Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
File: 490CDADA42F211EBB34A1A60C4F9AE02.roa (raw, json)
Hash identifier: fMhGcMMXUjfTJdFnbYO8Z54IBKMUqmILLcg2tCPHJNo=
Subject key identifier: 4E:CF:54:90:5A:F5:B8:E8:94:BE:E4:6C:59:B1:E1:6C:60:03:8E:1F
Certificate issuer: /CN=A9116BB8/serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Certificate serial: 0769
Authority key identifier: 8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
Signing time: Thu 02 Oct 2025 21:52:19 +0000
ROA not before: Thu 02 Oct 2025 21:52:19 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 138995
IP address blocks: 45.125.216.0/24 maxlen: 24
45.125.217.0/24 maxlen: 24
45.125.218.0/24 maxlen: 24
45.125.219.0/24 maxlen: 24
103.86.64.0/24 maxlen: 24
103.86.65.0/24 maxlen: 24
103.86.66.0/24 maxlen: 24
103.86.67.0/24 maxlen: 24
103.93.46.0/24 maxlen: 24
103.98.112.0/24 maxlen: 24
103.98.114.0/24 maxlen: 24
103.98.115.0/24 maxlen: 24
103.108.185.0/24 maxlen: 24
103.142.244.0/24 maxlen: 24
103.142.245.0/24 maxlen: 24
103.194.104.0/24 maxlen: 24
103.194.105.0/24 maxlen: 24
103.194.106.0/24 maxlen: 24
103.194.107.0/24 maxlen: 24
116.204.176.0/24 maxlen: 24
116.204.177.0/24 maxlen: 24
116.204.178.0/24 maxlen: 24
116.204.179.0/24 maxlen: 24
2001:df1:5f80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 23:05:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1897 (0x769)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9116BB8, serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Validity
Not Before: Oct 2 21:52:19 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=68def413-a7b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:88:4b:4b:04:5d:23:ed:fc:80:3b:3e:c6:02:
65:b5:a1:55:a9:a6:b9:40:a2:29:d0:ab:1f:55:83:
d4:30:85:64:49:37:91:25:34:57:3e:b2:c6:f2:be:
02:a2:f3:84:b2:55:4d:f3:c1:72:43:af:38:03:6f:
6c:e3:c8:50:c1:05:35:b7:d0:4f:37:71:ed:8a:fc:
ff:95:1f:ef:60:da:57:f8:43:b4:49:e2:00:1d:93:
0b:f2:49:67:e9:63:eb:d4:93:de:4c:01:51:45:7f:
fb:a0:a2:ba:c7:59:5d:9c:4e:c7:fc:ba:64:c9:ff:
37:1e:39:dd:a9:c1:82:4b:01:ec:b4:bb:77:23:80:
f4:5f:cc:36:6f:26:7e:70:e9:3a:14:7c:30:6d:e2:
ca:66:18:08:b0:db:7b:de:8a:bc:d0:2a:08:b3:4a:
19:61:c1:e4:9b:39:f5:c0:d3:97:33:1f:db:7f:c5:
b7:8d:a2:05:15:f9:7a:85:62:8b:03:7c:8c:fb:85:
3c:78:2c:4c:26:f4:77:ed:64:da:b7:c8:80:29:8c:
60:04:09:40:4a:bd:3d:74:7b:19:3e:cb:64:cb:47:
13:12:a9:71:2c:68:3b:61:18:c4:e2:3d:26:0b:3d:
ff:09:4e:30:ad:8f:92:96:9a:1a:a0:c1:20:c3:39:
a5:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:CF:54:90:5A:F5:B8:E8:94:BE:E4:6C:59:B1:E1:6C:60:03:8E:1F
X509v3 Authority Key Identifier:
keyid:8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.125.216.0/22
103.86.64.0/22
103.93.46.0/24
103.98.112.0/24
103.98.114.0/23
103.108.185.0/24
103.142.244.0/23
103.194.104.0/22
116.204.176.0/22
IPv6:
2001:df1:5f80::/48
Signature Algorithm: sha256WithRSAEncryption
4b:db:6a:2c:1d:53:92:81:f4:0f:10:ac:c4:f3:ce:b4:e8:f2:
ea:4f:93:e1:b2:53:a2:6d:26:51:de:63:5a:e2:d5:84:fc:08:
a7:5a:f1:d5:2f:31:29:c4:da:30:3d:ad:ba:94:a9:84:41:d8:
7a:ef:ed:cd:75:23:b8:a1:94:ae:12:04:9c:25:58:bd:92:6c:
48:de:64:c3:7e:38:8d:05:32:cc:ee:d9:73:55:fe:89:4a:7a:
c4:de:d1:9f:f0:52:ab:a8:68:79:e8:07:d2:89:e8:d4:a7:b3:
21:92:fc:d8:9e:16:df:c0:41:61:b9:c3:f6:2b:da:47:15:e7:
d9:99:cb:bb:d5:b7:42:bc:35:36:fa:35:34:c8:c8:10:81:27:
bd:43:7f:6c:ab:be:99:0a:9b:b1:a4:6d:26:46:ef:37:7e:99:
29:0d:b1:b0:d1:65:bc:47:9a:06:ee:8a:45:d9:98:d9:73:bb:
0e:bd:a6:c4:48:12:4a:96:5d:ea:ce:3f:2b:24:f4:14:56:35:
25:a7:70:d1:54:52:b4:b0:fd:0d:89:61:06:22:41:d0:80:35:
f5:7a:9c:3e:09:c3:ea:86:c3:ac:7a:f4:6a:a4:3e:ab:46:37:
38:26:49:46:aa:34:90:21:37:2f:4b:61:50:2b:f0:ae:0a:48:
32:31:1f:35
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgICB2kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTZCQjgxMTAvBgNVBAUTKDhBRTlDREUxMEJFMEI3N0YwOTFCMEQzOEVCQzE5NjdD
OEJDMDkxOUUwHhcNMjUxMDAyMjE1MjE5WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRlZjQxMy1hN2I5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoohLSwRdI+38gDs+xgJltaFVqaa5QKIp0KsfVYPUMIVkSTeRJTRXPrLG8r4C
ovOEslVN88FyQ684A29s48hQwQU1t9BPN3Htivz/lR/vYNpX+EO0SeIAHZML8kln
6WPr1JPeTAFRRX/7oKK6x1ldnE7H/Lpkyf83HjndqcGCSwHstLt3I4D0X8w2byZ+
cOk6FHwwbeLKZhgIsNt73oq80CoIs0oZYcHkmzn1wNOXMx/bf8W3jaIFFfl6hWKL
A3yM+4U8eCxMJvR37WTat8iAKYxgBAlASr09dHsZPstky0cTEqlxLGg7YRjE4j0m
Cz3/CU4wrY+SlpoaoMEgwzmlwwIDAQABo4IC1jCCAtIwHQYDVR0OBBYEFE7PVJBa
9bjolL7kbFmx4WxgA44fMB8GA1UdIwQYMBaAFIrpzeEL4Ld/CRsNOOvBlnyLwJGe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNkJCOC8zOURDRjc1NDQy
RjAxMUVCOEEwOUM3NUFDNEY5QUUwMi9pdW5ONFF2Z3QzOEpHdzA0NjhHV2ZJdkFr
WjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2l1bk40UXZndDM4Skd3MDQ2OEdXZkl2QWtaNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTZCQjgvMzlEQ0Y3NTQ0MkYwMTFFQjhBMDlDNzVBQzRGOUFFMDIvNDkwQ0RBREE0
MkYyMTFFQkIzNEExQTYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYAYIKwYBBQUHAQcBAf8E
UTBPMDwEAgABMDYDBAItfdgDBAJnVkADBABnXS4DBABnYnADBAFnYnIDBABnbLkD
BAFnjvQDBAJnwmgDBAJ0zLAwDwQCAAIwCQMHACABDfFfgDANBgkqhkiG9w0BAQsF
AAOCAQEAS9tqLB1TkoH0DxCsxPPOtOjy6k+T4bJTom0mUd5jWuLVhPwIp1rx1S8x
KcTaMD2tupSphEHYeu/tzXUjuKGUrhIEnCVYvZJsSN5kw344jQUyzO7Zc1X+iUp6
xN7Rn/BSq6hoeegH0ono1KezIZL82J4W38BBYbnD9ivaRxXn2ZnLu9W3Qrw1Nvo1
NMjIEIEnvUN/bKu+mQqbsaRtJkbvN36ZKQ2xsNFlvEeaBu6KRdmY2XO7Dr2mxEgS
SpZd6s4/KyT0FFY1Jadw0VRStLD9DYlhBiJB0IA19XqcPgnD6obDrHr0aqQ+q0Y3
OCZJRqo0kCE3L0thUCvwrgpIMjEfNQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:34:55 2025 by rpki-client