Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
File: 82BB885E4B9811EB85F74960C4F9AE02.roa (raw, json)
Hash identifier: 4+YaEU8/WKlhoShMZ2jQANGth6P34fJaow29AZ/vK1g=
Subject key identifier: B0:CC:4B:21:D5:E6:83:A1:5F:8F:DF:20:54:EC:EE:A5:2E:CA:F7:40
Certificate issuer: /CN=A91AB20B/serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Certificate serial: 081B
Authority key identifier: 5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
Signing time: Tue 02 Sep 2025 21:42:12 +0000
ROA not before: Tue 02 Sep 2025 21:42:12 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 38193
IP address blocks: 103.86.38.0/24 maxlen: 24
103.92.20.0/22 maxlen: 24
110.93.192.0/18 maxlen: 23
110.93.192.0/24 maxlen: 24
110.93.194.0/23 maxlen: 24
110.93.196.0/22 maxlen: 24
110.93.200.0/21 maxlen: 24
110.93.208.0/21 maxlen: 24
110.93.216.0/22 maxlen: 24
110.93.220.0/23 maxlen: 24
110.93.222.0/24 maxlen: 24
110.93.224.0/23 maxlen: 24
110.93.229.0/24 maxlen: 24
110.93.231.0/24 maxlen: 24
110.93.232.0/22 maxlen: 24
110.93.238.0/23 maxlen: 24
110.93.241.0/24 maxlen: 24
110.93.242.0/23 maxlen: 24
110.93.248.0/21 maxlen: 24
117.20.16.0/20 maxlen: 23
117.20.16.0/21 maxlen: 24
117.20.24.0/22 maxlen: 24
117.20.28.0/24 maxlen: 24
117.20.30.0/23 maxlen: 24
119.63.128.0/20 maxlen: 23
119.63.128.0/21 maxlen: 24
119.63.136.0/23 maxlen: 24
119.63.140.0/22 maxlen: 24
221.132.112.0/21 maxlen: 23
221.132.112.0/22 maxlen: 24
221.132.116.0/23 maxlen: 24
221.132.118.0/24 maxlen: 24
2404:d400::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Sep 2025 19:50:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2075 (0x81b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB20B, serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Validity
Not Before: Sep 2 21:42:12 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68b764b3-7f3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f2:c5:5f:25:6f:13:5b:5a:93:37:c9:fe:44:
02:df:a8:4f:11:76:a8:d6:07:03:4f:35:cb:68:ab:
e1:f6:81:ec:01:27:78:47:06:16:06:de:80:98:de:
17:7b:53:ce:02:72:fb:67:a0:d0:06:1b:8f:fe:79:
fb:d6:d4:8b:c0:6b:9f:54:41:27:37:50:1a:75:30:
8c:0f:09:b3:50:68:1b:af:29:cb:fe:7e:2a:13:7e:
ae:74:e3:23:39:14:06:de:5e:74:56:9c:25:d4:9a:
10:77:d7:58:93:b2:3c:48:64:75:a8:99:8e:2d:f4:
34:89:75:92:08:b2:d5:5e:f4:8f:81:e6:7f:f3:dc:
b7:08:05:18:8d:54:ce:6d:36:1f:46:9e:dd:aa:c4:
2b:b0:8e:37:7b:f1:38:46:d6:02:ba:e2:99:25:d6:
d5:d9:fc:4c:3c:e1:5a:6e:52:7e:a4:13:c6:6e:4b:
10:eb:ae:d9:d3:47:5c:c1:7d:91:2a:a3:7f:8c:20:
4a:05:39:12:cb:31:b6:13:14:7a:15:76:6d:5b:56:
6e:64:a7:85:62:07:d0:dd:bd:86:76:e9:2b:40:9f:
8d:fe:a5:a7:f4:57:d5:2c:10:f5:82:a0:44:22:94:
63:07:a8:95:77:4a:da:cd:65:92:fc:38:3b:f5:bf:
97:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:CC:4B:21:D5:E6:83:A1:5F:8F:DF:20:54:EC:EE:A5:2E:CA:F7:40
X509v3 Authority Key Identifier:
keyid:5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.86.38.0/24
103.92.20.0/22
110.93.192.0/18
117.20.16.0/20
119.63.128.0/20
221.132.112.0/21
IPv6:
2404:d400::/32
Signature Algorithm: sha256WithRSAEncryption
58:0c:03:e7:80:f7:0d:32:67:e7:e7:72:a0:35:0b:49:aa:01:
8d:69:b0:b2:c1:d6:23:3a:da:07:06:8b:04:86:ff:d0:63:18:
11:16:6b:e4:4e:b5:2b:7d:9c:22:1e:8a:59:95:1b:2c:c7:38:
92:7f:35:c3:50:78:55:a0:84:70:48:38:eb:64:fe:91:9b:02:
7f:c1:1e:1c:ee:60:fc:77:13:70:2d:0f:50:77:60:a4:f1:6a:
0b:0e:fb:35:61:e4:34:7d:0b:41:3d:63:46:21:e1:1c:e9:f2:
88:59:34:b9:3a:e3:09:c1:d4:75:52:db:c4:62:d7:27:9c:b7:
3c:38:a8:44:e3:c7:3c:6d:c0:fc:ce:02:24:92:38:d5:39:59:
ad:03:6a:19:40:d2:7c:ea:cd:e7:55:77:ba:17:5e:dc:1c:fd:
26:0f:99:bb:d9:ac:08:cd:f8:9f:a3:e2:33:7a:b7:da:f5:dd:
49:43:70:c2:b6:05:f2:cb:c4:c6:97:12:a0:ce:53:ca:b1:57:
1f:ab:fe:c8:7b:5c:7c:0a:6a:cb:02:d6:ec:c2:eb:2d:aa:a6:
e5:6f:be:8c:36:a9:8b:94:39:a0:57:84:1b:f7:0b:3a:01:ab:
59:99:9e:6b:e3:2a:1e:ba:13:03:2c:f1:93:c8:6a:b7:ed:52:
f7:c5:78:23
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICCBswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUIyMEIxMTAvBgNVBAUTKDVFQzFBNkFENzZBM0FCRkRDMUUxMzI5RUIyNjM3QzAx
ODY0QjQ4MDgwHhcNMjUwOTAyMjE0MjEyWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI3NjRiMy03ZjNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr/LFXyVvE1takzfJ/kQC36hPEXao1gcDTzXLaKvh9oHsASd4RwYWBt6AmN4X
e1POAnL7Z6DQBhuP/nn71tSLwGufVEEnN1AadTCMDwmzUGgbrynL/n4qE36udOMj
ORQG3l50Vpwl1JoQd9dYk7I8SGR1qJmOLfQ0iXWSCLLVXvSPgeZ/89y3CAUYjVTO
bTYfRp7dqsQrsI43e/E4RtYCuuKZJdbV2fxMPOFablJ+pBPGbksQ667Z00dcwX2R
KqN/jCBKBTkSyzG2ExR6FXZtW1ZuZKeFYgfQ3b2GdukrQJ+N/qWn9FfVLBD1gqBE
IpRjB6iVd0razWWS/Dg79b+XEQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFLDMSyHV
5oOhX4/fIFTs7qUuyvdAMB8GA1UdIwQYMBaAFF7Bpq12o6v9weEynrJjfAGGS0gI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjIwQi9CQTcxQjY0ODEy
MDMxMUVCQkFBMTk0MTRDNEY5QUUwMi9Yc0dtclhhanFfM0I0VEtlc21OOEFZWkxT
QWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hzR21yWGFqcV8zQjRUS2VzbU44QVlaTFNBZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUIyMEIvQkE3MUI2NDgxMjAzMTFFQkJBQTE5NDE0QzRGOUFFMDIvODJCQjg4NUU0
Qjk4MTFFQjg1Rjc0OTYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBABnViYDBAJnXBQDBAZuXcADBAR1FBADBAR3P4ADBAPdhHAw
DQQCAAIwBwMFACQE1AAwDQYJKoZIhvcNAQELBQADggEBAFgMA+eA9w0yZ+fncqA1
C0mqAY1psLLB1iM62gcGiwSG/9BjGBEWa+ROtSt9nCIeilmVGyzHOJJ/NcNQeFWg
hHBIOOtk/pGbAn/BHhzuYPx3E3AtD1B3YKTxagsO+zVh5DR9C0E9Y0Yh4Rzp8ohZ
NLk64wnB1HVS28Ri1yectzw4qETjxzxtwPzOAiSSONU5Wa0DahlA0nzqzedVd7oX
Xtwc/SYPmbvZrAjN+J+j4jN6t9r13UlDcMK2BfLLxMaXEqDOU8qxVx+r/sh7XHwK
assC1uzC6y2qpuVvvow2qYuUOaBXhBv3CzoBq1mZnmvjKh66EwMs8ZPIarftUvfF
eCM=
-----END CERTIFICATE-----
Generated at Sat Sep 6 23:09:09 2025 by rpki-client