Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
File: B80AFEB204D311E9A6452047C4F9AE02.roa (raw, json)
Hash identifier: hL2Zdvxv4XI+3HFMfaS+1/ZokoAN1ShisW4m73K9Neo=
Subject key identifier: 74:48:36:91:32:EA:AA:C9:12:9B:67:49:D2:B8:4E:B7:83:A5:B4:0C
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1F7A
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
Signing time: Sat 30 Aug 2025 16:35:43 +0000
ROA not before: Sat 30 Aug 2025 16:35:43 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 4816
IP address blocks: 121.11.96.0/20 maxlen: 20
121.11.112.0/21 maxlen: 21
121.12.80.0/21 maxlen: 21
121.14.72.0/21 maxlen: 21
121.14.80.0/21 maxlen: 21
121.14.88.0/21 maxlen: 21
121.14.96.0/21 maxlen: 21
121.14.104.0/21 maxlen: 21
121.14.112.0/21 maxlen: 21
121.14.120.0/21 maxlen: 21
121.35.254.0/24 maxlen: 24
125.91.16.0/20 maxlen: 20
125.91.32.0/19 maxlen: 19
125.91.64.0/19 maxlen: 19
125.91.104.0/21 maxlen: 21
125.91.112.0/20 maxlen: 20
125.91.128.0/21 maxlen: 21
125.91.136.0/22 maxlen: 22
125.91.140.0/23 maxlen: 23
202.104.128.0/24 maxlen: 24
202.104.139.0/24 maxlen: 24
218.18.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 15 Sep 2025 16:18:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8058 (0x1f7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Aug 30 16:35:43 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68b3285f-557e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:24:a7:3d:d5:eb:5b:d5:df:a7:db:be:b8:43:
a6:aa:e6:89:26:5f:f1:70:7f:72:ed:76:7d:a3:68:
26:df:cd:c0:f1:6d:7f:ed:6f:c4:98:ef:0f:c7:10:
56:11:01:8a:07:78:02:3d:da:d9:59:3b:4c:43:85:
c7:2f:f1:6e:9f:de:3d:36:8d:8b:14:86:88:42:a0:
37:f9:0a:9a:ee:b8:50:3c:56:de:ff:e2:13:b0:12:
93:fc:b2:38:59:91:97:d5:79:ad:e1:45:a1:d3:37:
38:6c:1a:d7:55:69:56:fc:47:37:f5:fd:59:7d:de:
14:8e:b1:a1:9e:6d:50:ce:09:52:3d:7d:83:04:15:
1f:db:c6:36:b1:ea:2c:0e:4c:4a:94:59:7b:41:73:
05:93:de:1a:07:d0:fe:40:a6:51:fc:ed:67:6c:f5:
15:b1:76:ff:35:11:36:e9:29:22:7c:7e:c1:49:12:
b8:e5:9e:13:d1:46:5d:5b:4a:82:0e:35:b8:42:2b:
ae:ff:d9:dc:ef:41:c1:a7:15:d2:46:ef:51:20:73:
6e:6a:72:12:8a:70:50:61:3d:ff:d3:ca:ee:0b:d8:
09:5d:24:2e:bb:03:9f:c2:2d:b0:b3:9c:07:86:2d:
44:0a:f5:2e:96:6a:cb:cd:17:13:f9:73:2b:32:e7:
4a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:48:36:91:32:EA:AA:C9:12:9B:67:49:D2:B8:4E:B7:83:A5:B4:0C
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
121.11.96.0-121.11.119.255
121.12.80.0/21
121.14.72.0-121.14.127.255
121.35.254.0/24
125.91.16.0-125.91.95.255
125.91.104.0-125.91.141.255
202.104.128.0/24
202.104.139.0/24
218.18.95.0/24
Signature Algorithm: sha256WithRSAEncryption
bd:a0:ed:18:18:52:45:7c:76:d3:32:84:fc:80:e4:04:a3:88:
c2:b0:00:48:2f:dd:5b:f0:ea:80:b9:a5:b2:e3:16:41:ec:7d:
fc:a2:47:02:6b:25:7b:d0:04:23:40:a3:18:1d:89:9d:13:a9:
fc:ce:ae:27:c5:0e:f0:2d:8b:1e:67:76:98:f4:0b:c7:d9:6a:
4c:68:02:64:4c:80:4d:56:3b:6e:7a:15:02:0d:81:1f:26:ec:
6f:05:72:bf:23:0c:ce:b6:29:8b:d8:92:d1:c1:5c:17:18:87:
db:10:cb:32:d1:9b:fa:ef:a3:88:54:a0:7c:3f:85:21:a5:2c:
51:e7:40:0d:f8:d9:34:c7:53:68:77:c9:37:06:d0:f9:96:dd:
52:22:6c:86:47:fa:56:6a:b3:ad:33:f4:90:77:47:1c:60:46:
29:20:cd:b2:c6:98:e0:03:43:de:5b:22:a8:e8:b8:ef:68:5d:
b6:9e:12:0f:38:40:9e:e1:eb:dc:e2:e6:a7:fb:05:21:6a:89:
9e:b6:cf:bf:ab:5b:eb:b5:e0:7f:59:8a:a0:75:4c:08:bf:9d:
be:53:bd:a4:6e:e9:f4:93:8f:cd:2c:d5:c3:df:cd:46:08:93:
8b:94:a7:78:61:17:ad:3c:88:46:72:ee:26:d2:ec:af:3d:9e:
5d:ac:8e:48
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICH3owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTQzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg1Zi01NTdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1SSnPdXrW9Xfp9u+uEOmquaJJl/xcH9y7XZ9o2gm383A8W1/7W/EmO8PxxBW
EQGKB3gCPdrZWTtMQ4XHL/Fun949No2LFIaIQqA3+Qqa7rhQPFbe/+ITsBKT/LI4
WZGX1Xmt4UWh0zc4bBrXVWlW/Ec39f1Zfd4UjrGhnm1QzglSPX2DBBUf28Y2seos
DkxKlFl7QXMFk94aB9D+QKZR/O1nbPUVsXb/NRE26SkifH7BSRK45Z4T0UZdW0qC
DjW4Qiuu/9nc70HBpxXSRu9RIHNuanISinBQYT3/08ruC9gJXSQuuwOfwi2ws5wH
hi1ECvUulmrLzRcT+XMrMudKhwIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFHRINpEy
6qrJEptnSdK4TreDpbQMMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQjgwQUZFQjIw
NEQzMTFFOUE2NDUyMDQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMFwEAgABMFYwDAMEBXkLYAMEA3kLcAMEA3kMUDAMAwQDeQ5IAwQHeQ4AAwQA
eSP+MAwDBAR9WxADBAV9W0AwDAMEA31baAMEAX1bjAMEAMpogAMEAMpoiwMEANoS
XzANBgkqhkiG9w0BAQsFAAOCAQEAvaDtGBhSRXx20zKE/IDkBKOIwrAASC/dW/Dq
gLmlsuMWQex9/KJHAmsle9AEI0CjGB2JnROp/M6uJ8UO8C2LHmd2mPQLx9lqTGgC
ZEyATVY7bnoVAg2BHybsbwVyvyMMzrYpi9iS0cFcFxiH2xDLMtGb+u+jiFSgfD+F
IaUsUedADfjZNMdTaHfJNwbQ+ZbdUiJshkf6VmqzrTP0kHdHHGBGKSDNssaY4AND
3lsiqOi472hdtp4SDzhAnuHr3OLmp/sFIWqJnrbPv6tb67Xgf1mKoHVMCL+dvlO9
pG7p9JOPzSzVw9/NRgiTi5SneGEXrTyIRnLuJtLsrz2eXayOSA==
-----END CERTIFICATE-----
Generated at Tue Sep 9 07:35:29 2025 by rpki-client