Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
File: 0BA74CC46EF111EEB2AAC928C4F9AE02.roa (raw, json)
Hash identifier: 84eNxQOmspVQHwI4ga6aKRJgJY/Xn7t9aXdu10OERMs=
Subject key identifier: 9F:F4:F7:59:D8:E2:9B:FE:60:0D:CF:76:92:77:7A:E9:3D:F0:A7:D4
Certificate issuer: /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial: 5EE8
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
Signing time: Mon 02 Mar 2026 22:20:14 +0000
ROA not before: Thu 28 Aug 2025 14:57:07 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 38733
IP address blocks: 42.96.33.0/24 maxlen: 24
42.96.36.0/23 maxlen: 24
42.96.62.0/24 maxlen: 24
42.96.63.0/24 maxlen: 24
45.122.244.0/24 maxlen: 24
103.82.32.0/22 maxlen: 24
103.117.196.0/23 maxlen: 23
103.188.20.0/23 maxlen: 23
103.190.38.0/23 maxlen: 24
115.165.161.0/24 maxlen: 24
115.165.162.0/23 maxlen: 24
115.165.164.0/23 maxlen: 24
115.165.167.0/24 maxlen: 24
119.82.133.0/24 maxlen: 24
124.158.8.0/21 maxlen: 24
124.158.8.0/24 maxlen: 24
124.158.9.0/24 maxlen: 24
124.158.10.0/24 maxlen: 24
124.158.11.0/24 maxlen: 24
124.158.12.0/24 maxlen: 24
124.158.13.0/24 maxlen: 24
124.158.15.0/24 maxlen: 24
203.167.12.0/22 maxlen: 24
203.205.15.0/24 maxlen: 24
2400:8c60::/48 maxlen: 48
2402:5300:4020::/48 maxlen: 48
2402:5300:4021::/48 maxlen: 48
2402:5300:4e00::/40 maxlen: 48
2402:5300:7100::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 13 Mar 2026 14:32:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24296 (0x5ee8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Validity
Not Before: Aug 28 14:57:07 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=69a60d1d-cbf3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:0a:9e:b2:3e:89:97:b7:f7:4f:4d:81:62:67:
49:27:07:01:45:67:9b:d8:99:fc:88:d7:e6:fb:26:
84:8c:be:1c:f2:8e:a4:48:16:ff:c5:99:6a:70:77:
3b:b3:a5:0f:fc:a5:78:71:69:02:e1:33:ae:73:c8:
dd:9d:05:56:2a:03:9a:53:ef:ec:2a:84:da:42:e9:
f2:82:de:8e:d0:bc:7f:8a:c0:91:c5:b0:5e:3f:3e:
f5:09:4d:d8:07:e2:30:9f:40:62:03:64:6c:61:05:
db:d1:86:60:ce:20:76:78:e4:4a:23:e5:c7:b3:d0:
b8:fe:13:46:18:30:cc:d1:ef:32:e4:87:1f:b0:2c:
2b:09:c6:cb:a6:5d:8f:b1:38:67:7e:f9:8e:e7:a5:
0f:d4:16:a4:e6:d5:33:79:ac:05:9a:6d:04:5a:49:
db:28:c1:f6:73:89:e7:7e:50:49:e9:f2:ac:69:d4:
4c:46:af:44:a7:34:92:fd:60:58:5e:d4:35:32:de:
f7:91:5e:25:f3:ff:3e:2d:6c:df:31:26:49:56:d3:
fe:cc:31:2b:fd:82:63:32:d5:dd:41:f2:2a:49:e4:
7b:4d:59:f5:5e:2c:df:89:c4:27:d8:a8:4c:be:cb:
c8:9c:ac:35:da:ab:f7:82:e0:a2:ff:c7:c5:bc:ae:
1d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:F4:F7:59:D8:E2:9B:FE:60:0D:CF:76:92:77:7A:E9:3D:F0:A7:D4
X509v3 Authority Key Identifier:
keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
42.96.33.0/24
42.96.36.0/23
42.96.62.0/23
45.122.244.0/24
103.82.32.0/22
103.117.196.0/23
103.188.20.0/23
103.190.38.0/23
115.165.161.0-115.165.165.255
115.165.167.0/24
119.82.133.0/24
124.158.8.0/21
203.167.12.0/22
203.205.15.0/24
IPv6:
2400:8c60::/48
2402:5300:4020::/47
2402:5300:4e00::/40
2402:5300:7100::/40
Signature Algorithm: sha256WithRSAEncryption
08:2e:62:87:ff:47:13:cb:d4:c1:d7:52:56:e9:e7:1f:23:f6:
5f:32:f4:75:42:45:6f:f2:e1:1c:1e:11:e3:a9:14:23:28:f4:
e7:f6:92:9c:39:67:61:ff:f1:f4:04:17:3e:87:09:73:d1:81:
c7:4b:c8:41:cf:74:28:cb:3c:e8:42:ea:f4:d0:3e:94:c7:7b:
cc:0a:3c:65:66:55:f7:3d:fd:0c:20:59:27:1b:c7:ab:d8:53:
9d:bd:ba:88:d0:34:a6:59:1a:34:bd:5f:46:bf:d6:6d:3c:f5:
37:74:a3:77:b3:4b:41:cb:7f:83:ed:48:0b:95:9d:9b:78:3e:
cd:61:7d:2e:02:f6:1b:4e:76:06:53:cb:d6:22:1a:47:e2:92:
16:f9:4f:f2:57:44:50:7d:58:6c:df:be:62:16:ad:20:6a:f3:
b5:54:88:97:88:4c:be:79:7e:2c:a5:03:0a:f9:f4:f1:ba:86:
c5:29:a2:27:35:46:2b:4d:25:be:5a:b2:63:df:07:1f:87:ee:
50:bb:02:34:57:ba:6c:0a:0a:c8:fc:ad:b9:70:89:23:d0:f7:
8a:e8:65:e8:05:a4:34:b4:8f:96:85:cf:20:e6:e3:1a:72:95:
8b:fa:2f:cd:09:a0:79:95:0b:ed:94:06:50:37:78:12:68:e8:
87:4f:80:68
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgICXugwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwODI4MTQ1NzA3WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE2MGQxZC1jYmYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0gqesj6Jl7f3T02BYmdJJwcBRWeb2Jn8iNfm+yaEjL4c8o6kSBb/xZlqcHc7
s6UP/KV4cWkC4TOuc8jdnQVWKgOaU+/sKoTaQunygt6O0Lx/isCRxbBePz71CU3Y
B+Iwn0BiA2RsYQXb0YZgziB2eORKI+XHs9C4/hNGGDDM0e8y5IcfsCwrCcbLpl2P
sThnfvmO56UP1Bak5tUzeawFmm0EWknbKMH2c4nnflBJ6fKsadRMRq9EpzSS/WBY
XtQ1Mt73kV4l8/8+LWzfMSZJVtP+zDEr/YJjMtXdQfIqSeR7TVn1XizficQn2KhM
vsvInKw12qv3guCi/8fFvK4dfwIDAQABo4IC4zCCAt8wHQYDVR0OBBYEFJ/091nY
4pv+YA3PdpJ3euk98KfUMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvMEJBNzRDQzQ2
RUYxMTFFRUIyQUFDOTI4QzRGOUFFMDIucm9hMIGhBggrBgEFBQcBBwEB/wSBkTCB
jjBiBAIAATBcAwQAKmAhAwQBKmAkAwQBKmA+AwQALXr0AwQCZ1IgAwQBZ3XEAwQB
Z7wUAwQBZ74mMAwDBABzpaEDBAFzpaQDBABzpacDBAB3UoUDBAN8nggDBALLpwwD
BADLzQ8wKAQCAAIwIgMHACQAjGAAAAMHASQCUwBAIAMGACQCUwBOAwYAJAJTAHEw
DQYJKoZIhvcNAQELBQADggEBAAguYof/RxPL1MHXUlbp5x8j9l8y9HVCRW/y4Rwe
EeOpFCMo9Of2kpw5Z2H/8fQEFz6HCXPRgcdLyEHPdCjLPOhC6vTQPpTHe8wKPGVm
Vfc9/QwgWScbx6vYU529uojQNKZZGjS9X0a/1m089Td0o3ezS0HLf4PtSAuVnZt4
Ps1hfS4C9htOdgZTy9YiGkfikhb5T/JXRFB9WGzfvmIWrSBq87VUiJeITL55fiyl
Awr59PG6hsUpoic1RitNJb5asmPfBx+H7lC7AjRXumwKCsj8rblwiSPQ94roZegF
pDS0j5aFzyDm4xpylYv6L80JoHmVC+2UBlA3eBJo6IdPgGg=
-----END CERTIFICATE-----
Generated at Sat Mar 7 22:43:02 2026 by rpki-client