Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
File: AB20F8C0DD3311EF8B8A711FC4F9AE02.roa (raw, json)
Hash identifier: TJX/2z4AnWBNVG5vc+6iQbCnon+csxAc9hGSLvA14T4=
Subject key identifier: A4:AE:9C:E7:8B:29:FC:3B:A0:E4:48:18:0A:71:75:77:FB:C6:E4:83
Certificate issuer: /CN=A9148C7B/serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Certificate serial: 0947
Authority key identifier: 7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
Signing time: Fri 15 May 2026 15:54:36 +0000
ROA not before: Fri 15 May 2026 15:54:36 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 38742
IP address blocks: 23.88.194.0/24 maxlen: 24
23.88.195.0/24 maxlen: 24
23.88.196.0/24 maxlen: 24
23.88.197.0/24 maxlen: 24
23.88.198.0/24 maxlen: 24
23.88.199.0/24 maxlen: 24
23.88.200.0/24 maxlen: 24
23.88.201.0/24 maxlen: 24
23.88.202.0/24 maxlen: 24
23.88.203.0/24 maxlen: 24
23.88.204.0/24 maxlen: 24
23.88.205.0/24 maxlen: 24
23.88.206.0/24 maxlen: 24
23.88.207.0/24 maxlen: 24
23.88.208.0/24 maxlen: 24
23.88.209.0/24 maxlen: 24
23.88.210.0/24 maxlen: 24
23.88.211.0/24 maxlen: 24
23.88.212.0/22 maxlen: 22
23.88.212.0/24 maxlen: 24
23.88.213.0/24 maxlen: 24
23.88.214.0/24 maxlen: 24
23.88.215.0/24 maxlen: 24
23.88.216.0/22 maxlen: 22
23.88.216.0/24 maxlen: 24
23.88.217.0/24 maxlen: 24
23.88.218.0/24 maxlen: 24
23.88.219.0/24 maxlen: 24
23.88.220.0/22 maxlen: 22
23.88.220.0/24 maxlen: 24
23.88.221.0/24 maxlen: 24
23.88.222.0/24 maxlen: 24
23.88.223.0/24 maxlen: 24
152.36.194.0/24 maxlen: 24
152.36.195.0/24 maxlen: 24
152.36.200.0/24 maxlen: 24
152.36.202.0/24 maxlen: 24
152.36.206.0/24 maxlen: 24
152.36.207.0/24 maxlen: 24
152.36.208.0/24 maxlen: 24
152.36.209.0/24 maxlen: 24
152.36.210.0/24 maxlen: 24
152.36.214.0/24 maxlen: 24
152.36.216.0/24 maxlen: 24
152.36.217.0/24 maxlen: 24
152.36.218.0/24 maxlen: 24
152.36.219.0/24 maxlen: 24
152.36.220.0/24 maxlen: 24
152.36.221.0/24 maxlen: 24
152.36.222.0/24 maxlen: 24
152.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 09 Jun 2026 14:45:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2375 (0x947)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Validity
Not Before: May 15 15:54:36 2026 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=6a0741bc-6ea5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:5f:b6:73:66:51:da:d6:26:a8:c6:f0:0f:f0:
89:30:6f:c2:55:69:c7:db:dc:3f:7d:58:4b:14:2c:
ea:c3:bf:98:0f:be:f1:2a:a6:fa:6b:e1:47:8c:3a:
7c:2e:e1:3b:53:a3:5a:0b:46:c3:0f:48:7c:09:d9:
45:a7:2c:48:d5:c5:8d:37:f6:64:aa:8d:2c:cb:b7:
d1:38:c4:82:43:f8:48:19:45:57:dd:30:e1:e8:75:
46:f2:15:29:ae:52:20:cf:90:fa:d5:9f:c1:12:eb:
7a:e9:f8:e7:3c:85:8f:67:9e:66:e4:08:8a:3f:6b:
ee:f4:55:34:bc:5c:cb:06:e0:81:11:3d:37:5e:e4:
98:56:c8:cf:c4:f4:f7:b1:f8:08:d2:e8:37:db:cd:
66:f3:a1:8d:72:ac:63:d0:0e:ee:46:a9:bd:2d:96:
36:25:64:a1:6f:40:27:c6:4e:f4:e8:a6:56:5a:6d:
6f:f1:49:0d:00:23:be:a4:c0:cd:ed:25:10:83:34:
72:d5:65:ba:10:d3:12:4b:0d:dd:be:3d:a0:e2:b0:
21:dc:3e:99:36:22:e5:ba:9e:4c:02:70:10:97:a5:
63:0e:d4:4d:0e:7e:05:46:b7:d1:9d:29:84:5b:55:
5c:88:ec:3d:41:0f:df:24:9b:09:49:c4:a9:3a:f6:
2a:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:AE:9C:E7:8B:29:FC:3B:A0:E4:48:18:0A:71:75:77:FB:C6:E4:83
X509v3 Authority Key Identifier:
keyid:7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
23.88.194.0-23.88.223.255
152.36.194.0/23
152.36.200.0/24
152.36.202.0/24
152.36.206.0-152.36.210.255
152.36.214.0/24
152.36.216.0/21
Signature Algorithm: sha256WithRSAEncryption
10:e9:d1:9f:c1:69:81:9a:ef:2f:2e:df:7f:7d:98:4a:a9:74:
16:ab:6b:03:aa:d0:88:c7:3f:fa:0c:d6:dc:5b:38:5a:6d:c0:
58:c7:0f:49:bc:c7:ca:72:4d:d4:53:8d:4a:4d:f4:08:28:a1:
be:aa:6c:2d:2e:29:ea:a0:92:30:b3:03:be:5e:9e:4b:c4:63:
c0:4b:6d:e4:9f:4a:6c:84:a3:c5:dc:45:fe:d0:51:71:06:5a:
d7:15:82:79:ff:76:48:64:2b:32:79:ca:ce:9a:36:f5:7f:bc:
37:17:83:dd:c0:2b:7a:5c:8d:4a:e1:f1:ea:39:e2:31:66:10:
f3:e2:49:b1:80:a8:06:e6:a5:ec:82:8d:fb:75:fa:36:18:6b:
66:53:0d:53:99:0e:f6:ca:d7:de:7d:a9:83:04:f0:c3:1d:bd:
02:6c:e9:5e:e7:c8:d4:1b:0a:ef:17:80:63:d5:cf:31:ae:a4:
d6:d2:50:99:13:cf:58:0b:91:4b:ab:8b:be:53:09:2e:d3:9a:
03:fd:53:4e:b8:77:d0:a1:34:21:1d:9e:26:6a:47:13:7f:8d:
27:82:11:ce:b1:6c:84:22:dd:20:8e:8c:41:d7:33:b8:70:5f:
31:ad:b9:44:5e:e0:10:be:28:b5:ee:a0:cc:67:1e:dc:87:d7:
56:24:04:e7
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgICCUcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDdGNzk2NjVFNjNCRjNDRDU2REMyNEEwQTcwRDU3RjlB
OTQyREQxQjgwHhcNMjYwNTE1MTU1NDM2WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTA3NDFiYy02ZWE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt1+2c2ZR2tYmqMbwD/CJMG/CVWnH29w/fVhLFCzqw7+YD77xKqb6a+FHjDp8
LuE7U6NaC0bDD0h8CdlFpyxI1cWNN/Zkqo0sy7fROMSCQ/hIGUVX3TDh6HVG8hUp
rlIgz5D61Z/BEut66fjnPIWPZ55m5AiKP2vu9FU0vFzLBuCBET03XuSYVsjPxPT3
sfgI0ug3281m86GNcqxj0A7uRqm9LZY2JWShb0Anxk706KZWWm1v8UkNACO+pMDN
7SUQgzRy1WW6ENMSSw3dvj2g4rAh3D6ZNiLlup5MAnAQl6VjDtRNDn4FRrfRnSmE
W1VciOw9QQ/fJJsJScSpOvYqjwIDAQABo4IClDCCApAwHQYDVR0OBBYEFKSunOeL
Kfw7oORIGApxdXf7xuSDMB8GA1UdIwQYMBaAFH95Zl5jvzzVbcJKCnDVf5qULdG4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi81QkZDRkY4Q0Q2
MzAxMUVBOTQwREEwMzlDNEY5QUUwMi9mM2xtWG1PX1BOVnR3a29LY05WX21wUXQw
YmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2YzbG1YbU9fUE5WdHdrb0tjTlZfbXBRdDBiZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNUJGQ0ZGOENENjMwMTFFQTk0MERBMDM5QzRGOUFFMDIvQUIyMEY4QzBE
RDMzMTFFRjhCOEE3MTFGQzRGOUFFMDIucm9hMFMGCCsGAQUFBwEHAQH/BEQwQjBA
BAIAATA6MAwDBAEXWMIDBAUXWMADBAGYJMIDBACYJMgDBACYJMowDAMEAZgkzgME
AJgk0gMEAJgk1gMEA5gk2DANBgkqhkiG9w0BAQsFAAOCAQEAEOnRn8FpgZrvLy7f
f32YSql0FqtrA6rQiMc/+gzW3Fs4Wm3AWMcPSbzHynJN1FONSk30CCihvqpsLS4p
6qCSMLMDvl6eS8RjwEtt5J9KbISjxdxF/tBRcQZa1xWCef92SGQrMnnKzpo29X+8
NxeD3cArelyNSuHx6jniMWYQ8+JJsYCoBual7IKN+3X6NhhrZlMNU5kO9srX3n2p
gwTwwx29AmzpXufI1BsK7xeAY9XPMa6k1tJQmRPPWAuRS6uLvlMJLtOaA/1TTrh3
0KE0IR2eJmpHE3+NJ4IRzrFshCLdII6MQdczuHBfMa25RF7gEL4ote6gzGce3IfX
ViQE5w==
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:26:12 2026 by rpki-client