Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
File: D3EAE1500B5911EA8CC1114BC4F9AE02.roa (raw, json)
Hash identifier: iw8R7e0/cuiLe2UpbocEUV4DYRPW2H32JZcJjyrYF2Q=
Subject key identifier: 26:D6:39:E5:E1:0F:D9:35:7F:A9:70:8B:00:46:DF:E0:1A:09:AF:12
Certificate issuer: /CN=A9168B03/serialNumber=BA51D09E1393E70A05873203FF7CC4E1FD7EA70F
Certificate serial: 1C24
Authority key identifier: BA:51:D0:9E:13:93:E7:0A:05:87:32:03:FF:7C:C4:E1:FD:7E:A7:0F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
Signing time: Thu 16 Oct 2025 16:53:58 +0000
ROA not before: Thu 16 Oct 2025 16:53:58 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 9832
IP address blocks: 103.9.132.0/22 maxlen: 24
180.92.224.0/20 maxlen: 22
180.92.224.0/21 maxlen: 24
180.92.232.0/22 maxlen: 24
180.92.236.0/24 maxlen: 24
180.92.237.0/24 maxlen: 24
180.92.238.0/24 maxlen: 24
180.92.239.0/24 maxlen: 24
203.148.88.0/22 maxlen: 24
203.188.240.0/20 maxlen: 20
203.188.240.0/21 maxlen: 21
203.188.240.0/22 maxlen: 22
203.188.240.0/24 maxlen: 24
203.188.241.0/24 maxlen: 24
203.188.242.0/24 maxlen: 24
203.188.243.0/24 maxlen: 24
203.188.244.0/22 maxlen: 22
203.188.244.0/24 maxlen: 24
203.188.245.0/24 maxlen: 24
203.188.246.0/24 maxlen: 24
203.188.247.0/24 maxlen: 24
203.188.248.0/21 maxlen: 21
203.188.248.0/24 maxlen: 24
203.188.249.0/24 maxlen: 24
203.188.250.0/24 maxlen: 24
203.188.251.0/24 maxlen: 24
203.188.252.0/24 maxlen: 24
203.188.253.0/24 maxlen: 24
203.188.254.0/24 maxlen: 24
203.188.255.0/24 maxlen: 24
2403:bf80::/32 maxlen: 32
2403:bf80::/48 maxlen: 48
2403:bf80:1::/48 maxlen: 48
2403:bf80:2::/48 maxlen: 48
2403:bf80:3::/48 maxlen: 48
2403:bf80:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.crl
rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 16:30:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7204 (0x1c24)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9168B03, serialNumber=BA51D09E1393E70A05873203FF7CC4E1FD7EA70F
Validity
Not Before: Oct 16 16:53:58 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=68f12325-9628
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:2f:22:fa:53:2e:dd:f4:a1:27:ba:e0:6f:48:
78:2d:46:7c:20:29:29:74:ee:d4:02:0c:50:c6:fd:
0a:95:2e:b0:ff:c1:2e:23:f3:93:9c:c8:05:85:bf:
03:4d:c4:32:9a:6b:fd:49:67:d5:a1:49:20:2b:84:
69:d4:e0:ae:1e:88:47:39:64:fe:71:27:29:49:02:
c6:2a:b6:82:90:03:62:bb:a6:2d:9a:1b:47:f8:bc:
50:c7:eb:e0:19:16:ad:08:ef:5f:71:91:b9:05:1e:
fa:1a:30:70:dc:1f:4c:e1:89:b2:74:8a:a0:51:cd:
1e:5b:4a:6a:52:64:1f:c0:4c:30:ec:b6:34:f2:9b:
41:74:f5:9d:95:91:25:92:1b:94:bf:d1:a9:28:f9:
b4:14:7e:42:6b:32:e8:06:1c:16:49:eb:2e:a6:49:
ab:38:26:9c:d3:b9:7f:09:c4:3c:cb:b9:d3:21:65:
26:c4:1b:2b:bd:e9:9d:8a:b9:7f:9c:ab:20:72:0d:
1e:9f:e4:c8:d9:29:35:d3:22:b9:59:fd:a8:40:f7:
af:97:b1:48:29:1e:35:17:fb:78:5e:43:64:65:ef:
f0:70:4b:e3:a8:8b:42:1f:30:fa:3b:c0:39:d9:ac:
05:09:94:e4:d6:4f:85:f8:f1:0c:d8:6e:61:8a:89:
88:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:D6:39:E5:E1:0F:D9:35:7F:A9:70:8B:00:46:DF:E0:1A:09:AF:12
X509v3 Authority Key Identifier:
keyid:BA:51:D0:9E:13:93:E7:0A:05:87:32:03:FF:7C:C4:E1:FD:7E:A7:0F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.9.132.0/22
180.92.224.0/20
203.148.88.0/22
203.188.240.0/20
IPv6:
2403:bf80::/32
Signature Algorithm: sha256WithRSAEncryption
7e:f4:88:e4:85:a1:6a:07:a3:6e:f7:39:70:34:48:6d:22:54:
47:00:24:21:79:d7:73:db:c5:c8:36:ee:a4:f7:8a:3a:43:5f:
00:98:f1:f1:58:a1:11:b4:f0:ad:e1:eb:5a:56:09:83:1c:67:
b6:21:e2:ca:1a:20:18:fe:28:64:bc:2f:9d:0f:76:d8:81:ad:
4d:10:02:be:57:a7:13:a2:73:84:12:65:5f:d5:30:83:74:76:
7d:15:9f:be:be:58:de:09:95:df:1b:fa:bd:3f:33:b9:51:0e:
30:27:61:28:a5:b2:40:d9:ff:df:4e:d6:63:bc:ef:11:cf:e4:
3e:e5:4e:f2:83:24:33:14:25:f4:4d:52:2d:e6:cc:9e:73:f4:
db:4f:ff:d5:af:6f:e6:ef:ae:7a:f4:20:39:67:93:b6:ac:8d:
2c:3f:7e:5f:ac:0f:45:91:63:55:3d:50:c9:e9:88:8a:52:01:
0e:28:2a:5a:69:28:9f:b9:8e:ef:0e:ed:d2:40:a1:37:26:20:
74:f7:9d:88:87:fe:7f:1e:30:10:44:2b:0e:27:9a:fb:ab:29:
57:58:21:23:9e:bd:38:5e:fd:fe:0a:c4:39:55:3a:76:5e:a5:
f7:c0:45:b0:aa:24:1d:92:44:cc:96:88:17:d6:e6:e6:df:ff:
ff:a5:b8:41
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICHCQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjhCMDMxMTAvBgNVBAUTKEJBNTFEMDlFMTM5M0U3MEEwNTg3MzIwM0ZGN0NDNEUx
RkQ3RUE3MEYwHhcNMjUxMDE2MTY1MzU4WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxMjMyNS05NjI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4i8i+lMu3fShJ7rgb0h4LUZ8ICkpdO7UAgxQxv0KlS6w/8EuI/OTnMgFhb8D
TcQymmv9SWfVoUkgK4Rp1OCuHohHOWT+cScpSQLGKraCkANiu6YtmhtH+LxQx+vg
GRatCO9fcZG5BR76GjBw3B9M4YmydIqgUc0eW0pqUmQfwEww7LY08ptBdPWdlZEl
khuUv9GpKPm0FH5CazLoBhwWSesupkmrOCac07l/CcQ8y7nTIWUmxBsrvemdirl/
nKsgcg0en+TI2Sk10yK5Wf2oQPevl7FIKR41F/t4XkNkZe/wcEvjqItCHzD6O8A5
2awFCZTk1k+F+PEM2G5hiomIcwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFCbWOeXh
D9k1f6lwiwBG3+AaCa8SMB8GA1UdIwQYMBaAFLpR0J4Tk+cKBYcyA/98xOH9fqcP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OEIwMy9EMTE4RTY3OEY5
OUQxMUU2Qjg3MjcwMTNDNEY5QUUwMi91bEhRbmhPVDV3b0ZoeklEXzN6RTRmMS1w
dzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VsSFFuaE9UNXdvRmh6SURfM3pFNGYxLXB3OC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjhCMDMvRDExOEU2NzhGOTlEMTFFNkI4NzI3MDEzQzRGOUFFMDIvRDNFQUUxNTAw
QjU5MTFFQThDQzExMTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJnCYQDBAS0XOADBALLlFgDBATLvPAwDQQCAAIwBwMFACQD
v4AwDQYJKoZIhvcNAQELBQADggEBAH70iOSFoWoHo273OXA0SG0iVEcAJCF513Pb
xcg27qT3ijpDXwCY8fFYoRG08K3h61pWCYMcZ7Yh4soaIBj+KGS8L50PdtiBrU0Q
Ar5XpxOic4QSZV/VMIN0dn0Vn76+WN4Jld8b+r0/M7lRDjAnYSilskDZ/99O1mO8
7xHP5D7lTvKDJDMUJfRNUi3mzJ5z9NtP/9Wvb+bvrnr0IDlnk7asjSw/fl+sD0WR
Y1U9UMnpiIpSAQ4oKlppKJ+5ju8O7dJAoTcmIHT3nYiH/n8eMBBEKw4nmvurKVdY
ISOevThe/f4KxDlVOnZepffARbCqJB2SRMyWiBfW5ubf//+luEE=
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:29:54 2025 by rpki-client