Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
File: 5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa (raw, json)
Hash identifier: LhJsIUDxJjf34uwAXx8g7B6lkG4erRS20bGVNhkO1Ek=
Subject key identifier: E4:52:91:E4:36:56:E6:D7:45:98:54:87:D8:0F:FA:11:E7:A1:88:1D
Certificate issuer: /CN=A919D588/serialNumber=882859D52301F01571D9D4CF953F45E075E09A98
Certificate serial: 0A
Authority key identifier: 88:28:59:D5:23:01:F0:15:71:D9:D4:CF:95:3F:45:E0:75:E0:9A:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
Signing time: Fri 22 Aug 2025 02:11:49 +0000
ROA not before: Fri 22 Aug 2025 02:11:49 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 133736
IP address blocks: 43.245.132.0/22 maxlen: 22
43.245.132.0/24 maxlen: 24
43.245.133.0/24 maxlen: 24
43.245.134.0/24 maxlen: 24
43.245.135.0/24 maxlen: 24
103.31.88.0/22 maxlen: 22
103.31.88.0/24 maxlen: 24
103.31.89.0/24 maxlen: 24
103.31.90.0/24 maxlen: 24
103.31.91.0/24 maxlen: 24
103.47.0.0/24 maxlen: 24
103.55.134.0/23 maxlen: 24
103.61.128.0/24 maxlen: 24
103.61.130.0/24 maxlen: 24
103.79.172.0/22 maxlen: 22
144.48.232.0/22 maxlen: 22
144.48.232.0/24 maxlen: 24
144.48.233.0/24 maxlen: 24
144.48.234.0/24 maxlen: 24
144.48.235.0/24 maxlen: 24
202.179.144.0/22 maxlen: 22
202.179.144.0/24 maxlen: 24
202.179.145.0/24 maxlen: 24
202.179.146.0/24 maxlen: 24
202.179.147.0/24 maxlen: 24
203.166.216.0/24 maxlen: 24
203.189.124.0/22 maxlen: 22
203.189.124.0/24 maxlen: 24
203.189.125.0/24 maxlen: 24
203.189.126.0/24 maxlen: 24
203.189.127.0/24 maxlen: 24
2401:8140::/32 maxlen: 32
2401:8140::/35 maxlen: 35
2401:8140:2000::/35 maxlen: 35
2401:8140:4000::/35 maxlen: 35
2401:8140:6000::/35 maxlen: 35
2401:8140:8000::/35 maxlen: 35
2401:8140:a000::/35 maxlen: 35
2401:8140:c000::/35 maxlen: 35
2401:8140:e000::/35 maxlen: 35
2402:4c80::/32 maxlen: 32
2402:4c80::/35 maxlen: 35
2402:4c80:2000::/35 maxlen: 35
2402:4c80:4000::/35 maxlen: 35
2402:4c80:6000::/35 maxlen: 35
2402:4c80:8000::/35 maxlen: 35
2402:4c80:a000::/35 maxlen: 35
2402:4c80:c000::/35 maxlen: 35
2402:4c80:e000::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.crl
rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Aug 2025 02:14:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919D588, serialNumber=882859D52301F01571D9D4CF953F45E075E09A98
Validity
Not Before: Aug 22 02:11:49 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68a7d1e5-ab2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:29:af:95:e6:51:bc:36:6d:f5:14:a2:11:b1:
b1:9f:22:9c:a2:a8:7c:f6:92:c0:7d:2e:ec:8e:86:
29:56:4a:ad:c8:69:95:d2:23:8e:d5:0a:f5:02:c3:
71:ea:e2:26:85:64:93:dc:0e:9d:58:e7:55:35:47:
a1:55:b0:20:5f:29:1f:e3:b6:20:fd:1a:32:7e:fa:
1c:3b:31:16:d8:97:34:00:dd:9d:5c:aa:95:4e:13:
bd:d0:1c:21:67:08:d4:64:92:0c:b0:b4:44:ee:89:
66:b2:2b:57:4c:1a:35:d6:d1:6f:54:3d:39:a1:e1:
c2:a7:ff:23:13:34:29:2d:26:06:f3:77:68:f0:b3:
cc:2b:37:02:66:90:71:93:cc:fe:64:4a:e3:c9:9a:
ba:b4:0d:ac:4a:58:fb:a1:79:e2:b8:ce:40:f9:42:
43:49:2f:11:4d:70:7f:a4:c3:4c:99:29:a1:f1:c3:
ad:38:f2:5a:e5:e8:5d:97:3e:28:11:62:d3:8a:0d:
d4:6d:8f:1b:d9:12:22:5a:a6:2e:d7:22:09:e5:59:
8e:34:43:58:74:85:44:eb:0b:12:3f:05:43:12:69:
66:7f:fb:18:cc:be:8f:b1:cc:73:13:e3:80:25:f9:
4e:3b:7c:28:c9:58:20:da:0b:1d:7a:d4:7f:ce:12:
d9:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:52:91:E4:36:56:E6:D7:45:98:54:87:D8:0F:FA:11:E7:A1:88:1D
X509v3 Authority Key Identifier:
keyid:88:28:59:D5:23:01:F0:15:71:D9:D4:CF:95:3F:45:E0:75:E0:9A:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.132.0/22
103.31.88.0/22
103.47.0.0/24
103.55.134.0/23
103.61.128.0/24
103.61.130.0/24
103.79.172.0/22
144.48.232.0/22
202.179.144.0/22
203.166.216.0/24
203.189.124.0/22
IPv6:
2401:8140::/32
2402:4c80::/32
Signature Algorithm: sha256WithRSAEncryption
d2:65:be:86:6a:84:02:e8:78:1e:c3:e5:b1:49:7a:54:e3:05:
21:0d:96:d0:b1:7e:d4:18:8d:aa:1b:d1:20:ee:d4:33:47:da:
b3:f0:df:eb:ed:a8:53:72:cd:8b:07:9c:62:5d:0a:72:df:4f:
3b:b0:fb:8e:02:d4:3f:f5:cc:55:31:b5:99:20:14:7b:8a:bc:
e5:af:2a:a2:8e:4e:27:4a:ae:a2:81:28:33:d5:f0:c7:48:9f:
30:57:45:08:52:32:c9:1b:38:c8:0a:6b:7f:13:ab:78:24:6e:
d1:2f:0d:be:46:b1:cb:d8:88:40:f6:1c:c6:9d:cf:27:e9:cf:
1e:3a:15:71:c5:ba:11:91:95:a2:d2:a9:5d:0d:6b:8e:9e:33:
4d:8f:51:e1:bd:36:42:9d:1c:e0:bc:65:bd:df:c7:50:b6:f3:
36:ab:93:30:4d:59:16:66:4a:2e:44:5f:25:6f:4f:13:3f:cd:
c1:0a:ab:e4:f3:29:90:33:d4:1c:8f:c8:34:f7:31:50:ed:5a:
97:94:1e:6e:2a:ae:6e:8c:e2:f6:5b:32:3c:cc:f6:30:06:98:
9b:16:4c:16:6c:a4:c1:5c:86:f1:a8:cd:43:3a:4c:2f:94:00:
3d:c4:b1:f5:fb:4d:56:47:12:b7:7f:16:99:0e:b3:97:4e:f6:
e9:db:73:3e
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
RDU4ODExMC8GA1UEBRMoODgyODU5RDUyMzAxRjAxNTcxRDlENENGOTUzRjQ1RTA3
NUUwOUE5ODAeFw0yNTA4MjIwMjExNDlaFw0yNjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4YTdkMWU1LWFiMmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBKa+V5lG8Nm31FKIRsbGfIpyiqHz2ksB9LuyOhilWSq3IaZXSI47VCvUCw3Hq
4iaFZJPcDp1Y51U1R6FVsCBfKR/jtiD9GjJ++hw7MRbYlzQA3Z1cqpVOE73QHCFn
CNRkkgywtETuiWayK1dMGjXW0W9UPTmh4cKn/yMTNCktJgbzd2jws8wrNwJmkHGT
zP5kSuPJmrq0DaxKWPuheeK4zkD5QkNJLxFNcH+kw0yZKaHxw6048lrl6F2XPigR
YtOKDdRtjxvZEiJapi7XIgnlWY40Q1h0hUTrCxI/BUMSaWZ/+xjMvo+xzHMT44Al
+U47fCjJWCDaCx161H/OEtkFAgMBAAGjggLnMIIC4zAdBgNVHQ4EFgQU5FKR5DZW
5tdFmFSH2A/6EeehiB0wHwYDVR0jBBgwFoAUiChZ1SMB8BVx2dTPlT9F4HXgmpgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlENTg4L0JGN0Q1RTc2N0JG
MzExRjBBMDVGQUQ4MkM0RjlBRTAyL2lDaFoxU01COEJWeDJkVFBsVDlGNEhYZ21w
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaUNoWjFTTUI4QlZ4MmRUUGxUOUY0SFhnbXBnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
RDU4OC9CRjdENUU3NjdCRjMxMUYwQTA1RkFEODJDNEY5QUUwMi81QzdERTY5RTdF
RkQxMUYwODI3QzVGMURDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBxBggrBgEFBQcBBwEB/wRi
MGAwSAQCAAEwQgMEAiv1hAMEAmcfWAMEAGcvAAMEAWc3hgMEAGc9gAMEAGc9ggME
AmdPrAMEApAw6AMEAsqzkAMEAMum2AMEAsu9fDAUBAIAAjAOAwUAJAGBQAMFACQC
TIAwDQYJKoZIhvcNAQELBQADggEBANJlvoZqhALoeB7D5bFJelTjBSENltCxftQY
jaob0SDu1DNH2rPw3+vtqFNyzYsHnGJdCnLfTzuw+44C1D/1zFUxtZkgFHuKvOWv
KqKOTidKrqKBKDPV8MdInzBXRQhSMskbOMgKa38Tq3gkbtEvDb5GscvYiED2HMad
zyfpzx46FXHFuhGRlaLSqV0Na46eM02PUeG9NkKdHOC8Zb3fx1C28zarkzBNWRZm
Si5EXyVvTxM/zcEKq+TzKZAz1ByPyDT3MVDtWpeUHm4qrm6M4vZbMjzM9jAGmJsW
TBZspMFchvGozUM6TC+UAD3EsfX7TVZHErd/FpkOs5dO9unbcz4=
-----END CERTIFICATE-----
Generated at Fri Aug 22 18:46:49 2025 by rpki-client