Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
File: 801B5CA0D49711EFBF7D3414C4F9AE02.roa (raw, json)
Hash identifier: EhJYlBjQzArjJUepcPMKlhW0SwABK8otVcs5MS+goNQ=
Subject key identifier: 51:1D:74:C9:C8:24:A9:60:EE:DB:A0:D5:89:4C:46:87:7C:A7:B0:27
Certificate issuer: /CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Certificate serial: 1262
Authority key identifier: F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
Signing time: Thu 24 Jul 2025 17:26:37 +0000
ROA not before: Thu 24 Jul 2025 17:26:37 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 7600
IP address blocks: 14.102.136.0/21 maxlen: 24
43.247.116.0/22 maxlen: 24
103.237.160.0/22 maxlen: 22
103.237.160.0/22 maxlen: 24
103.237.160.0/24 maxlen: 24
115.42.0.0/20 maxlen: 24
115.42.16.0/20 maxlen: 24
122.129.221.0/24 maxlen: 24
122.129.222.0/24 maxlen: 24
123.136.32.0/19 maxlen: 19
203.18.23.0/24 maxlen: 24
203.25.185.0/24 maxlen: 24
203.57.0.0/23 maxlen: 23
210.56.80.0/20 maxlen: 20
210.56.80.0/21 maxlen: 24
210.56.88.0/21 maxlen: 21
210.56.88.0/24 maxlen: 24
210.56.90.0/24 maxlen: 24
210.56.90.192/26 maxlen: 26
210.56.91.0/24 maxlen: 24
210.56.95.0/24 maxlen: 24
2404:9600::/32 maxlen: 32
2404:9600:300::/40 maxlen: 40
2404:9601::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 31 Jul 2025 17:26:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4706 (0x1262)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B268A, serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Validity
Not Before: Jul 24 17:26:37 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68826ccd-1283
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:4f:67:c3:c0:8d:b1:10:8e:01:8e:4d:9e:b3:
bf:b1:58:f1:49:90:e0:64:ac:5d:96:cb:5c:23:2a:
4f:45:e3:40:9c:fa:0f:1c:5f:b0:f7:4d:19:fc:f9:
c5:43:c3:17:e4:01:09:45:93:5e:62:a1:89:a5:6e:
26:a1:39:c4:03:72:57:43:8c:79:93:aa:69:a1:7a:
a3:ff:21:2b:5b:4c:ad:4e:2d:08:04:28:31:40:ae:
83:f3:ae:4a:f6:a3:0d:77:d3:48:74:30:d0:2a:5f:
8a:14:2f:00:19:aa:71:43:de:9a:a6:2c:fb:9b:d6:
1b:ab:b1:c3:2b:4b:53:e1:39:55:1a:6f:11:7c:22:
da:9b:8d:c0:6e:12:8f:19:e6:af:51:12:3d:e6:f5:
cb:24:02:72:34:ea:5d:23:ab:5c:cb:56:b4:34:f1:
38:a7:70:42:b6:69:e9:d1:17:eb:fc:9f:e7:20:6d:
22:40:0b:3a:88:f0:dd:8d:e0:d5:75:8e:67:9f:43:
a9:be:f2:31:4c:0c:29:ad:32:36:10:b9:40:b3:f6:
07:c5:27:fc:08:78:06:69:e1:c3:15:c8:00:d5:59:
00:02:b8:96:0f:5f:ff:99:59:bf:9f:9e:42:40:7c:
54:44:54:a8:b1:af:1a:e6:fb:8a:c5:f6:6b:28:6c:
cb:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:1D:74:C9:C8:24:A9:60:EE:DB:A0:D5:89:4C:46:87:7C:A7:B0:27
X509v3 Authority Key Identifier:
keyid:F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.136.0/21
43.247.116.0/22
103.237.160.0/22
115.42.0.0/19
122.129.221.0-122.129.222.255
123.136.32.0/19
203.18.23.0/24
203.25.185.0/24
203.57.0.0/23
210.56.80.0/20
IPv6:
2404:9600::/31
Signature Algorithm: sha256WithRSAEncryption
bd:37:9c:11:5c:dc:21:74:51:25:52:de:ab:e9:10:bc:42:4c:
c3:f2:78:51:e9:85:8e:a3:40:6b:c6:07:9f:e8:87:c5:06:a8:
0e:e0:dd:a1:af:22:9f:17:87:26:03:7f:f8:92:41:0d:db:97:
2c:a4:d1:12:90:df:2a:6b:ed:ed:44:2d:48:c1:b5:e7:93:7c:
07:48:47:15:f6:ad:07:8f:f7:0b:12:bd:9a:46:48:28:8c:be:
5f:06:75:f9:34:35:a9:1f:cc:ad:e1:be:55:2b:6c:b8:d4:46:
f4:96:a3:e0:7d:83:f4:71:cf:9b:c2:d7:cb:19:36:ad:06:e6:
f4:ca:d0:60:97:65:7f:8b:68:26:25:b7:f4:8c:bb:39:0a:e0:
4d:4f:f3:95:d6:cf:0f:2d:53:ee:5f:d8:13:d6:f4:ab:04:69:
cb:c0:a7:7d:85:fc:86:e9:f8:23:ed:cd:51:1c:eb:53:09:2b:
d2:b2:9a:6d:63:8f:83:eb:66:92:69:9d:bd:b5:1b:ef:2c:76:
1a:cc:39:c4:bd:c5:01:10:73:02:08:a8:8e:38:da:90:33:9b:
f8:68:84:37:88:1a:00:e1:4f:64:e7:08:99:3f:58:69:26:5a:
83:39:90:d7:c2:ab:94:2a:e0:c6:00:ce:83:04:33:65:9e:d5:
a8:c6:33:a4
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICEmIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI2OEExMTAvBgNVBAUTKEY4RUVDRTdEM0MwQ0Y1OTIyRUEzRDgwMzU1MzYzODgy
M0ZBRUVBMDgwHhcNMjUwNzI0MTcyNjM3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgyNmNjZC0xMjgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0E9nw8CNsRCOAY5NnrO/sVjxSZDgZKxdlstcIypPReNAnPoPHF+w900Z/PnF
Q8MX5AEJRZNeYqGJpW4moTnEA3JXQ4x5k6ppoXqj/yErW0ytTi0IBCgxQK6D865K
9qMNd9NIdDDQKl+KFC8AGapxQ96apiz7m9Ybq7HDK0tT4TlVGm8RfCLam43AbhKP
GeavURI95vXLJAJyNOpdI6tcy1a0NPE4p3BCtmnp0Rfr/J/nIG0iQAs6iPDdjeDV
dY5nn0OpvvIxTAwprTI2ELlAs/YHxSf8CHgGaeHDFcgA1VkAAriWD1//mVm/n55C
QHxURFSosa8a5vuKxfZrKGzLgwIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFFEddMnI
JKlg7tug1YlMRod8p7AnMB8GA1UdIwQYMBaAFPjuzn08DPWSLqPYA1U2OII/ruoI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjY4QS84NEZCNEM5Q0RE
QTExMUU4QTJFNzhBNjlDNEY5QUUwMi8tTzdPZlR3TTlaSXVvOWdEVlRZNGdqLXU2
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1PN09mVHdNOVpJdW85Z0RWVFk0Z2otdTZnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI2OEEvODRGQjRDOUNEREExMTFFOEEyRTc4QTY5QzRGOUFFMDIvODAxQjVDQTBE
NDk3MTFFRkJGN0QzNDE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDBAMOZogDBAIr93QDBAJn7aADBAVzKgAwDAMEAHqB3QMEAHqB
3gMEBXuIIAMEAMsSFwMEAMsZuQMEAcs5AAMEBNI4UDANBAIAAjAHAwUBJASWADAN
BgkqhkiG9w0BAQsFAAOCAQEAvTecEVzcIXRRJVLeq+kQvEJMw/J4UemFjqNAa8YH
n+iHxQaoDuDdoa8inxeHJgN/+JJBDduXLKTREpDfKmvt7UQtSMG155N8B0hHFfat
B4/3CxK9mkZIKIy+XwZ1+TQ1qR/MreG+VStsuNRG9Jaj4H2D9HHPm8LXyxk2rQbm
9MrQYJdlf4toJiW39Iy7OQrgTU/zldbPDy1T7l/YE9b0qwRpy8CnfYX8hun4I+3N
URzrUwkr0rKabWOPg+tmkmmdvbUb7yx2Gsw5xL3FARBzAgiojjjakDOb+GiEN4ga
AOFPZOcImT9YaSZagzmQ18KrlCrgxgDOgwQzZZ7VqMYzpA==
-----END CERTIFICATE-----
Generated at Fri Jul 25 01:42:06 2025 by rpki-client