Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/1BDBCE5013A011EE91039C41C4F9AE02.roa
File: 1BDBCE5013A011EE91039C41C4F9AE02.roa (raw, json)
Hash identifier: p/oubbOjEb8Zn+B8haVjlomp+846cFby5ixQFCvfJFE=
Subject key identifier: 35:81:02:76:CE:52:56:5E:57:56:EC:AC:1C:16:35:D7:6D:1C:D1:40
Certificate issuer: /CN=A915A0EE/serialNumber=DF71D99F4CD3B38326B3ED47C8E4A5DF989E42F2
Certificate serial: 01B2
Authority key identifier: DF:71:D9:9F:4C:D3:B3:83:26:B3:ED:47:C8:E4:A5:DF:98:9E:42:F2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/33HZn0zTs4Mms-1HyOSl35ieQvI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/1BDBCE5013A011EE91039C41C4F9AE02.roa
Signing time: Tue 19 Aug 2025 04:11:06 +0000
ROA not before: Tue 19 Aug 2025 04:11:06 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 18081
IP address blocks: 61.86.0.0/16 maxlen: 16
61.86.0.0/18 maxlen: 18
61.86.64.0/18 maxlen: 18
61.86.128.0/18 maxlen: 18
61.86.192.0/18 maxlen: 18
61.89.0.0/16 maxlen: 16
61.89.0.0/18 maxlen: 18
61.89.64.0/18 maxlen: 18
61.89.128.0/18 maxlen: 18
61.89.192.0/18 maxlen: 18
117.108.0.0/16 maxlen: 16
117.108.0.0/18 maxlen: 18
117.108.64.0/18 maxlen: 18
117.108.128.0/18 maxlen: 18
117.108.192.0/18 maxlen: 18
117.109.0.0/16 maxlen: 16
117.109.0.0/18 maxlen: 18
117.109.64.0/18 maxlen: 18
117.109.128.0/18 maxlen: 18
117.109.192.0/18 maxlen: 18
125.2.32.0/19 maxlen: 19
125.2.64.0/18 maxlen: 19
220.153.0.0/16 maxlen: 16
220.153.0.0/18 maxlen: 18
220.153.64.0/18 maxlen: 18
220.153.128.0/18 maxlen: 18
220.153.192.0/18 maxlen: 18
2404:ec00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/33HZn0zTs4Mms-1HyOSl35ieQvI.crl
rsync://rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/33HZn0zTs4Mms-1HyOSl35ieQvI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/33HZn0zTs4Mms-1HyOSl35ieQvI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 30 Aug 2025 03:27:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 434 (0x1b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0EE, serialNumber=DF71D99F4CD3B38326B3ED47C8E4A5DF989E42F2
Validity
Not Before: Aug 19 04:11:06 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68a3f959-dca0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:41:86:86:3e:bc:0f:06:0a:48:9d:d6:e8:af:
92:ea:50:53:e8:c3:50:f3:22:af:32:05:4f:ac:8b:
5b:1a:4d:2f:db:7d:9c:10:e2:88:7e:ce:9e:12:42:
a7:19:eb:b0:b9:cc:a1:b9:43:5b:f3:69:c5:c0:58:
4a:80:52:51:3a:50:ec:f8:ad:b2:d5:c9:5d:a2:ec:
6c:75:35:41:a9:3f:72:20:1f:3a:e5:15:3e:80:8d:
9b:15:8b:1f:3b:5e:a9:77:28:d6:b9:78:0c:fe:3c:
56:d0:cd:51:af:32:bb:4d:ee:e4:96:fc:37:dc:a0:
2e:51:53:58:0f:e0:da:e2:96:cb:cf:de:f3:15:49:
6b:59:e0:63:0a:d0:4d:f4:b9:55:b1:80:0f:44:43:
c3:a7:be:43:bf:2f:29:f5:6c:7a:30:88:97:54:06:
7d:8d:1f:5f:f4:77:e4:9a:c5:c2:97:31:67:87:a6:
08:14:1b:c9:db:04:f5:e4:c2:15:ec:55:e7:b7:0f:
52:45:e4:ea:81:0f:8a:41:e8:ac:20:c5:d8:18:4e:
11:46:13:68:d0:d2:e8:e6:24:a2:b9:74:98:6a:da:
23:da:25:42:35:31:d6:2c:a9:fb:2b:62:55:3f:c8:
b8:f1:9c:a3:13:7c:99:a1:ad:62:a3:6c:2d:4b:44:
4c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:81:02:76:CE:52:56:5E:57:56:EC:AC:1C:16:35:D7:6D:1C:D1:40
X509v3 Authority Key Identifier:
keyid:DF:71:D9:9F:4C:D3:B3:83:26:B3:ED:47:C8:E4:A5:DF:98:9E:42:F2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/33HZn0zTs4Mms-1HyOSl35ieQvI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/33HZn0zTs4Mms-1HyOSl35ieQvI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0EE/55C803CA09C011EEBE12583AC4F9AE02/1BDBCE5013A011EE91039C41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
61.86.0.0/16
61.89.0.0/16
117.108.0.0/15
125.2.32.0-125.2.127.255
220.153.0.0/16
IPv6:
2404:ec00::/32
Signature Algorithm: sha256WithRSAEncryption
70:8a:e2:ff:4d:a8:b8:3f:58:04:45:ca:f7:aa:f3:ea:bc:4e:
32:ef:47:e0:05:1a:d3:5d:05:fa:0e:be:b9:98:12:eb:b7:6a:
7f:54:59:aa:86:3b:24:76:8f:ca:a9:55:1e:e7:93:82:9a:96:
ad:85:98:6d:c1:a1:eb:fb:ef:d8:ad:cb:f1:c4:e2:c0:10:92:
30:12:23:72:17:62:81:88:10:66:92:77:75:1f:dd:a7:38:52:
48:8d:a2:c4:76:bc:08:69:ce:54:f0:35:14:8b:ba:35:ef:93:
98:b9:64:94:94:9a:86:7e:bf:d7:8c:5d:df:e1:2b:8c:92:3d:
ac:0b:94:06:de:87:46:b5:e5:39:d5:ad:4d:61:22:d4:89:01:
23:01:61:c5:a6:0a:08:fb:75:bf:21:c1:61:3f:7c:a9:1b:8d:
3d:7f:a1:19:fb:fd:5f:32:21:af:ca:b9:e4:3f:b8:07:06:9b:
1f:9a:21:ee:01:f2:f4:3d:d4:c2:67:5f:29:3d:ea:d2:00:df:
c1:9d:97:9d:cd:cf:d8:07:e3:64:95:dd:09:aa:06:ac:08:0f:
77:13:c2:f3:cd:d0:b3:1a:86:35:64:c3:e3:47:31:f3:0d:12:
1e:73:5d:72:24:d9:37:09:da:52:35:44:f1:71:65:b1:5d:49:
ff:dc:5c:73
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgICAbIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwRUUxMTAvBgNVBAUTKERGNzFEOTlGNENEM0IzODMyNkIzRUQ0N0M4RTRBNURG
OTg5RTQyRjIwHhcNMjUwODE5MDQxMTA2WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGEzZjk1OS1kY2EwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2UGGhj68DwYKSJ3W6K+S6lBT6MNQ8yKvMgVPrItbGk0v232cEOKIfs6eEkKn
GeuwucyhuUNb82nFwFhKgFJROlDs+K2y1cldouxsdTVBqT9yIB865RU+gI2bFYsf
O16pdyjWuXgM/jxW0M1RrzK7Te7klvw33KAuUVNYD+Da4pbLz97zFUlrWeBjCtBN
9LlVsYAPREPDp75Dvy8p9Wx6MIiXVAZ9jR9f9HfkmsXClzFnh6YIFBvJ2wT15MIV
7FXntw9SReTqgQ+KQeisIMXYGE4RRhNo0NLo5iSiuXSYatoj2iVCNTHWLKn7K2JV
P8i48ZyjE3yZoa1io2wtS0RMEwIDAQABo4ICwDCCArwwHQYDVR0OBBYEFDWBAnbO
UlZeV1bsrBwWNddtHNFAMB8GA1UdIwQYMBaAFN9x2Z9M07ODJrPtR8jkpd+YnkLy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBFRS81NUM4MDNDQTA5
QzAxMUVFQkUxMjU4M0FDNEY5QUUwMi8zM0habjB6VHM0TW1zLTFIeU9TbDM1aWVR
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzMzSFpuMHpUczRNbXMtMUh5T1NsMzVpZVF2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwRUUvNTVDODAzQ0EwOUMwMTFFRUJFMTI1ODNBQzRGOUFFMDIvMUJEQkNFNTAx
M0EwMTFFRTkxMDM5QzQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSgYIKwYBBQUHAQcBAf8E
OzA5MCgEAgABMCIDAwA9VgMDAD1ZAwMBdWwwDAMEBX0CIAMEB30CAAMDANyZMA0E
AgACMAcDBQAkBOwAMA0GCSqGSIb3DQEBCwUAA4IBAQBwiuL/Tai4P1gERcr3qvPq
vE4y70fgBRrTXQX6Dr65mBLrt2p/VFmqhjskdo/KqVUe55OCmpathZhtwaHr++/Y
rcvxxOLAEJIwEiNyF2KBiBBmknd1H92nOFJIjaLEdrwIac5U8DUUi7o175OYuWSU
lJqGfr/XjF3f4SuMkj2sC5QG3odGteU51a1NYSLUiQEjAWHFpgoI+3W/IcFhP3yp
G409f6EZ+/1fMiGvyrnkP7gHBpsfmiHuAfL0PdTCZ18pPerSAN/BnZedzc/YB+Nk
ld0JqgasCA93E8LzzdCzGoY1ZMPjRzHzDRIec11yJNk3CdpSNUTxcWWxXUn/3Fxz
-----END CERTIFICATE-----
Generated at Sun Aug 24 11:13:05 2025 by rpki-client