Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/7D08B8F68FDF11F0B34EBA0BC4F9AE02.roa
File: 7D08B8F68FDF11F0B34EBA0BC4F9AE02.roa (raw, json)
Hash identifier: ziDdc7ON5gmiCX4Ym4QO/xFvs2ZmtqL0y4LOF+ZKS9M=
Subject key identifier: 0F:A8:E1:17:D5:44:44:CF:81:AF:38:7C:7F:AC:76:B5:70:B1:0B:C4
Certificate issuer: /CN=A915ACE2/serialNumber=DAE1CE0ADA67B44713C61B1FAEC4F5D4D67A159F
Certificate serial: 35
Authority key identifier: DA:E1:CE:0A:DA:67:B4:47:13:C6:1B:1F:AE:C4:F5:D4:D6:7A:15:9F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2uHOCtpntEcTxhsfrsT11NZ6FZ8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/7D08B8F68FDF11F0B34EBA0BC4F9AE02.roa
Signing time: Fri 12 Sep 2025 13:50:49 +0000
ROA not before: Fri 12 Sep 2025 13:50:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 38584
IP address blocks: 202.63.192.0/24 maxlen: 24
202.63.193.0/24 maxlen: 24
202.63.194.0/24 maxlen: 24
202.63.195.0/24 maxlen: 24
202.63.196.0/24 maxlen: 24
202.63.197.0/24 maxlen: 24
202.63.198.0/24 maxlen: 24
202.63.199.0/24 maxlen: 24
202.63.200.0/24 maxlen: 24
202.63.201.0/24 maxlen: 24
202.63.202.0/24 maxlen: 24
202.63.203.0/24 maxlen: 24
202.63.204.0/24 maxlen: 24
202.63.205.0/24 maxlen: 24
202.63.206.0/24 maxlen: 24
202.63.207.0/24 maxlen: 24
202.63.208.0/24 maxlen: 24
202.63.209.0/24 maxlen: 24
202.63.210.0/24 maxlen: 24
202.63.211.0/24 maxlen: 24
202.63.212.0/24 maxlen: 24
202.63.215.0/24 maxlen: 24
202.63.216.0/24 maxlen: 24
202.63.217.0/24 maxlen: 24
202.63.218.0/24 maxlen: 24
202.63.219.0/24 maxlen: 24
202.63.220.0/24 maxlen: 24
202.63.221.0/24 maxlen: 24
202.63.222.0/24 maxlen: 24
202.63.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/2uHOCtpntEcTxhsfrsT11NZ6FZ8.crl
rsync://rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/2uHOCtpntEcTxhsfrsT11NZ6FZ8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2uHOCtpntEcTxhsfrsT11NZ6FZ8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 30 Oct 2025 09:45:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 53 (0x35)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915ACE2, serialNumber=DAE1CE0ADA67B44713C61B1FAEC4F5D4D67A159F
Validity
Not Before: Sep 12 13:50:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68c42538-e3fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:20:ad:5c:1d:93:12:af:8c:e3:e5:5e:fb:28:
84:c0:66:53:80:84:21:f9:7e:e4:9d:20:8a:e7:a5:
08:14:b8:9d:ea:07:54:2c:59:a5:66:71:0e:26:6e:
4f:33:26:4d:e8:75:67:8e:21:22:1c:54:bf:5f:f2:
87:21:f4:5f:05:2d:42:e0:09:e4:0b:57:62:cc:94:
51:b9:ba:b5:73:fb:c5:1e:60:6c:6f:61:bc:fb:6a:
e7:55:df:25:ea:7c:de:fb:77:3f:e3:88:46:2a:0f:
23:0b:65:c2:ef:80:69:fe:af:8e:81:c7:ac:ff:0d:
96:55:39:db:a8:63:5d:26:77:a7:9d:53:61:0d:c9:
16:fa:58:e2:b9:53:cc:5f:cf:04:81:c9:f9:a7:e1:
f7:3e:9e:63:ff:3d:60:08:93:7e:fb:aa:36:9d:d5:
03:e9:0e:e7:65:3c:d9:8a:6a:7d:fe:e2:82:c8:5f:
4f:4f:8b:da:de:42:c3:73:e7:c9:c0:c5:7c:e2:18:
2d:9e:a8:f3:3b:42:ba:4c:3d:7c:c0:41:a7:e6:bc:
ee:eb:3f:f4:24:f3:2e:94:4a:3c:80:ad:cd:bf:8a:
bd:4f:c3:a1:38:bb:58:21:7e:f6:d1:d6:9b:f5:70:
87:1a:da:3e:f0:36:4b:56:4d:52:65:84:95:c7:73:
02:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:A8:E1:17:D5:44:44:CF:81:AF:38:7C:7F:AC:76:B5:70:B1:0B:C4
X509v3 Authority Key Identifier:
keyid:DA:E1:CE:0A:DA:67:B4:47:13:C6:1B:1F:AE:C4:F5:D4:D6:7A:15:9F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/2uHOCtpntEcTxhsfrsT11NZ6FZ8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2uHOCtpntEcTxhsfrsT11NZ6FZ8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915ACE2/51CD7FBA72CE11F08421AA48C4F9AE02/7D08B8F68FDF11F0B34EBA0BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.63.192.0-202.63.212.255
202.63.215.0-202.63.223.255
Signature Algorithm: sha256WithRSAEncryption
38:57:24:7b:d0:7a:48:28:29:f5:47:e7:5e:1b:3c:84:79:0b:
7e:4f:9f:f7:62:36:f0:cd:53:87:ba:cf:d0:fc:9b:a7:82:12:
4b:c3:a5:08:26:67:f7:c6:c6:5a:c8:10:b1:11:f2:d2:23:21:
3b:42:11:c4:3a:f5:49:60:e2:7f:8c:73:7e:8c:c0:13:88:bd:
a7:8e:f0:03:95:7a:1b:5b:6e:fc:42:fd:f0:b5:2f:7e:9e:d5:
1b:8c:9e:b3:6c:56:4d:ba:e3:fc:8b:2d:d8:85:49:fc:27:61:
fa:53:4a:6a:68:08:02:f5:35:fd:10:60:25:fd:e4:00:16:7a:
b7:fd:a4:ec:74:11:ff:26:68:70:47:d9:59:31:3b:5f:3e:1c:
3e:51:a9:42:3b:f0:89:97:14:16:f4:19:a0:ab:be:c1:a0:13:
b7:03:15:2a:37:c2:81:45:be:69:aa:b2:09:30:c7:e8:59:a0:
70:21:a4:36:50:49:2b:e2:9f:d9:0d:f7:91:8f:67:49:21:80:
b0:6f:d4:15:a4:91:d6:6d:d8:a8:49:24:97:e5:d7:0c:b7:61:
5a:db:47:2a:a5:bd:20:c0:49:b3:1a:fa:c0:da:c2:c0:bf:a3:
9f:01:87:53:91:11:14:7d:d8:a9:2b:0c:a0:0c:24:56:aa:78:
44:b0:18:3e
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIBNTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE1
QUNFMjExMC8GA1UEBRMoREFFMUNFMEFEQTY3QjQ0NzEzQzYxQjFGQUVDNEY1RDRE
NjdBMTU5RjAeFw0yNTA5MTIxMzUwNDlaFw0yNjA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4YzQyNTM4LWUzZmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCIK1cHZMSr4zj5V77KITAZlOAhCH5fuSdIIrnpQgUuJ3qB1QsWaVmcQ4mbk8z
Jk3odWeOISIcVL9f8och9F8FLULgCeQLV2LMlFG5urVz+8UeYGxvYbz7audV3yXq
fN77dz/jiEYqDyMLZcLvgGn+r46Bx6z/DZZVOduoY10md6edU2ENyRb6WOK5U8xf
zwSByfmn4fc+nmP/PWAIk377qjad1QPpDudlPNmKan3+4oLIX09Pi9reQsNz58nA
xXziGC2eqPM7QrpMPXzAQafmvO7rP/Qk8y6USjyArc2/ir1Pw6E4u1ghfvbR1pv1
cIca2j7wNktWTVJlhJXHcwLXAgMBAAGjggKrMIICpzAdBgNVHQ4EFgQUD6jhF9VE
RM+Brzh8f6x2tXCxC8QwHwYDVR0jBBgwFoAU2uHOCtpntEcTxhsfrsT11NZ6FZ8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTVBQ0UyLzUxQ0Q3RkJBNzJD
RTExRjA4NDIxQUE0OEM0RjlBRTAyLzJ1SE9DdHBudEVjVHhoc2Zyc1QxMU5aNkZa
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMnVIT0N0cG50RWNUeGhzZnJzVDExTlo2Rlo4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1
QUNFMi81MUNEN0ZCQTcyQ0UxMUYwODQyMUFBNDhDNEY5QUUwMi83RDA4QjhGNjhG
REYxMUYwQjM0RUJBMEJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA1BggrBgEFBQcBBwEB/wQm
MCQwIgQCAAEwHDAMAwQGyj/AAwQAyj/UMAwDBADKP9cDBAXKP8AwDQYJKoZIhvcN
AQELBQADggEBADhXJHvQekgoKfVH514bPIR5C35Pn/diNvDNU4e6z9D8m6eCEkvD
pQgmZ/fGxlrIELER8tIjITtCEcQ69Ulg4n+Mc36MwBOIvaeO8AOVehtbbvxC/fC1
L36e1RuMnrNsVk264/yLLdiFSfwnYfpTSmpoCAL1Nf0QYCX95AAWerf9pOx0Ef8m
aHBH2VkxO18+HD5RqUI78ImXFBb0GaCrvsGgE7cDFSo3woFFvmmqsgkwx+hZoHAh
pDZQSSvin9kN95GPZ0khgLBv1BWkkdZt2KhJJJfl1wy3YVrbRyqlvSDASbMa+sDa
wsC/o58Bh1ORERR92KkrDKAMJFaqeESwGD4=
-----END CERTIFICATE-----
Generated at Thu Oct 23 13:35:06 2025 by rpki-client