Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
File: CBAFF664136B11EFB53F2683C4F9AE02.roa (raw, json)
Hash identifier: IwC5LKAchJpvbQWM8/1J11MaLQt7r+hfsUvSRDAl+iw=
Subject key identifier: 21:E4:F0:EC:10:FB:9A:4E:CC:3C:5F:79:55:65:49:C6:81:EF:08:DB
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1F82
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
Signing time: Sat 30 Aug 2025 16:35:50 +0000
ROA not before: Sat 30 Aug 2025 16:35:50 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 58777
IP address blocks: 202.67.0.0/22 maxlen: 24
202.73.128.0/22 maxlen: 24
202.191.72.0/21 maxlen: 24
203.33.67.0/24 maxlen: 24
203.33.68.0/24 maxlen: 24
203.33.73.0/24 maxlen: 24
203.33.79.0/24 maxlen: 24
203.33.100.0/24 maxlen: 24
203.33.122.0/24 maxlen: 24
203.33.129.0/24 maxlen: 24
203.33.131.0/24 maxlen: 24
240e:108:4040::/48 maxlen: 48
240e:108:4047::/48 maxlen: 48
240e:108:4060::/48 maxlen: 48
240e:108:4360::/48 maxlen: 48
240e:108:4820::/48 maxlen: 48
240e:108:4840::/48 maxlen: 48
240e:108:4847::/48 maxlen: 48
240e:108:4860::/48 maxlen: 48
240e:108:4b60::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Sep 2025 16:21:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8066 (0x1f82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Aug 30 16:35:50 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68b32866-f32a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:37:e9:a3:52:82:34:e6:fb:dc:b7:2f:d9:c9:
67:8c:cc:05:fb:03:5d:9e:27:8f:ed:b2:68:53:c9:
a1:30:19:fb:c1:51:49:de:02:28:b2:c2:7d:b3:80:
50:b1:ea:b6:80:64:54:1a:fc:22:9f:40:7f:89:5c:
b3:79:16:e1:d1:02:69:4a:ca:63:1c:13:72:d5:e3:
4a:96:64:8d:a2:8c:c7:f0:92:57:07:4f:a7:cd:ce:
fa:70:6b:49:6e:a2:0b:c1:bd:46:0c:cd:8b:43:a1:
5d:90:ea:c0:0e:55:43:e2:80:a3:44:b9:6a:44:96:
a6:dd:c4:18:63:c3:34:c0:f3:5f:07:15:a0:c8:bb:
ec:a8:54:38:ca:ec:f5:ab:15:ce:de:3f:a1:77:cd:
80:11:b5:ea:1f:ea:00:97:83:f8:d1:7c:98:d1:58:
07:c1:0f:29:60:bd:94:68:51:57:9e:89:ec:50:ae:
9f:02:17:5e:79:2a:21:be:dc:93:60:d8:35:54:c4:
94:af:f2:f9:12:de:20:25:60:b5:4f:29:05:8e:f4:
e7:98:27:55:c4:53:53:0c:19:35:a2:66:3c:e0:fe:
bc:33:c1:7e:ae:bb:47:4a:41:53:9b:b0:ee:cd:ed:
e8:d1:e6:4c:b5:44:cb:f6:93:d9:c3:93:bc:69:77:
63:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:E4:F0:EC:10:FB:9A:4E:CC:3C:5F:79:55:65:49:C6:81:EF:08:DB
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/CBAFF664136B11EFB53F2683C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.67.0.0/22
202.73.128.0/22
202.191.72.0/21
203.33.67.0-203.33.68.255
203.33.73.0/24
203.33.79.0/24
203.33.100.0/24
203.33.122.0/24
203.33.129.0/24
203.33.131.0/24
IPv6:
240e:108:4040::/48
240e:108:4047::/48
240e:108:4060::/48
240e:108:4360::/48
240e:108:4820::/48
240e:108:4840::/48
240e:108:4847::/48
240e:108:4860::/48
240e:108:4b60::/48
Signature Algorithm: sha256WithRSAEncryption
a7:9c:04:c1:65:79:9d:c6:98:76:2e:60:4a:86:67:df:ca:fe:
e4:11:73:b1:6d:21:d3:1d:3b:89:cf:1d:ca:06:96:8e:fd:25:
cc:fd:dd:55:99:f5:f0:84:c3:2a:22:6a:08:4c:d8:3a:d5:7f:
52:c0:f5:5c:c6:11:ea:5b:5a:c8:d5:32:2e:77:89:c8:2f:2c:
9d:91:2e:80:78:8c:d8:39:6e:61:ca:d9:96:ab:c2:e0:8d:67:
99:ef:36:e6:b8:23:af:54:55:b7:b5:83:c1:1d:0f:9f:91:95:
3d:21:9e:70:82:a3:6e:c7:6e:0b:8d:4e:5f:14:41:36:14:4c:
a6:44:5f:7a:1f:38:22:d2:7c:e8:4b:62:c3:67:c4:09:17:e5:
e1:70:7e:07:36:56:cb:22:25:15:99:28:db:3c:b7:75:0f:4d:
3b:b2:81:69:bc:cc:31:c9:fb:23:33:6f:12:ad:2a:2a:bb:fd:
c5:4e:1f:0f:95:f4:33:e2:17:d9:98:c0:44:e1:52:b3:87:cd:
5c:e2:5c:20:1f:cf:69:e8:7f:94:b1:af:83:7d:e5:3d:65:1a:
78:c5:9c:69:36:90:ec:c1:fc:55:2d:11:cb:74:b1:f0:f6:0a:
aa:20:9c:16:0d:45:50:a5:3a:5e:d5:dc:d4:9c:d7:f1:09:51:
da:5e:3f:22
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgICH4IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTUwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg2Ni1mMzJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvjfpo1KCNOb73Lcv2clnjMwF+wNdnieP7bJoU8mhMBn7wVFJ3gIossJ9s4BQ
seq2gGRUGvwin0B/iVyzeRbh0QJpSspjHBNy1eNKlmSNoozH8JJXB0+nzc76cGtJ
bqILwb1GDM2LQ6FdkOrADlVD4oCjRLlqRJam3cQYY8M0wPNfBxWgyLvsqFQ4yuz1
qxXO3j+hd82AEbXqH+oAl4P40XyY0VgHwQ8pYL2UaFFXnonsUK6fAhdeeSohvtyT
YNg1VMSUr/L5Et4gJWC1TykFjvTnmCdVxFNTDBk1omY84P68M8F+rrtHSkFTm7Du
ze3o0eZMtUTL9pPZw5O8aXdjnwIDAQABo4IDLzCCAyswHQYDVR0OBBYEFCHk8OwQ
+5pOzDxfeVVlScaB7wjbMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQ0JBRkY2NjQx
MzZCMTFFRkI1M0YyNjgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbgGCCsGAQUFBwEHAQH/
BIGoMIGlMEoEAgABMEQDBALKQwADBALKSYADBAPKv0gwDAMEAMshQwMEAMshRAME
AMshSQMEAMshTwMEAMshZAMEAMshegMEAMshgQMEAMshgzBXBAIAAjBRAwcAJA4B
CEBAAwcAJA4BCEBHAwcAJA4BCEBgAwcAJA4BCENgAwcAJA4BCEggAwcAJA4BCEhA
AwcAJA4BCEhHAwcAJA4BCEhgAwcAJA4BCEtgMA0GCSqGSIb3DQEBCwUAA4IBAQCn
nATBZXmdxph2LmBKhmffyv7kEXOxbSHTHTuJzx3KBpaO/SXM/d1VmfXwhMMqImoI
TNg61X9SwPVcxhHqW1rI1TIud4nILyydkS6AeIzYOW5hytmWq8LgjWeZ7zbmuCOv
VFW3tYPBHQ+fkZU9IZ5wgqNux24LjU5fFEE2FEymRF96Hzgi0nzoS2LDZ8QJF+Xh
cH4HNlbLIiUVmSjbPLd1D007soFpvMwxyfsjM28SrSoqu/3FTh8PlfQz4hfZmMBE
4VKzh81c4lwgH89p6H+Usa+DfeU9ZRp4xZxpNpDswfxVLRHLdLHw9gqqIJwWDUVQ
pTpe1dzUnNfxCVHaXj8i
-----END CERTIFICATE-----
Generated at Sat Sep 6 20:18:10 2025 by rpki-client