Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
File: 7165DB28E2C911EF8A1C1514C4F9AE02.roa (raw, json)
Hash identifier: q2ExykZAmfzp0xfcMOWOgSv2/3eS55YeYtvtqyJjJO0=
Subject key identifier: A7:90:AF:67:B9:48:7E:85:0A:29:1C:08:18:1B:62:B9:2F:1F:4A:0A
Certificate issuer: /CN=A9148C7B/serialNumber=17577F1E92EB33B2CDE6E489C0B9A99A2E02FDA3
Certificate serial: 3560
Authority key identifier: 17:57:7F:1E:92:EB:33:B2:CD:E6:E4:89:C0:B9:A9:9A:2E:02:FD:A3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
Signing time: Thu 16 Oct 2025 15:20:53 +0000
ROA not before: Thu 16 Oct 2025 15:20:53 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 138322
IP address blocks: 43.250.136.0/24 maxlen: 24
43.250.138.0/24 maxlen: 24
61.5.193.0/24 maxlen: 24
61.5.196.0/22 maxlen: 22
61.5.196.0/24 maxlen: 24
61.5.198.0/24 maxlen: 24
61.5.199.0/24 maxlen: 24
61.5.200.0/22 maxlen: 22
61.5.201.0/24 maxlen: 24
61.5.204.0/24 maxlen: 24
103.42.0.0/24 maxlen: 24
103.42.1.0/24 maxlen: 24
119.59.80.0/21 maxlen: 21
119.59.80.0/24 maxlen: 24
119.59.81.0/24 maxlen: 24
119.59.82.0/23 maxlen: 23
119.59.82.0/24 maxlen: 24
119.59.84.0/22 maxlen: 22
121.100.53.0/24 maxlen: 24
2400:e500::/48 maxlen: 48
2400:e500:2::/48 maxlen: 48
2400:e500:2f::/48 maxlen: 48
2400:e500:35::/48 maxlen: 48
2400:e500:36::/48 maxlen: 48
2400:e500:37::/48 maxlen: 48
2400:e500:38::/48 maxlen: 48
2400:e500:39::/48 maxlen: 48
2400:e500:3a::/48 maxlen: 48
2400:e500:3b::/48 maxlen: 48
2400:e500:3e::/48 maxlen: 48
2400:e500:90::/48 maxlen: 48
2400:e500:100::/40 maxlen: 40
2400:e501::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 14:49:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13664 (0x3560)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=17577F1E92EB33B2CDE6E489C0B9A99A2E02FDA3
Validity
Not Before: Oct 16 15:20:53 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=68f10d54-091d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:15:b8:62:91:a3:06:83:4e:02:f4:7b:4e:5c:
dc:df:55:e2:ef:57:12:91:99:4a:8a:85:df:c7:e9:
e4:a9:90:3a:65:4f:7d:ab:3e:78:8e:02:ec:90:51:
74:69:2b:b0:48:ac:c4:02:70:e1:a0:4d:50:44:ca:
97:b9:aa:8b:68:d7:02:ef:4e:52:a9:5a:8a:01:74:
dc:fd:e4:b5:f0:4e:12:cd:8a:20:2a:0c:56:7e:60:
a8:16:1d:f7:4c:a3:ba:3a:ef:fb:cd:a9:e2:00:e9:
ab:27:93:7e:e5:ca:3b:f5:8a:7d:68:9c:61:23:f3:
ab:2f:cf:86:54:54:ab:5a:fa:86:b6:35:68:1e:71:
6e:c4:7d:a5:15:95:27:f5:5e:c3:77:1d:8d:df:e9:
36:5e:db:bc:f2:ef:5c:a2:3f:e8:b2:09:42:15:38:
15:06:9e:fd:c6:21:2a:ba:dc:fe:0c:40:3a:48:a0:
88:0b:ac:80:f8:57:f2:3d:0e:1d:8c:b0:b9:4b:d8:
d8:91:73:b0:48:96:ed:f4:85:43:c0:39:9e:68:ce:
3c:7c:84:26:0c:e4:5a:93:7c:44:8a:3f:bb:7b:d0:
5d:82:62:33:81:3e:f6:95:9e:f0:d6:db:b6:6e:c6:
6f:50:11:44:f4:a5:c2:eb:1d:5f:db:f2:c7:24:e0:
bb:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:90:AF:67:B9:48:7E:85:0A:29:1C:08:18:1B:62:B9:2F:1F:4A:0A
X509v3 Authority Key Identifier:
keyid:17:57:7F:1E:92:EB:33:B2:CD:E6:E4:89:C0:B9:A9:9A:2E:02:FD:A3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.250.136.0/24
43.250.138.0/24
61.5.193.0/24
61.5.196.0-61.5.204.255
103.42.0.0/23
119.59.80.0/21
121.100.53.0/24
IPv6:
2400:e500::/48
2400:e500:2::/48
2400:e500:2f::/48
2400:e500:35::-2400:e500:3b:ffff:ffff:ffff:ffff:ffff
2400:e500:3e::/48
2400:e500:90::/48
2400:e500:100::/40
2400:e501::/32
Signature Algorithm: sha256WithRSAEncryption
93:a4:76:fe:be:20:3f:95:46:29:b7:e3:48:55:d0:4a:db:fa:
e7:06:bf:29:a2:c7:79:c0:9d:d0:11:47:9d:c7:c1:93:b0:16:
42:c9:68:36:43:7f:ef:a4:25:13:86:de:29:29:97:3c:9c:3e:
2e:3c:25:02:23:e3:93:b7:f1:8e:df:eb:e3:2b:66:8f:81:a5:
1f:45:8b:36:38:32:fe:bb:7c:24:c4:8e:79:05:05:28:b5:ee:
fc:83:5b:df:66:66:6e:46:49:3a:28:31:aa:9f:17:16:4c:d4:
70:00:b0:dc:54:82:10:c4:d4:1c:ed:d1:0b:fa:5c:94:d8:6a:
65:9c:79:bf:2c:d0:6d:eb:6f:d7:b5:d7:7b:20:32:ed:b0:4a:
bd:1a:ad:cc:9d:4f:d5:c2:fc:5d:68:af:63:4b:a3:ad:eb:0e:
8a:9e:61:ac:d2:96:93:56:30:eb:df:83:05:15:7d:c6:8c:63:
c4:55:f3:6f:88:0f:8e:1d:ba:90:0c:c2:7b:3e:56:a6:37:0b:
94:fb:29:02:ed:11:c4:5b:4b:56:94:64:93:59:f2:e0:ce:94:
0a:cd:fb:37:5f:77:e1:7e:fb:90:14:c3:2b:d9:d1:02:82:04:
32:4b:0f:9a:86:bd:15:38:9f:5c:13:6b:67:e7:82:d8:b7:42:
6c:e2:06:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgICNWAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDE3NTc3RjFFOTJFQjMzQjJDREU2RTQ4OUMwQjlBOTlB
MkUwMkZEQTMwHhcNMjUxMDE2MTUyMDUzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxMGQ1NC0wOTFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4RW4YpGjBoNOAvR7Tlzc31Xi71cSkZlKioXfx+nkqZA6ZU99qz54jgLskFF0
aSuwSKzEAnDhoE1QRMqXuaqLaNcC705SqVqKAXTc/eS18E4SzYogKgxWfmCoFh33
TKO6Ou/7zaniAOmrJ5N+5co79Yp9aJxhI/OrL8+GVFSrWvqGtjVoHnFuxH2lFZUn
9V7Ddx2N3+k2Xtu88u9coj/osglCFTgVBp79xiEqutz+DEA6SKCIC6yA+FfyPQ4d
jLC5S9jYkXOwSJbt9IVDwDmeaM48fIQmDORak3xEij+7e9BdgmIzgT72lZ7w1tu2
bsZvUBFE9KXC6x1f2/LHJOC7vQIDAQABo4IDHDCCAxgwHQYDVR0OBBYEFKeQr2e5
SH6FCikcCBgbYrkvH0oKMB8GA1UdIwQYMBaAFBdXfx6S6zOyzebkicC5qZouAv2j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi82NzUyMDhBRTFE
OTMxMUUyQkNCREU1RjYwOEIwMkNEMi9GMWRfSHBMck03TE41dVNKd0xtcG1pNENf
YU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0YxZF9IcExyTTdMTjV1U0p3TG1wbWk0Q19hTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNjc1MjA4QUUxRDkzMTFFMkJDQkRFNUY2MDhCMDJDRDIvNzE2NURCMjhF
MkM5MTFFRjhBMUMxNTE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaUGCCsGAQUFBwEHAQH/
BIGVMIGSMDgEAgABMDIDBAAr+ogDBAAr+ooDBAA9BcEwDAMEAj0FxAMEAD0FzAME
AWcqAAMEA3c7UAMEAHlkNTBWBAIAAjBQAwcAJADlAAAAAwcAJADlAAACAwcAJADl
AAAvMBIDBwAkAOUAADUDBwIkAOUAADgDBwAkAOUAAD4DBwAkAOUAAJADBgAkAOUA
AQMFACQA5QEwDQYJKoZIhvcNAQELBQADggEBAJOkdv6+ID+VRim340hV0Erb+ucG
vymix3nAndARR53HwZOwFkLJaDZDf++kJROG3ikplzycPi48JQIj45O38Y7f6+Mr
Zo+BpR9FizY4Mv67fCTEjnkFBSi17vyDW99mZm5GSTooMaqfFxZM1HAAsNxUghDE
1Bzt0Qv6XJTYamWceb8s0G3rb9e113sgMu2wSr0arcydT9XC/F1or2NLo63rDoqe
YazSlpNWMOvfgwUVfcaMY8RV82+ID44dupAMwns+VqY3C5T7KQLtEcRbS1aUZJNZ
8uDOlArN+zdfd+F++5AUwyvZ0QKCBDJLD5qGvRU4n1wTa2fngti3QmziBsk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:26:09 2025 by rpki-client