Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
File: 236D4FF0FD9D11EC868CDF5DC4F9AE02.roa (raw, json)
Hash identifier: 0K1MrQSQm8pKMHQMtu2VIbqhJP366PQFOjPnnF6bEO4=
Subject key identifier: AA:32:79:63:75:88:15:76:77:CF:98:A9:76:B9:A1:F8:12:8C:60:17
Certificate issuer: /CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Certificate serial: 0365
Authority key identifier: C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
Signing time: Fri 05 Sep 2025 01:37:57 +0000
ROA not before: Fri 05 Sep 2025 01:37:57 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 6262
IP address blocks: 150.229.0.0/16 maxlen: 24
202.6.3.0/24 maxlen: 24
202.6.4.0/24 maxlen: 24
202.6.82.0/23 maxlen: 24
202.8.32.0/21 maxlen: 24
202.9.0.0/20 maxlen: 24
202.12.120.0/23 maxlen: 24
202.14.0.0/22 maxlen: 24
203.0.88.0/24 maxlen: 24
203.0.100.0/24 maxlen: 24
203.6.255.0/24 maxlen: 24
203.7.128.0/24 maxlen: 24
203.7.170.0/24 maxlen: 24
203.12.40.0/23 maxlen: 24
203.18.60.0/23 maxlen: 24
203.25.92.0/22 maxlen: 24
203.143.160.0/20 maxlen: 24
221.199.208.0/20 maxlen: 24
2402:1800::/32 maxlen: 40
2405:b000::/32 maxlen: 40
2405:b000:410::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 16 Sep 2025 01:09:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 869 (0x365)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F33A5, serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Validity
Not Before: Sep 5 01:37:57 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68ba3ef4-f9fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:24:e8:fd:92:08:77:80:0d:9d:74:bd:54:da:
32:51:ce:e4:d7:ea:24:67:91:ce:3a:b7:d0:da:35:
0c:96:b8:cc:30:d5:c0:c1:43:fb:9c:94:c8:fc:19:
2b:6c:d8:9b:85:2b:27:46:ac:5e:81:05:5a:1c:23:
5e:00:84:99:11:62:9e:30:bb:00:43:f4:60:e6:aa:
88:5e:20:9e:5e:f7:f2:a0:e1:e9:f7:12:d9:06:2f:
b7:a0:d3:ca:84:e4:ad:ca:42:ac:8e:e8:2f:f0:c4:
bf:4c:e1:d7:af:0e:e3:a0:34:cb:fa:9e:10:c2:ff:
4c:c7:f8:dd:ec:67:29:9a:a0:d3:47:08:fd:91:76:
b4:30:c4:e6:03:fa:b9:1d:6a:8b:be:e4:d9:c3:ea:
18:3d:d4:ab:32:b7:45:55:49:88:b5:1f:3a:b2:8e:
dd:e7:20:03:58:df:dc:5e:59:5d:07:ac:5e:16:94:
43:56:7a:06:b6:95:54:1f:cb:51:5a:a5:7d:b0:e0:
1f:a9:1d:6d:3d:c4:88:41:3d:13:bd:71:45:1f:e3:
29:2f:c2:8b:da:a7:a1:0f:aa:17:d2:4a:01:42:d1:
77:70:2e:0d:81:b5:f1:a5:80:91:5f:ef:e5:b6:16:
9f:1f:fc:39:d2:cc:a8:c9:df:60:b7:af:f1:b4:b9:
f9:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:32:79:63:75:88:15:76:77:CF:98:A9:76:B9:A1:F8:12:8C:60:17
X509v3 Authority Key Identifier:
keyid:C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.229.0.0/16
202.6.3.0-202.6.4.255
202.6.82.0/23
202.8.32.0/21
202.9.0.0/20
202.12.120.0/23
202.14.0.0/22
203.0.88.0/24
203.0.100.0/24
203.6.255.0/24
203.7.128.0/24
203.7.170.0/24
203.12.40.0/23
203.18.60.0/23
203.25.92.0/22
203.143.160.0/20
221.199.208.0/20
IPv6:
2402:1800::/32
2405:b000::/32
Signature Algorithm: sha256WithRSAEncryption
25:e4:d7:f4:44:aa:30:b4:93:6c:bb:41:85:6a:29:4b:bd:9e:
83:ac:51:dd:f3:8c:b7:5c:49:5f:c7:44:b9:8d:1f:a9:8b:f2:
3f:ba:8d:c1:c9:e2:0f:dd:9b:ff:a4:ee:74:5d:ee:c5:74:d2:
3a:4c:8b:99:85:01:ce:6d:7f:a8:2a:35:c4:1a:52:9d:75:c9:
a3:b6:91:1c:0b:17:2b:b5:9b:12:bf:64:39:ca:1c:9e:c5:df:
e0:e7:1b:e6:9c:65:18:41:d1:92:70:07:26:9d:cb:49:29:7f:
a9:94:8f:e0:fe:31:dd:04:ee:8d:c5:d5:c0:27:f0:aa:3d:0d:
e6:11:ce:bb:55:c4:07:e2:0c:76:14:d7:cc:3e:07:57:53:9b:
39:fd:03:42:18:f3:81:ba:38:48:08:5e:f6:62:46:8a:8c:8b:
d2:27:c1:f9:5f:2a:02:35:46:07:b1:d8:bd:99:b2:0f:95:90:
4d:11:77:21:45:71:a2:5e:2f:0a:c5:0e:6c:e7:ac:71:1c:0a:
9f:f0:42:08:80:c4:65:10:a1:16:2f:f1:bf:af:1d:df:1d:65:
e8:19:2e:00:20:35:3c:02:4a:4c:d2:f6:72:6e:7e:4c:9e:1f:
a1:b6:14:b9:c8:32:8a:56:cb:d1:5b:78:3d:70:1f:71:79:db:
88:df:3e:b2
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgICA2UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjMzQTUxMTAvBgNVBAUTKEM0RjYzOEMwOUUzNzIwNDZDMDFERjQ2MDRDMjgxMTY0
RjZBQzE2MjIwHhcNMjUwOTA1MDEzNzU3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGJhM2VmNC1mOWZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxSTo/ZIId4ANnXS9VNoyUc7k1+okZ5HOOrfQ2jUMlrjMMNXAwUP7nJTI/Bkr
bNibhSsnRqxegQVaHCNeAISZEWKeMLsAQ/Rg5qqIXiCeXvfyoOHp9xLZBi+3oNPK
hOStykKsjugv8MS/TOHXrw7joDTL+p4Qwv9Mx/jd7GcpmqDTRwj9kXa0MMTmA/q5
HWqLvuTZw+oYPdSrMrdFVUmItR86so7d5yADWN/cXlldB6xeFpRDVnoGtpVUH8tR
WqV9sOAfqR1tPcSIQT0TvXFFH+MpL8KL2qehD6oX0koBQtF3cC4NgbXxpYCRX+/l
thafH/w50syoyd9gt6/xtLn5cwIDAQABo4IDFTCCAxEwHQYDVR0OBBYEFKoyeWN1
iBV2d8+YqXa5ofgSjGAXMB8GA1UdIwQYMBaAFMT2OMCeNyBGwB30YEwoEWT2rBYi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMzNBNS8xQzBFNzA2QUQ0
RDgxMUVDQTQyNDVGMTBDNEY5QUUwMi94UFk0d0o0M0lFYkFIZlJnVENnUlpQYXNG
aUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hQWTR3SjQzSUViQUhmUmdUQ2dSWlBhc0ZpSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjMzQTUvMUMwRTcwNkFENEQ4MTFFQ0E0MjQ1RjEwQzRGOUFFMDIvMjM2RDRGRjBG
RDlEMTFFQzg2OENERjVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZ4GCCsGAQUFBwEHAQH/
BIGOMIGLMHMEAgABMG0DAwCW5TAMAwQAygYDAwQAygYEAwQBygZSAwQDygggAwQE
ygkAAwQBygx4AwQCyg4AAwQAywBYAwQAywBkAwQAywb/AwQAyweAAwQAyweqAwQB
ywwoAwQByxI8AwQCyxlcAwQEy4+gAwQE3cfQMBQEAgACMA4DBQAkAhgAAwUAJAWw
ADANBgkqhkiG9w0BAQsFAAOCAQEAJeTX9ESqMLSTbLtBhWopS72eg6xR3fOMt1xJ
X8dEuY0fqYvyP7qNwcniD92b/6TudF3uxXTSOkyLmYUBzm1/qCo1xBpSnXXJo7aR
HAsXK7WbEr9kOcocnsXf4Ocb5pxlGEHRknAHJp3LSSl/qZSP4P4x3QTujcXVwCfw
qj0N5hHOu1XEB+IMdhTXzD4HV1ObOf0DQhjzgbo4SAhe9mJGioyL0ifB+V8qAjVG
B7HYvZmyD5WQTRF3IUVxol4vCsUObOescRwKn/BCCIDEZRChFi/xv68d3x1l6Bku
ACA1PAJKTNL2cm5+TJ4fobYUucgyilbL0Vt4PXAfcXnbiN8+sg==
-----END CERTIFICATE-----
Generated at Tue Sep 9 03:54:18 2025 by rpki-client