Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/208C7D2E066C11EDB31C2239C4F9AE02.roa
File: 208C7D2E066C11EDB31C2239C4F9AE02.roa (raw, json)
Hash identifier: j8sJFdaGh5hoT/OlB8BepmWR8CssCrYtB82PMaTll9o=
Subject key identifier: 8F:46:D6:8D:43:51:D2:09:71:AB:2C:A3:64:66:9A:4F:83:FE:2F:DD
Certificate issuer: /CN=A9118EB2/serialNumber=8603A0ACA7204B0EFED64DB70DE51C75BA039355
Certificate serial: 0303
Authority key identifier: 86:03:A0:AC:A7:20:4B:0E:FE:D6:4D:B7:0D:E5:1C:75:BA:03:93:55
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hgOgrKcgSw7-1k23DeUcdboDk1U.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/208C7D2E066C11EDB31C2239C4F9AE02.roa
Signing time: Tue 14 Oct 2025 04:39:13 +0000
ROA not before: Tue 14 Oct 2025 04:39:13 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 139285
IP address blocks: 103.28.0.0/22 maxlen: 24
103.140.236.0/23 maxlen: 23
103.140.236.0/24 maxlen: 24
103.140.237.0/24 maxlen: 24
103.148.228.0/23 maxlen: 23
103.148.228.0/24 maxlen: 24
103.148.229.0/24 maxlen: 24
103.227.172.0/22 maxlen: 22
103.227.172.0/23 maxlen: 23
103.227.172.0/24 maxlen: 24
103.227.173.0/24 maxlen: 24
103.227.174.0/23 maxlen: 23
103.227.174.0/24 maxlen: 24
103.227.175.0/24 maxlen: 24
114.134.190.0/23 maxlen: 23
114.134.190.0/24 maxlen: 24
114.134.191.0/24 maxlen: 24
116.214.26.0/23 maxlen: 23
116.214.26.0/24 maxlen: 24
116.214.27.0/24 maxlen: 24
116.214.28.0/23 maxlen: 23
116.214.28.0/24 maxlen: 24
116.214.29.0/24 maxlen: 24
2400:96a0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/hgOgrKcgSw7-1k23DeUcdboDk1U.crl
rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/hgOgrKcgSw7-1k23DeUcdboDk1U.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hgOgrKcgSw7-1k23DeUcdboDk1U.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 03:28:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 771 (0x303)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9118EB2, serialNumber=8603A0ACA7204B0EFED64DB70DE51C75BA039355
Validity
Not Before: Oct 14 04:39:13 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68edd3f1-c26d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:b2:58:ee:21:ae:11:71:57:b0:41:37:a8:9d:
ed:d0:8e:39:c1:a2:61:96:fd:7e:f8:af:ea:b9:a7:
26:65:93:26:0a:06:99:2b:3f:3e:16:c6:10:59:88:
64:3c:74:a5:23:f7:88:36:12:db:33:55:30:53:65:
dd:b5:89:06:ea:09:8f:86:2f:5b:a3:a1:0c:7f:51:
02:7e:c6:25:01:aa:2c:c7:5a:d3:78:df:93:30:9a:
74:93:05:ad:66:ff:dd:c0:40:6a:be:36:5b:fb:78:
26:2b:06:df:5b:1b:5e:18:5a:30:27:d7:82:cb:b4:
e8:36:31:e6:5c:89:7d:3e:9c:5e:f2:a5:1c:be:99:
36:71:ea:de:7c:6d:e7:2b:82:92:7b:c2:ab:cf:b0:
2f:96:aa:fa:8c:2f:5d:94:97:17:ae:0e:6f:cb:99:
50:dd:48:d3:f8:42:52:7a:b6:82:c2:ab:61:a3:f8:
3f:0d:7c:4d:90:ed:fb:dd:e7:31:9e:1a:9a:ac:29:
b4:7a:da:ac:c3:46:1a:c2:00:8a:c5:6a:82:bf:b9:
1e:e8:1e:f1:69:21:88:ab:1f:fa:d5:b3:a6:b0:33:
ae:ab:68:b7:db:00:1c:df:79:d3:d1:92:6b:7d:58:
d3:b4:ef:2f:0c:25:fd:d9:e5:11:3a:74:fc:9c:82:
0f:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:46:D6:8D:43:51:D2:09:71:AB:2C:A3:64:66:9A:4F:83:FE:2F:DD
X509v3 Authority Key Identifier:
keyid:86:03:A0:AC:A7:20:4B:0E:FE:D6:4D:B7:0D:E5:1C:75:BA:03:93:55
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/hgOgrKcgSw7-1k23DeUcdboDk1U.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hgOgrKcgSw7-1k23DeUcdboDk1U.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/208C7D2E066C11EDB31C2239C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.28.0.0/22
103.140.236.0/23
103.148.228.0/23
103.227.172.0/22
114.134.190.0/23
116.214.26.0-116.214.29.255
IPv6:
2400:96a0::/32
Signature Algorithm: sha256WithRSAEncryption
32:64:79:8b:f1:d5:2c:62:71:be:90:94:46:05:3e:fc:87:e6:
69:1d:8c:7b:4b:75:59:6c:77:0e:48:b5:ea:22:30:82:d8:5e:
96:4d:9a:a4:b9:ea:16:25:9e:6f:3d:13:99:8a:34:71:9c:57:
a6:65:57:2a:83:9a:ad:e5:c7:75:26:d3:7f:1b:42:c0:11:81:
ee:46:93:02:f5:af:23:3d:f5:4f:2b:d2:b5:9c:10:a6:9e:de:
f0:c8:e7:e3:1e:9b:a1:9f:c6:ab:5d:90:3b:b8:dc:17:79:ec:
15:c4:4a:16:c6:1c:11:81:bd:a2:04:2f:e0:b0:30:69:06:a4:
8f:ae:dd:36:2d:d4:e2:4e:f2:94:76:8b:fa:12:bf:e1:f8:85:
cd:7c:03:b9:d1:87:c7:af:b1:6b:42:6b:65:43:d7:4c:df:3b:
ab:80:83:1a:cf:c7:b6:fa:67:8d:0f:eb:2b:c1:e5:40:15:6f:
22:5c:d4:b8:bb:ab:e3:55:9c:97:71:74:6f:8e:64:81:3c:81:
e6:7c:36:80:6c:04:bf:7a:9b:84:17:4f:b7:27:37:58:8e:e4:
e9:72:34:0f:31:4c:35:05:eb:2b:a1:e2:89:c7:c3:33:19:76:
d5:53:dc:56:39:b4:5d:e9:cc:fa:78:2a:30:4e:fd:81:d8:30:
8e:08:fc:e0
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgICAwMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MThFQjIxMTAvBgNVBAUTKDg2MDNBMEFDQTcyMDRCMEVGRUQ2NERCNzBERTUxQzc1
QkEwMzkzNTUwHhcNMjUxMDE0MDQzOTEzWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVkZDNmMS1jMjZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzrJY7iGuEXFXsEE3qJ3t0I45waJhlv1++K/quacmZZMmCgaZKz8+FsYQWYhk
PHSlI/eINhLbM1UwU2XdtYkG6gmPhi9bo6EMf1ECfsYlAaosx1rTeN+TMJp0kwWt
Zv/dwEBqvjZb+3gmKwbfWxteGFowJ9eCy7ToNjHmXIl9Ppxe8qUcvpk2cerefG3n
K4KSe8Krz7Avlqr6jC9dlJcXrg5vy5lQ3UjT+EJSeraCwqtho/g/DXxNkO373ecx
nhqarCm0etqsw0YawgCKxWqCv7ke6B7xaSGIqx/61bOmsDOuq2i32wAc33nT0ZJr
fVjTtO8vDCX92eUROnT8nIIPDwIDAQABo4ICyjCCAsYwHQYDVR0OBBYEFI9G1o1D
UdIJcasso2Rmmk+D/i/dMB8GA1UdIwQYMBaAFIYDoKynIEsO/tZNtw3lHHW6A5NV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExOEVCMi83QUM3NjdERTA2
NjkxMUVEQjBBRThFMzdDNEY5QUUwMi9oZ09ncktjZ1N3Ny0xazIzRGVVY2Rib0Rr
MVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hnT2dyS2NnU3c3LTFrMjNEZVVjZGJvRGsxVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MThFQjIvN0FDNzY3REUwNjY5MTFFREIwQUU4RTM3QzRGOUFFMDIvMjA4QzdEMkUw
NjZDMTFFREIzMUMyMjM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVAYIKwYBBQUHAQcBAf8E
RTBDMDIEAgABMCwDBAJnHAADBAFnjOwDBAFnlOQDBAJn46wDBAFyhr4wDAMEAXTW
GgMEAXTWHDANBAIAAjAHAwUAJACWoDANBgkqhkiG9w0BAQsFAAOCAQEAMmR5i/HV
LGJxvpCURgU+/IfmaR2Me0t1WWx3Dki16iIwgthelk2apLnqFiWebz0TmYo0cZxX
pmVXKoOareXHdSbTfxtCwBGB7kaTAvWvIz31TyvStZwQpp7e8Mjn4x6boZ/Gq12Q
O7jcF3nsFcRKFsYcEYG9ogQv4LAwaQakj67dNi3U4k7ylHaL+hK/4fiFzXwDudGH
x6+xa0JrZUPXTN87q4CDGs/HtvpnjQ/rK8HlQBVvIlzUuLur41Wcl3F0b45kgTyB
5nw2gGwEv3qbhBdPtyc3WI7k6XI0DzFMNQXrK6HiicfDMxl21VPcVjm0XenM+ngq
ME79gdgwjgj84A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:08:51 2025 by rpki-client