Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/B32F80267BD111EBBB223C84C4F9AE02.roa
File: B32F80267BD111EBBB223C84C4F9AE02.roa (raw, json)
Hash identifier: DjoCKWnEzsOUWXOM6j5PWstLuVy2efWkfIUKqKUzz40=
Subject key identifier: 1D:F9:0D:B2:0A:9A:1E:94:5B:0D:B0:17:FC:F4:5B:A9:BC:9B:D4:3D
Certificate issuer: /CN=A91EDB37/serialNumber=95FEBE93A33A3394BD1F60DCBBDDB9FDE072B7F3
Certificate serial: 07A6
Authority key identifier: 95:FE:BE:93:A3:3A:33:94:BD:1F:60:DC:BB:DD:B9:FD:E0:72:B7:F3
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/B32F80267BD111EBBB223C84C4F9AE02.roa
Signing time: Wed 15 Oct 2025 07:09:23 +0000
ROA not before: Wed 15 Oct 2025 07:09:23 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 21859
IP address blocks: 129.227.17.0/24 maxlen: 24
129.227.18.0/24 maxlen: 24
129.227.19.0/24 maxlen: 24
129.227.29.0/24 maxlen: 24
129.227.30.0/24 maxlen: 24
129.227.31.0/24 maxlen: 24
129.227.63.0/24 maxlen: 24
129.227.176.0/23 maxlen: 24
129.227.192.0/24 maxlen: 24
129.227.193.0/24 maxlen: 24
129.227.194.0/23 maxlen: 24
156.59.16.0/22 maxlen: 24
156.59.48.0/23 maxlen: 24
156.59.50.0/23 maxlen: 24
156.59.52.0/22 maxlen: 24
156.59.73.0/24 maxlen: 24
156.59.80.0/21 maxlen: 24
156.59.94.0/23 maxlen: 24
156.59.108.0/24 maxlen: 24
156.59.123.0/24 maxlen: 24
156.59.128.0/21 maxlen: 24
156.59.136.0/21 maxlen: 24
156.59.146.0/24 maxlen: 24
156.59.216.0/24 maxlen: 24
156.59.224.0/24 maxlen: 24
156.59.225.0/24 maxlen: 24
156.59.241.0/24 maxlen: 24
156.59.255.0/24 maxlen: 24
162.128.43.0/24 maxlen: 24
162.128.44.0/24 maxlen: 24
162.128.53.0/24 maxlen: 24
162.128.54.0/24 maxlen: 24
162.128.55.0/24 maxlen: 24
162.128.56.0/24 maxlen: 24
162.128.57.0/24 maxlen: 24
162.128.59.0/24 maxlen: 24
162.128.60.0/24 maxlen: 24
162.128.61.0/24 maxlen: 24
162.128.62.0/24 maxlen: 24
162.128.63.0/24 maxlen: 24
162.128.140.0/24 maxlen: 24
162.128.149.0/24 maxlen: 24
162.128.150.0/24 maxlen: 24
162.128.151.0/24 maxlen: 24
162.128.186.0/24 maxlen: 24
162.128.196.0/24 maxlen: 24
162.128.197.0/24 maxlen: 24
162.128.198.0/24 maxlen: 24
162.128.199.0/24 maxlen: 24
162.128.200.0/24 maxlen: 24
162.128.201.0/24 maxlen: 24
162.128.202.0/24 maxlen: 24
162.128.203.0/24 maxlen: 24
162.128.204.0/24 maxlen: 24
162.128.205.0/24 maxlen: 24
162.128.206.0/24 maxlen: 24
162.128.207.0/24 maxlen: 24
162.128.208.0/24 maxlen: 24
162.128.209.0/24 maxlen: 24
162.128.210.0/24 maxlen: 24
162.128.211.0/24 maxlen: 24
162.128.213.0/24 maxlen: 24
162.128.214.0/24 maxlen: 24
162.128.218.0/24 maxlen: 24
162.128.219.0/24 maxlen: 24
162.128.220.0/24 maxlen: 24
162.128.221.0/24 maxlen: 24
162.128.222.0/24 maxlen: 24
162.128.223.0/24 maxlen: 24
162.128.224.0/24 maxlen: 24
162.128.225.0/24 maxlen: 24
162.128.226.0/24 maxlen: 24
162.128.227.0/24 maxlen: 24
162.128.228.0/24 maxlen: 24
162.128.229.0/24 maxlen: 24
162.128.230.0/24 maxlen: 24
162.128.231.0/24 maxlen: 24
162.128.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.crl
rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 23:32:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1958 (0x7a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EDB37, serialNumber=95FEBE93A33A3394BD1F60DCBBDDB9FDE072B7F3
Validity
Not Before: Oct 15 07:09:23 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68ef48a2-bdec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:6e:88:27:50:4c:0f:02:ca:5e:0b:dd:1d:88:
55:32:cc:ef:07:62:ca:c0:9b:b6:4c:7f:77:32:14:
7f:42:ef:0a:2c:28:e7:e9:d7:4f:3b:f8:b7:68:b6:
5d:c2:9f:55:36:47:be:6e:eb:fe:25:c0:c4:13:00:
c2:5a:6e:fe:21:a5:22:28:3e:db:cf:fd:51:62:3d:
f0:61:17:fc:22:fe:b7:26:07:80:2b:6c:49:2c:80:
be:b1:53:47:89:33:d1:62:4f:b2:10:c6:16:7a:36:
35:27:af:0d:d0:61:f7:32:38:b8:93:b1:54:22:3e:
e8:a7:29:c0:9e:4e:46:7f:d2:89:f2:e9:6e:58:59:
00:0a:25:96:08:b4:01:25:a4:fe:cf:fe:29:ca:b7:
7e:d9:a7:89:6e:8b:72:08:c4:7b:9c:3c:d6:4a:33:
67:31:0e:15:bd:b9:9a:16:c9:cb:98:43:14:57:d9:
fe:75:2d:82:0d:af:3b:4f:00:6c:f9:a6:66:5f:0c:
e0:82:a8:3f:49:1d:2a:33:1b:73:34:05:52:12:37:
c0:ca:ff:75:a2:3b:b3:76:fb:5e:06:25:2b:5b:0f:
cd:5e:3d:2c:75:63:44:42:13:c0:8a:51:e4:44:da:
92:a9:a2:1f:a4:b6:94:c4:25:16:97:0e:5a:72:1c:
5d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:F9:0D:B2:0A:9A:1E:94:5B:0D:B0:17:FC:F4:5B:A9:BC:9B:D4:3D
X509v3 Authority Key Identifier:
keyid:95:FE:BE:93:A3:3A:33:94:BD:1F:60:DC:BB:DD:B9:FD:E0:72:B7:F3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/lf6-k6M6M5S9H2Dcu925_eByt_M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lf6-k6M6M5S9H2Dcu925_eByt_M.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EDB37/4DE635E078A011EB950D3175C4F9AE02/B32F80267BD111EBBB223C84C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
129.227.17.0-129.227.19.255
129.227.29.0-129.227.31.255
129.227.63.0/24
129.227.176.0/23
129.227.192.0/22
156.59.16.0/22
156.59.48.0/21
156.59.73.0/24
156.59.80.0/21
156.59.94.0/23
156.59.108.0/24
156.59.123.0/24
156.59.128.0/20
156.59.146.0/24
156.59.216.0/24
156.59.224.0/23
156.59.241.0/24
156.59.255.0/24
162.128.43.0-162.128.44.255
162.128.53.0-162.128.57.255
162.128.59.0-162.128.63.255
162.128.140.0/24
162.128.149.0-162.128.151.255
162.128.186.0/24
162.128.196.0-162.128.211.255
162.128.213.0-162.128.214.255
162.128.218.0-162.128.231.255
162.128.254.0/24
Signature Algorithm: sha256WithRSAEncryption
80:ca:a1:ef:05:d6:8e:53:8b:50:d3:87:55:e0:56:3c:12:d1:
21:47:39:76:df:c2:52:70:5e:41:58:34:ad:b8:ee:88:21:22:
d1:e6:1d:a0:fe:c5:a4:33:c3:95:e2:b0:39:01:dc:20:30:b4:
8d:2c:53:f0:a5:37:5c:64:0b:05:bb:f6:79:ac:fb:63:f0:10:
20:00:f9:cb:23:67:94:40:62:bd:81:68:b7:9a:a0:6d:02:f1:
ff:70:a9:df:36:a7:69:dc:e0:9f:54:9b:b9:07:fa:84:5f:22:
db:6d:64:ad:76:c5:c2:7e:dc:8b:21:0a:35:14:f9:15:9c:5e:
f8:bd:69:84:42:92:e6:22:f2:a7:f1:24:42:c2:42:c5:8d:2f:
7b:34:ba:d4:d8:94:7c:21:7c:b6:df:c3:1e:70:69:49:27:27:
94:2e:6f:61:4d:ec:0d:22:4f:8b:ed:fd:e8:ba:cc:73:9a:a3:
2e:d3:7d:53:c1:fa:4f:9a:41:a7:96:7a:39:59:6e:b6:e0:29:
56:dc:d9:be:57:cb:42:a9:cb:dd:f6:95:1b:6a:17:64:3d:ae:
05:bf:f1:8c:ee:b4:bf:25:0d:e3:ff:9e:07:b1:76:e1:9a:45:
48:4e:15:e0:04:21:95:0d:db:89:29:d0:8f:6c:d9:db:d6:e8:
b5:fb:62:e3
-----BEGIN CERTIFICATE-----
MIIGYTCCBUmgAwIBAgICB6YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RURCMzcxMTAvBgNVBAUTKDk1RkVCRTkzQTMzQTMzOTRCRDFGNjBEQ0JCRERCOUZE
RTA3MkI3RjMwHhcNMjUxMDE1MDcwOTIzWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVmNDhhMi1iZGVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvG6IJ1BMDwLKXgvdHYhVMszvB2LKwJu2TH93MhR/Qu8KLCjn6ddPO/i3aLZd
wp9VNke+buv+JcDEEwDCWm7+IaUiKD7bz/1RYj3wYRf8Iv63JgeAK2xJLIC+sVNH
iTPRYk+yEMYWejY1J68N0GH3Mji4k7FUIj7opynAnk5Gf9KJ8uluWFkACiWWCLQB
JaT+z/4pyrd+2aeJbotyCMR7nDzWSjNnMQ4VvbmaFsnLmEMUV9n+dS2CDa87TwBs
+aZmXwzggqg/SR0qMxtzNAVSEjfAyv91ojuzdvteBiUrWw/NXj0sdWNEQhPAilHk
RNqSqaIfpLaUxCUWlw5achxdPwIDAQABo4IDhTCCA4EwHQYDVR0OBBYEFB35DbIK
mh6UWw2wF/z0W6m8m9Q9MB8GA1UdIwQYMBaAFJX+vpOjOjOUvR9g3Lvduf3gcrfz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFREIzNy80REU2MzVFMDc4
QTAxMUVCOTUwRDMxNzVDNEY5QUUwMi9sZjYtazZNNk01UzlIMkRjdTkyNV9lQnl0
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2xmNi1rNk02TTVTOUgyRGN1OTI1X2VCeXRfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RURCMzcvNERFNjM1RTA3OEEwMTFFQjk1MEQzMTc1QzRGOUFFMDIvQjMyRjgwMjY3
QkQxMTFFQkJCMjIzQzg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggENBggrBgEFBQcBBwEB
/wSB/TCB+jCB9wQCAAEwgfAwDAMEAIHjEQMEAoHjEDAMAwQAgeMdAwQFgeMAAwQA
geM/AwQBgeOwAwQCgePAAwQCnDsQAwQDnDswAwQAnDtJAwQDnDtQAwQBnDteAwQA
nDtsAwQAnDt7AwQEnDuAAwQAnDuSAwQAnDvYAwQBnDvgAwQAnDvxAwQAnDv/MAwD
BACigCsDBACigCwwDAMEAKKANQMEAaKAODAMAwQAooA7AwQGooAAAwQAooCMMAwD
BACigJUDBAOigJADBACigLowDAMEAqKAxAMEAqKA0DAMAwQAooDVAwQAooDWMAwD
BAGigNoDBAOigOADBACigP4wDQYJKoZIhvcNAQELBQADggEBAIDKoe8F1o5Ti1DT
h1XgVjwS0SFHOXbfwlJwXkFYNK247oghItHmHaD+xaQzw5XisDkB3CAwtI0sU/Cl
N1xkCwW79nms+2PwECAA+csjZ5RAYr2BaLeaoG0C8f9wqd82p2nc4J9Um7kH+oRf
ItttZK12xcJ+3IshCjUU+RWcXvi9aYRCkuYi8qfxJELCQsWNL3s0utTYlHwhfLbf
wx5waUknJ5Qub2FN7A0iT4vt/ei6zHOaoy7TfVPB+k+aQaeWejlZbrbgKVbc2b5X
y0Kpy932lRtqF2Q9rgW/8YzutL8lDeP/ngexduGaRUhOFeAEIZUN24kp0I9s2dvW
6LX7YuM=
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:31:25 2025 by rpki-client