Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/DC67BC1E8E1A11F08364EF73C4F9AE02.roa
File: DC67BC1E8E1A11F08364EF73C4F9AE02.roa (raw, json)
Hash identifier: n9kveW6T0zGofNIWBVL2lz5XwTYiSjqFUg+Xl3iNCMQ=
Subject key identifier: BE:04:AC:8B:26:B2:AD:62:99:AF:CB:66:7B:55:7B:78:7C:58:4E:1C
Certificate issuer: /CN=A911C5B0/serialNumber=7A961769549E0AAD0A9BF9925683BAEF733A2F1A
Certificate serial: 352C
Authority key identifier: 7A:96:17:69:54:9E:0A:AD:0A:9B:F9:92:56:83:BA:EF:73:3A:2F:1A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/DC67BC1E8E1A11F08364EF73C4F9AE02.roa
Signing time: Wed 10 Sep 2025 07:50:47 +0000
ROA not before: Wed 10 Sep 2025 07:50:47 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 23884
IP address blocks: 210.246.200.0/24 maxlen: 24
210.246.201.0/24 maxlen: 24
210.246.202.0/24 maxlen: 24
210.246.206.0/24 maxlen: 24
210.246.207.0/24 maxlen: 24
210.246.208.0/24 maxlen: 24
210.246.209.0/24 maxlen: 24
210.246.210.0/24 maxlen: 24
210.246.211.0/24 maxlen: 24
210.246.212.0/24 maxlen: 24
210.246.213.0/24 maxlen: 24
210.246.214.0/24 maxlen: 24
210.246.215.0/24 maxlen: 24
210.246.216.0/24 maxlen: 24
210.246.217.0/24 maxlen: 24
210.246.218.0/24 maxlen: 24
210.246.219.0/24 maxlen: 24
210.246.230.0/24 maxlen: 24
210.246.231.0/24 maxlen: 24
210.246.236.0/24 maxlen: 24
210.246.237.0/24 maxlen: 24
210.246.239.0/24 maxlen: 24
210.246.245.0/24 maxlen: 24
210.246.246.0/24 maxlen: 24
210.246.247.0/24 maxlen: 24
210.246.248.0/24 maxlen: 24
210.246.249.0/24 maxlen: 24
210.246.250.0/24 maxlen: 24
210.246.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.crl
rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 17 Sep 2025 14:22:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13612 (0x352c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911C5B0, serialNumber=7A961769549E0AAD0A9BF9925683BAEF733A2F1A
Validity
Not Before: Sep 10 07:50:47 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68c12dd6-1d3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:50:fe:52:90:1d:b1:0b:a9:6f:3a:d9:f1:9f:
3d:95:41:9c:69:88:af:1f:41:bb:05:30:c8:37:f6:
41:2d:5b:a1:d8:0c:dd:75:67:36:a8:7c:db:fd:4c:
f6:52:3f:e9:79:83:0f:d9:a1:9c:f3:16:76:fc:f0:
00:b0:1b:cb:9a:37:22:62:99:54:ec:51:67:60:88:
55:3f:49:97:fa:bc:aa:35:2d:2e:b8:03:47:e9:d5:
bd:fa:ef:0a:d3:5f:e3:29:2f:85:27:c5:11:08:26:
90:62:b6:ee:b5:7c:d0:2b:7b:f5:aa:28:e7:bd:26:
b5:c1:5c:33:c7:36:68:81:31:3c:2b:98:f6:8f:35:
13:bb:37:b5:8d:12:be:4d:37:6e:7a:58:ba:a2:dd:
88:82:4e:04:66:5f:28:3c:08:42:78:88:5c:72:ff:
3c:2f:e6:4c:61:aa:b1:93:3a:02:6b:a5:59:c2:bb:
00:36:56:fa:14:1a:b3:7b:13:c8:05:58:86:06:a7:
f4:ca:e7:ca:79:7f:b2:d2:ca:bb:9e:cf:47:9e:4f:
16:e5:00:c2:89:fe:80:a0:ae:7b:06:2f:bf:fb:63:
2c:0c:f3:34:29:63:c6:7f:d0:8a:71:73:9c:28:37:
d7:68:95:8a:f9:b4:d0:c5:03:e9:c1:79:e1:6e:2d:
60:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:04:AC:8B:26:B2:AD:62:99:AF:CB:66:7B:55:7B:78:7C:58:4E:1C
X509v3 Authority Key Identifier:
keyid:7A:96:17:69:54:9E:0A:AD:0A:9B:F9:92:56:83:BA:EF:73:3A:2F:1A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/DC67BC1E8E1A11F08364EF73C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
210.246.200.0-210.246.202.255
210.246.206.0-210.246.219.255
210.246.230.0/23
210.246.236.0/23
210.246.239.0/24
210.246.245.0-210.246.251.255
Signature Algorithm: sha256WithRSAEncryption
3c:41:d5:2d:88:b4:6c:a1:da:5b:d1:ba:a9:db:8e:a7:a4:1d:
dc:11:4a:71:3c:59:c4:b4:28:15:66:9c:46:10:d4:1e:57:4e:
ff:20:36:ad:ef:e9:cd:ea:de:b6:58:47:d8:c9:dd:d8:d6:44:
1b:65:e3:3d:1e:d3:bf:3a:56:8d:1e:4f:92:e3:9a:8d:c6:e0:
d7:f1:2b:9e:cf:37:05:16:e6:00:1b:ba:79:da:cc:dc:43:6d:
9c:85:2c:cd:a5:7f:85:b7:77:1a:eb:33:b0:6e:32:65:07:0f:
28:89:7a:0f:7c:c0:36:59:29:92:0d:74:71:bf:d2:0c:3c:99:
05:d2:2d:01:36:a1:14:ed:aa:ab:dd:73:7c:5a:f3:ae:91:bd:
69:29:35:51:f8:cf:84:81:ae:14:a9:5b:23:0b:eb:73:ce:64:
95:92:c4:04:2d:0e:36:e1:09:ed:ac:77:7a:8f:e6:93:4a:ba:
02:58:d8:6c:61:85:68:c4:22:ff:78:2c:b7:d2:11:90:07:f2:
ad:54:f4:d3:46:34:75:8e:be:42:4b:3e:1f:42:be:e8:af:62:
df:2a:23:6c:1b:ee:75:21:55:69:0e:28:2d:78:ae:75:19:07:
68:dc:1d:79:a3:89:dc:71:cf:07:a6:95:f9:e9:4d:11:f6:5d:
7c:b0:fd:d9
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgICNSwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUM1QjAxMTAvBgNVBAUTKDdBOTYxNzY5NTQ5RTBBQUQwQTlCRjk5MjU2ODNCQUVG
NzMzQTJGMUEwHhcNMjUwOTEwMDc1MDQ3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGMxMmRkNi0xZDNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtFD+UpAdsQupbzrZ8Z89lUGcaYivH0G7BTDIN/ZBLVuh2AzddWc2qHzb/Uz2
Uj/peYMP2aGc8xZ2/PAAsBvLmjciYplU7FFnYIhVP0mX+ryqNS0uuANH6dW9+u8K
01/jKS+FJ8URCCaQYrbutXzQK3v1qijnvSa1wVwzxzZogTE8K5j2jzUTuze1jRK+
TTdueli6ot2Igk4EZl8oPAhCeIhccv88L+ZMYaqxkzoCa6VZwrsANlb6FBqzexPI
BViGBqf0yufKeX+y0sq7ns9Hnk8W5QDCif6AoK57Bi+/+2MsDPM0KWPGf9CKcXOc
KDfXaJWK+bTQxQPpwXnhbi1gZwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFL4ErIsm
sq1ima/LZntVe3h8WE4cMB8GA1UdIwQYMBaAFHqWF2lUngqtCpv5klaDuu9zOi8a
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzVCMC80MEM4RDVBNjFE
ODMxMUUyODIzQTVGRDgwOEIwMkNEMi9lcFlYYVZTZUNxMEttX21TVm9PNjczTTZM
eG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VwWVhhVlNlQ3EwS21fbVNWb082NzNNNkx4by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUM1QjAvNDBDOEQ1QTYxRDgzMTFFMjgyM0E1RkQ4MDhCMDJDRDIvREM2N0JDMUU4
RTFBMTFGMDgzNjRFRjczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVQYIKwYBBQUHAQcBAf8E
RjBEMEIEAgABMDwwDAMEA9L2yAMEANL2yjAMAwQB0vbOAwQC0vbYAwQB0vbmAwQB
0vbsAwQA0vbvMAwDBADS9vUDBALS9vgwDQYJKoZIhvcNAQELBQADggEBADxB1S2I
tGyh2lvRuqnbjqekHdwRSnE8WcS0KBVmnEYQ1B5XTv8gNq3v6c3q3rZYR9jJ3djW
RBtl4z0e0786Vo0eT5Ljmo3G4NfxK57PNwUW5gAbunnazNxDbZyFLM2lf4W3dxrr
M7BuMmUHDyiJeg98wDZZKZINdHG/0gw8mQXSLQE2oRTtqqvdc3xa866RvWkpNVH4
z4SBrhSpWyML63POZJWSxAQtDjbhCe2sd3qP5pNKugJY2GxhhWjEIv94LLfSEZAH
8q1U9NNGNHWOvkJLPh9CvuivYt8qI2wb7nUhVWkOKC14rnUZB2jcHXmjidxxzwem
lfnpTRH2XXyw/dk=
-----END CERTIFICATE-----
Generated at Wed Sep 10 16:10:55 2025 by rpki-client