Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
File: 4DFBA2EA066011EEA5F59657C4F9AE02.roa (raw, json)
Hash identifier: APuEYDobiTkr+yjV+CCWI8xd4BdBtVmmm5ve6mCT6Qw=
Subject key identifier: F6:63:47:2A:C1:2A:F6:67:1F:5C:97:91:C9:FC:29:E8:34:0F:2D:2D
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1F73
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
Signing time: Sat 30 Aug 2025 16:35:37 +0000
ROA not before: Sat 30 Aug 2025 16:35:37 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 38283
IP address blocks: 125.64.0.0/24 maxlen: 24
125.64.1.0/24 maxlen: 24
125.64.2.0/24 maxlen: 24
125.64.3.0/24 maxlen: 24
125.64.4.0/24 maxlen: 24
125.64.5.0/24 maxlen: 24
125.64.6.0/24 maxlen: 24
125.64.8.0/24 maxlen: 24
125.64.9.0/24 maxlen: 24
125.64.10.0/24 maxlen: 24
125.64.11.0/24 maxlen: 24
125.64.12.0/24 maxlen: 24
125.64.13.0/24 maxlen: 24
125.64.14.0/24 maxlen: 24
125.64.15.0/24 maxlen: 24
125.64.16.0/24 maxlen: 24
125.64.17.0/24 maxlen: 24
125.64.18.0/24 maxlen: 24
125.64.19.0/24 maxlen: 24
125.64.20.0/24 maxlen: 24
125.64.21.0/24 maxlen: 24
125.64.23.0/24 maxlen: 24
125.64.24.0/24 maxlen: 24
125.64.25.0/24 maxlen: 24
125.64.26.0/24 maxlen: 24
125.64.27.0/24 maxlen: 24
125.64.28.0/24 maxlen: 24
125.64.29.0/24 maxlen: 24
125.64.30.0/23 maxlen: 23
125.64.40.0/24 maxlen: 24
125.64.41.0/24 maxlen: 24
125.64.43.0/24 maxlen: 24
125.64.92.0/24 maxlen: 24
125.64.93.0/24 maxlen: 24
125.64.94.0/24 maxlen: 24
125.64.95.0/24 maxlen: 24
125.64.96.0/24 maxlen: 24
125.64.97.0/24 maxlen: 24
125.64.98.0/24 maxlen: 24
125.64.99.0/24 maxlen: 24
125.64.100.0/24 maxlen: 24
125.64.101.0/24 maxlen: 24
125.64.102.0/24 maxlen: 24
125.64.103.0/24 maxlen: 24
125.64.128.0/20 maxlen: 20
125.64.144.0/22 maxlen: 22
125.65.46.0/24 maxlen: 24
125.65.114.0/24 maxlen: 24
125.65.134.0/24 maxlen: 24
125.65.135.0/24 maxlen: 24
125.65.153.0/24 maxlen: 24
125.65.154.0/24 maxlen: 24
125.65.216.0/22 maxlen: 22
125.65.245.0/24 maxlen: 24
125.65.247.0/24 maxlen: 24
125.67.234.0/24 maxlen: 24
125.67.235.0/24 maxlen: 24
202.98.123.0/24 maxlen: 24
218.6.168.0/24 maxlen: 24
218.6.169.0/24 maxlen: 24
218.6.170.0/24 maxlen: 24
218.6.171.0/24 maxlen: 24
218.6.172.0/24 maxlen: 24
218.6.173.0/24 maxlen: 24
218.6.174.0/24 maxlen: 24
218.6.175.0/24 maxlen: 24
218.6.196.0/24 maxlen: 24
218.6.197.0/24 maxlen: 24
218.6.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Sep 2025 16:21:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8051 (0x1f73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Aug 30 16:35:37 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68b32859-34ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3e:e7:9f:a8:58:58:05:12:7b:59:74:33:ad:
11:00:78:cf:21:55:f4:92:80:1a:50:30:37:34:eb:
be:38:ac:d3:8a:74:76:84:5e:1e:9f:c4:4d:41:cb:
ee:65:5d:5a:24:11:fd:98:d0:9c:47:21:ed:a8:25:
71:e3:29:15:4e:03:5d:ae:56:95:43:2f:6e:54:82:
1b:ed:77:06:85:6a:8d:22:89:1b:b1:68:c6:a8:01:
c5:8a:95:11:c2:46:e8:ae:77:22:f3:7e:ba:aa:48:
ad:47:13:dd:d2:4e:fa:34:77:dc:70:7f:af:18:b9:
1b:63:db:b0:c7:3a:57:2e:0b:e7:ca:f4:88:b1:0c:
32:ac:57:ef:f6:a1:fa:75:1e:7e:68:25:f4:0f:28:
98:95:53:bf:51:68:b2:29:25:51:ad:c9:03:80:79:
ce:b4:c2:ea:4f:6f:f7:b7:da:d0:be:30:e9:4c:21:
fd:4d:a1:d7:39:87:cb:54:13:4e:02:86:71:87:12:
00:ba:c4:21:f3:cb:c0:27:dd:a6:a3:91:1f:d9:7a:
00:60:21:f7:db:fa:e1:44:51:54:89:d6:7f:8c:33:
0c:84:e2:73:a3:e6:35:c6:94:46:7a:5d:e7:26:db:
23:b4:3c:30:fc:17:54:1d:c3:6b:18:f4:3d:3e:29:
a9:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:63:47:2A:C1:2A:F6:67:1F:5C:97:91:C9:FC:29:E8:34:0F:2D:2D
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
125.64.0.0-125.64.6.255
125.64.8.0-125.64.21.255
125.64.23.0-125.64.31.255
125.64.40.0/23
125.64.43.0/24
125.64.92.0-125.64.103.255
125.64.128.0-125.64.147.255
125.65.46.0/24
125.65.114.0/24
125.65.134.0/23
125.65.153.0-125.65.154.255
125.65.216.0/22
125.65.245.0/24
125.65.247.0/24
125.67.234.0/23
202.98.123.0/24
218.6.168.0/21
218.6.196.0-218.6.198.255
Signature Algorithm: sha256WithRSAEncryption
6f:33:ad:00:7a:4b:67:f9:e2:66:82:7d:83:a6:fa:c7:3d:e5:
72:4b:52:12:b2:04:63:37:1b:1f:bd:4d:b8:6e:6d:94:14:7e:
f7:25:62:28:35:ce:55:fb:42:b6:5a:fc:eb:34:45:57:5e:4e:
ee:35:fc:07:de:39:96:79:11:61:c9:26:46:4d:ec:ab:a5:fb:
2e:20:d2:c2:a8:d5:1f:b4:3d:9d:42:38:62:80:ed:22:64:08:
da:83:2d:31:a1:e8:33:b6:97:57:e2:e1:cd:0a:9b:3a:24:60:
07:e5:96:ad:59:84:1c:bf:be:3b:63:d5:00:8f:b6:80:0c:21:
04:d8:cc:78:76:08:c7:ee:19:59:b8:2e:58:e2:34:c8:a3:e5:
42:69:81:8c:40:79:88:47:83:64:dd:8b:2b:d9:9a:27:4d:0e:
40:e0:8c:e7:44:5b:91:e3:db:5d:6a:ad:4a:d0:0f:b5:06:a0:
05:cc:10:18:c5:05:02:5e:9e:9c:bd:94:00:c5:16:c6:fa:82:
fd:fb:b6:e3:69:fd:4d:04:8d:15:41:c6:a0:aa:d5:08:bb:f5:
ab:fb:71:f5:6d:87:cf:21:ad:09:14:3a:2f:57:0f:26:3a:b2:
4d:6b:5b:28:9a:93:7e:77:f6:f8:de:40:6e:61:4c:8f:0e:9c:
47:ba:ca:b5
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgICH3MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTM3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg1OS0zNGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuz7nn6hYWAUSe1l0M60RAHjPIVX0koAaUDA3NOu+OKzTinR2hF4en8RNQcvu
ZV1aJBH9mNCcRyHtqCVx4ykVTgNdrlaVQy9uVIIb7XcGhWqNIokbsWjGqAHFipUR
wkbornci8366qkitRxPd0k76NHfccH+vGLkbY9uwxzpXLgvnyvSIsQwyrFfv9qH6
dR5+aCX0DyiYlVO/UWiyKSVRrckDgHnOtMLqT2/3t9rQvjDpTCH9TaHXOYfLVBNO
AoZxhxIAusQh88vAJ92mo5Ef2XoAYCH32/rhRFFUidZ/jDMMhOJzo+Y1xpRGel3n
JtsjtDww/BdUHcNrGPQ9PimpjQIDAQABo4IDNzCCAzMwHQYDVR0OBBYEFPZjRyrB
KvZnH1yXkcn8Keg0Dy0tMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNERGQkEyRUEw
NjYwMTFFRUE1RjU5NjU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgcAGCCsGAQUFBwEHAQH/
BIGwMIGtMIGqBAIAATCBozALAwMGfUADBAB9QAYwDAMEA31ACAMEAX1AFDAMAwQA
fUAXAwQFfUAAAwQBfUAoAwQAfUArMAwDBAJ9QFwDBAN9QGAwDAMEB31AgAMEAn1A
kAMEAH1BLgMEAH1BcgMEAX1BhjAMAwQAfUGZAwQAfUGaAwQCfUHYAwQAfUH1AwQA
fUH3AwQBfUPqAwQAymJ7AwQD2gaoMAwDBALaBsQDBADaBsYwDQYJKoZIhvcNAQEL
BQADggEBAG8zrQB6S2f54maCfYOm+sc95XJLUhKyBGM3Gx+9TbhubZQUfvclYig1
zlX7QrZa/Os0RVdeTu41/AfeOZZ5EWHJJkZN7Kul+y4g0sKo1R+0PZ1COGKA7SJk
CNqDLTGh6DO2l1fi4c0KmzokYAfllq1ZhBy/vjtj1QCPtoAMIQTYzHh2CMfuGVm4
LljiNMij5UJpgYxAeYhHg2TdiyvZmidNDkDgjOdEW5Hj211qrUrQD7UGoAXMEBjF
BQJenpy9lADFFsb6gv37tuNp/U0EjRVBxqCq1Qi79av7cfVth88hrQkUOi9XDyY6
sk1rWyiak3539vjeQG5hTI8OnEe6yrU=
-----END CERTIFICATE-----
Generated at Sat Sep 6 20:24:47 2025 by rpki-client