Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/0D8C94BAAB2811ECB3CF9363C4F9AE02.roa
File: 0D8C94BAAB2811ECB3CF9363C4F9AE02.roa (raw, json)
Hash identifier: dEffCY7fMmHqBACumT+VtpUV2ruL8bGytpwrvOpu3fA=
Subject key identifier: 36:E8:68:BC:9E:04:86:05:04:C6:90:D6:9F:88:73:B0:A6:FC:EF:F4
Certificate issuer: /CN=A9182502/serialNumber=8C3CCB4FFB89189C6EF5B34DFDAABE1806A5218A
Certificate serial: 0ACB
Authority key identifier: 8C:3C:CB:4F:FB:89:18:9C:6E:F5:B3:4D:FD:AA:BE:18:06:A5:21:8A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jDzLT_uJGJxu9bNN_aq-GAalIYo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/0D8C94BAAB2811ECB3CF9363C4F9AE02.roa
Signing time: Tue 12 Aug 2025 20:31:15 +0000
ROA not before: Tue 12 Aug 2025 20:31:15 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 141768
IP address blocks: 39.109.66.0/23 maxlen: 23
39.109.66.0/24 maxlen: 24
39.109.67.0/24 maxlen: 24
39.109.68.0/24 maxlen: 24
39.109.69.0/24 maxlen: 24
39.109.70.0/24 maxlen: 24
39.109.71.0/24 maxlen: 24
39.109.72.0/21 maxlen: 21
39.109.72.0/24 maxlen: 24
39.109.73.0/24 maxlen: 24
39.109.74.0/24 maxlen: 24
39.109.75.0/24 maxlen: 24
39.109.77.0/24 maxlen: 24
39.109.79.0/24 maxlen: 24
39.109.80.0/21 maxlen: 21
39.109.80.0/24 maxlen: 24
39.109.81.0/24 maxlen: 24
39.109.83.0/24 maxlen: 24
39.109.86.0/24 maxlen: 24
39.109.87.0/24 maxlen: 24
39.109.88.0/22 maxlen: 22
39.109.88.0/24 maxlen: 24
39.109.89.0/24 maxlen: 24
39.109.90.0/24 maxlen: 24
39.109.91.0/24 maxlen: 24
103.82.216.0/24 maxlen: 24
103.82.217.0/24 maxlen: 24
103.82.218.0/24 maxlen: 24
103.82.219.0/24 maxlen: 24
103.98.14.0/24 maxlen: 24
103.119.132.0/24 maxlen: 24
103.119.133.0/24 maxlen: 24
2403:e840:8000::/33 maxlen: 33
2403:e840:fffe::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/jDzLT_uJGJxu9bNN_aq-GAalIYo.crl
rsync://rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/jDzLT_uJGJxu9bNN_aq-GAalIYo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jDzLT_uJGJxu9bNN_aq-GAalIYo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Aug 2025 19:51:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2763 (0xacb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9182502, serialNumber=8C3CCB4FFB89189C6EF5B34DFDAABE1806A5218A
Validity
Not Before: Aug 12 20:31:15 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=689ba493-f6d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:78:1a:3a:28:ea:7f:fa:7a:fe:2d:c2:16:b2:
6b:fe:9c:11:1e:3f:d1:e4:3f:0e:3c:32:a6:f7:63:
d5:7a:df:c4:66:45:e5:a1:d2:f6:f3:4a:24:68:05:
75:47:21:23:b3:6a:e6:eb:11:2e:2d:54:f1:69:4d:
c2:85:60:8c:14:bf:0e:9f:97:36:42:09:ea:39:45:
fd:c9:45:50:97:fe:94:17:54:f5:65:de:ca:13:87:
0f:40:97:11:b1:82:df:ce:ee:3a:86:af:5d:a1:ae:
36:90:84:93:23:68:8c:04:3c:39:ad:eb:5d:6b:5b:
a1:e0:95:42:c8:b1:15:9f:06:15:18:39:47:1f:37:
f7:c3:3e:27:d6:e7:8f:5f:3b:3c:28:1e:e4:f7:11:
fa:d2:82:4e:0a:2d:29:70:20:4b:e3:bb:76:62:40:
f9:b5:f0:c4:27:51:a1:6e:57:c5:d1:0b:7d:28:18:
7c:27:fe:a6:80:b1:ef:c7:88:6c:b0:9d:10:d9:7f:
d7:3f:99:e3:58:19:91:38:4a:d7:fe:91:42:6a:cf:
27:b2:e0:2a:fe:2b:cc:df:c0:0a:89:be:41:33:90:
ef:c5:46:dd:d5:b9:63:5f:39:4f:de:6c:24:78:14:
40:81:51:b0:26:d2:4c:03:00:e2:d7:c7:9f:58:8b:
e5:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:E8:68:BC:9E:04:86:05:04:C6:90:D6:9F:88:73:B0:A6:FC:EF:F4
X509v3 Authority Key Identifier:
keyid:8C:3C:CB:4F:FB:89:18:9C:6E:F5:B3:4D:FD:AA:BE:18:06:A5:21:8A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/jDzLT_uJGJxu9bNN_aq-GAalIYo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jDzLT_uJGJxu9bNN_aq-GAalIYo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9182502/DA16C63A73CC11EAA3995326C4F9AE02/0D8C94BAAB2811ECB3CF9363C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
39.109.66.0-39.109.91.255
103.82.216.0/22
103.98.14.0/24
103.119.132.0/23
IPv6:
2403:e840:8000::/33
Signature Algorithm: sha256WithRSAEncryption
69:21:c9:01:37:75:74:ed:12:4b:9b:1f:52:42:0c:35:ea:93:
dd:4b:3a:ec:80:24:ce:e6:f5:5d:b7:e3:ac:54:b3:ef:ea:52:
4e:33:d1:1c:7a:25:9e:cb:dd:fe:6a:70:7d:aa:f9:b7:c2:ee:
0a:53:1c:89:5d:a1:64:3e:0a:78:6b:92:9b:3a:43:04:d1:aa:
23:2a:b0:0f:f3:82:c4:54:39:36:d3:2e:ef:65:fb:09:fa:85:
7a:11:3b:0d:6f:7d:5a:8e:38:e7:2b:bf:ca:09:6a:ad:37:15:
43:84:66:69:12:8d:57:22:da:ca:51:a3:2c:fb:4d:48:e9:d2:
12:b3:96:3e:2b:ef:e3:c2:e4:4b:f4:39:56:cf:46:70:b0:e1:
36:e4:7b:1b:9b:08:df:8b:c6:03:78:5e:e4:f1:9f:bf:fa:56:
fd:f4:18:f6:b7:08:f6:22:dc:67:df:e8:e1:c8:50:b1:25:60:
b2:6c:2d:76:7d:fc:e2:d3:fc:62:b9:ec:fc:9e:58:f6:3c:0c:
48:3f:53:8d:51:e2:15:bd:eb:e8:eb:fe:13:bf:6e:77:f5:fb:
6a:16:f0:e9:77:92:87:0f:a8:7c:03:ff:b3:db:9d:3d:8c:c0:
23:42:ed:40:be:61:5e:d6:da:90:8b:8e:db:26:72:66:92:56:
bd:a7:47:d3
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICCsswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODI1MDIxMTAvBgNVBAUTKDhDM0NDQjRGRkI4OTE4OUM2RUY1QjM0REZEQUFCRTE4
MDZBNTIxOEEwHhcNMjUwODEyMjAzMTE1WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODliYTQ5My1mNmQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq3gaOijqf/p6/i3CFrJr/pwRHj/R5D8OPDKm92PVet/EZkXlodL280okaAV1
RyEjs2rm6xEuLVTxaU3ChWCMFL8On5c2QgnqOUX9yUVQl/6UF1T1Zd7KE4cPQJcR
sYLfzu46hq9doa42kISTI2iMBDw5retda1uh4JVCyLEVnwYVGDlHHzf3wz4n1ueP
Xzs8KB7k9xH60oJOCi0pcCBL47t2YkD5tfDEJ1GhblfF0Qt9KBh8J/6mgLHvx4hs
sJ0Q2X/XP5njWBmROErX/pFCas8nsuAq/ivM38AKib5BM5DvxUbd1bljXzlP3mwk
eBRAgVGwJtJMAwDi18efWIvltwIDAQABo4ICvzCCArswHQYDVR0OBBYEFDboaLye
BIYFBMaQ1p+Ic7Cm/O/0MB8GA1UdIwQYMBaAFIw8y0/7iRicbvWzTf2qvhgGpSGK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MjUwMi9EQTE2QzYzQTcz
Q0MxMUVBQTM5OTUzMjZDNEY5QUUwMi9qRHpMVF91SkdKeHU5Yk5OX2FxLUdBYWxJ
WW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pEekxUX3VKR0p4dTliTk5fYXEtR0FhbElZby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODI1MDIvREExNkM2M0E3M0NDMTFFQUEzOTk1MzI2QzRGOUFFMDIvMEQ4Qzk0QkFB
QjI4MTFFQ0IzQ0Y5MzYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MCYEAgABMCAwDAMEASdtQgMEAidtWAMEAmdS2AMEAGdiDgMEAWd3hDAOBAIA
AjAIAwYHJAPoQIAwDQYJKoZIhvcNAQELBQADggEBAGkhyQE3dXTtEkubH1JCDDXq
k91LOuyAJM7m9V2346xUs+/qUk4z0Rx6JZ7L3f5qcH2q+bfC7gpTHIldoWQ+Cnhr
kps6QwTRqiMqsA/zgsRUOTbTLu9l+wn6hXoROw1vfVqOOOcrv8oJaq03FUOEZmkS
jVci2spRoyz7TUjp0hKzlj4r7+PC5Ev0OVbPRnCw4TbkexubCN+LxgN4XuTxn7/6
Vv30GPa3CPYi3Gff6OHIULElYLJsLXZ9/OLT/GK57PyeWPY8DEg/U41R4hW96+jr
/hO/bnf1+2oW8Ol3kocPqHwD/7PbnT2MwCNC7UC+YV7W2pCLjtsmcmaSVr2nR9M=
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:28:17 2025 by rpki-client