Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D8982D54056511EC886D271DC4F9AE02.roa
File:                     D8982D54056511EC886D271DC4F9AE02.roa (raw, json)
Hash identifier:          30q6xQ5pNQUnpQRwco21s+ZqDGQlgdkgBLpDFnlyQAs=
Subject key identifier:   8B:23:F8:A7:D8:BA:59:5A:C8:C3:6B:2E:D3:38:FF:19:DA:DE:21:02
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       F3D5
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D8982D54056511EC886D271DC4F9AE02.roa
Signing time:             Mon 06 Jul 2026 17:20:00 +0000
ROA not before:           Mon 06 Jul 2026 17:20:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142501
IP address blocks:        43.246.105.0/24 maxlen: 24
                          103.65.32.0/22 maxlen: 24
                          103.66.137.0/24 maxlen: 24
                          103.66.145.0/24 maxlen: 24
                          103.218.116.0/22 maxlen: 24
                          103.218.232.0/22 maxlen: 24
                          103.220.228.0/22 maxlen: 24
                          103.220.236.0/22 maxlen: 24
                          121.46.96.0/20 maxlen: 24
                          160.202.192.0/20 maxlen: 24
                          2407:ca40:137::/48 maxlen: 48
                          2407:e040::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 13:11:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62421 (0xf3d5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: Jul  6 17:20:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a4be3c0-a105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:df:41:cb:2f:bd:c8:98:34:ce:19:25:2a:ea:
                    0f:24:8c:28:46:70:eb:db:a6:84:01:b2:ef:a0:1b:
                    0b:f1:48:45:84:3a:a7:1b:f7:9f:55:0d:52:77:6a:
                    ba:e2:5b:74:09:5d:82:ec:75:0d:f6:2c:dc:c2:3b:
                    ac:d3:12:f6:fb:1c:bd:54:95:de:d6:d9:4d:8f:93:
                    e4:93:96:76:e6:84:a5:b1:cc:2d:eb:98:ef:94:41:
                    c2:ed:90:fd:82:31:69:b1:da:fb:bf:93:41:02:ed:
                    02:b0:4c:27:5a:f9:76:c1:7e:87:6e:aa:46:3a:01:
                    e6:f9:32:08:94:d1:32:41:41:36:8a:ad:93:c1:bd:
                    61:85:e2:70:73:79:e5:50:e5:05:94:c4:f1:88:db:
                    de:bd:a6:b3:df:b2:9c:18:8b:4f:aa:18:8a:0f:eb:
                    88:42:2c:64:9a:46:ad:47:4f:d1:0d:c6:6f:db:d5:
                    a2:df:6c:27:e3:0d:96:0d:0b:56:b0:10:1f:eb:69:
                    5d:7f:c4:6a:4e:64:e5:0b:9b:5a:20:2b:e9:c7:ff:
                    77:73:fe:6c:36:7f:da:bd:6f:b3:f1:8a:93:10:47:
                    5f:58:0d:38:b9:55:bc:e8:6a:10:6d:5f:21:fd:9b:
                    f2:b5:11:a0:fa:02:91:fe:58:47:bc:64:6c:01:38:
                    77:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:23:F8:A7:D8:BA:59:5A:C8:C3:6B:2E:D3:38:FF:19:DA:DE:21:02
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D8982D54056511EC886D271DC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.246.105.0/24
                  103.65.32.0/22
                  103.66.137.0/24
                  103.66.145.0/24
                  103.218.116.0/22
                  103.218.232.0/22
                  103.220.228.0/22
                  103.220.236.0/22
                  121.46.96.0/20
                  160.202.192.0/20
                IPv6:
                  2407:ca40:137::/48
                  2407:e040::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:7f:2f:45:5f:08:cf:44:22:ff:4e:c3:9d:cd:ca:a6:4d:0b:
         13:5c:c1:6d:70:48:b5:fa:46:62:0f:64:de:c6:4b:a7:32:0c:
         62:41:11:fc:64:f8:29:f8:b9:ee:5e:8a:4c:bf:18:72:3b:89:
         c9:64:07:d8:65:d3:47:d2:01:5d:60:ef:0b:4d:c4:e3:d5:ea:
         43:ef:f6:cb:1e:ef:85:d3:93:26:cf:9f:c9:ed:b1:90:22:c4:
         96:57:3b:a8:04:f8:3d:38:56:6b:fa:dd:9c:b9:63:cc:14:d1:
         d6:ff:d2:90:c1:89:68:38:1f:e9:44:d7:da:3f:66:b1:a3:5e:
         f4:30:0a:16:45:9a:64:45:8d:31:02:b1:4e:f2:bb:f0:a7:0a:
         e6:04:74:7b:54:bf:d0:41:d7:e0:48:fb:1a:d2:5e:0f:50:75:
         de:bb:c8:66:a8:20:c5:44:ea:a0:b7:3c:8e:2b:ef:c9:8b:5b:
         f0:99:0e:ab:dc:2f:16:3c:e7:5e:a9:4e:42:c2:23:4e:4f:79:
         37:15:c0:53:ed:b5:39:7c:8e:5c:ae:a3:35:fd:7e:d5:fb:1c:
         c2:62:a6:91:e5:20:b5:b5:bf:2c:b9:cf:ff:3c:60:35:9e:8b:
         37:a1:64:83:06:d0:27:36:37:aa:72:31:3e:23:2c:46:f4:9a:
         de:fc:0c:4c
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgIDAPPVMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDcwNjE3MjAwMFoXDTI3MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNmE0YmUzYzAtYTEwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrfQcsvvciYNM4ZJSrqDySMKEZw69umhAGy76AbC/FIRYQ6pxv3n1UNUndq
uuJbdAldgux1DfYs3MI7rNMS9vscvVSV3tbZTY+T5JOWduaEpbHMLeuY75RBwu2Q
/YIxabHa+7+TQQLtArBMJ1r5dsF+h26qRjoB5vkyCJTRMkFBNoqtk8G9YYXicHN5
5VDlBZTE8Yjb3r2ms9+ynBiLT6oYig/riEIsZJpGrUdP0Q3Gb9vVot9sJ+MNlg0L
VrAQH+tpXX/Eak5k5QubWiAr6cf/d3P+bDZ/2r1vs/GKkxBHX1gNOLlVvOhqEG1f
If2b8rURoPoCkf5YR7xkbAE4d4sCAwEAAaOCAq4wggKqMB0GA1UdDgQWBBSLI/in
2LpZWsjDay7TOP8Z2t4hAjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0Q4OTgyRDU0
MDU2NTExRUM4ODZEMjcxREM0RjlBRTAyLnJvYTBtBggrBgEFBQcBBwEB/wReMFww
QgQCAAEwPAMEACv2aQMEAmdBIAMEAGdCiQMEAGdCkQMEAmfadAMEAmfa6AMEAmfc
5AMEAmfc7AMEBHkuYAMEBKDKwDAWBAIAAjAQAwcAJAfKQAE3AwUAJAfgQDANBgkq
hkiG9w0BAQsFAAOCAQEADn8vRV8Iz0Qi/07Dnc3Kpk0LE1zBbXBItfpGYg9k3sZL
pzIMYkER/GT4Kfi57l6KTL8YcjuJyWQH2GXTR9IBXWDvC03E49XqQ+/2yx7vhdOT
Js+fye2xkCLEllc7qAT4PThWa/rdnLljzBTR1v/SkMGJaDgf6UTX2j9msaNe9DAK
FkWaZEWNMQKxTvK78KcK5gR0e1S/0EHX4Ej7GtJeD1B13rvIZqggxUTqoLc8jivv
yYtb8JkOq9wvFjznXqlOQsIjTk95NxXAU+21OXyOXK6jNf1+1fscwmKmkeUgtbW/
LLnP/zxgNZ6LN6FkgwbQJzY3qnIxPiMsRvSa3vwMTA==
-----END CERTIFICATE-----
Generated at Sat Jul 18 11:10:21 2026 by rpki-client