Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
File: 4DFBA2EA066011EEA5F59657C4F9AE02.roa (raw, json)
Hash identifier: J7K8nJUSVfDL7R8ZXyL+8xKpywBITJHU9Sx5J/Tg9YM=
Subject key identifier: B9:70:76:14:73:91:72:48:86:4E:17:28:B7:78:E1:3F:65:5E:A8:CB
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 2043
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
Signing time: Sun 01 Mar 2026 19:12:42 +0000
ROA not before: Sat 30 Aug 2025 16:35:37 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 38283
IP address blocks: 125.64.0.0/24 maxlen: 24
125.64.1.0/24 maxlen: 24
125.64.2.0/24 maxlen: 24
125.64.3.0/24 maxlen: 24
125.64.4.0/24 maxlen: 24
125.64.5.0/24 maxlen: 24
125.64.6.0/24 maxlen: 24
125.64.8.0/24 maxlen: 24
125.64.9.0/24 maxlen: 24
125.64.10.0/24 maxlen: 24
125.64.11.0/24 maxlen: 24
125.64.12.0/24 maxlen: 24
125.64.13.0/24 maxlen: 24
125.64.14.0/24 maxlen: 24
125.64.15.0/24 maxlen: 24
125.64.16.0/24 maxlen: 24
125.64.17.0/24 maxlen: 24
125.64.18.0/24 maxlen: 24
125.64.19.0/24 maxlen: 24
125.64.20.0/24 maxlen: 24
125.64.21.0/24 maxlen: 24
125.64.23.0/24 maxlen: 24
125.64.24.0/24 maxlen: 24
125.64.25.0/24 maxlen: 24
125.64.26.0/24 maxlen: 24
125.64.27.0/24 maxlen: 24
125.64.28.0/24 maxlen: 24
125.64.29.0/24 maxlen: 24
125.64.30.0/23 maxlen: 23
125.64.40.0/24 maxlen: 24
125.64.41.0/24 maxlen: 24
125.64.43.0/24 maxlen: 24
125.64.92.0/24 maxlen: 24
125.64.93.0/24 maxlen: 24
125.64.94.0/24 maxlen: 24
125.64.95.0/24 maxlen: 24
125.64.96.0/24 maxlen: 24
125.64.97.0/24 maxlen: 24
125.64.98.0/24 maxlen: 24
125.64.99.0/24 maxlen: 24
125.64.100.0/24 maxlen: 24
125.64.101.0/24 maxlen: 24
125.64.102.0/24 maxlen: 24
125.64.103.0/24 maxlen: 24
125.64.128.0/20 maxlen: 20
125.64.144.0/22 maxlen: 22
125.65.46.0/24 maxlen: 24
125.65.114.0/24 maxlen: 24
125.65.134.0/24 maxlen: 24
125.65.135.0/24 maxlen: 24
125.65.153.0/24 maxlen: 24
125.65.154.0/24 maxlen: 24
125.65.216.0/22 maxlen: 22
125.65.245.0/24 maxlen: 24
125.65.247.0/24 maxlen: 24
125.67.234.0/24 maxlen: 24
125.67.235.0/24 maxlen: 24
202.98.123.0/24 maxlen: 24
218.6.168.0/24 maxlen: 24
218.6.169.0/24 maxlen: 24
218.6.170.0/24 maxlen: 24
218.6.171.0/24 maxlen: 24
218.6.172.0/24 maxlen: 24
218.6.173.0/24 maxlen: 24
218.6.174.0/24 maxlen: 24
218.6.175.0/24 maxlen: 24
218.6.196.0/24 maxlen: 24
218.6.197.0/24 maxlen: 24
218.6.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 19 Mar 2026 16:09:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8259 (0x2043)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Aug 30 16:35:37 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a48faa-cad9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:5b:13:be:8b:24:63:59:c8:1a:73:9b:73:73:
6f:f7:50:e9:94:a1:45:3a:bc:f8:ed:7c:0c:b8:2e:
02:82:22:94:f3:3a:92:cc:bb:51:a2:5f:ea:76:b7:
31:92:fb:b4:44:35:c5:fe:04:ee:26:5b:e3:64:ee:
8f:7f:ff:dd:df:50:ce:e5:9f:25:64:33:49:64:ee:
a3:0b:1c:3d:bb:dc:fb:a0:4a:cf:39:d7:cc:78:2f:
e4:0b:37:6a:75:ca:9e:73:23:5f:a2:a3:d7:fb:a0:
71:e9:dd:99:35:88:ec:df:20:8b:4d:07:68:35:41:
c9:48:1e:eb:04:92:60:9d:1b:31:4d:74:62:23:b0:
85:55:82:fe:a5:e0:f7:64:c7:84:8a:58:40:93:44:
a5:f2:5f:5e:be:83:0b:a4:52:8e:2b:02:ce:d3:4c:
1e:a7:05:f8:42:4b:e6:c6:de:05:49:0d:72:f2:5e:
26:16:b1:93:8d:b2:7a:30:fb:fe:4a:df:6d:dd:94:
68:48:41:2c:93:81:25:c2:42:f2:e4:31:63:ac:50:
17:a3:26:69:e3:55:e5:d3:dc:f1:44:a4:e8:57:6a:
9d:7e:8b:6c:5f:5f:83:95:34:96:66:ec:d0:bc:53:
bf:ef:2b:4e:84:44:14:ec:8b:04:ba:be:9e:08:b6:
f2:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:70:76:14:73:91:72:48:86:4E:17:28:B7:78:E1:3F:65:5E:A8:CB
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
125.64.0.0-125.64.6.255
125.64.8.0-125.64.21.255
125.64.23.0-125.64.31.255
125.64.40.0/23
125.64.43.0/24
125.64.92.0-125.64.103.255
125.64.128.0-125.64.147.255
125.65.46.0/24
125.65.114.0/24
125.65.134.0/23
125.65.153.0-125.65.154.255
125.65.216.0/22
125.65.245.0/24
125.65.247.0/24
125.67.234.0/23
202.98.123.0/24
218.6.168.0/21
218.6.196.0-218.6.198.255
Signature Algorithm: sha256WithRSAEncryption
bc:d4:bb:83:e9:84:7a:4a:2f:9f:39:8a:be:ca:ae:fd:2a:07:
d9:13:c5:5e:99:a0:82:5e:50:37:a4:71:bc:06:ae:34:a7:7f:
af:5a:d8:27:1b:1e:9b:2d:ec:3a:3c:db:a7:be:a6:1f:27:73:
5b:ed:45:68:72:a0:33:ac:2f:3b:45:b0:68:56:fe:3b:f8:32:
94:3e:d9:df:7c:87:90:a3:90:ca:c1:3f:0e:52:5f:e3:08:b2:
51:95:9a:96:c3:17:b6:69:a6:1d:c5:46:b1:58:27:4f:0c:ce:
1e:4b:ff:ed:1c:fd:9b:7f:6f:88:ee:98:7e:8e:3d:74:3a:37:
c9:08:da:37:98:89:9e:6c:da:97:c7:54:0c:03:d0:74:6a:17:
cf:e4:e3:7e:49:0c:35:d4:ac:c8:17:65:dd:51:aa:f0:56:9d:
2e:8f:e6:7f:79:a3:65:bd:20:01:b8:f5:f2:18:bf:9c:9e:bf:
c6:0b:ab:e2:8c:77:54:c6:c7:c8:cc:1d:92:f9:e9:f9:46:34:
ed:b1:8f:32:cc:cb:bd:96:5e:e9:5b:9c:5e:c7:75:a5:f7:4d:
90:8f:f4:d3:86:07:ef:0c:62:4c:10:d4:ae:b9:8e:be:b7:63:
a4:4b:6d:c9:dd:c6:52:a0:c7:57:14:7e:de:34:6e:f8:9d:18:
0f:24:f1:ef
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgICIEMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTM3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0OGZhYS1jYWQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuVsTvoskY1nIGnObc3Nv91DplKFFOrz47XwMuC4CgiKU8zqSzLtRol/qdrcx
kvu0RDXF/gTuJlvjZO6Pf//d31DO5Z8lZDNJZO6jCxw9u9z7oErPOdfMeC/kCzdq
dcqecyNfoqPX+6Bx6d2ZNYjs3yCLTQdoNUHJSB7rBJJgnRsxTXRiI7CFVYL+peD3
ZMeEilhAk0Sl8l9evoMLpFKOKwLO00wepwX4Qkvmxt4FSQ1y8l4mFrGTjbJ6MPv+
St9t3ZRoSEEsk4ElwkLy5DFjrFAXoyZp41Xl09zxRKToV2qdfotsX1+DlTSWZuzQ
vFO/7ytOhEQU7IsEur6eCLbyHQIDAQABo4IDAjCCAv4wHQYDVR0OBBYEFLlwdhRz
kXJIhk4XKLd44T9lXqjLMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNERGQkEyRUEw
NjYwMTFFRUE1RjU5NjU3QzRGOUFFMDIucm9hMIHABggrBgEFBQcBBwEB/wSBsDCB
rTCBqgQCAAEwgaMwCwMDBn1AAwQAfUAGMAwDBAN9QAgDBAF9QBQwDAMEAH1AFwME
BX1AAAMEAX1AKAMEAH1AKzAMAwQCfUBcAwQDfUBgMAwDBAd9QIADBAJ9QJADBAB9
QS4DBAB9QXIDBAF9QYYwDAMEAH1BmQMEAH1BmgMEAn1B2AMEAH1B9QMEAH1B9wME
AX1D6gMEAMpiewMEA9oGqDAMAwQC2gbEAwQA2gbGMA0GCSqGSIb3DQEBCwUAA4IB
AQC81LuD6YR6Si+fOYq+yq79KgfZE8VemaCCXlA3pHG8Bq40p3+vWtgnGx6bLew6
PNunvqYfJ3Nb7UVocqAzrC87RbBoVv47+DKUPtnffIeQo5DKwT8OUl/jCLJRlZqW
wxe2aaYdxUaxWCdPDM4eS//tHP2bf2+I7ph+jj10OjfJCNo3mImebNqXx1QMA9B0
ahfP5ON+SQw11KzIF2XdUarwVp0uj+Z/eaNlvSABuPXyGL+cnr/GC6vijHdUxsfI
zB2S+en5RjTtsY8yzMu9ll7pW5xex3Wl902Qj/TThgfvDGJMENSuuY6+t2OkS23J
3cZSoMdXFH7eNG74nRgPJPHv
-----END CERTIFICATE-----
Generated at Thu Mar 12 22:48:12 2026 by rpki-client