Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
File: 8E652A7AC77611E68B1CDE6AC4F9AE02.roa (raw, json)
Hash identifier: XZLgq4o4I2bTXK3CwsSFqA/5epMchG5aEZim0xVwISs=
Subject key identifier: 51:49:56:EF:3D:94:0B:F7:FD:AA:05:87:42:DF:05:39:79:D2:B3:CE
Certificate issuer: /CN=A914A140/serialNumber=05020FBF1020FD63BE57DA1B9704B0AA8103444A
Certificate serial: 1D15
Authority key identifier: 05:02:0F:BF:10:20:FD:63:BE:57:DA:1B:97:04:B0:AA:81:03:44:4A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
Signing time: Thu 04 Sep 2025 16:25:09 +0000
ROA not before: Thu 04 Sep 2025 16:25:09 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 63526
IP address blocks: 45.125.220.0/22 maxlen: 22
45.125.220.0/22 maxlen: 24
45.125.220.0/23 maxlen: 23
45.125.220.0/24 maxlen: 24
45.125.221.0/24 maxlen: 24
45.125.222.0/23 maxlen: 23
45.125.222.0/24 maxlen: 24
45.125.223.0/24 maxlen: 24
103.239.252.0/22 maxlen: 22
103.239.252.0/22 maxlen: 24
103.239.252.0/24 maxlen: 24
103.239.252.0/25 maxlen: 25
103.239.252.128/25 maxlen: 25
103.239.253.0/24 maxlen: 24
103.239.253.0/25 maxlen: 25
103.239.253.128/25 maxlen: 25
103.239.254.0/24 maxlen: 24
103.239.254.0/25 maxlen: 25
103.239.254.128/25 maxlen: 25
103.239.255.0/24 maxlen: 24
103.239.255.0/25 maxlen: 25
103.239.255.128/25 maxlen: 25
2404:4580::/32 maxlen: 32
2404:4580::/48 maxlen: 48
2404:4580:1::/48 maxlen: 48
2404:4580:2::/48 maxlen: 48
2404:4580:3::/48 maxlen: 48
2404:4580:4::/48 maxlen: 48
2404:4580:5::/48 maxlen: 48
2404:4580:6::/48 maxlen: 48
2404:4580:7::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.crl
rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 15 Sep 2025 16:09:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7445 (0x1d15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914A140, serialNumber=05020FBF1020FD63BE57DA1B9704B0AA8103444A
Validity
Not Before: Sep 4 16:25:09 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68b9bd65-09aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:35:98:9f:f0:36:d1:13:4e:a6:81:72:9f:51:
be:7f:19:4e:39:53:aa:28:e2:9d:89:54:46:02:96:
e7:c1:42:ba:03:1d:15:99:9c:b5:11:93:2b:59:80:
05:c8:7e:04:fb:18:10:bc:36:3f:4d:0a:dd:e7:e2:
3a:83:60:15:2d:7a:1a:a1:49:af:c2:a2:b6:5d:03:
4d:3d:11:c7:3a:0c:12:a5:a0:f1:42:89:c8:4b:e9:
d9:86:36:8b:ae:bb:37:5e:59:f7:e2:f7:fd:ce:6c:
a2:65:3e:d8:2c:7e:4e:97:ec:f6:be:12:59:1b:da:
4d:fa:e9:0b:87:9a:e2:6a:61:e6:32:01:bd:6a:94:
46:21:fd:7e:ea:28:68:67:48:da:65:1a:18:14:46:
61:e6:75:f6:2f:e2:44:4a:66:3c:b3:d0:9a:12:28:
e7:2b:04:f7:78:0a:a6:cb:1a:ad:a4:6f:d5:d1:c5:
45:a9:ec:28:76:2c:c3:fb:32:16:a6:4d:bb:d1:a3:
52:7a:8e:66:9a:b9:9b:bd:ab:2e:0e:f1:16:82:71:
7d:75:70:6e:4e:73:8c:9f:c3:11:3d:cc:7c:50:60:
03:c7:04:09:b5:e5:3b:92:02:0d:4b:2e:dc:40:d2:
c3:26:e8:5b:e9:6c:c0:c6:16:9c:f1:4b:fd:31:65:
19:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:49:56:EF:3D:94:0B:F7:FD:AA:05:87:42:DF:05:39:79:D2:B3:CE
X509v3 Authority Key Identifier:
keyid:05:02:0F:BF:10:20:FD:63:BE:57:DA:1B:97:04:B0:AA:81:03:44:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.125.220.0/22
103.239.252.0/22
IPv6:
2404:4580::/32
Signature Algorithm: sha256WithRSAEncryption
72:81:ca:59:19:c9:ac:1b:72:c5:53:ef:b1:65:b0:19:9d:fe:
e1:12:66:0c:e6:63:fa:0e:44:3d:ab:6f:75:c7:70:55:42:e5:
e8:bf:31:46:7c:33:5b:1e:ee:6b:c4:ad:90:3f:b6:03:8b:d6:
37:b8:00:ed:44:3b:d3:ee:ac:24:fc:70:bf:2d:6f:22:d6:20:
15:d2:34:23:d3:97:91:af:f3:45:e5:16:c0:b4:31:4f:fe:3f:
b1:ca:aa:de:02:5b:33:7e:1e:a5:32:13:d6:69:68:59:df:81:
7a:52:d4:f4:7d:56:17:ca:51:1b:ed:5c:ab:2f:ff:52:15:06:
d5:8d:88:d6:10:6e:2d:29:a8:6a:61:fa:1c:7b:ec:36:c9:2a:
47:c3:c3:59:5f:27:bd:e9:38:43:3a:03:62:4b:25:d8:eb:7e:
4f:e9:5b:95:72:96:54:0f:b2:31:b6:52:fe:1b:1b:ae:7d:9c:
ff:89:30:41:74:f9:77:03:34:27:f7:a0:c3:1b:90:c1:be:0f:
cf:b2:2c:b0:2b:8a:93:f3:55:78:a0:41:fa:19:2b:4b:30:a7:
10:8d:ee:98:b6:17:d1:a8:98:c2:ac:35:49:40:31:9f:c8:01:
94:7c:fa:4a:2a:79:a9:85:77:22:37:f6:cb:92:5c:da:fc:32:
a9:00:c7:f1
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICHRUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEExNDAxMTAvBgNVBAUTKDA1MDIwRkJGMTAyMEZENjNCRTU3REExQjk3MDRCMEFB
ODEwMzQ0NEEwHhcNMjUwOTA0MTYyNTA5WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI5YmQ2NS0wOWFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2jWYn/A20RNOpoFyn1G+fxlOOVOqKOKdiVRGApbnwUK6Ax0VmZy1EZMrWYAF
yH4E+xgQvDY/TQrd5+I6g2AVLXoaoUmvwqK2XQNNPRHHOgwSpaDxQonIS+nZhjaL
rrs3Xln34vf9zmyiZT7YLH5Ol+z2vhJZG9pN+ukLh5riamHmMgG9apRGIf1+6iho
Z0jaZRoYFEZh5nX2L+JESmY8s9CaEijnKwT3eAqmyxqtpG/V0cVFqewodizD+zIW
pk270aNSeo5mmrmbvasuDvEWgnF9dXBuTnOMn8MRPcx8UGADxwQJteU7kgINSy7c
QNLDJuhb6WzAxhac8Uv9MWUZDwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFFFJVu89
lAv3/aoFh0LfBTl50rPOMB8GA1UdIwQYMBaAFAUCD78QIP1jvlfaG5cEsKqBA0RK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTE0MC9DQzFEQ0NFOEM3
NzQxMUU2OTgxNkIwNjhDNEY5QUUwMi9CUUlQdnhBZ19XTy1WOW9ibHdTd3FvRURS
RW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JRSVB2eEFnX1dPLVY5b2Jsd1N3cW9FRFJFby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEExNDAvQ0MxRENDRThDNzc0MTFFNjk4MTZCMDY4QzRGOUFFMDIvOEU2NTJBN0FD
Nzc2MTFFNjhCMUNERTZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAItfdwDBAJn7/wwDQQCAAIwBwMFACQERYAwDQYJKoZIhvcN
AQELBQADggEBAHKBylkZyawbcsVT77FlsBmd/uESZgzmY/oORD2rb3XHcFVC5ei/
MUZ8M1se7mvErZA/tgOL1je4AO1EO9PurCT8cL8tbyLWIBXSNCPTl5Gv80XlFsC0
MU/+P7HKqt4CWzN+HqUyE9ZpaFnfgXpS1PR9VhfKURvtXKsv/1IVBtWNiNYQbi0p
qGph+hx77DbJKkfDw1lfJ73pOEM6A2JLJdjrfk/pW5VyllQPsjG2Uv4bG659nP+J
MEF0+XcDNCf3oMMbkMG+D8+yLLAripPzVXigQfoZK0swpxCN7pi2F9GomMKsNUlA
MZ/IAZR8+koqeamFdyI39suSXNr8MqkAx/E=
-----END CERTIFICATE-----
Generated at Tue Sep 9 07:35:27 2025 by rpki-client