Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/08B3D71E068611EDA1C2070DC4F9AE02.roa
File: 08B3D71E068611EDA1C2070DC4F9AE02.roa (raw, json)
Hash identifier: XN/k67X7bOiLw3XnM0VIfsm36LDpR4F96/be+9LgtSk=
Subject key identifier: 9C:9F:82:09:2E:4E:F9:0D:E1:A7:2D:AE:F6:FA:57:54:24:0E:D4:E3
Certificate issuer: /CN=A913387C/serialNumber=BDE1B3955F1625DF7625AF71CBB794B87C39DC67
Certificate serial: 349F
Authority key identifier: BD:E1:B3:95:5F:16:25:DF:76:25:AF:71:CB:B7:94:B8:7C:39:DC:67
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/veGzlV8WJd92Ja9xy7eUuHw53Gc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/08B3D71E068611EDA1C2070DC4F9AE02.roa
Signing time: Wed 02 Jul 2025 14:50:45 +0000
ROA not before: Wed 02 Jul 2025 14:50:45 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 4844
IP address blocks: 210.23.0.0/19 maxlen: 19
210.23.0.0/20 maxlen: 20
210.23.16.0/20 maxlen: 20
2406:f000::/32 maxlen: 32
2406:f000:1::/48 maxlen: 48
2406:f000:1:32::/64 maxlen: 64
2406:f000:1:e000::/64 maxlen: 64
2406:f000:1:e003::/64 maxlen: 64
2406:f000:2:e004::/64 maxlen: 64
2406:f000:3:e000::/64 maxlen: 64
2406:f000:3:e001::/64 maxlen: 64
2406:f000:3:e005::/64 maxlen: 64
2406:f000:3:e007::/64 maxlen: 64
2406:f000:3:e00a::/64 maxlen: 64
2406:f000:3:e00d::/64 maxlen: 64
2406:f000:20ff:200::/56 maxlen: 56
2406:f000:20ff:300::/56 maxlen: 56
2406:f000:30f0::/56 maxlen: 56
2406:f000:30f0:100::/56 maxlen: 56
2406:f000:30f0:300::/56 maxlen: 56
2406:f000:30f0:400::/56 maxlen: 56
2406:f000:30f0:600::/56 maxlen: 56
2406:f000:30f0:700::/56 maxlen: 56
2406:f000:30f0:800::/56 maxlen: 56
2406:f000:30f0:900::/56 maxlen: 56
2406:f000:30f1:ff00::/64 maxlen: 64
2406:f000:30f1:ff01::/64 maxlen: 64
2406:f000:30ff:1::/64 maxlen: 64
2406:f000:30ff:2::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/veGzlV8WJd92Ja9xy7eUuHw53Gc.crl
rsync://rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/veGzlV8WJd92Ja9xy7eUuHw53Gc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/veGzlV8WJd92Ja9xy7eUuHw53Gc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 09 Jul 2025 14:50:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13471 (0x349f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A913387C, serialNumber=BDE1B3955F1625DF7625AF71CBB794B87C39DC67
Validity
Not Before: Jul 2 14:50:45 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=68654745-1bc0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:c9:e1:5c:14:ab:19:d5:a6:31:e6:88:b6:0e:
0f:87:25:10:7e:d6:6b:13:c7:a6:86:d7:8f:de:ad:
17:ff:70:df:6b:74:a9:a1:08:cf:cf:b9:57:2e:8f:
ea:69:80:3b:56:98:84:5a:0d:8b:db:e7:ca:a1:38:
4c:7a:b9:43:e4:22:56:ba:8c:56:8e:51:8b:d4:c9:
bd:c2:95:f9:15:2f:9d:0e:91:05:31:6b:88:68:e9:
25:56:b4:a2:3f:ec:57:2f:a2:b3:2e:d9:e5:e3:ca:
b5:1b:a0:89:2b:3f:51:98:61:a2:40:b4:b3:49:36:
9b:e6:c0:e7:95:84:27:88:6d:ca:88:ad:84:fc:5a:
42:3b:9a:3f:16:65:23:68:91:11:42:c4:64:8f:3c:
c6:f8:51:13:f2:8e:54:db:e4:2a:19:1e:55:56:3c:
d8:66:90:ab:1c:df:e9:63:4b:33:53:d5:45:41:ee:
f0:1d:b3:b5:1a:43:b8:d6:8a:be:7f:22:f1:cb:0a:
56:ed:50:80:aa:94:8d:53:f3:82:86:f4:19:44:4e:
54:b3:3d:83:20:d5:cd:14:51:d2:77:72:e6:e7:3e:
fd:29:10:c1:b9:4d:4b:fb:8f:8f:a3:87:0f:c6:0d:
3e:69:be:77:66:e1:ed:2d:96:5f:8e:aa:9d:75:6a:
df:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:9F:82:09:2E:4E:F9:0D:E1:A7:2D:AE:F6:FA:57:54:24:0E:D4:E3
X509v3 Authority Key Identifier:
keyid:BD:E1:B3:95:5F:16:25:DF:76:25:AF:71:CB:B7:94:B8:7C:39:DC:67
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/veGzlV8WJd92Ja9xy7eUuHw53Gc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/veGzlV8WJd92Ja9xy7eUuHw53Gc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913387C/2C7D79E81D8911E28A693DE208B02CD2/08B3D71E068611EDA1C2070DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
210.23.0.0/19
IPv6:
2406:f000::/32
Signature Algorithm: sha256WithRSAEncryption
8a:3f:47:b3:1c:1f:76:ce:dc:73:b9:ea:14:84:fd:c8:64:65:
c2:85:17:42:fa:19:10:47:cb:82:21:8c:3f:f2:27:cc:59:02:
0c:2d:ef:8e:9b:56:94:5a:3f:21:71:50:85:d2:3e:67:0a:59:
d2:eb:f5:cd:bd:27:01:40:d4:8e:11:16:b9:2a:97:f8:26:88:
76:dc:ef:16:af:0e:54:11:f6:a9:98:0f:c2:e3:11:be:17:3c:
1b:31:38:b5:4b:9e:3b:5e:45:ec:3d:5a:96:a9:d7:cd:b4:67:
8e:98:35:01:b8:2c:97:66:3c:48:69:6c:40:df:41:92:66:9b:
5a:04:c8:2d:25:67:9c:51:e8:11:f8:f7:3a:99:31:7c:a8:d5:
d3:db:36:1c:36:80:be:78:ab:6f:9d:6c:0d:c0:f7:ba:85:1c:
b1:fc:ea:fe:f4:1a:b4:17:8c:18:b3:7c:c5:9b:e0:51:1e:32:
b9:a0:27:6e:40:c2:88:b3:f1:be:db:3c:48:ea:f5:d9:75:57:
05:c4:2a:66:ce:e7:db:e4:75:ce:70:af:65:da:6f:14:ba:5a:
6d:30:fb:9c:89:66:ab:a1:78:cd:28:76:38:73:ae:ef:b7:ff:
fd:ca:ce:e4:18:d8:87:f6:fd:69:d5:1c:9d:3e:34:36:df:30:
67:73:eb:e4
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICNJ8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzM4N0MxMTAvBgNVBAUTKEJERTFCMzk1NUYxNjI1REY3NjI1QUY3MUNCQjc5NEI4
N0MzOURDNjcwHhcNMjUwNzAyMTQ1MDQ1WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY1NDc0NS0xYmMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu8nhXBSrGdWmMeaItg4PhyUQftZrE8emhteP3q0X/3Dfa3SpoQjPz7lXLo/q
aYA7VpiEWg2L2+fKoThMerlD5CJWuoxWjlGL1Mm9wpX5FS+dDpEFMWuIaOklVrSi
P+xXL6KzLtnl48q1G6CJKz9RmGGiQLSzSTab5sDnlYQniG3KiK2E/FpCO5o/FmUj
aJERQsRkjzzG+FET8o5U2+QqGR5VVjzYZpCrHN/pY0szU9VFQe7wHbO1GkO41oq+
fyLxywpW7VCAqpSNU/OChvQZRE5Usz2DINXNFFHSd3Lm5z79KRDBuU1L+4+Po4cP
xg0+ab53ZuHtLZZfjqqddWrfrQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFJyfggku
TvkN4actrvb6V1QkDtTjMB8GA1UdIwQYMBaAFL3hs5VfFiXfdiWvccu3lLh8Odxn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMzg3Qy8yQzdENzlFODFE
ODkxMUUyOEE2OTNERTIwOEIwMkNEMi92ZUd6bFY4V0pkOTJKYTl4eTdlVXVIdzUz
R2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZlR3psVjhXSmQ5MkphOXh5N2VVdUh3NTNHYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzM4N0MvMkM3RDc5RTgxRDg5MTFFMjhBNjkzREUyMDhCMDJDRDIvMDhCM0Q3MUUw
Njg2MTFFREExQzIwNzBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAXSFwAwDQQCAAIwBwMFACQG8AAwDQYJKoZIhvcNAQELBQAD
ggEBAIo/R7McH3bO3HO56hSE/chkZcKFF0L6GRBHy4IhjD/yJ8xZAgwt746bVpRa
PyFxUIXSPmcKWdLr9c29JwFA1I4RFrkql/gmiHbc7xavDlQR9qmYD8LjEb4XPBsx
OLVLnjteRew9Wpap1820Z46YNQG4LJdmPEhpbEDfQZJmm1oEyC0lZ5xR6BH49zqZ
MXyo1dPbNhw2gL54q2+dbA3A97qFHLH86v70GrQXjBizfMWb4FEeMrmgJ25Awoiz
8b7bPEjq9dl1VwXEKmbO59vkdc5wr2XabxS6Wm0w+5yJZquheM0odjhzru+3//3K
zuQY2If2/WnVHJ0+NDbfMGdz6+Q=
-----END CERTIFICATE-----
Generated at Fri Jul 4 11:39:05 2025 by rpki-client