Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
File: CB67A9DC8D1311EF9895E61CC4F9AE02.roa (raw, json)
Hash identifier: kKSJyoebjy15OgygZVoqq1dl8OzWQ/rL9QJn0Qbj8ag=
Subject key identifier: 2E:F4:B2:60:B7:C2:74:06:52:D8:F1:CE:8C:F7:D3:87:07:DE:89:36
Certificate issuer: /CN=A9158E3F/serialNumber=7E313AB7FF26E783E03C07851612751881AE4918
Certificate serial: 0C24
Authority key identifier: 7E:31:3A:B7:FF:26:E7:83:E0:3C:07:85:16:12:75:18:81:AE:49:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
Signing time: Wed 16 Jul 2025 01:15:46 +0000
ROA not before: Wed 16 Jul 2025 01:15:46 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 15830
IP address blocks: 27.111.128.0/22 maxlen: 22
36.255.39.0/24 maxlen: 24
103.8.176.0/22 maxlen: 22
103.8.180.0/22 maxlen: 22
103.8.180.0/24 maxlen: 24
103.8.182.0/23 maxlen: 23
119.27.0.0/19 maxlen: 19
119.27.32.0/20 maxlen: 20
119.27.50.0/23 maxlen: 23
119.27.52.0/22 maxlen: 22
119.27.56.0/22 maxlen: 22
119.27.60.0/23 maxlen: 23
122.50.64.0/19 maxlen: 19
122.50.104.0/21 maxlen: 21
122.50.112.0/22 maxlen: 22
122.50.120.0/21 maxlen: 21
180.189.0.0/20 maxlen: 20
180.189.0.0/21 maxlen: 21
180.189.8.0/21 maxlen: 21
180.189.8.0/22 maxlen: 22
180.189.13.0/24 maxlen: 24
180.189.14.0/23 maxlen: 23
180.189.32.0/20 maxlen: 20
180.189.48.0/22 maxlen: 22
180.189.56.0/21 maxlen: 21
183.177.0.0/20 maxlen: 20
183.177.16.0/20 maxlen: 20
183.177.32.0/20 maxlen: 20
202.167.224.0/23 maxlen: 23
202.167.227.0/24 maxlen: 24
202.167.230.0/23 maxlen: 23
202.167.232.0/24 maxlen: 24
202.167.234.0/23 maxlen: 23
202.167.236.0/22 maxlen: 22
202.167.240.0/22 maxlen: 22
202.167.244.0/22 maxlen: 22
202.167.248.0/23 maxlen: 23
202.167.252.0/23 maxlen: 23
202.167.254.0/24 maxlen: 24
202.167.255.0/24 maxlen: 24
202.177.192.0/24 maxlen: 24
202.177.193.0/24 maxlen: 24
202.177.195.0/24 maxlen: 24
202.177.196.0/23 maxlen: 23
202.177.198.0/24 maxlen: 24
202.177.199.0/24 maxlen: 24
202.177.200.0/23 maxlen: 23
202.177.202.0/23 maxlen: 23
202.177.204.0/23 maxlen: 23
202.177.207.0/24 maxlen: 24
203.190.224.0/23 maxlen: 23
203.190.228.0/23 maxlen: 23
203.190.232.0/22 maxlen: 22
203.190.232.0/24 maxlen: 24
203.190.236.0/22 maxlen: 22
2407:b000::/32 maxlen: 32
2407:b001::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.crl
rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 25 Jul 2025 19:41:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3108 (0xc24)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9158E3F, serialNumber=7E313AB7FF26E783E03C07851612751881AE4918
Validity
Not Before: Jul 16 01:15:46 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=6876fd42-a9eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:8d:c0:60:8c:9d:1d:a0:81:6e:a8:9b:09:9f:
a9:26:90:92:ee:ec:84:58:90:dd:4a:4c:fe:52:57:
ca:e6:cb:b7:09:87:ee:f3:ac:ff:e4:94:70:ee:0d:
85:e3:c0:21:28:84:c1:5a:1e:9d:b4:0c:84:d1:c5:
20:84:82:1e:e0:c9:8d:25:d9:ac:83:3f:e8:35:95:
88:d7:3b:a5:1f:95:ab:f1:05:e0:72:7a:b4:e1:b7:
24:27:86:cc:97:ee:79:c0:23:eb:22:20:1a:a9:4f:
10:da:3a:d1:ea:d1:51:0b:9a:09:06:5c:f8:e6:23:
11:25:ac:4b:64:14:0a:57:b2:a8:fb:c2:8c:ee:c2:
1f:78:e3:31:01:6a:38:cd:36:9b:be:0e:79:54:49:
47:c9:3e:78:8b:b6:ed:f9:61:84:86:53:17:94:62:
25:f3:a2:7e:a0:e9:b1:5a:dc:e0:f3:d7:34:38:44:
e6:11:e6:c2:24:cc:c6:3a:5b:64:62:29:81:d4:e3:
8a:34:0e:58:b2:b6:7d:cd:aa:56:d6:63:84:8f:78:
c7:15:09:a6:ae:01:4b:d9:b4:8a:d4:b2:33:95:dc:
9c:b8:64:71:96:b6:fd:e7:1f:11:2f:7b:98:f6:ab:
63:70:5d:c7:6d:f3:3a:d8:d8:ae:65:91:05:06:fd:
41:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:F4:B2:60:B7:C2:74:06:52:D8:F1:CE:8C:F7:D3:87:07:DE:89:36
X509v3 Authority Key Identifier:
keyid:7E:31:3A:B7:FF:26:E7:83:E0:3C:07:85:16:12:75:18:81:AE:49:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.111.128.0/22
36.255.39.0/24
103.8.176.0/21
119.27.0.0-119.27.47.255
119.27.50.0-119.27.61.255
122.50.64.0/19
122.50.104.0-122.50.115.255
122.50.120.0/21
180.189.0.0/20
180.189.32.0-180.189.51.255
180.189.56.0/21
183.177.0.0-183.177.47.255
202.167.224.0/23
202.167.227.0/24
202.167.230.0-202.167.232.255
202.167.234.0-202.167.249.255
202.167.252.0/22
202.177.192.0/23
202.177.195.0-202.177.205.255
202.177.207.0/24
203.190.224.0/23
203.190.228.0/23
203.190.232.0/21
IPv6:
2407:b000::/31
Signature Algorithm: sha256WithRSAEncryption
18:e1:ad:4d:9e:19:ec:e8:0d:7c:2a:98:ef:cc:96:49:c7:5d:
ae:6e:7f:86:fa:6c:e3:05:c8:96:71:a8:99:69:f3:e4:ec:ed:
4b:bf:41:38:d5:fb:cc:65:c1:f3:a1:2e:ef:c3:d8:c2:6f:b3:
6c:79:5b:45:fe:31:fb:e2:94:73:a6:bb:4b:bd:c0:fe:43:30:
fa:be:5d:c5:42:ee:28:00:c5:f7:d8:87:c9:8c:27:4a:53:2d:
c0:a4:3c:fa:6c:63:a0:ef:a5:a9:6b:38:9e:c9:32:43:e0:c9:
0e:c1:72:0a:f1:fa:a0:db:f3:5c:44:70:1d:cb:14:99:1b:f1:
5d:e2:16:8d:ba:d9:ca:80:d6:f2:e5:28:16:21:04:42:e4:0d:
55:22:c5:d1:55:0b:8f:da:b1:87:db:e6:93:07:4e:78:57:94:
f0:89:06:e1:a8:a2:ee:1e:d2:f5:29:cb:e4:b4:d8:7e:e2:60:
97:3a:13:a1:30:48:11:a9:6f:a0:af:c2:5a:2f:f8:47:c2:90:
18:f6:41:c0:dc:17:ae:4e:17:6d:e6:fd:c4:d7:bc:a4:6e:02:
88:eb:fd:47:c7:a7:6f:24:83:80:ae:8f:ad:d6:04:6a:15:c9:
a2:7c:75:6b:33:cd:e4:eb:13:83:e6:9a:62:36:44:0b:ed:c8:
48:02:94:13
-----BEGIN CERTIFICATE-----
MIIGRzCCBS+gAwIBAgICDCQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NThFM0YxMTAvBgNVBAUTKDdFMzEzQUI3RkYyNkU3ODNFMDNDMDc4NTE2MTI3NTE4
ODFBRTQ5MTgwHhcNMjUwNzE2MDExNTQ2WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc2ZmQ0Mi1hOWViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Y3AYIydHaCBbqibCZ+pJpCS7uyEWJDdSkz+UlfK5su3CYfu86z/5JRw7g2F
48AhKITBWh6dtAyE0cUghIIe4MmNJdmsgz/oNZWI1zulH5Wr8QXgcnq04bckJ4bM
l+55wCPrIiAaqU8Q2jrR6tFRC5oJBlz45iMRJaxLZBQKV7Ko+8KM7sIfeOMxAWo4
zTabvg55VElHyT54i7bt+WGEhlMXlGIl86J+oOmxWtzg89c0OETmEebCJMzGOltk
YimB1OOKNA5YsrZ9zapW1mOEj3jHFQmmrgFL2bSK1LIzldycuGRxlrb95x8RL3uY
9qtjcF3HbfM62NiuZZEFBv1B6QIDAQABo4IDazCCA2cwHQYDVR0OBBYEFC70smC3
wnQGUtjxzoz304cH3ok2MB8GA1UdIwQYMBaAFH4xOrf/JueD4DwHhRYSdRiBrkkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OEUzRi9DMjQzMjJCQTU0
NDYxMUVBOEMwNTY1MURDNEY5QUUwMi9makU2dF84bTU0UGdQQWVGRmhKMUdJR3VT
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZqRTZ0XzhtNTRQZ1BBZUZGaEoxR0lHdVNSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NThFM0YvQzI0MzIyQkE1NDQ2MTFFQThDMDU2NTFEQzRGOUFFMDIvQ0I2N0E5REM4
RDEzMTFFRjk4OTVFNjFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgfQGCCsGAQUFBwEHAQH/
BIHkMIHhMIHPBAIAATCByAMEAhtvgAMEACT/JwMEA2cIsDALAwMAdxsDBAR3GyAw
DAMEAXcbMgMEAXcbPAMEBXoyQDAMAwQDejJoAwQCejJwAwQDejJ4AwQEtL0AMAwD
BAW0vSADBAK0vTADBAO0vTgwCwMDALexAwQEt7EgAwQByqfgAwQAyqfjMAwDBAHK
p+YDBADKp+gwDAMEAcqn6gMEAcqn+AMEAsqn/AMEAcqxwDAMAwQAyrHDAwQByrHM
AwQAyrHPAwQBy77gAwQBy77kAwQDy77oMA0EAgACMAcDBQEkB7AAMA0GCSqGSIb3
DQEBCwUAA4IBAQAY4a1Nnhns6A18KpjvzJZJx12ubn+G+mzjBciWcaiZafPk7O1L
v0E41fvMZcHzoS7vw9jCb7NseVtF/jH74pRzprtLvcD+QzD6vl3FQu4oAMX32IfJ
jCdKUy3ApDz6bGOg76WpazieyTJD4MkOwXIK8fqg2/NcRHAdyxSZG/Fd4haNutnK
gNby5SgWIQRC5A1VIsXRVQuP2rGH2+aTB054V5TwiQbhqKLuHtL1KcvktNh+4mCX
OhOhMEgRqW+gr8JaL/hHwpAY9kHA3BeuThdt5v3E17ykbgKI6/1Hx6dvJIOAro+t
1gRqFcmifHVrM83k6xOD5ppiNkQL7chIApQT
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:00:13 2025 by rpki-client