Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/595774341B6211F0B9733473C4F9AE02.roa
File: 595774341B6211F0B9733473C4F9AE02.roa (raw, json)
Hash identifier: 7H1WNXq4e92nwvgGNVFt3drbCtCA0vHzGWt+JS3qJgY=
Subject key identifier: B7:10:95:6E:D8:7E:C0:7C:31:D7:41:39:CF:44:19:AF:2D:C3:C8:DE
Certificate issuer: /CN=A91EB4AF/serialNumber=A97EAA4D6F155B8D27C40AE8E327D9BA52C34B42
Certificate serial: 0348
Authority key identifier: A9:7E:AA:4D:6F:15:5B:8D:27:C4:0A:E8:E3:27:D9:BA:52:C3:4B:42
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qX6qTW8VW40nxAro4yfZulLDS0I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/595774341B6211F0B9733473C4F9AE02.roa
Signing time: Tue 26 Aug 2025 08:49:55 +0000
ROA not before: Tue 26 Aug 2025 08:49:55 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 21433
IP address blocks: 2404:3d00:41c4::/47 maxlen: 47
2404:3d00:41c4::/48 maxlen: 48
2404:3d00:41c5::/48 maxlen: 48
2404:3d00:41ce::/47 maxlen: 47
2404:3d00:41ce::/48 maxlen: 48
2404:3d00:41cf::/48 maxlen: 48
2404:3d00:41d0::/47 maxlen: 47
2404:3d00:41d0::/48 maxlen: 48
2404:3d00:41d1::/48 maxlen: 48
2404:3d00:41d2::/47 maxlen: 47
2404:3d00:41d4::/47 maxlen: 47
2404:3d00:41d6::/47 maxlen: 47
2404:3d00:41e2::/47 maxlen: 47
2404:3d00:41e2::/48 maxlen: 48
2404:3d00:41e3::/48 maxlen: 48
2404:3d00:41e6::/47 maxlen: 47
2404:3d00:41e6::/48 maxlen: 48
2404:3d00:41e7::/48 maxlen: 48
2404:3d00:41ee::/47 maxlen: 47
2404:3d00:41ee::/48 maxlen: 48
2404:3d00:41ef::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/qX6qTW8VW40nxAro4yfZulLDS0I.crl
rsync://rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/qX6qTW8VW40nxAro4yfZulLDS0I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qX6qTW8VW40nxAro4yfZulLDS0I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 16 Sep 2025 01:12:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 840 (0x348)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EB4AF, serialNumber=A97EAA4D6F155B8D27C40AE8E327D9BA52C34B42
Validity
Not Before: Aug 26 08:49:55 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=68ad7533-ab88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:ed:d7:d3:2d:f0:58:39:01:4a:9c:bd:49:14:
ae:9a:a8:df:a9:25:85:08:e9:60:ef:1f:9f:33:3b:
e0:00:07:aa:50:b4:59:89:df:0b:44:89:73:f2:ce:
8d:72:d1:73:6c:0a:37:4e:58:63:99:7d:56:ac:f6:
e5:56:51:2a:37:b0:b4:97:7e:7f:83:56:70:62:38:
8f:f1:ab:ff:ef:be:90:fa:44:f3:41:69:67:77:a5:
46:2f:e3:b4:23:b1:6a:46:09:6f:0b:6a:ea:b0:fc:
c5:3c:7f:a7:e9:9e:57:7d:8e:0c:0f:d4:7a:aa:d6:
b0:8c:3f:93:bc:df:7f:a7:40:7d:d7:57:bc:33:16:
35:ac:81:b7:2b:03:61:1e:74:48:2f:c3:cc:52:04:
fb:31:d9:8b:4f:60:62:e2:b1:c3:11:b9:6b:5d:01:
91:ce:66:2c:41:04:50:40:85:90:71:ca:8b:12:fd:
51:0d:83:75:ae:5e:a5:0a:27:28:94:4d:3b:78:de:
87:a4:a7:60:40:47:0c:0c:c3:25:bb:4f:ed:a1:74:
71:80:59:aa:e7:4e:41:b0:9e:e6:bf:28:46:c5:01:
46:f3:72:a8:5e:52:fb:4d:48:ae:74:45:29:b7:f9:
1f:e0:ab:4c:78:47:8e:70:92:93:e8:27:57:18:13:
d1:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:10:95:6E:D8:7E:C0:7C:31:D7:41:39:CF:44:19:AF:2D:C3:C8:DE
X509v3 Authority Key Identifier:
keyid:A9:7E:AA:4D:6F:15:5B:8D:27:C4:0A:E8:E3:27:D9:BA:52:C3:4B:42
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/qX6qTW8VW40nxAro4yfZulLDS0I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qX6qTW8VW40nxAro4yfZulLDS0I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB4AF/CC7B255ADCA911EC94E3E029C4F9AE02/595774341B6211F0B9733473C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2404:3d00:41c4::/47
2404:3d00:41ce::-2404:3d00:41d7:ffff:ffff:ffff:ffff:ffff
2404:3d00:41e2::/47
2404:3d00:41e6::/47
2404:3d00:41ee::/47
Signature Algorithm: sha256WithRSAEncryption
7c:0b:f3:e0:3d:31:03:48:21:c3:dc:fc:2b:49:58:36:7b:c5:
78:60:ca:af:c9:2e:90:64:16:95:f0:37:12:23:35:3f:cd:59:
a7:89:bf:d3:1d:cd:52:12:ce:9e:c2:92:63:6c:59:a2:22:69:
fe:4a:e1:c3:ea:3f:0a:50:74:41:50:fb:c7:3c:22:5b:cc:8a:
61:58:ce:3c:24:a7:5e:5f:99:f2:bc:1d:98:54:c1:b9:ce:b7:
20:1c:32:90:d6:29:89:ab:3c:a9:c6:0c:dc:ba:4f:39:1f:9e:
e9:5d:3e:ec:f1:fa:9f:80:99:34:fd:b7:f9:f6:b3:14:47:d3:
e5:e7:2e:1c:ea:f4:32:f2:a4:03:39:68:1a:da:e8:40:b6:5c:
5b:f8:35:27:f2:76:2f:0e:ca:fd:3f:b5:cb:31:7c:78:ff:f0:
e4:f8:0b:7a:26:3b:cd:72:30:f4:e2:24:9a:23:5a:a8:1c:6e:
de:dc:32:40:8b:8c:84:cf:1e:e3:57:ab:d3:88:6a:38:c8:70:
e5:81:00:33:ed:22:49:d6:4f:e3:1d:d4:d7:53:38:32:b6:20:
8c:f4:ff:64:f1:bd:ec:62:e9:26:e8:17:c7:98:90:3f:c8:fa:
b1:a0:0f:47:6b:7f:45:fc:3e:f7:27:ac:3d:77:9d:0d:c0:5f:
a6:a2:5f:01
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgICA0gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUI0QUYxMTAvBgNVBAUTKEE5N0VBQTRENkYxNTVCOEQyN0M0MEFFOEUzMjdEOUJB
NTJDMzRCNDIwHhcNMjUwODI2MDg0OTU1WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGFkNzUzMy1hYjg4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1O3X0y3wWDkBSpy9SRSumqjfqSWFCOlg7x+fMzvgAAeqULRZid8LRIlz8s6N
ctFzbAo3TlhjmX1WrPblVlEqN7C0l35/g1ZwYjiP8av/776Q+kTzQWlnd6VGL+O0
I7FqRglvC2rqsPzFPH+n6Z5XfY4MD9R6qtawjD+TvN9/p0B911e8MxY1rIG3KwNh
HnRIL8PMUgT7MdmLT2Bi4rHDEblrXQGRzmYsQQRQQIWQccqLEv1RDYN1rl6lCico
lE07eN6HpKdgQEcMDMMlu0/toXRxgFmq505BsJ7mvyhGxQFG83KoXlL7TUiudEUp
t/kf4KtMeEeOcJKT6CdXGBPRdQIDAQABo4ICxzCCAsMwHQYDVR0OBBYEFLcQlW7Y
fsB8MddBOc9EGa8tw8jeMB8GA1UdIwQYMBaAFKl+qk1vFVuNJ8QK6OMn2bpSw0tC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjRBRi9DQzdCMjU1QURD
QTkxMUVDOTRFM0UwMjlDNEY5QUUwMi9xWDZxVFc4Vlc0MG54QXJvNHlmWnVsTERT
MEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FYNnFUVzhWVzQwbnhBcm80eWZadWxMRFMwSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUI0QUYvQ0M3QjI1NUFEQ0E5MTFFQzk0RTNFMDI5QzRGOUFFMDIvNTk1Nzc0MzQx
QjYyMTFGMEI5NzMzNDczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUQYIKwYBBQUHAQcBAf8E
QjBAMD4EAgACMDgDBwEkBD0AQcQwEgMHASQEPQBBzgMHAyQEPQBB0AMHASQEPQBB
4gMHASQEPQBB5gMHASQEPQBB7jANBgkqhkiG9w0BAQsFAAOCAQEAfAvz4D0xA0gh
w9z8K0lYNnvFeGDKr8kukGQWlfA3EiM1P81Zp4m/0x3NUhLOnsKSY2xZoiJp/krh
w+o/ClB0QVD7xzwiW8yKYVjOPCSnXl+Z8rwdmFTBuc63IBwykNYpias8qcYM3LpP
OR+e6V0+7PH6n4CZNP23+fazFEfT5ecuHOr0MvKkAzloGtroQLZcW/g1J/J2Lw7K
/T+1yzF8eP/w5PgLeiY7zXIw9OIkmiNaqBxu3twyQIuMhM8e41er04hqOMhw5YEA
M+0iSdZP4x3U11M4MrYgjPT/ZPG97GLpJugXx5iQP8j6saAPR2t/Rfw+9yesPXed
DcBfpqJfAQ==
-----END CERTIFICATE-----
Generated at Wed Sep 10 12:00:09 2025 by rpki-client