Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/A7098B604A5411F0A2CC9015C4F9AE02.roa
File: A7098B604A5411F0A2CC9015C4F9AE02.roa (raw, json)
Hash identifier: mBi2xBGJz7ABmwG7Kd/FaX5nMMQUKh+oy7XK2XR044o=
Subject key identifier: 32:40:5C:24:C5:A3:8F:CF:D8:BC:2A:32:26:70:6B:3C:3F:FE:45:5F
Certificate issuer: /CN=A91C2168/serialNumber=9D346E6DB39C3D330C1AFF94060E15055FF4ED1C
Certificate serial: 34EA
Authority key identifier: 9D:34:6E:6D:B3:9C:3D:33:0C:1A:FF:94:06:0E:15:05:5F:F4:ED:1C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nTRubbOcPTMMGv-UBg4VBV_07Rw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/A7098B604A5411F0A2CC9015C4F9AE02.roa
Signing time: Sat 30 Aug 2025 20:10:51 +0000
ROA not before: Sat 30 Aug 2025 20:10:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24324
IP address blocks: 122.200.176.0/20 maxlen: 20
122.200.176.0/24 maxlen: 24
122.200.177.0/24 maxlen: 24
122.200.178.0/24 maxlen: 24
122.200.179.0/24 maxlen: 24
122.200.180.0/24 maxlen: 24
122.200.181.0/24 maxlen: 24
122.200.182.0/24 maxlen: 24
122.200.183.0/24 maxlen: 24
122.200.184.0/24 maxlen: 24
122.200.185.0/24 maxlen: 24
122.200.186.0/24 maxlen: 24
122.200.187.0/24 maxlen: 24
122.200.188.0/24 maxlen: 24
122.200.189.0/24 maxlen: 24
122.200.190.0/24 maxlen: 24
122.200.191.0/24 maxlen: 24
124.157.64.0/19 maxlen: 19
124.157.64.0/24 maxlen: 24
124.157.65.0/24 maxlen: 24
124.157.66.0/24 maxlen: 24
124.157.67.0/24 maxlen: 24
124.157.68.0/22 maxlen: 22
124.157.68.0/24 maxlen: 24
124.157.69.0/24 maxlen: 24
124.157.70.0/24 maxlen: 24
124.157.71.0/24 maxlen: 24
124.157.72.0/24 maxlen: 24
124.157.73.0/24 maxlen: 24
124.157.74.0/24 maxlen: 24
124.157.75.0/24 maxlen: 24
124.157.76.0/24 maxlen: 24
124.157.77.0/24 maxlen: 24
124.157.78.0/24 maxlen: 24
124.157.79.0/24 maxlen: 24
124.157.80.0/24 maxlen: 24
124.157.81.0/24 maxlen: 24
124.157.82.0/24 maxlen: 24
124.157.83.0/24 maxlen: 24
124.157.84.0/24 maxlen: 24
124.157.85.0/24 maxlen: 24
124.157.86.0/24 maxlen: 24
124.157.87.0/24 maxlen: 24
124.157.88.0/24 maxlen: 24
124.157.89.0/24 maxlen: 24
124.157.90.0/24 maxlen: 24
124.157.91.0/24 maxlen: 24
124.157.92.0/24 maxlen: 24
124.157.93.0/24 maxlen: 24
124.157.94.0/24 maxlen: 24
124.157.95.0/24 maxlen: 24
124.157.96.0/19 maxlen: 19
124.157.96.0/24 maxlen: 24
124.157.97.0/24 maxlen: 24
124.157.98.0/24 maxlen: 24
124.157.99.0/24 maxlen: 24
124.157.100.0/24 maxlen: 24
124.157.101.0/24 maxlen: 24
124.157.102.0/24 maxlen: 24
124.157.103.0/24 maxlen: 24
124.157.104.0/24 maxlen: 24
124.157.105.0/24 maxlen: 24
124.157.106.0/24 maxlen: 24
124.157.107.0/24 maxlen: 24
124.157.108.0/24 maxlen: 24
124.157.109.0/24 maxlen: 24
124.157.110.0/24 maxlen: 24
124.157.111.0/24 maxlen: 24
124.157.112.0/24 maxlen: 24
124.157.113.0/24 maxlen: 24
124.157.114.0/24 maxlen: 24
124.157.115.0/24 maxlen: 24
124.157.116.0/24 maxlen: 24
124.157.117.0/24 maxlen: 24
124.157.118.0/24 maxlen: 24
124.157.119.0/24 maxlen: 24
124.157.120.0/24 maxlen: 24
124.157.121.0/24 maxlen: 24
124.157.122.0/24 maxlen: 24
124.157.123.0/24 maxlen: 24
124.157.124.0/24 maxlen: 24
124.157.125.0/24 maxlen: 24
124.157.126.0/24 maxlen: 24
124.157.127.0/24 maxlen: 24
202.36.132.0/24 maxlen: 24
202.49.128.0/21 maxlen: 21
202.49.128.0/24 maxlen: 24
202.49.129.0/24 maxlen: 24
202.49.130.0/24 maxlen: 24
202.49.131.0/24 maxlen: 24
202.49.132.0/24 maxlen: 24
202.49.133.0/24 maxlen: 24
202.49.134.0/24 maxlen: 24
202.49.135.0/24 maxlen: 24
203.14.20.0/24 maxlen: 24
203.161.187.0/24 maxlen: 24
203.195.124.0/24 maxlen: 24
2404:6c00::/32 maxlen: 32
2404:6c00:1::/48 maxlen: 48
2404:6c00:a000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/nTRubbOcPTMMGv-UBg4VBV_07Rw.crl
rsync://rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/nTRubbOcPTMMGv-UBg4VBV_07Rw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nTRubbOcPTMMGv-UBg4VBV_07Rw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Sep 2025 14:43:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13546 (0x34ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C2168, serialNumber=9D346E6DB39C3D330C1AFF94060E15055FF4ED1C
Validity
Not Before: Aug 30 20:10:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68b35aca-974f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:dc:e9:67:d8:59:8a:16:a8:38:e8:fd:01:61:
16:1d:b5:f9:be:6a:36:67:a4:67:10:b9:64:2b:a3:
e3:90:8c:0b:16:ea:26:38:41:74:c3:a1:c1:1d:61:
b7:bd:57:03:90:91:51:7d:86:e9:1a:46:c1:8d:f6:
b1:a5:32:a0:68:d2:b2:3d:72:0d:c6:15:a8:4a:97:
72:ae:d1:2d:13:55:7e:bb:a4:4a:0d:99:cd:f1:0a:
2c:a5:3c:90:8d:07:c1:a2:d1:1e:f8:6d:df:1a:0d:
c2:90:84:d7:16:90:32:b5:a1:82:ab:f5:4e:74:42:
29:63:a4:fd:1c:90:7e:87:fb:f7:19:05:24:93:c3:
3b:8e:af:e2:4d:70:af:cc:78:cc:59:80:9c:18:84:
44:ab:4e:c2:82:1f:0d:ae:d8:97:ea:58:2f:ef:75:
72:e4:59:db:7f:8d:eb:0f:c3:d4:dd:01:7c:67:ac:
9a:b1:de:5f:b6:1f:05:5d:15:d8:4a:ca:3c:51:52:
09:6f:09:e4:42:e5:a8:7c:11:25:34:6e:32:c9:13:
4f:e5:88:c9:03:0d:12:c8:c8:ad:fb:77:33:f2:95:
ce:55:01:af:23:e3:b7:e6:ba:63:48:46:c7:d1:33:
f5:29:08:75:9e:27:6f:b6:35:22:64:d8:c3:df:44:
1b:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:40:5C:24:C5:A3:8F:CF:D8:BC:2A:32:26:70:6B:3C:3F:FE:45:5F
X509v3 Authority Key Identifier:
keyid:9D:34:6E:6D:B3:9C:3D:33:0C:1A:FF:94:06:0E:15:05:5F:F4:ED:1C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/nTRubbOcPTMMGv-UBg4VBV_07Rw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nTRubbOcPTMMGv-UBg4VBV_07Rw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C2168/24C62C061D9111E2924430F308B02CD2/A7098B604A5411F0A2CC9015C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
122.200.176.0/20
124.157.64.0/18
202.36.132.0/24
202.49.128.0/21
203.14.20.0/24
203.161.187.0/24
203.195.124.0/24
IPv6:
2404:6c00::/32
Signature Algorithm: sha256WithRSAEncryption
12:cc:d1:a3:0a:8c:4a:4e:3b:b9:f7:ae:c0:cd:30:01:b6:4b:
12:01:a4:93:12:1e:01:0f:a2:37:8e:a1:50:eb:4a:ad:ee:a1:
14:8e:8b:c3:0a:11:aa:47:ac:0a:07:e8:f6:ca:f3:e4:6f:f1:
fb:5f:2e:41:02:68:3f:8c:4f:2d:ae:83:41:a8:5e:86:6e:34:
f9:54:cd:17:2d:f9:dc:af:88:55:4f:40:37:ff:03:e6:a3:04:
cf:25:f6:b1:8b:b7:54:33:b7:0a:e5:71:e7:fc:f5:13:9f:b0:
c6:77:f2:3f:49:b5:da:14:1a:53:70:c8:b3:5e:a6:73:31:20:
3d:4e:a7:da:e8:21:2b:7d:e3:49:98:0f:44:d2:6d:a9:ab:ec:
55:56:37:1a:59:45:d2:8d:2e:7c:70:a5:b5:16:80:0c:70:09:
7e:78:63:78:d6:ab:fd:63:ea:8f:fa:63:ef:8f:c8:f3:f7:1a:
22:db:ad:7d:39:10:72:5d:02:92:10:6d:d0:51:94:de:21:c2:
51:03:ce:7c:9c:1c:41:ed:0b:e3:bf:71:a0:54:7d:7c:40:3f:
7b:75:fc:0e:e6:f7:b3:67:83:d6:60:35:3f:8c:4b:53:79:12:
25:54:6f:50:15:f1:1f:50:75:a9:55:16:56:f4:63:24:15:78:
9d:3c:20:1d
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICNOowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzIxNjgxMTAvBgNVBAUTKDlEMzQ2RTZEQjM5QzNEMzMwQzFBRkY5NDA2MEUxNTA1
NUZGNEVEMUMwHhcNMjUwODMwMjAxMDUxWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzNWFjYS05NzRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAytzpZ9hZihaoOOj9AWEWHbX5vmo2Z6RnELlkK6PjkIwLFuomOEF0w6HBHWG3
vVcDkJFRfYbpGkbBjfaxpTKgaNKyPXINxhWoSpdyrtEtE1V+u6RKDZnN8QospTyQ
jQfBotEe+G3fGg3CkITXFpAytaGCq/VOdEIpY6T9HJB+h/v3GQUkk8M7jq/iTXCv
zHjMWYCcGIREq07Cgh8NrtiX6lgv73Vy5Fnbf43rD8PU3QF8Z6yasd5fth8FXRXY
Sso8UVIJbwnkQuWofBElNG4yyRNP5YjJAw0SyMit+3cz8pXOVQGvI+O35rpjSEbH
0TP1KQh1nidvtjUiZNjD30QbWwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFDJAXCTF
o4/P2LwqMiZwazw//kVfMB8GA1UdIwQYMBaAFJ00bm2znD0zDBr/lAYOFQVf9O0c
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMjE2OC8yNEM2MkMwNjFE
OTExMUUyOTI0NDMwRjMwOEIwMkNEMi9uVFJ1YmJPY1BUTU1Hdi1VQmc0VkJWXzA3
UncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25UUnViYk9jUFRNTUd2LVVCZzRWQlZfMDdSdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzIxNjgvMjRDNjJDMDYxRDkxMTFFMjkyNDQzMEYzMDhCMDJDRDIvQTcwOThCNjA0
QTU0MTFGMEEyQ0M5MDE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMDAEAgABMCoDBAR6yLADBAZ8nUADBADKJIQDBAPKMYADBADLDhQDBADLobsD
BADLw3wwDQQCAAIwBwMFACQEbAAwDQYJKoZIhvcNAQELBQADggEBABLM0aMKjEpO
O7n3rsDNMAG2SxIBpJMSHgEPojeOoVDrSq3uoRSOi8MKEapHrAoH6PbK8+Rv8ftf
LkECaD+MTy2ug0GoXoZuNPlUzRct+dyviFVPQDf/A+ajBM8l9rGLt1Qztwrlcef8
9ROfsMZ38j9JtdoUGlNwyLNepnMxID1Op9roISt940mYD0TSbamr7FVWNxpZRdKN
LnxwpbUWgAxwCX54Y3jWq/1j6o/6Y++PyPP3GiLbrX05EHJdApIQbdBRlN4hwlED
znycHEHtC+O/caBUfXxAP3t1/A7m97Nng9ZgNT+MS1N5EiVUb1AV8R9QdalVFlb0
YyQVeJ08IB0=
-----END CERTIFICATE-----
Generated at Mon Sep 8 13:34:14 2025 by rpki-client