Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
File: 24AE273C2D1111EE85C59810C4F9AE02.roa (raw, json)
Hash identifier: 9XIDfJY0Nbkx5W4WrOh9skXlNedfJVNiInoNg42Y+8s=
Subject key identifier: C3:0C:FE:E3:74:6F:5C:AA:B2:FA:FC:C5:1B:9C:6E:91:67:51:D6:A9
Certificate issuer: /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Certificate serial: 05B8
Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
Signing time: Wed 08 Oct 2025 06:53:11 +0000
ROA not before: Wed 08 Oct 2025 06:53:11 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 211392
IP address blocks: 103.135.208.0/24 maxlen: 24
103.135.209.0/24 maxlen: 24
103.135.210.0/24 maxlen: 24
103.135.211.0/24 maxlen: 24
103.172.110.0/23 maxlen: 23
103.172.110.0/24 maxlen: 24
103.172.111.0/24 maxlen: 24
103.204.13.0/24 maxlen: 24
125.3.192.0/21 maxlen: 24
203.168.128.0/22 maxlen: 22
203.168.128.0/23 maxlen: 23
203.168.128.0/24 maxlen: 24
203.168.129.0/24 maxlen: 24
203.168.130.0/23 maxlen: 23
203.168.130.0/24 maxlen: 24
203.168.131.0/24 maxlen: 24
203.168.192.0/24 maxlen: 24
203.168.193.0/24 maxlen: 24
203.168.194.0/24 maxlen: 24
203.168.195.0/24 maxlen: 24
203.168.196.0/24 maxlen: 24
203.168.197.0/24 maxlen: 24
203.168.198.0/24 maxlen: 24
203.168.199.0/24 maxlen: 24
203.168.200.0/24 maxlen: 24
203.168.201.0/24 maxlen: 24
203.168.202.0/24 maxlen: 24
203.168.203.0/24 maxlen: 24
203.168.204.0/24 maxlen: 24
203.168.205.0/24 maxlen: 24
203.168.206.0/24 maxlen: 24
203.168.207.0/24 maxlen: 24
2001:df7:6e80::/47 maxlen: 47
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 01:09:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1464 (0x5b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Validity
Not Before: Oct 8 06:53:11 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68e60a57-2f5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:ac:0f:06:2f:cc:21:28:1b:f6:bd:b0:81:e8:
39:08:5a:4e:80:c1:7f:3f:ed:13:aa:10:50:a5:79:
b1:85:40:4e:e4:4b:03:0d:62:57:1c:92:70:83:92:
fb:9e:a4:fe:32:d3:a9:e7:86:97:0b:7a:c3:bc:6d:
de:72:77:6c:a1:f0:d8:d4:a5:16:7e:de:3a:e0:7c:
cc:ce:a3:e7:15:e7:7c:ff:d5:18:7a:dd:78:43:ee:
ad:b8:f5:48:85:42:b3:7d:9e:81:f6:c9:4b:d9:d4:
2a:18:87:5b:4b:c5:52:64:f1:d7:0a:59:61:bc:7c:
be:78:67:b7:08:ba:5f:d9:1f:3e:40:36:4c:5a:0a:
c0:8b:d3:68:d4:cc:f8:f3:66:48:3a:96:f0:22:1f:
9a:28:02:25:d8:0a:8b:f5:fa:39:12:57:bb:7a:d5:
27:3f:ee:96:43:b3:7f:44:21:20:a1:04:2d:19:d7:
6b:26:3a:d5:77:39:6e:3f:45:83:c2:31:21:81:66:
63:7f:8a:69:10:1f:ec:17:7e:97:86:ca:99:15:50:
b5:28:41:af:d0:50:25:b5:82:26:34:d4:de:27:18:
6d:dd:af:61:4c:42:59:53:b5:93:ac:e6:cf:f6:50:
70:7b:f7:02:53:d5:21:81:dd:6c:91:23:6d:48:5d:
ab:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:0C:FE:E3:74:6F:5C:AA:B2:FA:FC:C5:1B:9C:6E:91:67:51:D6:A9
X509v3 Authority Key Identifier:
keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/24AE273C2D1111EE85C59810C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.135.208.0/22
103.172.110.0/23
103.204.13.0/24
125.3.192.0/21
203.168.128.0/22
203.168.192.0/20
IPv6:
2001:df7:6e80::/47
Signature Algorithm: sha256WithRSAEncryption
54:b2:0a:41:39:bd:fa:01:a3:1b:02:dc:c3:90:41:38:da:23:
29:65:37:e4:53:39:8d:65:d9:ce:fe:3b:9f:4d:6f:f2:b2:af:
4e:bb:1d:b0:e5:9b:9f:ee:e5:35:de:eb:d3:87:1e:b9:09:22:
99:9f:16:7c:f8:51:bb:40:73:48:b6:d2:49:5f:af:96:f5:88:
c3:ca:1e:16:18:01:b8:53:b0:40:4e:40:8f:14:45:67:3a:ff:
0e:12:6b:b7:f3:ab:24:bf:3a:e8:68:92:a7:a0:63:29:07:eb:
14:8f:e3:0b:35:40:40:08:e9:6a:3c:d7:14:19:52:cf:70:42:
92:91:ee:7c:d7:82:19:b3:1a:8a:c2:bd:cd:88:4d:e6:7d:2a:
0c:d2:99:b5:45:66:28:1c:f7:73:96:b7:c3:1f:10:4b:d7:0e:
36:d5:9c:18:57:52:64:bf:6b:b1:ba:7c:a0:02:10:06:cb:59:
53:47:f3:19:85:fb:ca:25:99:32:b3:59:9a:6a:4f:dd:d6:32:
cc:42:42:db:ca:f5:95:fd:fc:8a:fb:07:19:d3:40:32:aa:5e:
0c:48:b3:9e:da:74:37:cc:5a:28:6c:d8:a9:18:c2:a5:cd:b7:
1a:f2:26:13:d9:dc:32:60:97:21:d2:f6:c1:5c:79:16:0f:86:
f6:24:64:b7
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgICBbgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0
MjQ5NjI5MUQwHhcNMjUxMDA4MDY1MzExWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU2MGE1Ny0yZjVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAl6wPBi/MISgb9r2wgeg5CFpOgMF/P+0TqhBQpXmxhUBO5EsDDWJXHJJwg5L7
nqT+MtOp54aXC3rDvG3ecndsofDY1KUWft464HzMzqPnFed8/9UYet14Q+6tuPVI
hUKzfZ6B9slL2dQqGIdbS8VSZPHXCllhvHy+eGe3CLpf2R8+QDZMWgrAi9No1Mz4
82ZIOpbwIh+aKAIl2AqL9fo5Ele7etUnP+6WQ7N/RCEgoQQtGddrJjrVdzluP0WD
wjEhgWZjf4ppEB/sF36XhsqZFVC1KEGv0FAltYImNNTeJxht3a9hTEJZU7WTrObP
9lBwe/cCU9Uhgd1skSNtSF2rIwIDAQABo4ICxDCCAsAwHQYDVR0OBBYEFMMM/uN0
b1yqsvr8xRucbpFnUdapMB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC
RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL
UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvMjRBRTI3M0My
RDExMTFFRTg1QzU5ODEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTgYIKwYBBQUHAQcBAf8E
PzA9MCoEAgABMCQDBAJnh9ADBAFnrG4DBABnzA0DBAN9A8ADBALLqIADBATLqMAw
DwQCAAIwCQMHASABDfdugDANBgkqhkiG9w0BAQsFAAOCAQEAVLIKQTm9+gGjGwLc
w5BBONojKWU35FM5jWXZzv47n01v8rKvTrsdsOWbn+7lNd7r04ceuQkimZ8WfPhR
u0BzSLbSSV+vlvWIw8oeFhgBuFOwQE5AjxRFZzr/DhJrt/OrJL866GiSp6BjKQfr
FI/jCzVAQAjpajzXFBlSz3BCkpHufNeCGbMaisK9zYhN5n0qDNKZtUVmKBz3c5a3
wx8QS9cONtWcGFdSZL9rsbp8oAIQBstZU0fzGYX7yiWZMrNZmmpP3dYyzEJC28r1
lf38ivsHGdNAMqpeDEizntp0N8xaKGzYqRjCpc23GvImE9ncMmCXIdL2wVx5Fg+G
9iRktw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:26:14 2025 by rpki-client