Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
File: 8A721F4EB10C11E5BB6B2A16C4F9AE02.roa (raw, json)
Hash identifier: IwUXo20n+V2B2SbXh2brhMIgczh2mlcm0AjnKKmeoo8=
Subject key identifier: 25:F7:70:A2:D6:4E:7B:1A:6D:7D:07:21:C0:AB:42:A2:15:B2:15:00
Certificate issuer: /CN=A91240E6/serialNumber=6DCE52F9A228CBF6F30CD55D43384D1268487B65
Certificate serial: 264B
Authority key identifier: 6D:CE:52:F9:A2:28:CB:F6:F3:0C:D5:5D:43:38:4D:12:68:48:7B:65
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
Signing time: Thu 28 Aug 2025 16:03:21 +0000
ROA not before: Thu 28 Aug 2025 16:03:21 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 38203
IP address blocks: 103.4.116.0/22 maxlen: 22
103.4.116.0/22 maxlen: 24
103.4.116.0/24 maxlen: 24
103.4.117.0/24 maxlen: 24
103.4.118.0/24 maxlen: 24
103.4.119.0/24 maxlen: 24
103.234.200.0/22 maxlen: 22
103.234.200.0/24 maxlen: 24
103.234.201.0/24 maxlen: 24
103.234.202.0/24 maxlen: 24
103.234.203.0/24 maxlen: 24
103.251.120.0/22 maxlen: 22
103.251.120.0/22 maxlen: 24
103.251.120.0/24 maxlen: 24
103.251.121.0/24 maxlen: 24
103.251.122.0/24 maxlen: 24
103.251.123.0/24 maxlen: 24
163.47.144.0/22 maxlen: 22
163.47.144.0/22 maxlen: 24
163.47.144.0/24 maxlen: 24
163.47.145.0/24 maxlen: 24
163.47.146.0/24 maxlen: 24
163.47.147.0/24 maxlen: 24
202.51.176.0/20 maxlen: 20
202.51.176.0/20 maxlen: 24
202.51.176.0/24 maxlen: 24
202.51.177.0/24 maxlen: 24
202.51.178.0/24 maxlen: 24
202.51.179.0/24 maxlen: 24
202.51.180.0/24 maxlen: 24
202.51.181.0/24 maxlen: 24
202.51.182.0/24 maxlen: 24
202.51.183.0/24 maxlen: 24
202.51.184.0/24 maxlen: 24
202.51.185.0/24 maxlen: 24
202.51.186.0/24 maxlen: 24
202.51.187.0/24 maxlen: 24
202.51.188.0/24 maxlen: 24
202.51.189.0/24 maxlen: 24
202.51.190.0/24 maxlen: 24
202.51.191.0/24 maxlen: 24
2402:b500::/32 maxlen: 48
2402:b500:1::/48 maxlen: 48
2402:b500:2::/48 maxlen: 48
2402:b500:3::/48 maxlen: 48
2402:b500:4::/48 maxlen: 48
2402:b500:5::/48 maxlen: 48
2402:b500:31::/48 maxlen: 48
2402:b500:1000::/44 maxlen: 44
2402:b500:1000::/48 maxlen: 48
2402:b500:1001::/48 maxlen: 48
2402:b500:1002::/48 maxlen: 48
2402:b500:1003::/48 maxlen: 48
2402:b500:1004::/48 maxlen: 48
2402:b500:1005::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.crl
rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 23 Sep 2025 15:45:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9803 (0x264b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91240E6, serialNumber=6DCE52F9A228CBF6F30CD55D43384D1268487B65
Validity
Not Before: Aug 28 16:03:21 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68b07dc8-c06b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:6a:8a:aa:47:6e:a1:53:f6:fe:31:63:ea:c6:
a9:44:ac:c3:74:64:71:b1:5c:2c:d0:e4:ef:6a:c3:
c4:9a:76:e6:d9:9d:b4:9a:24:c7:7d:1a:e7:3a:f1:
fb:5c:63:ff:f7:dc:f2:c8:47:65:07:cd:44:ca:24:
25:c0:7f:b7:40:9a:7e:b5:bd:d4:06:5c:47:4d:b9:
cf:1a:67:5b:5f:a4:b5:0d:d7:37:6d:2f:f0:97:b5:
d9:13:b8:5a:a0:62:02:58:0d:fb:a6:e9:f6:36:8c:
cb:88:66:99:e5:2b:53:ae:9e:b8:a4:81:cd:fa:aa:
74:bc:e8:ef:46:98:55:5f:5e:a4:18:96:fd:66:44:
74:62:24:1d:ed:74:5f:3f:a6:5d:93:69:76:97:99:
e8:c8:bc:65:77:f0:2e:90:b5:f0:9e:5e:c1:e0:38:
87:c7:fa:4a:e7:c8:f1:2b:8d:f8:5f:d3:63:f7:e0:
1e:a7:4c:87:65:ac:00:6e:d7:02:52:3d:bc:6c:0f:
d1:04:c3:a5:92:af:29:50:7a:d3:9e:7f:96:37:da:
1f:13:7e:c3:2b:02:de:b7:90:c1:06:60:bf:07:e9:
2e:3d:b8:37:dc:db:57:89:34:4f:1e:99:00:86:38:
bf:aa:41:54:8f:44:35:3d:f5:b3:71:0a:89:0d:da:
3a:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:F7:70:A2:D6:4E:7B:1A:6D:7D:07:21:C0:AB:42:A2:15:B2:15:00
X509v3 Authority Key Identifier:
keyid:6D:CE:52:F9:A2:28:CB:F6:F3:0C:D5:5D:43:38:4D:12:68:48:7B:65
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.4.116.0/22
103.234.200.0/22
103.251.120.0/22
163.47.144.0/22
202.51.176.0/20
IPv6:
2402:b500::/32
Signature Algorithm: sha256WithRSAEncryption
11:a1:fd:3b:d8:8c:cb:17:9c:24:b6:1d:9b:e6:3e:34:df:34:
0c:3f:f3:67:08:fa:d2:7a:68:1a:c2:ec:43:a3:b5:a5:7a:c4:
5b:43:20:df:12:ea:f5:fa:05:0e:86:bf:03:46:5f:e2:5e:a0:
2f:6e:f7:03:82:d5:d1:94:f7:74:3e:58:40:8f:0f:47:6d:ad:
37:6d:51:a7:ca:c0:98:5b:b8:be:52:b4:4f:3b:2f:39:b2:87:
cb:83:07:96:7a:06:01:3a:fd:61:87:8c:19:94:8e:1b:c2:78:
e0:f7:50:46:52:a3:05:06:aa:ca:0d:68:f7:21:e4:a7:87:a1:
46:18:e5:fe:89:86:1f:2a:87:44:95:12:44:76:73:40:33:c6:
2b:d1:18:22:ef:1b:7e:4d:87:f9:07:02:71:4d:b2:e6:e8:d2:
2d:7b:8c:89:c0:05:e7:16:a9:fe:ae:fb:f8:47:13:d2:b7:7b:
1a:e7:2c:94:a7:c1:3e:ca:bb:ea:15:7c:3c:b8:e0:45:32:1f:
01:3e:ee:cb:c0:c7:41:39:c1:1c:eb:8b:07:eb:4e:1c:33:98:
b8:e0:e0:aa:24:87:43:63:df:a6:3c:62:da:3e:e4:d1:78:70:
50:c9:86:b1:ac:01:c9:f2:6f:d4:d4:31:66:96:26:cc:c1:1e:
e7:5f:30:b9
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICJkswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjQwRTYxMTAvBgNVBAUTKDZEQ0U1MkY5QTIyOENCRjZGMzBDRDU1RDQzMzg0RDEy
Njg0ODdCNjUwHhcNMjUwODI4MTYwMzIxWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIwN2RjOC1jMDZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsmqKqkduoVP2/jFj6sapRKzDdGRxsVws0OTvasPEmnbm2Z20miTHfRrnOvH7
XGP/99zyyEdlB81EyiQlwH+3QJp+tb3UBlxHTbnPGmdbX6S1Ddc3bS/wl7XZE7ha
oGICWA37pun2NozLiGaZ5StTrp64pIHN+qp0vOjvRphVX16kGJb9ZkR0YiQd7XRf
P6Zdk2l2l5noyLxld/AukLXwnl7B4DiHx/pK58jxK434X9Nj9+Aep0yHZawAbtcC
Uj28bA/RBMOlkq8pUHrTnn+WN9ofE37DKwLet5DBBmC/B+kuPbg33NtXiTRPHpkA
hji/qkFUj0Q1PfWzcQqJDdo6mwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFCX3cKLW
TnsabX0HIcCrQqIVshUAMB8GA1UdIwQYMBaAFG3OUvmiKMv28wzVXUM4TRJoSHtl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNDBFNi82NjA3NDJDOEZE
MjExMUU0ODhBQjBDMzRDNEY5QUUwMi9iYzVTLWFJb3lfYnpETlZkUXpoTkVtaEll
MlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JjNVMtYUlveV9iekROVmRRemhORW1oSWUyVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjQwRTYvNjYwNzQyQzhGRDIxMTFFNDg4QUIwQzM0QzRGOUFFMDIvOEE3MjFGNEVC
MTBDMTFFNUJCNkIyQTE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJnBHQDBAJn6sgDBAJn+3gDBAKjL5ADBATKM7AwDQQCAAIw
BwMFACQCtQAwDQYJKoZIhvcNAQELBQADggEBABGh/TvYjMsXnCS2HZvmPjTfNAw/
82cI+tJ6aBrC7EOjtaV6xFtDIN8S6vX6BQ6GvwNGX+JeoC9u9wOC1dGU93Q+WECP
D0dtrTdtUafKwJhbuL5StE87Lzmyh8uDB5Z6BgE6/WGHjBmUjhvCeOD3UEZSowUG
qsoNaPch5KeHoUYY5f6Jhh8qh0SVEkR2c0AzxivRGCLvG35Nh/kHAnFNsubo0i17
jInABecWqf6u+/hHE9K3exrnLJSnwT7Ku+oVfDy44EUyHwE+7svAx0E5wRzriwfr
ThwzmLjg4Kokh0Nj36Y8Yto+5NF4cFDJhrGsAcnyb9TUMWaWJszBHudfMLk=
-----END CERTIFICATE-----
Generated at Tue Sep 16 18:48:16 2025 by rpki-client