Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
File: D17A895C0C5D11EAB1A29D67C4F9AE02.roa (raw, json)
Hash identifier: aOW8cu9Nc0zJXm+rBrdFnzfM1/G7gfurLbAv9VHmltc=
Subject key identifier: E7:AB:9E:D9:C5:46:5E:6F:26:1D:65:B9:0A:5F:54:2B:C9:0A:15:FA
Certificate issuer: /CN=A91A4C60/serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Certificate serial: 0E93
Authority key identifier: 9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
Signing time: Tue 02 Sep 2025 18:37:53 +0000
ROA not before: Tue 02 Sep 2025 18:37:53 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 139782
IP address blocks: 2405:84c0::/48 maxlen: 48
2405:84c0:2000::/36 maxlen: 40
2405:84c0:9c00::/40 maxlen: 40
2405:84c0:ff30::/44 maxlen: 44
2405:84c0:ff30::/48 maxlen: 48
2405:84c0:ff31::/48 maxlen: 48
2405:84c0:ff32::/48 maxlen: 48
2405:84c0:ff33::/48 maxlen: 48
2405:84c0:ff34::/48 maxlen: 48
2405:84c0:ff35::/48 maxlen: 48
2405:84c0:ff36::/48 maxlen: 48
2405:84c0:ff37::/48 maxlen: 48
2405:84c0:ff38::/48 maxlen: 48
2405:84c0:ff39::/48 maxlen: 48
2405:84c0:ff3a::/48 maxlen: 48
2405:84c0:ff3b::/48 maxlen: 48
2405:84c0:ff3c::/48 maxlen: 48
2405:84c0:ff3d::/48 maxlen: 48
2405:84c0:ff3e::/48 maxlen: 48
2405:84c0:ff3f::/48 maxlen: 48
2405:84c0:ff50::/44 maxlen: 48
2405:84c0:ff60::/44 maxlen: 44
2405:84c0:fff0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 09 Sep 2025 18:38:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3731 (0xe93)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4C60, serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Validity
Not Before: Sep 2 18:37:53 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68b73981-5641
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:53:8f:89:ef:31:8f:03:80:15:4a:04:e8:62:
76:7a:8b:52:96:70:9f:8a:79:e5:6a:9c:ee:5f:28:
43:aa:94:ad:26:55:00:33:14:59:95:f0:49:85:05:
5d:85:a8:68:40:80:c3:21:cf:ef:47:3c:76:31:ec:
ef:f3:46:12:d8:b2:25:88:aa:c5:0d:8f:8a:46:92:
62:2e:f6:bf:cc:f0:06:43:f4:c0:96:3b:c9:e5:d9:
59:72:9d:c8:77:53:51:52:40:6c:04:e2:7f:3f:eb:
94:37:a4:28:5d:4c:a1:84:87:92:4c:3c:ab:82:da:
5d:cb:cd:08:f5:5d:cd:55:aa:e8:24:81:6d:96:f6:
45:57:1c:90:d6:96:44:01:64:25:e4:c7:11:06:6e:
2d:0d:cf:e0:eb:dd:bf:6e:9f:89:b6:a0:1b:13:26:
f1:de:cd:be:3c:f1:f1:a5:b2:e3:e6:8d:02:9c:53:
0f:81:78:94:3c:a4:4f:52:7a:d4:8d:0a:5f:17:39:
73:82:a9:97:9e:d3:c8:73:d3:39:ee:7c:ed:8e:7e:
b5:8a:46:15:53:b9:28:63:db:2d:30:ca:0c:d2:4d:
7b:67:0b:54:54:02:45:88:48:25:7f:42:1a:f5:81:
ae:70:ad:db:ad:59:5c:a4:aa:11:fe:74:e3:87:2d:
2e:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:AB:9E:D9:C5:46:5E:6F:26:1D:65:B9:0A:5F:54:2B:C9:0A:15:FA
X509v3 Authority Key Identifier:
keyid:9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2405:84c0::/48
2405:84c0:2000::/36
2405:84c0:9c00::/40
2405:84c0:ff30::/44
2405:84c0:ff50::-2405:84c0:ff6f:ffff:ffff:ffff:ffff:ffff
2405:84c0:fff0::/48
Signature Algorithm: sha256WithRSAEncryption
2b:99:b2:c8:7c:9c:2b:b7:f8:eb:ca:fb:2d:4f:6b:e8:46:da:
3f:40:be:bd:d1:be:0f:8f:5c:18:65:b2:e6:ec:11:ed:d2:08:
31:52:cd:62:6e:1c:e5:6b:9a:70:51:ef:9f:ac:ad:1c:c4:03:
31:3e:5a:bc:87:d5:1d:59:d3:f7:f0:6a:06:88:f6:f7:18:a1:
f4:37:1b:f0:4e:c1:98:a2:b6:96:50:dd:36:a3:dc:17:e6:5b:
15:e5:a9:fe:10:17:b8:a0:54:13:3b:92:e7:db:25:3a:d2:c8:
c9:16:ee:1b:e8:30:8b:c2:36:84:02:b0:a1:2f:9b:b5:ea:f3:
cb:a3:60:ef:b4:e4:94:cf:c9:41:3d:09:93:b0:7b:67:65:0a:
a5:b6:96:b2:f1:60:c5:a8:f3:52:38:a8:a4:ce:92:13:06:fa:
14:9d:1a:01:c4:34:42:e2:e1:f0:1b:47:f1:9e:35:b7:14:34:
a1:16:b0:fb:f0:ed:22:f8:36:3c:53:89:08:d8:9d:01:b2:32:
67:9c:05:74:04:8b:35:c1:f5:9c:00:6a:01:0b:d4:c5:40:f4:
1b:43:8e:25:9d:95:7a:dd:de:dd:37:e9:d2:7c:f5:c8:eb:c2:
7c:d3:cf:f8:de:a6:2e:80:b0:c1:c1:b7:ba:5d:31:cb:9a:14:
af:a3:1f:31
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICDpMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTRDNjAxMTAvBgNVBAUTKDlFRjlFNDM3NkUzNjY1MzI3NUM3OTYzNTk4RDZCNDVC
NzBBRjgwOTkwHhcNMjUwOTAyMTgzNzUzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI3Mzk4MS01NjQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApVOPie8xjwOAFUoE6GJ2eotSlnCfinnlapzuXyhDqpStJlUAMxRZlfBJhQVd
hahoQIDDIc/vRzx2Mezv80YS2LIliKrFDY+KRpJiLva/zPAGQ/TAljvJ5dlZcp3I
d1NRUkBsBOJ/P+uUN6QoXUyhhIeSTDyrgtpdy80I9V3NVaroJIFtlvZFVxyQ1pZE
AWQl5McRBm4tDc/g692/bp+JtqAbEybx3s2+PPHxpbLj5o0CnFMPgXiUPKRPUnrU
jQpfFzlzgqmXntPIc9M57nztjn61ikYVU7koY9stMMoM0k17ZwtUVAJFiEglf0Ia
9YGucK3brVlcpKoR/nTjhy0u2wIDAQABo4ICzjCCAsowHQYDVR0OBBYEFOerntnF
Rl5vJh1luQpfVCvJChX6MB8GA1UdIwQYMBaAFJ755DduNmUydceWNZjWtFtwr4CZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNEM2MC9CNTI2RkY3NEQ4
NDExMUU5QTQ1MjE0MTNDNEY5QUUwMi9udm5rTjI0MlpUSjF4NVkxbU5hMFczQ3Zn
SmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL252bmtOMjQyWlRKMXg1WTFtTmEwVzNDdmdKay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTRDNjAvQjUyNkZGNzREODQxMTFFOUE0NTIxNDEzQzRGOUFFMDIvRDE3QTg5NUMw
QzVEMTFFQUIxQTI5RDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMEUEAgACMD8DBwAkBYTAAAADBgQkBYTAIAMGACQFhMCcAwcEJAWEwP8wMBID
BwQkBYTA/1ADBwQkBYTA/2ADBwAkBYTA//AwDQYJKoZIhvcNAQELBQADggEBACuZ
ssh8nCu3+OvK+y1Pa+hG2j9Avr3Rvg+PXBhlsubsEe3SCDFSzWJuHOVrmnBR75+s
rRzEAzE+WryH1R1Z0/fwagaI9vcYofQ3G/BOwZiitpZQ3Taj3BfmWxXlqf4QF7ig
VBM7kufbJTrSyMkW7hvoMIvCNoQCsKEvm7Xq88ujYO+05JTPyUE9CZOwe2dlCqW2
lrLxYMWo81I4qKTOkhMG+hSdGgHENELi4fAbR/GeNbcUNKEWsPvw7SL4NjxTiQjY
nQGyMmecBXQEizXB9ZwAagEL1MVA9BtDjiWdlXrd3t036dJ89cjrwnzTz/jepi6A
sMHBt7pdMcuaFK+jHzE=
-----END CERTIFICATE-----
Generated at Thu Sep 4 10:24:04 2025 by rpki-client