Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/8DEEDC96E6B511EF9FEF6436C4F9AE02.roa
File: 8DEEDC96E6B511EF9FEF6436C4F9AE02.roa (raw, json)
Hash identifier: PXNaSMJ5YVKmgSX7D94F0YVFvnDTmRG8eGKKeg/Al70=
Subject key identifier: 32:A3:E3:00:18:78:74:82:6B:5B:C9:93:A3:14:10:75:0C:EE:72:4E
Certificate issuer: /CN=A91CD39D/serialNumber=56B983E46BCBA115FF2265FE491909C7D74147F3
Certificate serial: 05B2
Authority key identifier: 56:B9:83:E4:6B:CB:A1:15:FF:22:65:FE:49:19:09:C7:D7:41:47:F3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VrmD5GvLoRX_ImX-SRkJx9dBR_M.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/8DEEDC96E6B511EF9FEF6436C4F9AE02.roa
Signing time: Wed 21 May 2025 06:32:56 +0000
ROA not before: Wed 21 May 2025 06:32:56 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 45271
IP address blocks: 1.38.209.0/24 maxlen: 24
1.38.210.0/24 maxlen: 24
1.187.0.0/22 maxlen: 22
1.187.4.0/22 maxlen: 22
1.187.12.0/22 maxlen: 22
1.187.16.0/22 maxlen: 22
1.187.20.0/22 maxlen: 22
1.187.24.0/22 maxlen: 22
1.187.112.0/21 maxlen: 21
1.187.120.0/21 maxlen: 21
1.187.144.0/22 maxlen: 22
1.187.148.0/22 maxlen: 22
1.187.152.0/22 maxlen: 22
1.187.156.0/22 maxlen: 22
1.187.180.0/24 maxlen: 24
1.187.181.0/24 maxlen: 24
1.187.182.0/24 maxlen: 24
1.187.183.0/24 maxlen: 24
1.187.184.0/22 maxlen: 22
1.187.188.0/22 maxlen: 22
1.187.212.0/24 maxlen: 24
1.187.213.0/24 maxlen: 24
1.187.214.0/24 maxlen: 24
1.187.215.0/24 maxlen: 24
1.187.216.0/24 maxlen: 24
1.187.217.0/24 maxlen: 24
1.187.218.0/24 maxlen: 24
1.187.219.0/24 maxlen: 24
1.187.220.0/24 maxlen: 24
1.187.221.0/24 maxlen: 24
1.187.222.0/24 maxlen: 24
1.187.223.0/24 maxlen: 24
1.187.224.0/22 maxlen: 22
1.187.228.0/22 maxlen: 22
1.187.232.0/22 maxlen: 22
1.187.236.0/22 maxlen: 22
1.187.240.0/22 maxlen: 22
1.187.244.0/22 maxlen: 22
1.187.248.0/22 maxlen: 22
1.187.252.0/22 maxlen: 22
106.66.17.0/24 maxlen: 24
106.66.24.0/24 maxlen: 24
106.66.25.0/24 maxlen: 24
106.66.26.0/24 maxlen: 24
106.66.28.0/24 maxlen: 24
106.66.29.0/24 maxlen: 24
106.66.31.0/24 maxlen: 24
106.66.38.0/23 maxlen: 23
106.66.44.0/24 maxlen: 24
106.66.45.0/24 maxlen: 24
106.66.52.0/22 maxlen: 22
106.66.56.0/22 maxlen: 22
106.66.60.0/24 maxlen: 24
106.66.61.0/24 maxlen: 24
106.66.62.0/24 maxlen: 24
106.66.63.0/24 maxlen: 24
106.66.131.0/24 maxlen: 24
106.66.132.0/24 maxlen: 24
106.66.133.0/24 maxlen: 24
106.66.134.0/24 maxlen: 24
106.66.135.0/24 maxlen: 24
106.66.139.0/24 maxlen: 24
106.66.140.0/24 maxlen: 24
106.66.141.0/24 maxlen: 24
106.66.142.0/24 maxlen: 24
106.66.143.0/24 maxlen: 24
106.66.147.0/24 maxlen: 24
106.66.148.0/24 maxlen: 24
106.66.149.0/24 maxlen: 24
106.66.150.0/24 maxlen: 24
106.66.151.0/24 maxlen: 24
106.66.156.0/24 maxlen: 24
106.66.157.0/24 maxlen: 24
106.66.158.0/24 maxlen: 24
106.66.159.0/24 maxlen: 24
106.66.176.0/24 maxlen: 24
106.66.177.0/24 maxlen: 24
106.66.178.0/24 maxlen: 24
106.66.179.0/24 maxlen: 24
106.66.180.0/24 maxlen: 24
106.66.181.0/24 maxlen: 24
106.66.182.0/24 maxlen: 24
106.66.183.0/24 maxlen: 24
106.66.184.0/24 maxlen: 24
106.66.185.0/24 maxlen: 24
106.66.186.0/24 maxlen: 24
106.66.187.0/24 maxlen: 24
106.66.188.0/24 maxlen: 24
106.66.189.0/24 maxlen: 24
106.66.190.0/24 maxlen: 24
106.66.191.0/24 maxlen: 24
112.110.0.0/21 maxlen: 21
112.110.8.0/21 maxlen: 21
112.110.16.0/21 maxlen: 21
112.110.24.0/21 maxlen: 21
112.110.71.0/24 maxlen: 24
112.110.72.0/24 maxlen: 24
112.110.73.0/24 maxlen: 24
112.110.74.0/24 maxlen: 24
112.110.75.0/24 maxlen: 24
112.110.77.0/24 maxlen: 24
112.110.79.0/24 maxlen: 24
112.110.85.0/24 maxlen: 24
112.110.86.0/24 maxlen: 24
112.110.88.0/24 maxlen: 24
112.110.92.0/24 maxlen: 24
112.110.96.0/21 maxlen: 21
112.110.104.0/21 maxlen: 21
112.110.112.0/21 maxlen: 21
112.110.112.0/24 maxlen: 24
112.110.113.0/24 maxlen: 24
112.110.114.0/24 maxlen: 24
112.110.115.0/24 maxlen: 24
112.110.116.0/24 maxlen: 24
112.110.117.0/24 maxlen: 24
112.110.118.0/24 maxlen: 24
112.110.119.0/24 maxlen: 24
112.110.120.0/22 maxlen: 22
112.110.120.0/24 maxlen: 24
112.110.121.0/24 maxlen: 24
112.110.122.0/24 maxlen: 24
112.110.123.0/24 maxlen: 24
112.110.125.0/24 maxlen: 24
112.110.126.0/24 maxlen: 24
112.110.144.0/24 maxlen: 24
112.110.160.0/24 maxlen: 24
115.69.157.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/VrmD5GvLoRX_ImX-SRkJx9dBR_M.crl
rsync://rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/VrmD5GvLoRX_ImX-SRkJx9dBR_M.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VrmD5GvLoRX_ImX-SRkJx9dBR_M.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Jun 2025 00:22:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1458 (0x5b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CD39D, serialNumber=56B983E46BCBA115FF2265FE491909C7D74147F3
Validity
Not Before: May 21 06:32:56 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=682d7398-b33d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:44:3e:c5:1b:a4:41:7d:cf:9d:a1:cf:b1:61:
59:56:8c:a2:f6:a9:4a:06:11:4d:45:15:dc:01:4e:
84:6f:87:c6:7f:24:1e:ee:45:83:4d:6e:b3:db:9f:
59:8f:ee:bb:99:48:fe:19:95:b2:13:b1:8e:86:a7:
ca:bf:a8:6a:42:a3:1f:63:ad:58:f5:3e:9d:97:34:
7b:16:13:fa:a6:31:0b:a6:a1:18:07:d6:8f:19:9c:
63:08:72:18:d7:6a:b6:de:99:f0:aa:ce:88:99:58:
bc:e5:0b:ad:34:2f:52:b1:07:04:c5:a1:5b:09:6a:
c4:b9:4a:e1:b0:11:66:a6:8c:26:d3:b5:28:55:ba:
78:c4:01:81:e8:1d:d6:2a:ae:b8:62:e1:15:81:20:
9f:5c:ea:77:7a:41:6e:84:24:3b:6f:da:40:31:ce:
f0:1c:84:74:d1:a7:03:9e:4a:19:73:5c:49:12:3f:
50:de:c7:d0:d0:b8:22:c6:d1:ad:a8:6d:ea:e8:19:
60:a6:3d:3b:2c:f0:81:3e:00:a6:46:33:6c:9a:86:
2e:75:a0:d8:12:74:eb:1a:33:15:5c:3a:d2:48:b8:
64:4f:10:ca:d6:74:bf:5e:8f:d7:78:cb:70:87:b8:
dd:b7:2d:83:26:55:67:2c:ef:a1:72:f5:63:5b:fc:
ce:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:A3:E3:00:18:78:74:82:6B:5B:C9:93:A3:14:10:75:0C:EE:72:4E
X509v3 Authority Key Identifier:
keyid:56:B9:83:E4:6B:CB:A1:15:FF:22:65:FE:49:19:09:C7:D7:41:47:F3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/VrmD5GvLoRX_ImX-SRkJx9dBR_M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VrmD5GvLoRX_ImX-SRkJx9dBR_M.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CD39D/DE7D2F944E7611ECA5720B79C4F9AE02/8DEEDC96E6B511EF9FEF6436C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.38.209.0-1.38.210.255
1.187.0.0/21
1.187.12.0-1.187.27.255
1.187.112.0/20
1.187.144.0/20
1.187.180.0-1.187.191.255
1.187.212.0-1.187.255.255
106.66.17.0/24
106.66.24.0-106.66.26.255
106.66.28.0/23
106.66.31.0/24
106.66.38.0/23
106.66.44.0/23
106.66.52.0-106.66.63.255
106.66.131.0-106.66.135.255
106.66.139.0-106.66.143.255
106.66.147.0-106.66.151.255
106.66.156.0/22
106.66.176.0/20
112.110.0.0/19
112.110.71.0-112.110.75.255
112.110.77.0/24
112.110.79.0/24
112.110.85.0-112.110.86.255
112.110.88.0/24
112.110.92.0/24
112.110.96.0-112.110.123.255
112.110.125.0-112.110.126.255
112.110.144.0/24
112.110.160.0/24
115.69.157.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:b5:68:3a:96:30:de:31:8c:a3:94:69:0a:94:f2:93:fc:1a:
30:4b:50:f7:2a:9d:79:d0:26:d3:81:11:88:37:d9:c0:1f:6c:
b4:45:8c:ec:e2:3d:f7:87:27:17:e1:36:60:0c:77:fa:49:ec:
fe:c1:0e:62:a3:74:8f:ef:7b:af:74:a8:2a:bd:cc:2a:77:be:
62:fc:5e:4e:a9:85:53:e6:43:b6:d0:8e:da:1b:48:ae:5b:db:
a3:67:18:6b:d1:a3:c8:57:ea:0d:8d:4f:79:31:6f:56:cd:0d:
a0:d1:03:51:81:9f:a2:a4:88:b5:e5:1a:f1:c5:d3:b3:2a:2b:
38:f0:6a:9c:69:26:77:19:f9:7c:7e:12:ac:f4:35:ce:22:f4:
12:92:ee:bf:a2:0a:c8:17:3b:06:49:6f:7d:d2:93:dc:dc:29:
f1:f7:bd:37:87:18:d8:bc:b9:c5:eb:79:99:af:a1:50:ba:f3:
81:00:bc:98:a7:d4:23:9c:68:ab:69:b6:7d:cb:03:3f:43:a7:
f6:78:9f:f6:ab:00:84:9f:49:d9:7d:9f:68:eb:33:14:1a:6e:
9c:84:83:c9:8d:13:36:14:48:8c:c8:21:02:67:b9:f6:e6:f4:
82:a9:45:51:18:e1:1b:c4:42:16:d8:5f:5c:57:ad:de:e3:ba:
84:6a:20:84
-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgICBbIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0QzOUQxMTAvBgNVBAUTKDU2Qjk4M0U0NkJDQkExMTVGRjIyNjVGRTQ5MTkwOUM3
RDc0MTQ3RjMwHhcNMjUwNTIxMDYzMjU2WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJkNzM5OC1iMzNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwkQ+xRukQX3PnaHPsWFZVoyi9qlKBhFNRRXcAU6Eb4fGfyQe7kWDTW6z259Z
j+67mUj+GZWyE7GOhqfKv6hqQqMfY61Y9T6dlzR7FhP6pjELpqEYB9aPGZxjCHIY
12q23pnwqs6ImVi85QutNC9SsQcExaFbCWrEuUrhsBFmpowm07UoVbp4xAGB6B3W
Kq64YuEVgSCfXOp3ekFuhCQ7b9pAMc7wHIR00acDnkoZc1xJEj9Q3sfQ0LgixtGt
qG3q6Blgpj07LPCBPgCmRjNsmoYudaDYEnTrGjMVXDrSSLhkTxDK1nS/Xo/XeMtw
h7jdty2DJlVnLO+hcvVjW/zOaQIDAQABo4IDujCCA7YwHQYDVR0OBBYEFDKj4wAY
eHSCa1vJk6MUEHUM7nJOMB8GA1UdIwQYMBaAFFa5g+Rry6EV/yJl/kkZCcfXQUfz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRDM5RC9ERTdEMkY5NDRF
NzYxMUVDQTU3MjBCNzlDNEY5QUUwMi9Wcm1ENUd2TG9SWF9JbVgtU1JrSng5ZEJS
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZybUQ1R3ZMb1JYX0ltWC1TUmtKeDlkQlJfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0QzOUQvREU3RDJGOTQ0RTc2MTFFQ0E1NzIwQjc5QzRGOUFFMDIvOERFRURDOTZF
NkI1MTFFRjlGRUY2NDM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggFCBggrBgEFBQcBBwEB
/wSCATEwggEtMIIBKQQCAAEwggEhMAwDBAABJtEDBAABJtIDBAMBuwAwDAMEAgG7
DAMEAgG7GAMEBAG7cAMEBAG7kDAMAwQCAbu0AwQGAbuAMAsDBAIBu9QDAwIBuAME
AGpCETAMAwQDakIYAwQAakIaAwQBakIcAwQAakIfAwQBakImAwQBakIsMAwDBAJq
QjQDBAZqQgAwDAMEAGpCgwMEA2pCgDAMAwQAakKLAwQEakKAMAwDBABqQpMDBANq
QpADBAJqQpwDBARqQrADBAVwbgAwDAMEAHBuRwMEAnBuSAMEAHBuTQMEAHBuTzAM
AwQAcG5VAwQAcG5WAwQAcG5YAwQAcG5cMAwDBAVwbmADBAJwbngwDAMEAHBufQME
AHBufgMEAHBukAMEAHBuoAMEAHNFnTANBgkqhkiG9w0BAQsFAAOCAQEAK7VoOpYw
3jGMo5RpCpTyk/waMEtQ9yqdedAm04ERiDfZwB9stEWM7OI994cnF+E2YAx3+kns
/sEOYqN0j+97r3SoKr3MKne+YvxeTqmFU+ZDttCO2htIrlvbo2cYa9GjyFfqDY1P
eTFvVs0NoNEDUYGfoqSIteUa8cXTsyorOPBqnGkmdxn5fH4SrPQ1ziL0EpLuv6IK
yBc7BklvfdKT3Nwp8fe9N4cY2Ly5xet5ma+hULrzgQC8mKfUI5xoq2m2fcsDP0On
9nif9qsAhJ9J2X2faOszFBpunISDyY0TNhRIjMghAme59ub0gqlFURjhG8RCFthf
XFet3uO6hGoghA==
-----END CERTIFICATE-----
Generated at Mon Jun 2 07:00:13 2025 by rpki-client