Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
File: 24AE273C2D1111EE85C59810C4F9AE02.roa (raw, json)
Hash identifier: 9qQVMGcPhTFLqGN6w5hpebTs92VIq7KmqEVaikgxWXo=
Subject key identifier: 16:E0:3F:11:95:B4:D5:A7:85:9D:0A:05:82:FF:67:52:C1:59:64:F5
Certificate issuer: /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Certificate serial: 057C
Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
Signing time: Sun 31 Aug 2025 07:58:21 +0000
ROA not before: Sun 31 Aug 2025 07:58:21 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 211392
IP address blocks: 103.135.208.0/24 maxlen: 24
103.135.209.0/24 maxlen: 24
103.135.210.0/24 maxlen: 24
103.135.211.0/24 maxlen: 24
103.172.110.0/23 maxlen: 23
103.172.110.0/24 maxlen: 24
103.172.111.0/24 maxlen: 24
103.204.13.0/24 maxlen: 24
203.168.128.0/22 maxlen: 22
203.168.128.0/23 maxlen: 23
203.168.128.0/24 maxlen: 24
203.168.129.0/24 maxlen: 24
203.168.130.0/23 maxlen: 23
203.168.130.0/24 maxlen: 24
203.168.131.0/24 maxlen: 24
203.168.192.0/24 maxlen: 24
203.168.193.0/24 maxlen: 24
203.168.194.0/24 maxlen: 24
203.168.195.0/24 maxlen: 24
203.168.196.0/24 maxlen: 24
203.168.197.0/24 maxlen: 24
203.168.198.0/24 maxlen: 24
203.168.199.0/24 maxlen: 24
203.168.200.0/24 maxlen: 24
203.168.201.0/24 maxlen: 24
203.168.202.0/24 maxlen: 24
203.168.203.0/24 maxlen: 24
203.168.204.0/24 maxlen: 24
203.168.205.0/24 maxlen: 24
203.168.206.0/24 maxlen: 24
203.168.207.0/24 maxlen: 24
2001:df7:6e80::/47 maxlen: 47
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 11 Sep 2025 23:46:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1404 (0x57c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Validity
Not Before: Aug 31 07:58:21 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=68b4009d-cdbf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c8:10:d5:f3:85:59:41:a4:6a:dd:fc:06:04:
be:ae:28:fb:2a:ff:ae:37:94:e6:20:75:93:9d:65:
a8:8e:5f:af:74:86:30:e4:4b:78:97:79:dd:61:c4:
5e:40:f5:85:48:5a:47:66:6b:3d:16:57:0c:17:42:
72:f3:eb:2a:15:0b:46:85:1d:7d:ca:ab:35:e9:54:
7d:b2:02:69:d4:8e:4c:d1:0f:7c:51:3b:71:40:5b:
16:3f:9e:1d:c0:ff:62:da:36:3d:9d:64:53:61:15:
d9:0e:fd:56:80:f5:c4:e5:05:9a:ff:e8:d3:b8:d2:
b7:f7:fd:3e:74:a3:38:52:b7:d6:92:67:0e:54:42:
df:70:9b:6d:68:f7:4a:9e:b1:4b:01:3d:d2:f2:36:
d1:e5:a2:22:7f:15:3c:02:08:17:ff:88:74:c6:62:
4a:01:bc:aa:e6:c6:4c:c3:45:49:46:34:05:1e:93:
0b:c5:31:b5:30:87:ee:85:87:34:41:1f:fc:86:14:
33:ff:97:37:2e:72:3d:67:50:61:ad:cd:cb:1e:02:
a1:57:ef:cd:b8:05:6e:45:de:a2:75:00:26:1d:a3:
89:a4:dd:4c:ff:69:72:6a:19:59:4f:53:c8:f0:db:
02:e6:30:84:2e:98:ca:d0:a1:b9:ef:bd:0e:99:0a:
ef:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:E0:3F:11:95:B4:D5:A7:85:9D:0A:05:82:FF:67:52:C1:59:64:F5
X509v3 Authority Key Identifier:
keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.135.208.0/22
103.172.110.0/23
103.204.13.0/24
203.168.128.0/22
203.168.192.0/20
IPv6:
2001:df7:6e80::/47
Signature Algorithm: sha256WithRSAEncryption
34:a5:0c:05:eb:1c:78:d2:10:94:17:c9:a4:94:5a:84:25:c1:
bd:d7:f0:c7:a4:1b:c5:63:d9:e8:2b:14:d5:00:a5:8f:07:f3:
3e:7e:3b:e2:97:6b:5d:d1:79:84:95:fb:4e:2f:65:7e:c7:cc:
8c:02:dd:3b:d2:97:66:34:1d:56:4a:ea:e5:cc:84:78:eb:a8:
db:13:d3:75:c9:95:01:30:87:a1:cb:33:59:4a:de:3f:a3:bc:
9c:ca:23:4c:2c:e1:fd:5d:71:02:40:49:7e:8a:63:82:1f:56:
ab:3b:63:47:80:82:0e:c0:98:fe:d1:03:01:43:3a:94:2a:0b:
de:f0:af:3e:34:50:22:c6:89:8c:43:fe:be:4d:26:7c:73:f4:
b3:be:be:43:12:a5:4d:69:11:69:49:e8:51:31:dc:02:42:20:
bf:67:53:8f:11:86:00:fd:c5:29:a0:e8:0c:48:71:5d:b0:ff:
2c:63:7e:b3:5e:6d:95:75:f3:4c:b2:a4:b7:81:d8:6e:cc:1b:
91:4c:41:88:7b:ed:60:30:44:f0:d3:81:c4:5e:20:5e:1a:e1:
be:7e:e9:bd:34:85:60:51:2a:a8:53:c4:80:b2:9f:61:92:77:
00:c9:17:94:63:83:91:33:8e:b3:e7:ef:9a:0b:2b:9f:87:c8:
28:6f:1e:d3
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICBXwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0
MjQ5NjI5MUQwHhcNMjUwODMxMDc1ODIxWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI0MDA5ZC1jZGJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArcgQ1fOFWUGkat38BgS+rij7Kv+uN5TmIHWTnWWojl+vdIYw5Et4l3ndYcRe
QPWFSFpHZms9FlcMF0Jy8+sqFQtGhR19yqs16VR9sgJp1I5M0Q98UTtxQFsWP54d
wP9i2jY9nWRTYRXZDv1WgPXE5QWa/+jTuNK39/0+dKM4UrfWkmcOVELfcJttaPdK
nrFLAT3S8jbR5aIifxU8AggX/4h0xmJKAbyq5sZMw0VJRjQFHpMLxTG1MIfuhYc0
QR/8hhQz/5c3LnI9Z1Bhrc3LHgKhV+/NuAVuRd6idQAmHaOJpN1M/2lyahlZT1PI
8NsC5jCELpjK0KG5770OmQrvXwIDAQABo4ICvjCCArowHQYDVR0OBBYEFBbgPxGV
tNWnhZ0KBYL/Z1LBWWT1MB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC
RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL
UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvMjRBRTI3M0My
RDExMTFFRTg1QzU5ODEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MCQEAgABMB4DBAJnh9ADBAFnrG4DBABnzA0DBALLqIADBATLqMAwDwQCAAIw
CQMHASABDfdugDANBgkqhkiG9w0BAQsFAAOCAQEANKUMBesceNIQlBfJpJRahCXB
vdfwx6QbxWPZ6CsU1QCljwfzPn474pdrXdF5hJX7Ti9lfsfMjALdO9KXZjQdVkrq
5cyEeOuo2xPTdcmVATCHocszWUreP6O8nMojTCzh/V1xAkBJfopjgh9WqztjR4CC
DsCY/tEDAUM6lCoL3vCvPjRQIsaJjEP+vk0mfHP0s76+QxKlTWkRaUnoUTHcAkIg
v2dTjxGGAP3FKaDoDEhxXbD/LGN+s15tlXXzTLKkt4HYbswbkUxBiHvtYDBE8NOB
xF4gXhrhvn7pvTSFYFEqqFPEgLKfYZJ3AMkXlGODkTOOs+fvmgsrn4fIKG8e0w==
-----END CERTIFICATE-----
Generated at Fri Sep 5 03:22:59 2025 by rpki-client