Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31AFACDC349211F0BA15B357C4F9AE02.roa
File: 31AFACDC349211F0BA15B357C4F9AE02.roa (raw, json)
Hash identifier: dUZcTKwnncnoH9FK9TMTgxya3Vm4pErO/3nzu6wv4fM=
Subject key identifier: 4B:75:8A:98:98:1D:C0:DF:6A:A0:97:E5:71:2C:52:9B:15:22:1D:A9
Certificate issuer: /CN=A911E509/serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Certificate serial: 099D
Authority key identifier: AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31AFACDC349211F0BA15B357C4F9AE02.roa
Signing time: Tue 16 Sep 2025 01:37:08 +0000
ROA not before: Tue 16 Sep 2025 01:37:08 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 135391
IP address blocks: 43.224.64.0/22 maxlen: 24
43.230.88.0/22 maxlen: 24
45.253.246.0/23 maxlen: 24
45.255.132.0/22 maxlen: 24
61.29.240.0/22 maxlen: 24
61.29.248.0/24 maxlen: 24
61.29.249.0/24 maxlen: 24
61.29.250.0/23 maxlen: 24
103.43.84.0/22 maxlen: 24
103.49.132.0/22 maxlen: 24
103.65.40.0/22 maxlen: 24
103.98.8.0/22 maxlen: 24
103.211.230.0/23 maxlen: 24
103.216.100.0/22 maxlen: 24
146.196.76.0/23 maxlen: 24
157.119.232.0/22 maxlen: 24
2405:fd80:1000::/40 maxlen: 40
2405:fd80:1000::/48 maxlen: 48
2405:fd80:1003::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 25 Sep 2025 20:26:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2461 (0x99d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E509, serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Validity
Not Before: Sep 16 01:37:08 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68c8bf44-7229
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:22:88:9e:87:30:76:52:8a:92:f3:56:e1:72:
aa:a2:ad:99:ad:a4:85:5b:b4:35:f3:7a:5a:77:42:
ee:0c:b1:93:36:99:50:bd:72:3b:3f:ec:93:ba:cd:
e3:0c:a4:ed:95:9e:45:28:72:b2:ed:dc:d4:ef:49:
56:18:11:ab:bb:9a:ff:07:db:fd:ed:65:49:97:49:
ce:c8:94:63:13:e4:2a:7d:d6:c0:d4:55:64:64:e5:
f1:b2:fc:8c:9b:2f:e3:d9:1d:e6:87:8f:b5:0b:96:
5f:12:26:5b:36:0a:df:1b:6a:99:a9:86:c5:34:19:
c9:b6:b0:b6:6e:ae:64:29:21:79:b3:95:47:a5:1b:
60:f8:2f:22:f5:c1:ce:d3:78:5f:18:3a:35:f5:36:
74:56:1f:e1:09:e1:7c:c6:eb:46:1d:d4:3f:e9:35:
ea:e8:9c:15:ff:23:89:11:bc:b9:5f:63:41:21:a9:
d1:32:8f:6e:e4:25:d7:91:cc:1e:f7:77:49:43:18:
4b:14:7e:1e:42:c9:b8:93:e8:c8:34:f2:a9:70:65:
51:3a:85:52:86:ee:75:66:4b:c9:a5:c0:81:45:06:
93:a0:1f:9a:27:44:82:6d:53:e6:c2:a9:d0:85:20:
dc:5b:32:69:d5:a0:72:6f:5f:14:21:50:55:87:0e:
57:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:75:8A:98:98:1D:C0:DF:6A:A0:97:E5:71:2C:52:9B:15:22:1D:A9
X509v3 Authority Key Identifier:
keyid:AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31AFACDC349211F0BA15B357C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.64.0/22
43.230.88.0/22
45.253.246.0/23
45.255.132.0/22
61.29.240.0/22
61.29.248.0/22
103.43.84.0/22
103.49.132.0/22
103.65.40.0/22
103.98.8.0/22
103.211.230.0/23
103.216.100.0/22
146.196.76.0/23
157.119.232.0/22
IPv6:
2405:fd80:1000::/40
Signature Algorithm: sha256WithRSAEncryption
a4:e8:7f:a6:33:8c:66:f2:54:8b:db:b3:2d:b1:e3:32:75:f7:
8d:72:62:f2:14:0a:d9:3f:b8:5d:f3:3d:e3:64:f6:db:74:30:
c7:fd:fc:09:38:2a:42:da:a1:d7:56:e8:e1:65:f5:95:8c:39:
53:59:1b:ce:82:61:30:b1:44:45:3c:78:4c:8b:a1:7d:c3:95:
08:23:cc:f1:48:40:40:13:3b:05:30:53:b5:1e:3b:b2:60:69:
a8:84:c4:c5:56:f4:9b:80:4a:70:11:61:bc:5c:b4:4b:3b:35:
58:31:02:6b:75:f5:ec:5d:46:5c:71:82:3c:a7:96:34:46:74:
aa:be:ef:eb:0f:66:c8:72:63:97:b9:4d:65:af:08:ed:43:a1:
cb:3c:af:bc:1a:fb:b0:bf:c8:14:c8:d4:f6:81:b5:1a:5e:e9:
ea:39:aa:17:20:a1:cc:ce:29:16:7c:81:3a:5b:57:e9:63:45:
10:1e:42:38:a5:57:b9:71:2c:16:84:11:ba:9b:3d:77:ba:45:
eb:78:db:63:15:a4:40:ef:c9:9b:44:01:71:6b:91:5a:22:72:
34:4f:28:a1:1c:4d:83:1c:ed:7a:0c:73:d3:ac:cf:b0:ef:23:
25:b5:c4:69:96:96:2d:4e:9a:c2:aa:ea:aa:66:97:49:f1:fe:
4b:a3:cf:35
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgICCZ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU1MDkxMTAvBgNVBAUTKEFBOEUxQkUzNjI0MjQwREMzMzAyMDQ3RkI0MUE3RDRF
NDc4MDhFRjgwHhcNMjUwOTE2MDEzNzA4WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM4YmY0NC03MjI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuSKInocwdlKKkvNW4XKqoq2ZraSFW7Q183pad0LuDLGTNplQvXI7P+yTus3j
DKTtlZ5FKHKy7dzU70lWGBGru5r/B9v97WVJl0nOyJRjE+QqfdbA1FVkZOXxsvyM
my/j2R3mh4+1C5ZfEiZbNgrfG2qZqYbFNBnJtrC2bq5kKSF5s5VHpRtg+C8i9cHO
03hfGDo19TZ0Vh/hCeF8xutGHdQ/6TXq6JwV/yOJEby5X2NBIanRMo9u5CXXkcwe
93dJQxhLFH4eQsm4k+jINPKpcGVROoVShu51ZkvJpcCBRQaToB+aJ0SCbVPmwqnQ
hSDcWzJp1aByb18UIVBVhw5XLwIDAQABo4IC8zCCAu8wHQYDVR0OBBYEFEt1ipiY
HcDfaqCX5XEsUpsVIh2pMB8GA1UdIwQYMBaAFKqOG+NiQkDcMwIEf7QafU5HgI74
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTUwOS83OUVBNTkxRUE3
QkQxMUVBQUFBNjI5NDhDNEY5QUUwMi9xbzRiNDJKQ1FOd3pBZ1JfdEJwOVRrZUFq
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FvNGI0MkpDUU53ekFnUl90QnA5VGtlQWp2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU1MDkvNzlFQTU5MUVBN0JEMTFFQUFBQTYyOTQ4QzRGOUFFMDIvMzFBRkFDREMz
NDkyMTFGMEJBMTVCMzU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfQYIKwYBBQUHAQcBAf8E
bjBsMFoEAgABMFQDBAIr4EADBAIr5lgDBAEt/fYDBAIt/4QDBAI9HfADBAI9HfgD
BAJnK1QDBAJnMYQDBAJnQSgDBAJnYggDBAFn0+YDBAJn2GQDBAGSxEwDBAKdd+gw
DgQCAAIwCAMGACQF/YAQMA0GCSqGSIb3DQEBCwUAA4IBAQCk6H+mM4xm8lSL27Mt
seMydfeNcmLyFArZP7hd8z3jZPbbdDDH/fwJOCpC2qHXVujhZfWVjDlTWRvOgmEw
sURFPHhMi6F9w5UII8zxSEBAEzsFMFO1HjuyYGmohMTFVvSbgEpwEWG8XLRLOzVY
MQJrdfXsXUZccYI8p5Y0RnSqvu/rD2bIcmOXuU1lrwjtQ6HLPK+8Gvuwv8gUyNT2
gbUaXunqOaoXIKHMzikWfIE6W1fpY0UQHkI4pVe5cSwWhBG6mz13ukXreNtjFaRA
78mbRAFxa5FaInI0TyihHE2DHO16DHPTrM+w7yMltcRplpYtTprCquqqZpdJ8f5L
o881
-----END CERTIFICATE-----
Generated at Fri Sep 19 10:40:21 2025 by rpki-client