Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
File: 876FDB56D90211EFB7CAB32BC4F9AE02.roa (raw, json)
Hash identifier: qNSXVqaqilYP9JwO71K/DqUHDJZxoqh/xJmjyav1uv4=
Subject key identifier: CB:71:91:F4:BA:68:35:E8:7F:2C:4B:EC:93:AC:FD:E0:98:43:2E:19
Certificate issuer: /CN=A916BDA4/serialNumber=04E6C9249EE348DCF764DF0B9A40D3E854066444
Certificate serial: 17C0
Authority key identifier: 04:E6:C9:24:9E:E3:48:DC:F7:64:DF:0B:9A:40:D3:E8:54:06:64:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
Signing time: Sun 07 Sep 2025 12:32:21 +0000
ROA not before: Sun 07 Sep 2025 12:32:21 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 14789
IP address blocks: 2400:cb00:41::/48 maxlen: 48
2400:cb00:60::/48 maxlen: 48
2400:cb00:161::/48 maxlen: 48
2400:cb00:439::/48 maxlen: 48
2400:cb00:477::/48 maxlen: 48
2400:cb00:616::/48 maxlen: 48
2400:cb00:621::/48 maxlen: 48
2400:cb00:638::/48 maxlen: 48
2400:cb00:661::/48 maxlen: 48
2400:cb00:685::/48 maxlen: 48
2400:cb00:771::/48 maxlen: 48
2400:cb00:1051::/48 maxlen: 48
2400:cb00:1059::/48 maxlen: 48
2400:cb00:1060::/48 maxlen: 48
2400:cb00:1062::/48 maxlen: 48
2400:cb00:1095::/48 maxlen: 48
2400:cb00:1096::/48 maxlen: 48
2400:cb00:c950::/48 maxlen: 48
2400:cb00:c951::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.crl
rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 15 Sep 2025 17:11:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6080 (0x17c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916BDA4, serialNumber=04E6C9249EE348DCF764DF0B9A40D3E854066444
Validity
Not Before: Sep 7 12:32:21 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68bd7b55-0d93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:42:98:3d:96:64:29:d7:f1:54:2c:48:0b:e1:
91:98:31:03:fc:a2:c9:9e:a9:dc:7c:59:f6:98:03:
19:89:14:ee:79:f6:aa:3c:93:f9:f0:59:f7:bf:a3:
61:e3:68:53:2b:fb:8f:82:0f:6c:50:a5:b6:a4:39:
9a:f6:e6:79:75:ae:0b:c8:f6:4e:22:93:e5:19:0f:
01:ee:5d:c1:a6:53:a9:0a:ea:ca:e4:7e:a2:ba:8c:
97:22:fc:3d:fe:d3:20:d7:2f:3d:fb:f4:b5:be:29:
9d:41:f7:e8:c9:b1:51:da:8e:08:e6:9c:c3:29:ec:
87:99:56:b6:ed:dc:e8:be:77:e0:15:73:5e:f3:76:
a2:04:9d:05:2a:5d:d1:1f:29:78:35:02:a6:9d:43:
3f:ac:c1:35:70:0f:a7:81:41:f7:f5:71:56:63:a1:
bb:ce:64:d9:3a:c8:dd:06:92:8b:f6:85:d4:82:6a:
80:eb:7a:e4:8a:89:74:41:10:ec:7e:07:4d:14:b0:
3e:31:19:60:86:14:f1:fe:e8:01:2a:ea:8a:94:c4:
fb:2a:2e:95:6e:8d:ff:7e:4c:5b:16:2b:fd:f3:ff:
ff:95:5c:7a:74:59:b9:0d:cf:7c:f3:15:01:6e:33:
09:99:48:21:9c:3d:ac:69:01:ff:2e:50:db:d9:f3:
f4:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:71:91:F4:BA:68:35:E8:7F:2C:4B:EC:93:AC:FD:E0:98:43:2E:19
X509v3 Authority Key Identifier:
keyid:04:E6:C9:24:9E:E3:48:DC:F7:64:DF:0B:9A:40:D3:E8:54:06:64:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2400:cb00:41::/48
2400:cb00:60::/48
2400:cb00:161::/48
2400:cb00:439::/48
2400:cb00:477::/48
2400:cb00:616::/48
2400:cb00:621::/48
2400:cb00:638::/48
2400:cb00:661::/48
2400:cb00:685::/48
2400:cb00:771::/48
2400:cb00:1051::/48
2400:cb00:1059::/48
2400:cb00:1060::/48
2400:cb00:1062::/48
2400:cb00:1095::-2400:cb00:1096:ffff:ffff:ffff:ffff:ffff
2400:cb00:c950::/47
Signature Algorithm: sha256WithRSAEncryption
94:be:4b:79:96:78:b2:82:6a:1a:ce:46:3f:02:44:7b:f5:06:
76:c2:e6:0e:d4:95:d1:12:ef:9a:e3:7c:ca:cf:b5:fd:26:17:
42:2f:bc:40:32:c8:71:17:ed:12:42:aa:b6:31:eb:85:60:3f:
82:25:e1:42:f2:3a:2e:c9:2c:4b:4c:5f:81:76:4b:b3:0c:bd:
d4:0a:10:59:2c:4c:35:38:26:e3:57:df:c3:2e:6a:9f:e0:2a:
2a:4b:ee:67:09:a7:1b:9f:48:29:e7:ba:1f:5d:fd:97:83:d2:
04:bd:b8:38:1e:fd:f8:62:6c:0f:1f:59:b4:4a:db:76:fb:e3:
35:25:19:d1:94:4c:31:c7:a4:52:7d:c7:8b:f7:8e:0f:58:a8:
d8:de:ea:72:e2:ac:4a:6b:3d:b2:cb:9e:9a:e2:be:30:9c:90:
d7:fc:02:64:c5:20:42:27:37:41:cf:76:be:45:b5:73:6f:b0:
fc:29:f7:3b:1b:02:ab:6f:c1:2f:42:6b:38:c5:7b:14:72:16:
c1:49:80:c5:6a:ec:92:a6:ad:86:bb:bb:7b:89:86:34:cd:a7:
66:99:19:af:d9:8b:00:6d:62:33:16:f3:a9:38:87:99:54:c3:
d0:6c:a3:a9:cb:ec:f4:51:ba:97:1d:a5:cd:52:16:9b:27:c2:
d6:b4:83:36
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgICF8AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkJEQTQxMTAvBgNVBAUTKDA0RTZDOTI0OUVFMzQ4RENGNzY0REYwQjlBNDBEM0U4
NTQwNjY0NDQwHhcNMjUwOTA3MTIzMjIxWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGJkN2I1NS0wZDkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1UKYPZZkKdfxVCxIC+GRmDED/KLJnqncfFn2mAMZiRTuefaqPJP58Fn3v6Nh
42hTK/uPgg9sUKW2pDma9uZ5da4LyPZOIpPlGQ8B7l3BplOpCurK5H6iuoyXIvw9
/tMg1y89+/S1vimdQffoybFR2o4I5pzDKeyHmVa27dzovnfgFXNe83aiBJ0FKl3R
Hyl4NQKmnUM/rME1cA+ngUH39XFWY6G7zmTZOsjdBpKL9oXUgmqA63rkiol0QRDs
fgdNFLA+MRlghhTx/ugBKuqKlMT7Ki6Vbo3/fkxbFiv98///lVx6dFm5Dc988xUB
bjMJmUghnD2saQH/LlDb2fP03QIDAQABo4IDODCCAzQwHQYDVR0OBBYEFMtxkfS6
aDXofyxL7JOs/eCYQy4ZMB8GA1UdIwQYMBaAFATmySSe40jc92TfC5pA0+hUBmRE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QkRBNC8xRUM3MDJCQ0Yx
QTcxMUU4OTBGMDY2NTBDNEY5QUUwMi9CT2JKSko3alNOejNaTjhMbWtEVDZGUUda
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JPYkpKSjdqU056M1pOOExta0RUNkZRR1pFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkJEQTQvMUVDNzAyQkNGMUE3MTFFODkwRjA2NjUwQzRGOUFFMDIvODc2RkRCNTZE
OTAyMTFFRkI3Q0FCMzJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgcEGCCsGAQUFBwEHAQH/
BIGxMIGuMIGrBAIAAjCBpAMHACQAywAAQQMHACQAywAAYAMHACQAywABYQMHACQA
ywAEOQMHACQAywAEdwMHACQAywAGFgMHACQAywAGIQMHACQAywAGOAMHACQAywAG
YQMHACQAywAGhQMHACQAywAHcQMHACQAywAQUQMHACQAywAQWQMHACQAywAQYAMH
ACQAywAQYjASAwcAJADLABCVAwcAJADLABCWAwcBJADLAMlQMA0GCSqGSIb3DQEB
CwUAA4IBAQCUvkt5lniygmoazkY/AkR79QZ2wuYO1JXREu+a43zKz7X9JhdCL7xA
MshxF+0SQqq2MeuFYD+CJeFC8jouySxLTF+BdkuzDL3UChBZLEw1OCbjV9/DLmqf
4CoqS+5nCacbn0gp57ofXf2Xg9IEvbg4Hv34YmwPH1m0Stt2++M1JRnRlEwxx6RS
fceL944PWKjY3upy4qxKaz2yy56a4r4wnJDX/AJkxSBCJzdBz3a+RbVzb7D8Kfc7
GwKrb8EvQms4xXsUchbBSYDFauySpq2Gu7t7iYY0zadmmRmv2YsAbWIzFvOpOIeZ
VMPQbKOpy+z0UbqXHaXNUhabJ8LWtIM2
-----END CERTIFICATE-----
Generated at Mon Sep 8 20:50:59 2025 by rpki-client