Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
File: CBAFF664136B11EFB53F2683C4F9AE02.roa (raw, json)
Hash identifier: XQNTFO3hExGDgHXROqI5oeIr8/2ZWX1H0cNQVP9jVhE=
Subject key identifier: 3A:CC:1B:DC:D8:38:C5:D1:52:53:83:06:32:B3:42:53:F6:54:4D:3C
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 2056
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
Signing time: Sun 01 Mar 2026 19:12:59 +0000
ROA not before: Fri 26 Dec 2025 09:46:21 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 58777
IP address blocks: 59.52.138.0/24 maxlen: 24
113.240.205.0/24 maxlen: 24
117.25.105.0/24 maxlen: 24
125.93.28.0/24 maxlen: 24
125.93.29.0/24 maxlen: 24
202.67.0.0/22 maxlen: 24
202.73.128.0/22 maxlen: 24
202.191.72.0/21 maxlen: 24
203.33.67.0/24 maxlen: 24
203.33.68.0/24 maxlen: 24
203.33.73.0/24 maxlen: 24
203.33.79.0/24 maxlen: 24
203.33.100.0/24 maxlen: 24
203.33.122.0/24 maxlen: 24
203.33.129.0/24 maxlen: 24
203.33.131.0/24 maxlen: 24
220.171.147.0/24 maxlen: 24
221.235.40.0/24 maxlen: 24
221.237.65.0/24 maxlen: 24
240e:108:4040::/48 maxlen: 48
240e:108:4047::/48 maxlen: 48
240e:108:4060::/48 maxlen: 48
240e:108:4360::/48 maxlen: 48
240e:108:4820::/48 maxlen: 48
240e:108:4840::/48 maxlen: 48
240e:108:4847::/48 maxlen: 48
240e:108:4860::/48 maxlen: 48
240e:108:4b60::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 19 Mar 2026 16:09:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8278 (0x2056)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Dec 26 09:46:21 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a48fba-075d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:53:d9:af:c9:e7:94:78:44:44:a8:27:e2:10:
52:b6:ac:d7:3f:55:d5:9c:81:82:7f:58:dc:4c:f0:
79:c4:f9:08:8a:c7:1d:1e:b2:72:95:13:e5:52:fe:
57:a9:9f:38:a4:ee:6d:48:cf:7b:80:af:33:ac:11:
68:2e:a9:31:94:fa:25:a5:58:1f:75:39:d2:c6:df:
e7:78:00:b0:c5:29:81:3e:76:0a:85:57:91:49:ed:
5f:10:f5:15:19:82:0d:3e:d6:cc:d7:04:28:80:7f:
58:b2:e7:41:af:cd:8f:8f:9a:26:98:18:5c:65:5a:
72:af:3d:8d:de:db:a0:29:fd:a3:22:c8:0c:ba:bb:
f9:4a:26:68:24:0e:c7:0f:af:14:69:8f:30:33:96:
8d:c6:38:9f:b1:18:eb:f7:75:49:47:8d:a6:a2:84:
5f:d4:2d:bf:5e:75:e2:62:f4:d0:98:7c:54:1c:f1:
86:d7:dd:6f:c7:9d:94:76:88:af:bf:42:0b:09:64:
2d:55:59:c5:a3:8f:52:ae:b4:3f:fa:e1:6e:73:4a:
ae:15:04:31:d3:9b:bf:5a:59:e6:66:a7:7e:f3:75:
2c:1e:f0:55:59:f7:78:e6:58:f7:65:67:d3:40:d8:
36:83:3a:76:6a:27:ef:f5:ee:cb:f1:c7:48:64:6b:
81:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:CC:1B:DC:D8:38:C5:D1:52:53:83:06:32:B3:42:53:F6:54:4D:3C
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
59.52.138.0/24
113.240.205.0/24
117.25.105.0/24
125.93.28.0/23
202.67.0.0/22
202.73.128.0/22
202.191.72.0/21
203.33.67.0-203.33.68.255
203.33.73.0/24
203.33.79.0/24
203.33.100.0/24
203.33.122.0/24
203.33.129.0/24
203.33.131.0/24
220.171.147.0/24
221.235.40.0/24
221.237.65.0/24
IPv6:
240e:108:4040::/48
240e:108:4047::/48
240e:108:4060::/48
240e:108:4360::/48
240e:108:4820::/48
240e:108:4840::/48
240e:108:4847::/48
240e:108:4860::/48
240e:108:4b60::/48
Signature Algorithm: sha256WithRSAEncryption
16:8f:e6:83:99:e3:98:0c:fa:d9:d8:82:b5:45:e2:82:0c:fb:
f8:38:6b:04:a6:08:47:10:08:05:df:e9:2a:f7:e8:59:7e:d1:
5f:db:bd:51:53:3c:26:7b:7c:25:12:cc:43:77:4d:26:68:e4:
1f:84:05:08:6b:3e:b2:d0:af:6a:01:bf:a3:ef:46:c1:18:64:
b1:66:00:f7:4f:78:88:37:c5:33:63:12:a0:33:6f:f5:53:6d:
02:3e:91:95:b6:60:d1:90:17:59:8b:5c:f7:fc:c9:08:bf:d5:
77:66:be:60:67:1e:91:ea:9e:2c:a9:50:12:29:5d:78:5f:f1:
53:f8:a7:7c:a1:56:fa:96:cd:f3:22:06:08:68:95:09:d0:a3:
e1:28:27:43:7d:21:bc:b1:7e:ee:b0:d7:af:9c:46:1b:54:f3:
72:76:35:f5:a3:b3:88:12:af:46:15:15:21:14:ee:00:f1:5d:
dd:4d:e0:0f:0a:9f:7c:77:f3:2a:60:60:38:56:b0:f0:d2:9e:
5a:4a:20:5f:d7:62:2f:db:2f:d1:7b:0f:49:fc:4a:ac:03:ee:
8b:36:40:b3:e4:2d:13:f3:7a:81:70:00:c3:94:7a:1e:d8:bf:
b5:f3:32:9b:64:fb:d5:83:c3:f9:6e:7a:fe:e0:ba:c2:0a:7d:
ae:69:f8:3a
-----BEGIN CERTIFICATE-----
MIIGADCCBOigAwIBAgICIFYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUxMjI2MDk0NjIxWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0OGZiYS0wNzVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwFPZr8nnlHhERKgn4hBStqzXP1XVnIGCf1jcTPB5xPkIiscdHrJylRPlUv5X
qZ84pO5tSM97gK8zrBFoLqkxlPolpVgfdTnSxt/neACwxSmBPnYKhVeRSe1fEPUV
GYINPtbM1wQogH9YsudBr82Pj5ommBhcZVpyrz2N3tugKf2jIsgMurv5SiZoJA7H
D68UaY8wM5aNxjifsRjr93VJR42mooRf1C2/XnXiYvTQmHxUHPGG191vx52Udoiv
v0ILCWQtVVnFo49SrrQ/+uFuc0quFQQx05u/WlnmZqd+83UsHvBVWfd45lj3ZWfT
QNg2gzp2aifv9e7L8cdIZGuBoQIDAQABo4IDJDCCAyAwHQYDVR0OBBYEFDrMG9zY
OMXRUlODBjKzQlP2VE08MB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQ0JBRkY2NjQx
MzZCMTFFRkI1M0YyNjgzQzRGOUFFMDIucm9hMIHiBggrBgEFBQcBBwEB/wSB0jCB
zzB0BAIAATBuAwQAOzSKAwQAcfDNAwQAdRlpAwQBfV0cAwQCykMAAwQCykmAAwQD
yr9IMAwDBADLIUMDBADLIUQDBADLIUkDBADLIU8DBADLIWQDBADLIXoDBADLIYED
BADLIYMDBADcq5MDBADd6ygDBADd7UEwVwQCAAIwUQMHACQOAQhAQAMHACQOAQhA
RwMHACQOAQhAYAMHACQOAQhDYAMHACQOAQhIIAMHACQOAQhIQAMHACQOAQhIRwMH
ACQOAQhIYAMHACQOAQhLYDANBgkqhkiG9w0BAQsFAAOCAQEAFo/mg5njmAz62diC
tUXiggz7+DhrBKYIRxAIBd/pKvfoWX7RX9u9UVM8Jnt8JRLMQ3dNJmjkH4QFCGs+
stCvagG/o+9GwRhksWYA9094iDfFM2MSoDNv9VNtAj6RlbZg0ZAXWYtc9/zJCL/V
d2a+YGcekeqeLKlQEildeF/xU/infKFW+pbN8yIGCGiVCdCj4SgnQ30hvLF+7rDX
r5xGG1TzcnY19aOziBKvRhUVIRTuAPFd3U3gDwqffHfzKmBgOFaw8NKeWkogX9di
L9sv0XsPSfxKrAPuizZAs+QtE/N6gXAAw5R6Hti/tfMym2T71YPD+W56/uC6wgp9
rmn4Og==
-----END CERTIFICATE-----
Generated at Thu Mar 12 22:47:04 2026 by rpki-client