Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
File: B04675FC959711EA9F290A33C4F9AE02.roa (raw, json)
Hash identifier: hvb2MvDqDZHyf0+HzbtgqnM+oZrlIejX067xarW4vdo=
Subject key identifier: 49:32:4F:17:9D:5B:DE:A8:C4:C6:FD:61:78:DB:90:C0:51:32:C4:58
Certificate issuer: /CN=A918495F/serialNumber=90C22F7393850E8ECF6B5F1E320D07B2D1ACD8FD
Certificate serial: 1828
Authority key identifier: 90:C2:2F:73:93:85:0E:8E:CF:6B:5F:1E:32:0D:07:B2:D1:AC:D8:FD
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
Signing time: Fri 10 Oct 2025 10:01:37 +0000
ROA not before: Fri 10 Oct 2025 10:01:37 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 4515
IP address blocks: 42.3.226.0/24 maxlen: 24
58.152.0.0/21 maxlen: 21
58.153.255.0/24 maxlen: 24
203.198.40.0/23 maxlen: 23
203.198.42.0/23 maxlen: 23
203.198.44.0/23 maxlen: 23
203.198.46.0/23 maxlen: 23
203.198.48.0/21 maxlen: 21
203.198.56.0/21 maxlen: 21
203.198.64.0/24 maxlen: 24
203.198.65.0/24 maxlen: 24
203.198.66.0/23 maxlen: 23
203.198.68.0/23 maxlen: 23
203.198.70.0/23 maxlen: 23
203.198.72.0/22 maxlen: 22
203.198.76.0/22 maxlen: 22
203.198.152.0/22 maxlen: 22
203.198.156.0/22 maxlen: 22
203.198.160.0/21 maxlen: 21
203.198.168.0/21 maxlen: 21
203.198.176.0/22 maxlen: 22
203.198.180.0/22 maxlen: 22
203.198.180.0/24 maxlen: 24
203.198.184.0/22 maxlen: 22
203.198.185.0/24 maxlen: 24
203.198.188.0/22 maxlen: 22
203.198.192.0/22 maxlen: 22
203.198.196.0/22 maxlen: 22
203.198.196.0/24 maxlen: 24
203.198.200.0/22 maxlen: 22
203.198.204.0/23 maxlen: 23
203.198.204.0/24 maxlen: 24
203.198.206.0/23 maxlen: 23
203.198.208.0/21 maxlen: 21
203.198.216.0/21 maxlen: 21
203.198.236.0/22 maxlen: 22
218.103.0.0/19 maxlen: 19
218.103.40.0/22 maxlen: 22
218.103.44.0/22 maxlen: 22
218.103.48.0/21 maxlen: 21
218.103.56.0/23 maxlen: 23
218.103.58.0/23 maxlen: 23
218.103.60.0/22 maxlen: 22
218.103.64.0/22 maxlen: 22
218.103.68.0/22 maxlen: 22
218.103.72.0/22 maxlen: 22
218.103.76.0/22 maxlen: 22
218.103.80.0/20 maxlen: 20
218.103.96.0/20 maxlen: 20
219.76.192.0/19 maxlen: 19
219.76.220.0/22 maxlen: 22
219.76.224.0/20 maxlen: 20
220.246.0.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.crl
rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 16:56:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6184 (0x1828)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918495F, serialNumber=90C22F7393850E8ECF6B5F1E320D07B2D1ACD8FD
Validity
Not Before: Oct 10 10:01:37 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68e8d980-a766
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:c9:cc:1e:0d:09:4c:2a:ac:3e:ed:ab:9a:0f:
23:6d:26:92:8b:54:54:2d:37:8e:a9:ec:ec:e6:d8:
66:87:5f:22:23:bf:dd:db:53:c6:a5:1a:99:97:51:
27:fa:ff:10:7e:40:74:e3:1d:4d:c1:66:c7:1e:45:
d1:a7:23:b9:39:e2:72:9c:93:05:88:14:f5:5b:e9:
31:a0:14:ad:96:04:fb:1f:8f:28:a9:f8:40:bd:bd:
d2:cf:5f:83:99:fb:21:a7:f9:91:7f:e3:9d:3c:ec:
34:ef:4e:7f:ae:47:68:f4:bd:95:b8:ce:8b:a4:6a:
58:e6:6d:56:c9:b2:15:0a:96:66:f7:92:29:2e:06:
1a:25:01:39:c8:49:bc:e8:88:cd:14:76:f1:f1:7b:
21:81:f9:7e:1f:54:af:ea:73:3d:e1:9c:47:63:91:
6c:b1:7a:fd:5c:d1:e1:23:ce:a2:40:21:c1:58:bf:
a6:3a:1d:5b:3e:62:25:f0:6f:a0:b2:29:cd:6f:92:
7d:95:5f:f3:76:f8:09:73:a2:89:e8:08:7c:e8:c7:
9e:f1:47:c5:ad:2d:5f:42:72:9d:0e:e8:91:b5:9f:
a3:44:23:17:db:7d:13:fb:b5:e5:f8:cf:68:33:9e:
f7:96:28:96:48:b7:a1:fc:ee:5e:24:6a:5b:b1:54:
28:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:32:4F:17:9D:5B:DE:A8:C4:C6:FD:61:78:DB:90:C0:51:32:C4:58
X509v3 Authority Key Identifier:
keyid:90:C2:2F:73:93:85:0E:8E:CF:6B:5F:1E:32:0D:07:B2:D1:AC:D8:FD
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
42.3.226.0/24
58.152.0.0/21
58.153.255.0/24
203.198.40.0-203.198.79.255
203.198.152.0-203.198.223.255
203.198.236.0/22
218.103.0.0/19
218.103.40.0-218.103.111.255
219.76.192.0-219.76.239.255
220.246.0.0/19
Signature Algorithm: sha256WithRSAEncryption
65:e3:ce:27:fe:25:41:c6:91:93:2e:9a:db:65:42:4a:20:29:
70:61:b5:66:06:38:c3:34:db:44:e0:77:e0:7c:f3:6b:f8:40:
96:c8:ae:a5:fc:54:ce:23:84:6c:9c:fc:be:13:a5:f3:25:60:
c5:0f:9a:89:cf:db:2b:3f:46:df:1f:0f:df:00:92:c5:b5:7a:
89:cd:06:8c:ef:9e:d5:8e:e9:58:ce:9c:b9:7d:83:4e:1f:6f:
54:dc:5e:c8:a0:8d:fa:82:b4:77:ef:4a:82:a3:0d:b1:9b:4e:
01:9f:d1:42:3a:85:67:84:37:ef:72:1b:45:50:4c:11:92:b6:
b2:00:e5:24:c2:0e:6e:1a:bb:48:59:44:c6:25:8a:3b:54:8d:
de:40:39:21:36:68:5f:c1:8c:18:37:c8:11:53:2c:9c:01:82:
df:4a:47:6a:d9:a7:f4:90:a1:e9:84:6b:63:6f:00:16:c8:a7:
3c:c3:80:87:3b:78:df:19:cb:97:6d:5f:ea:08:96:a9:21:44:
d4:a6:15:a6:46:b2:0a:c0:3e:f8:11:ba:84:e2:c9:16:3f:7a:
d0:46:25:c7:e7:ee:a7:a4:9d:2b:9b:08:fa:7f:4e:5f:87:3a:
6f:be:d7:7b:64:ec:24:86:fb:92:45:c7:17:7a:f1:e7:34:b1:
3e:ce:db:8e
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgICGCgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODQ5NUYxMTAvBgNVBAUTKDkwQzIyRjczOTM4NTBFOEVDRjZCNUYxRTMyMEQwN0Iy
RDFBQ0Q4RkQwHhcNMjUxMDEwMTAwMTM3WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU4ZDk4MC1hNzY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0MnMHg0JTCqsPu2rmg8jbSaSi1RULTeOqezs5thmh18iI7/d21PGpRqZl1En
+v8QfkB04x1NwWbHHkXRpyO5OeJynJMFiBT1W+kxoBStlgT7H48oqfhAvb3Sz1+D
mfshp/mRf+OdPOw0705/rkdo9L2VuM6LpGpY5m1WybIVCpZm95IpLgYaJQE5yEm8
6IjNFHbx8Xshgfl+H1Sv6nM94ZxHY5FssXr9XNHhI86iQCHBWL+mOh1bPmIl8G+g
sinNb5J9lV/zdvgJc6KJ6Ah86Mee8UfFrS1fQnKdDuiRtZ+jRCMX230T+7Xl+M9o
M573liiWSLeh/O5eJGpbsVQoSQIDAQABo4IC6zCCAucwHQYDVR0OBBYEFEkyTxed
W96oxMb9YXjbkMBRMsRYMB8GA1UdIwQYMBaAFJDCL3OThQ6Oz2tfHjINB7LRrNj9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NDk1Ri84NDhDODU3Q0RG
RUMxMUU3QTI3QTIyMTNDNEY5QUUwMi9rTUl2YzVPRkRvN1BhMThlTWcwSHN0R3My
UDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tNSXZjNU9GRG83UGExOGVNZzBIc3RHczJQMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODQ5NUYvODQ4Qzg1N0NERkVDMTFFN0EyN0EyMjEzQzRGOUFFMDIvQjA0Njc1RkM5
NTk3MTFFQTlGMjkwQTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdQYIKwYBBQUHAQcBAf8E
ZjBkMGIEAgABMFwDBAAqA+IDBAM6mAADBAA6mf8wDAMEA8vGKAMEBMvGQDAMAwQD
y8aYAwQFy8bAAwQCy8bsAwQF2mcAMAwDBAPaZygDBATaZ2AwDAMEBttMwAMEBNtM
4AMEBdz2ADANBgkqhkiG9w0BAQsFAAOCAQEAZePOJ/4lQcaRky6a22VCSiApcGG1
ZgY4wzTbROB34Hzza/hAlsiupfxUziOEbJz8vhOl8yVgxQ+aic/bKz9G3x8P3wCS
xbV6ic0GjO+e1Y7pWM6cuX2DTh9vVNxeyKCN+oK0d+9KgqMNsZtOAZ/RQjqFZ4Q3
73IbRVBMEZK2sgDlJMIObhq7SFlExiWKO1SN3kA5ITZoX8GMGDfIEVMsnAGC30pH
atmn9JCh6YRrY28AFsinPMOAhzt43xnLl21f6giWqSFE1KYVpkayCsA++BG6hOLJ
Fj960EYlx+fup6SdK5sI+n9OX4c6b77Xe2TsJIb7kkXHF3rx5zSxPs7bjg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:39:05 2025 by rpki-client