Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/B35C646A52E211EAAF44AE23C4F9AE02.roa
File: B35C646A52E211EAAF44AE23C4F9AE02.roa (raw, json)
Hash identifier: ku0ByaK/68w8G7tu0tDiWUq8Zdb9YUsOCXoz+0AOmhM=
Subject key identifier: 22:42:36:9A:91:FE:ED:49:9C:8B:B1:58:F4:50:37:CB:94:8C:76:82
Certificate issuer: /CN=A9167B50/serialNumber=991B3F17084F76F12F9F0509D597F0FFECA04B4A
Certificate serial: 355B
Authority key identifier: 99:1B:3F:17:08:4F:76:F1:2F:9F:05:09:D5:97:F0:FF:EC:A0:4B:4A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/B35C646A52E211EAAF44AE23C4F9AE02.roa
Signing time: Thu 30 Oct 2025 15:00:48 +0000
ROA not before: Thu 30 Oct 2025 15:00:48 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 7532
IP address blocks: 103.70.52.0/22 maxlen: 22
103.70.52.0/24 maxlen: 24
103.70.53.0/24 maxlen: 24
103.70.54.0/24 maxlen: 24
103.70.55.0/24 maxlen: 24
112.121.64.0/19 maxlen: 19
112.121.64.0/24 maxlen: 24
112.121.65.0/24 maxlen: 24
112.121.66.0/24 maxlen: 24
112.121.68.0/24 maxlen: 24
112.121.69.0/24 maxlen: 24
112.121.70.0/24 maxlen: 24
112.121.71.0/24 maxlen: 24
112.121.72.0/24 maxlen: 24
112.121.73.0/24 maxlen: 24
112.121.74.0/24 maxlen: 24
112.121.75.0/24 maxlen: 24
112.121.76.0/24 maxlen: 24
112.121.77.0/24 maxlen: 24
112.121.78.0/24 maxlen: 24
112.121.79.0/24 maxlen: 24
112.121.80.0/24 maxlen: 24
112.121.81.0/24 maxlen: 24
112.121.82.0/24 maxlen: 24
112.121.83.0/24 maxlen: 24
112.121.84.0/24 maxlen: 24
112.121.85.0/24 maxlen: 24
112.121.86.0/24 maxlen: 24
112.121.87.0/24 maxlen: 24
112.121.88.0/24 maxlen: 24
112.121.89.0/24 maxlen: 24
112.121.90.0/24 maxlen: 24
112.121.91.0/24 maxlen: 24
112.121.92.0/24 maxlen: 24
112.121.93.0/24 maxlen: 24
112.121.94.0/24 maxlen: 24
112.121.95.0/24 maxlen: 24
112.121.96.0/21 maxlen: 21
112.121.96.0/23 maxlen: 23
112.121.104.0/22 maxlen: 22
112.121.105.0/24 maxlen: 24
112.121.108.0/23 maxlen: 23
112.121.108.0/24 maxlen: 24
112.121.112.0/22 maxlen: 22
112.121.113.0/24 maxlen: 24
112.121.114.0/24 maxlen: 24
112.121.116.0/23 maxlen: 23
112.121.116.0/24 maxlen: 24
112.121.117.0/24 maxlen: 24
112.121.120.0/22 maxlen: 22
112.121.120.0/24 maxlen: 24
112.121.121.0/24 maxlen: 24
112.121.122.0/24 maxlen: 24
112.121.123.0/24 maxlen: 24
202.80.104.0/23 maxlen: 23
202.80.104.0/24 maxlen: 24
202.80.105.0/24 maxlen: 24
202.80.106.0/23 maxlen: 23
202.80.106.0/24 maxlen: 24
202.80.107.0/24 maxlen: 24
202.80.108.0/24 maxlen: 24
202.80.111.0/24 maxlen: 24
2402:b600::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.crl
rsync://rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 09 Nov 2025 14:41:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13659 (0x355b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9167B50, serialNumber=991B3F17084F76F12F9F0509D597F0FFECA04B4A
Validity
Not Before: Oct 30 15:00:48 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69037d9f-8315
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:6e:78:ab:4f:ae:cc:e7:df:46:ab:7c:05:09:
5e:c4:b0:aa:b3:90:32:d8:52:f1:4c:79:a6:10:94:
d7:23:76:b9:f4:1e:01:56:78:e0:e1:81:f2:dc:e1:
75:16:6b:70:de:5b:6e:17:e8:f7:49:0a:3d:2b:89:
e9:36:83:2c:df:15:36:6d:98:9e:2d:da:4a:e4:bc:
9e:9b:5e:05:47:5a:9f:a5:9f:f2:90:3b:eb:69:d1:
65:80:2e:c7:d4:99:1e:c6:96:3e:60:1d:bc:fc:24:
a1:85:ee:8a:d9:48:bf:e4:97:ef:15:39:75:7d:64:
51:0c:07:ff:82:2b:e9:73:29:b6:ba:ed:16:b4:0c:
8c:c3:0b:c4:f0:60:0a:37:e7:eb:9f:be:53:64:d8:
c5:ab:e9:c9:80:14:4f:6b:cd:4c:b0:45:c0:9a:d5:
0c:ec:98:13:88:7c:1c:3e:62:38:7a:ae:75:8f:4c:
fc:38:9c:36:0b:c5:a6:27:40:04:2d:d5:a2:45:f1:
6b:b0:18:aa:13:60:13:ed:97:8f:d6:53:72:b5:d2:
5c:11:bf:76:99:36:4c:8a:81:c0:e9:49:46:92:e8:
33:72:fb:f4:c4:9c:5f:ba:eb:97:76:ca:d4:26:96:
09:d1:2e:c2:ff:87:e1:40:0c:8e:af:69:bf:f3:63:
85:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:42:36:9A:91:FE:ED:49:9C:8B:B1:58:F4:50:37:CB:94:8C:76:82
X509v3 Authority Key Identifier:
keyid:99:1B:3F:17:08:4F:76:F1:2F:9F:05:09:D5:97:F0:FF:EC:A0:4B:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mRs_FwhPdvEvnwUJ1Zfw_-ygS0o.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167B50/9D1305C81D8F11E2A02BCDEE08B02CD2/B35C646A52E211EAAF44AE23C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.70.52.0/22
112.121.64.0-112.121.109.255
112.121.112.0-112.121.117.255
112.121.120.0/22
202.80.104.0-202.80.108.255
202.80.111.0/24
IPv6:
2402:b600::/32
Signature Algorithm: sha256WithRSAEncryption
a8:8e:3c:a5:59:b4:e0:20:20:57:51:42:84:ec:e6:b5:a8:37:
95:29:5a:06:a4:aa:5a:66:ff:3a:9c:39:07:b9:fa:5b:5c:63:
60:a4:a1:57:86:97:96:5a:ea:07:53:e7:38:cf:75:f6:ad:32:
d6:88:2c:13:68:58:52:7a:0c:ca:e8:59:7e:fe:4c:0f:05:61:
1d:cd:95:14:2e:9f:05:98:8d:aa:fd:ca:cc:c6:89:fe:2a:1b:
47:93:c6:09:50:57:14:2e:83:85:09:52:fc:e4:5e:12:9d:5a:
3f:89:a8:45:b4:9a:ae:cb:f1:b7:52:bf:f8:09:a7:86:1e:89:
af:a7:a1:ef:f7:78:be:f7:b1:a6:98:45:f6:19:e1:ad:4a:5a:
dc:cd:86:37:71:bc:29:aa:b2:71:4f:24:98:39:c0:46:8f:49:
5f:d0:7c:de:ef:b3:ed:44:11:f8:e7:26:bc:27:38:4b:e7:de:
0a:85:bb:0e:fc:5f:00:16:0e:45:19:74:be:a1:0e:72:1a:b5:
13:68:75:93:0f:38:42:95:31:2c:5e:47:7c:f4:96:49:df:b2:
22:0f:7b:4a:bf:b4:fb:b9:74:21:b1:36:64:c6:6d:27:db:7e:
69:1c:46:80:26:ef:6a:eb:17:bd:7e:c9:67:a5:57:5d:85:d3:
ff:e3:2e:f0
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICNVswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdCNTAxMTAvBgNVBAUTKDk5MUIzRjE3MDg0Rjc2RjEyRjlGMDUwOUQ1OTdGMEZG
RUNBMDRCNEEwHhcNMjUxMDMwMTUwMDQ4WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTAzN2Q5Zi04MzE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzm54q0+uzOffRqt8BQlexLCqs5Ay2FLxTHmmEJTXI3a59B4BVnjg4YHy3OF1
Fmtw3ltuF+j3SQo9K4npNoMs3xU2bZieLdpK5Lyem14FR1qfpZ/ykDvradFlgC7H
1JkexpY+YB28/CShhe6K2Ui/5JfvFTl1fWRRDAf/givpcym2uu0WtAyMwwvE8GAK
N+frn75TZNjFq+nJgBRPa81MsEXAmtUM7JgTiHwcPmI4eq51j0z8OJw2C8WmJ0AE
LdWiRfFrsBiqE2AT7ZeP1lNytdJcEb92mTZMioHA6UlGkugzcvv0xJxfuuuXdsrU
JpYJ0S7C/4fhQAyOr2m/82OFCQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFCJCNpqR
/u1JnIuxWPRQN8uUjHaCMB8GA1UdIwQYMBaAFJkbPxcIT3bxL58FCdWX8P/soEtK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0I1MC85RDEzMDVDODFE
OEYxMUUyQTAyQkNERUUwOEIwMkNEMi9tUnNfRndoUGR2RXZud1VKMVpmd18teWdT
MG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21Sc19Gd2hQZHZFdm53VUoxWmZ3Xy15Z1Mwby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdCNTAvOUQxMzA1QzgxRDhGMTFFMkEwMkJDREVFMDhCMDJDRDIvQjM1QzY0NkE1
MkUyMTFFQUFGNDRBRTIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMEIEAgABMDwDBAJnRjQwDAMEBnB5QAMEAXB5bDAMAwQEcHlwAwQBcHl0AwQC
cHl4MAwDBAPKUGgDBADKUGwDBADKUG8wDQQCAAIwBwMFACQCtgAwDQYJKoZIhvcN
AQELBQADggEBAKiOPKVZtOAgIFdRQoTs5rWoN5UpWgakqlpm/zqcOQe5+ltcY2Ck
oVeGl5Za6gdT5zjPdfatMtaILBNoWFJ6DMroWX7+TA8FYR3NlRQunwWYjar9yszG
if4qG0eTxglQVxQug4UJUvzkXhKdWj+JqEW0mq7L8bdSv/gJp4Yeia+noe/3eL73
saaYRfYZ4a1KWtzNhjdxvCmqsnFPJJg5wEaPSV/QfN7vs+1EEfjnJrwnOEvn3gqF
uw78XwAWDkUZdL6hDnIatRNodZMPOEKVMSxeR3z0lknfsiIPe0q/tPu5dCGxNmTG
bSfbfmkcRoAm72rrF71+yWelV12F0//jLvA=
-----END CERTIFICATE-----
Generated at Tue Nov 4 09:46:24 2025 by rpki-client