Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
File: BFFF6C4A07D911EDA41A0B25C4F9AE02.roa (raw, json)
Hash identifier: iEgI1+eELzSv9harMun/B8PcGTONk7OUyJu4K2OeKeo=
Subject key identifier: 49:50:18:9E:19:17:13:B8:D8:0A:77:EC:D7:EE:9E:26:22:D3:0D:97
Certificate issuer: /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Certificate serial: 057B
Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
Signing time: Sun 31 Aug 2025 07:58:20 +0000
ROA not before: Sun 31 Aug 2025 07:58:20 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 135074
IP address blocks: 103.135.208.0/24 maxlen: 24
103.135.209.0/24 maxlen: 24
103.135.210.0/24 maxlen: 24
103.135.211.0/24 maxlen: 24
103.172.110.0/23 maxlen: 24
103.204.13.0/24 maxlen: 24
203.168.128.0/22 maxlen: 22
203.168.128.0/24 maxlen: 24
203.168.129.0/24 maxlen: 24
203.168.130.0/24 maxlen: 24
203.168.131.0/24 maxlen: 24
203.168.192.0/24 maxlen: 24
203.168.193.0/24 maxlen: 24
203.168.194.0/24 maxlen: 24
203.168.195.0/24 maxlen: 24
203.168.196.0/24 maxlen: 24
203.168.197.0/24 maxlen: 24
203.168.198.0/24 maxlen: 24
203.168.199.0/24 maxlen: 24
203.168.200.0/24 maxlen: 24
203.168.201.0/24 maxlen: 24
203.168.202.0/24 maxlen: 24
203.168.203.0/24 maxlen: 24
203.168.204.0/24 maxlen: 24
203.168.205.0/24 maxlen: 24
203.168.206.0/24 maxlen: 24
203.168.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 11 Sep 2025 23:46:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1403 (0x57b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Validity
Not Before: Aug 31 07:58:20 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=68b4009c-c74f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:02:95:66:64:a9:26:aa:8e:2f:d4:70:20:c2:
69:89:07:72:0d:db:2c:c5:b2:75:8e:d1:3c:ea:05:
14:a1:02:30:20:3c:c9:92:1d:81:89:41:0b:c4:6d:
fa:23:8e:26:d7:ce:ff:b9:40:85:3e:26:cd:46:99:
b7:b7:cb:3f:f3:12:55:05:40:1b:13:ed:a5:ad:2b:
51:30:e5:fe:7d:f4:80:63:89:d1:f3:fe:b5:86:e6:
0f:68:5d:5b:17:8f:a5:74:91:e7:a7:94:a6:82:0e:
a2:d9:8c:c4:ad:53:4e:b7:46:69:a6:e4:6a:fd:76:
20:3a:61:47:e3:3e:22:c4:63:7e:32:e0:8b:4d:9f:
42:f3:b3:dc:66:03:18:8a:eb:6d:82:2d:e2:d1:ba:
ad:75:70:d0:ed:e4:ea:0a:4e:d8:0c:dc:c1:58:37:
77:18:ec:30:25:4f:f1:a9:9c:ab:22:f1:1c:51:51:
cb:bc:d4:f9:60:9b:64:90:5e:8f:8c:69:6a:85:cb:
90:8b:b4:f6:ea:63:dc:4f:13:5f:4b:30:d8:82:4d:
c4:27:6e:48:9a:51:e7:e5:5d:95:ea:5b:8b:4f:28:
ac:5e:ff:00:07:be:10:05:2d:d5:ef:bc:77:54:4c:
c6:03:ea:3f:46:4c:da:6e:68:fc:50:a6:9f:bf:be:
02:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:50:18:9E:19:17:13:B8:D8:0A:77:EC:D7:EE:9E:26:22:D3:0D:97
X509v3 Authority Key Identifier:
keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.135.208.0/22
103.172.110.0/23
103.204.13.0/24
203.168.128.0/22
203.168.192.0/20
Signature Algorithm: sha256WithRSAEncryption
33:3e:19:06:1d:14:84:99:15:b3:92:a6:bf:eb:33:dd:49:b4:
45:0d:d5:eb:c3:95:b5:92:9a:4c:55:fc:6c:6c:38:73:cd:de:
78:a4:42:d2:60:60:10:55:bc:63:54:ff:83:da:8a:d8:e7:6e:
2f:38:ce:f6:fe:66:bb:a2:80:0f:1c:8a:3c:ae:9e:0d:a8:70:
44:d5:bb:06:63:dc:cc:75:f8:15:e5:ea:79:ea:0e:3f:22:86:
ec:ec:83:72:4d:ef:83:21:01:37:a8:8d:d6:31:74:9e:78:d8:
96:70:ab:a0:f1:73:c5:28:e8:82:91:e8:c1:37:74:98:13:f9:
f5:97:9c:71:fe:6f:b9:81:e9:41:bf:3c:f4:95:92:94:3f:b0:
22:39:40:31:69:fb:90:69:e7:ef:eb:45:b6:69:e8:7c:ea:98:
c5:b5:da:8a:a1:d5:5e:d3:5c:6e:4d:2e:37:24:a4:39:25:2a:
b4:e6:2a:7f:38:66:e1:c8:9d:1a:d2:f6:d7:0e:15:2c:57:7c:
0f:d5:f8:d1:5f:4c:d4:08:28:b6:7d:7e:3a:a8:91:36:36:df:
f6:67:4b:ec:77:bb:69:f6:26:94:83:38:36:88:5d:0f:83:e0:
94:82:07:df:29:e7:83:1c:10:d4:7d:25:1a:c5:6b:70:26:ed:
59:61:c9:d9
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICBXswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0
MjQ5NjI5MUQwHhcNMjUwODMxMDc1ODIwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI0MDA5Yy1jNzRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzQKVZmSpJqqOL9RwIMJpiQdyDdssxbJ1jtE86gUUoQIwIDzJkh2BiUELxG36
I44m187/uUCFPibNRpm3t8s/8xJVBUAbE+2lrStRMOX+ffSAY4nR8/61huYPaF1b
F4+ldJHnp5Smgg6i2YzErVNOt0ZppuRq/XYgOmFH4z4ixGN+MuCLTZ9C87PcZgMY
iuttgi3i0bqtdXDQ7eTqCk7YDNzBWDd3GOwwJU/xqZyrIvEcUVHLvNT5YJtkkF6P
jGlqhcuQi7T26mPcTxNfSzDYgk3EJ25ImlHn5V2V6luLTyisXv8AB74QBS3V77x3
VEzGA+o/Rkzabmj8UKafv74CIQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFElQGJ4Z
FxO42Ap37NfuniYi0w2XMB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC
RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL
UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvQkZGRjZDNEEw
N0Q5MTFFREE0MUEwQjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAJnh9ADBAFnrG4DBABnzA0DBALLqIADBATLqMAwDQYJKoZI
hvcNAQELBQADggEBADM+GQYdFISZFbOSpr/rM91JtEUN1evDlbWSmkxV/GxsOHPN
3nikQtJgYBBVvGNU/4Paitjnbi84zvb+ZruigA8cijyung2ocETVuwZj3Mx1+BXl
6nnqDj8ihuzsg3JN74MhATeojdYxdJ542JZwq6Dxc8Uo6IKR6ME3dJgT+fWXnHH+
b7mB6UG/PPSVkpQ/sCI5QDFp+5Bp5+/rRbZp6HzqmMW12oqh1V7TXG5NLjckpDkl
KrTmKn84ZuHInRrS9tcOFSxXfA/V+NFfTNQIKLZ9fjqokTY23/ZnS+x3u2n2JpSD
ODaIXQ+D4JSCB98p54McENR9JRrFa3Am7Vlhydk=
-----END CERTIFICATE-----
Generated at Fri Sep 5 03:22:56 2025 by rpki-client