Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
File: AB20F8C0DD3311EF8B8A711FC4F9AE02.roa (raw, json)
Hash identifier: geYBmD1DM/AUXSPUgRalrZ3WyRIJCoCzSg/oC0uheIE=
Subject key identifier: AA:04:D7:EC:69:AA:F1:1F:E5:15:8E:38:B1:AB:9D:06:33:1E:AD:92
Certificate issuer: /CN=A9148C7B/serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Certificate serial: 08D0
Authority key identifier: 7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
Signing time: Thu 16 Oct 2025 15:20:56 +0000
ROA not before: Thu 16 Oct 2025 15:20:56 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 38742
IP address blocks: 23.88.194.0/24 maxlen: 24
23.88.195.0/24 maxlen: 24
23.88.196.0/24 maxlen: 24
23.88.197.0/24 maxlen: 24
23.88.198.0/24 maxlen: 24
23.88.199.0/24 maxlen: 24
23.88.200.0/24 maxlen: 24
23.88.201.0/24 maxlen: 24
23.88.202.0/24 maxlen: 24
23.88.203.0/24 maxlen: 24
23.88.204.0/24 maxlen: 24
23.88.205.0/24 maxlen: 24
23.88.206.0/24 maxlen: 24
23.88.207.0/24 maxlen: 24
23.88.208.0/24 maxlen: 24
23.88.209.0/24 maxlen: 24
23.88.210.0/24 maxlen: 24
23.88.211.0/24 maxlen: 24
23.88.212.0/22 maxlen: 22
23.88.212.0/24 maxlen: 24
23.88.213.0/24 maxlen: 24
23.88.214.0/24 maxlen: 24
23.88.215.0/24 maxlen: 24
23.88.216.0/22 maxlen: 22
23.88.216.0/24 maxlen: 24
23.88.217.0/24 maxlen: 24
23.88.218.0/24 maxlen: 24
23.88.219.0/24 maxlen: 24
23.88.220.0/22 maxlen: 22
23.88.220.0/24 maxlen: 24
23.88.221.0/24 maxlen: 24
23.88.222.0/24 maxlen: 24
23.88.223.0/24 maxlen: 24
152.36.194.0/24 maxlen: 24
152.36.195.0/24 maxlen: 24
152.36.200.0/24 maxlen: 24
152.36.202.0/24 maxlen: 24
152.36.206.0/24 maxlen: 24
152.36.207.0/24 maxlen: 24
152.36.209.0/24 maxlen: 24
152.36.210.0/24 maxlen: 24
152.36.216.0/24 maxlen: 24
152.36.217.0/24 maxlen: 24
152.36.218.0/24 maxlen: 24
152.36.219.0/24 maxlen: 24
152.36.220.0/24 maxlen: 24
152.36.221.0/24 maxlen: 24
152.36.222.0/24 maxlen: 24
152.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 14:49:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2256 (0x8d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Validity
Not Before: Oct 16 15:20:56 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=68f10d57-c869
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:aa:83:32:21:ed:0f:e1:e5:09:60:a7:24:f9:
2b:ba:e3:77:79:54:5d:68:87:c8:28:33:13:04:18:
0b:7f:91:4c:ab:a1:21:66:ca:e9:0e:61:e8:33:1e:
22:0a:0c:4d:9f:45:5d:5b:69:54:21:29:fb:20:df:
cc:a4:45:e0:0d:6f:02:d5:c0:58:a5:f1:ae:3f:d0:
4d:d3:96:b3:7e:e9:cf:e2:e5:2c:23:bb:74:78:88:
07:e1:fd:e3:9a:8c:2b:86:ed:fe:81:24:b6:71:9a:
df:78:4e:9d:2d:9e:ee:92:08:7f:b0:57:a6:82:1d:
75:fa:ae:5d:35:fc:70:59:db:46:cd:45:ea:25:11:
5a:0e:f5:71:a0:35:3d:73:26:a8:c9:d1:a3:21:4d:
fd:81:ea:03:50:08:8d:21:9c:fb:94:b1:42:41:66:
84:26:b5:71:31:5a:0f:2f:03:a8:06:86:92:c8:8c:
c2:7b:cf:9a:70:f8:5d:43:e9:cb:49:75:10:04:36:
e1:da:f3:09:7b:23:c2:0e:d5:b1:af:e4:11:b6:d2:
67:65:3d:5c:21:52:1d:81:50:60:7a:e0:f8:b0:32:
2d:0b:93:81:e4:9c:87:ac:38:8f:ae:0c:41:21:e2:
89:eb:80:f9:b4:dd:55:b3:f0:ba:4f:04:26:91:2c:
a2:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:04:D7:EC:69:AA:F1:1F:E5:15:8E:38:B1:AB:9D:06:33:1E:AD:92
X509v3 Authority Key Identifier:
keyid:7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
23.88.194.0-23.88.223.255
152.36.194.0/23
152.36.200.0/24
152.36.202.0/24
152.36.206.0/23
152.36.209.0-152.36.210.255
152.36.216.0/21
Signature Algorithm: sha256WithRSAEncryption
af:33:7a:2e:03:f5:d1:76:6e:75:18:a0:a2:fc:e9:af:d1:ed:
6f:fc:d8:0b:a5:c0:de:6a:cf:a7:ea:1e:83:d7:22:94:83:5b:
e8:e1:fc:cf:ad:0b:15:a8:c3:aa:f9:3c:88:e1:bd:31:13:85:
12:2c:51:80:16:0f:d9:62:9d:d8:c4:57:80:d4:7c:3f:17:2f:
d2:30:b3:d7:17:9b:ca:23:f0:43:e3:33:c0:de:20:71:a1:62:
eb:ad:cc:46:c7:27:b3:d8:8f:6c:9e:9c:51:ba:16:c9:a4:de:
0d:46:79:fe:3e:06:32:c0:1e:6a:19:c5:38:02:9c:c0:d1:5b:
23:92:32:a8:21:6d:02:f9:37:1a:7a:cb:d2:73:10:79:c6:da:
3a:3f:d3:94:e9:0a:eb:7d:07:05:e2:d5:2e:81:af:df:02:36:
cd:cc:08:ea:e0:04:2c:9a:ba:dc:66:67:fb:38:b8:d5:fb:4e:
ff:e2:fe:12:04:97:5a:78:96:d1:21:21:9b:7a:e2:b6:22:b7:
47:78:52:43:4c:20:1c:30:52:ce:a8:d3:fa:8f:09:a4:05:fc:
7b:96:f2:39:bc:02:4f:31:eb:36:92:0f:35:ae:b3:1a:67:74:
48:ef:a1:54:69:00:e6:19:9e:b2:bd:4a:5d:75:97:c3:ff:79:
34:3a:6f:5c
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgICCNAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDdGNzk2NjVFNjNCRjNDRDU2REMyNEEwQTcwRDU3RjlB
OTQyREQxQjgwHhcNMjUxMDE2MTUyMDU2WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxMGQ1Ny1jODY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwaqDMiHtD+HlCWCnJPkruuN3eVRdaIfIKDMTBBgLf5FMq6EhZsrpDmHoMx4i
CgxNn0VdW2lUISn7IN/MpEXgDW8C1cBYpfGuP9BN05azfunP4uUsI7t0eIgH4f3j
mowrhu3+gSS2cZrfeE6dLZ7ukgh/sFemgh11+q5dNfxwWdtGzUXqJRFaDvVxoDU9
cyaoydGjIU39geoDUAiNIZz7lLFCQWaEJrVxMVoPLwOoBoaSyIzCe8+acPhdQ+nL
SXUQBDbh2vMJeyPCDtWxr+QRttJnZT1cIVIdgVBgeuD4sDItC5OB5JyHrDiPrgxB
IeKJ64D5tN1Vs/C6TwQmkSyi1wIDAQABo4ICyTCCAsUwHQYDVR0OBBYEFKoE1+xp
qvEf5RWOOLGrnQYzHq2SMB8GA1UdIwQYMBaAFH95Zl5jvzzVbcJKCnDVf5qULdG4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi81QkZDRkY4Q0Q2
MzAxMUVBOTQwREEwMzlDNEY5QUUwMi9mM2xtWG1PX1BOVnR3a29LY05WX21wUXQw
YmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2YzbG1YbU9fUE5WdHdrb0tjTlZfbXBRdDBiZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNUJGQ0ZGOENENjMwMTFFQTk0MERBMDM5QzRGOUFFMDIvQUIyMEY4QzBE
RDMzMTFFRjhCOEE3MTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUwYIKwYBBQUHAQcBAf8E
RDBCMEAEAgABMDowDAMEARdYwgMEBRdYwAMEAZgkwgMEAJgkyAMEAJgkygMEAZgk
zjAMAwQAmCTRAwQAmCTSAwQDmCTYMA0GCSqGSIb3DQEBCwUAA4IBAQCvM3ouA/XR
dm51GKCi/Omv0e1v/NgLpcDeas+n6h6D1yKUg1vo4fzPrQsVqMOq+TyI4b0xE4US
LFGAFg/ZYp3YxFeA1Hw/Fy/SMLPXF5vKI/BD4zPA3iBxoWLrrcxGxyez2I9snpxR
uhbJpN4NRnn+PgYywB5qGcU4ApzA0VsjkjKoIW0C+TcaesvScxB5xto6P9OU6Qrr
fQcF4tUuga/fAjbNzAjq4AQsmrrcZmf7OLjV+07/4v4SBJdaeJbRISGbeuK2IrdH
eFJDTCAcMFLOqNP6jwmkBfx7lvI5vAJPMes2kg81rrMaZ3RI76FUaQDmGZ6yvUpd
dZfD/3k0Om9c
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:25:46 2025 by rpki-client