYvY0OJVzDAVIjn/E4mxRps
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQ0FFOC84QjZBREUxNDFE
OTMxMUUyOTJDQjIzRjcwOEIwMkNEMi9xckRpdGk5alE0bFhNTUJVaU9mOFRpYkZH
bXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FyRGl0aTlqUTRsWE1NQlVpT2Y4VGliRkdtdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RENBRTgvOEI2QURFMTQxRDkzMTFFMjkyQ0IyM0Y3MDhCMDJDRDIvNTZGNTMzQjRB
NjMwMTFFRUE2MDU0RDUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAJnWpQDBAJneIQDBAFnjaQDBAV01IADBALKOdADBATLsIAw
DQQCAAIwBwMFACQF2gAwDQYJKoZIhvcNAQELBQADggEBAAnTkTD5VwShvuT6LZhy
Oq1BxHqOU9IiJy52Ox4qfu9MjzEIHp6q9bsg9Edk9AHS3EurOcQNKaNc0+JbVpwu
X05BLPCzPQ0MfVcshnu18Q4mGn3nxbb9jYXHloIpUvZ3CHCVirbjmUnWpyna78zy
R2qUXVQW6zEEw7kM+bySqEM3e/Y4slpJg1yvzexfzO0DObINt5ClGHzkpUpzt9pL
mXnH1a0zI8diN+4AI70W5jVXYRqaR/24t9gKpBvEKyKLJL+7Vp+eyLtFfcXUrK0y
1GUnO2O9Za9Plwurzu1/rChN7PTkaYpHOBXDC7NZjzyN1KUHL6OwbrS8QEPdu5OL
Iak=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:58:27 2025 by rpki-client