Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31CBA5B2ADA111F0B7AAD41DC4F9AE02.roa
File: 31CBA5B2ADA111F0B7AAD41DC4F9AE02.roa (raw, json)
Hash identifier: 5CxgvuF0fJ72SB6Diy3BJqOrlsftLe1kTIIMVXc1D1o=
Subject key identifier: 5D:A0:6D:03:32:C2:02:99:49:87:5A:CA:2C:7D:51:B9:2A:75:8A:81
Certificate issuer: /CN=A911E509/serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Certificate serial: 09BD
Authority key identifier: AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31CBA5B2ADA111F0B7AAD41DC4F9AE02.roa
Signing time: Mon 20 Oct 2025 10:40:29 +0000
ROA not before: Mon 20 Oct 2025 10:40:29 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 135391
IP address blocks: 43.224.64.0/22 maxlen: 24
43.230.88.0/22 maxlen: 24
45.253.246.0/23 maxlen: 24
45.255.132.0/22 maxlen: 24
61.29.240.0/22 maxlen: 24
61.29.248.0/24 maxlen: 24
61.29.249.0/24 maxlen: 24
61.29.250.0/23 maxlen: 24
103.43.84.0/22 maxlen: 24
103.49.132.0/22 maxlen: 24
103.65.40.0/22 maxlen: 24
103.98.8.0/22 maxlen: 24
103.211.230.0/23 maxlen: 24
103.216.100.0/22 maxlen: 24
146.196.76.0/23 maxlen: 24
157.119.232.0/22 maxlen: 24
2405:fd80:1000::/40 maxlen: 40
2405:fd80:1000::/48 maxlen: 48
2405:fd80:1003::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 09 Nov 2025 20:06:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2493 (0x9bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E509, serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Validity
Not Before: Oct 20 10:40:29 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68f6119c-c335
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:4d:38:8e:54:3f:7b:1e:2b:ce:3e:48:55:ef:
74:2a:43:e1:ec:76:04:63:a7:3a:88:ed:84:83:9c:
45:05:85:1a:75:52:8f:71:c6:42:d1:0d:5e:5b:e8:
20:09:40:6d:a7:2a:b0:c8:c1:ae:ae:41:10:d8:20:
97:80:4a:60:0b:90:a2:e5:dc:94:44:b5:45:f3:5f:
e7:9c:17:55:96:3d:bc:2c:16:35:2d:2e:f9:f3:7b:
e8:b6:70:3e:6f:71:7f:65:45:5f:f6:05:9e:78:f0:
23:34:e0:d8:b4:d4:a3:a8:a4:b3:1d:23:40:db:7f:
05:bc:0b:6a:2a:91:3e:18:86:2a:fb:46:ed:b0:51:
6b:f4:47:8a:26:5a:f0:d8:ab:f5:08:49:8a:2a:2a:
0f:94:52:b9:7e:73:f8:81:b1:d6:a8:e7:62:ed:da:
16:a6:5d:f2:e1:ad:13:14:05:d1:55:a2:c3:99:e7:
4e:6d:2b:bf:43:c2:db:19:a7:01:b1:f6:34:3d:4c:
34:e6:bf:41:10:4d:ba:e7:e6:16:fa:eb:0b:12:cc:
dc:4a:f1:96:53:0a:03:fb:14:e9:32:c0:ed:7f:9e:
a8:e6:03:d7:90:f8:28:32:12:43:70:fc:4e:ad:c8:
09:46:7f:e0:26:b6:1d:e1:65:70:8d:9f:e2:b1:7a:
a9:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:A0:6D:03:32:C2:02:99:49:87:5A:CA:2C:7D:51:B9:2A:75:8A:81
X509v3 Authority Key Identifier:
keyid:AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/31CBA5B2ADA111F0B7AAD41DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.64.0/22
43.230.88.0/22
45.253.246.0/23
45.255.132.0/22
61.29.240.0/22
61.29.248.0/22
103.43.84.0/22
103.49.132.0/22
103.65.40.0/22
103.98.8.0/22
103.211.230.0/23
103.216.100.0/22
146.196.76.0/23
157.119.232.0/22
IPv6:
2405:fd80:1000::/40
Signature Algorithm: sha256WithRSAEncryption
a4:62:b6:25:f9:0b:7f:2a:2f:7e:39:f8:2b:dd:f4:4f:b3:6e:
41:52:ec:a4:f3:28:a3:11:29:95:91:0e:05:0f:d5:f1:5c:b9:
50:8f:61:d0:6f:ca:36:0e:71:a5:e9:12:99:52:e4:04:cb:06:
c1:dc:eb:9c:76:81:af:fe:58:68:e8:82:2b:a0:d3:a4:d4:c5:
11:f3:d3:7f:dd:93:d4:ff:36:39:61:45:d9:9e:99:ba:88:73:
bc:ae:3a:9c:84:0a:99:cc:7a:6b:f9:0f:9b:b1:c9:dd:90:79:
4e:59:38:e1:0b:dc:22:94:ee:06:f3:4d:32:ef:04:24:47:70:
29:90:d2:1f:bb:7a:93:36:07:7b:c0:4e:56:82:b7:ab:ff:9c:
66:af:1a:f5:18:a9:52:c1:02:e5:24:e5:8c:71:40:8f:45:3b:
da:62:a6:c8:4b:3a:57:06:92:0f:70:d1:26:e7:de:5a:c8:c7:
68:05:db:87:4f:c5:15:57:32:f3:4d:30:73:ca:93:e1:70:ff:
49:a0:c7:8c:b4:45:3c:cd:c4:47:c2:32:73:50:6b:c7:9a:77:
10:ca:45:25:87:6f:e8:1e:57:03:7e:4f:cf:2f:e5:d8:30:52:
0b:05:3b:a0:57:5e:bd:c5:33:f0:b2:83:e0:09:69:c2:8c:a4:
eb:1a:59:23
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgICCb0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU1MDkxMTAvBgNVBAUTKEFBOEUxQkUzNjI0MjQwREMzMzAyMDQ3RkI0MUE3RDRF
NDc4MDhFRjgwHhcNMjUxMDIwMTA0MDI5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGY2MTE5Yy1jMzM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8U04jlQ/ex4rzj5IVe90KkPh7HYEY6c6iO2Eg5xFBYUadVKPccZC0Q1eW+gg
CUBtpyqwyMGurkEQ2CCXgEpgC5Ci5dyURLVF81/nnBdVlj28LBY1LS7583votnA+
b3F/ZUVf9gWeePAjNODYtNSjqKSzHSNA238FvAtqKpE+GIYq+0btsFFr9EeKJlrw
2Kv1CEmKKioPlFK5fnP4gbHWqOdi7doWpl3y4a0TFAXRVaLDmedObSu/Q8LbGacB
sfY0PUw05r9BEE265+YW+usLEszcSvGWUwoD+xTpMsDtf56o5gPXkPgoMhJDcPxO
rcgJRn/gJrYd4WVwjZ/isXqplQIDAQABo4IC8zCCAu8wHQYDVR0OBBYEFF2gbQMy
wgKZSYdayix9UbkqdYqBMB8GA1UdIwQYMBaAFKqOG+NiQkDcMwIEf7QafU5HgI74
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTUwOS83OUVBNTkxRUE3
QkQxMUVBQUFBNjI5NDhDNEY5QUUwMi9xbzRiNDJKQ1FOd3pBZ1JfdEJwOVRrZUFq
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FvNGI0MkpDUU53ekFnUl90QnA5VGtlQWp2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU1MDkvNzlFQTU5MUVBN0JEMTFFQUFBQTYyOTQ4QzRGOUFFMDIvMzFDQkE1QjJB
REExMTFGMEI3QUFENDFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfQYIKwYBBQUHAQcBAf8E
bjBsMFoEAgABMFQDBAIr4EADBAIr5lgDBAEt/fYDBAIt/4QDBAI9HfADBAI9HfgD
BAJnK1QDBAJnMYQDBAJnQSgDBAJnYggDBAFn0+YDBAJn2GQDBAGSxEwDBAKdd+gw
DgQCAAIwCAMGACQF/YAQMA0GCSqGSIb3DQEBCwUAA4IBAQCkYrYl+Qt/Ki9+Ofgr
3fRPs25BUuyk8yijESmVkQ4FD9XxXLlQj2HQb8o2DnGl6RKZUuQEywbB3OucdoGv
/lho6IIroNOk1MUR89N/3ZPU/zY5YUXZnpm6iHO8rjqchAqZzHpr+Q+bscndkHlO
WTjhC9wilO4G800y7wQkR3ApkNIfu3qTNgd7wE5Wgrer/5xmrxr1GKlSwQLlJOWM
cUCPRTvaYqbISzpXBpIPcNEm595ayMdoBduHT8UVVzLzTTBzypPhcP9JoMeMtEU8
zcRHwjJzUGvHmncQykUlh2/oHlcDfk/PL+XYMFILBTugV169xTPwsoPgCWnCjKTr
Glkj
-----END CERTIFICATE-----
Generated at Tue Nov 4 11:01:01 2025 by rpki-client