Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/210AF2A29C3D11F080E2A01BC4F9AE02.roa
File: 210AF2A29C3D11F080E2A01BC4F9AE02.roa (raw, json)
Hash identifier: RlWanPg0+3XK5Ky9eX8z9M2n/RWjnFf28m9lPcmB0N8=
Subject key identifier: C3:14:E0:4B:84:29:13:D8:D2:36:7F:B2:6E:00:35:CE:C1:8E:2C:A9
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C5A4
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/210AF2A29C3D11F080E2A01BC4F9AE02.roa
Signing time: Sun 28 Sep 2025 07:31:21 +0000
ROA not before: Sun 28 Sep 2025 07:31:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138296
IP address blocks: 103.2.190.0/23 maxlen: 24
103.31.140.0/23 maxlen: 24
103.31.142.0/23 maxlen: 24
103.31.220.0/23 maxlen: 24
103.41.32.0/22 maxlen: 24
103.93.192.0/22 maxlen: 24
103.111.70.0/24 maxlen: 24
103.115.154.0/23 maxlen: 24
103.119.172.0/23 maxlen: 24
103.123.154.0/23 maxlen: 24
103.123.224.0/22 maxlen: 24
103.124.22.0/23 maxlen: 24
103.124.122.0/23 maxlen: 24
103.127.116.0/23 maxlen: 24
103.127.252.0/24 maxlen: 24
103.132.100.0/23 maxlen: 24
103.133.116.0/24 maxlen: 24
103.134.4.0/22 maxlen: 24
103.142.106.0/24 maxlen: 24
103.143.8.0/23 maxlen: 23
103.143.8.0/24 maxlen: 24
103.143.9.0/24 maxlen: 24
103.157.178.0/23 maxlen: 24
103.157.222.0/23 maxlen: 24
103.158.48.0/23 maxlen: 24
103.167.176.0/23 maxlen: 24
103.171.210.0/23 maxlen: 24
103.172.86.0/23 maxlen: 24
103.172.156.0/23 maxlen: 24
103.173.120.0/23 maxlen: 24
103.173.177.0/24 maxlen: 24
103.173.205.0/24 maxlen: 24
103.173.244.0/24 maxlen: 24
103.173.245.0/24 maxlen: 24
103.174.244.0/23 maxlen: 24
103.175.60.0/23 maxlen: 24
103.179.46.0/23 maxlen: 24
103.179.232.0/24 maxlen: 24
103.179.236.0/23 maxlen: 24
103.181.54.0/23 maxlen: 24
103.190.212.0/24 maxlen: 24
103.190.213.0/24 maxlen: 24
103.195.80.0/23 maxlen: 24
103.204.132.0/22 maxlen: 24
103.212.172.0/23 maxlen: 24
103.215.184.0/23 maxlen: 24
103.217.138.0/23 maxlen: 24
103.218.106.0/23 maxlen: 24
103.218.180.0/23 maxlen: 24
103.218.184.0/23 maxlen: 24
103.218.186.0/23 maxlen: 24
103.220.232.0/23 maxlen: 24
103.225.30.0/23 maxlen: 24
103.225.116.0/23 maxlen: 24
103.227.104.0/23 maxlen: 24
103.228.72.0/23 maxlen: 24
103.229.90.0/23 maxlen: 24
103.244.94.0/23 maxlen: 24
110.44.10.0/24 maxlen: 24
110.44.11.0/24 maxlen: 24
2001:df2:380::/48 maxlen: 48
2400:4fe0::/32 maxlen: 32
2404:58c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 15:33:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50596 (0xc5a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Sep 28 07:31:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68d8e449-f51b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ca:85:c9:bc:3b:0c:37:c8:e2:5c:68:89:a0:
7d:9e:3d:fc:55:48:80:2a:aa:08:21:67:a8:04:1e:
b8:ad:c9:bc:da:10:61:f5:9e:9c:c4:0d:17:89:46:
34:cc:e7:84:28:97:8b:5e:f9:c0:de:b1:56:2b:09:
a3:36:c6:b6:70:cf:87:28:f2:2a:cf:24:11:80:5c:
69:aa:04:6d:fc:0b:d8:ca:2d:c9:1c:1c:43:ba:e9:
3f:1e:92:92:a7:ce:f8:f3:22:b5:94:4d:3b:11:a5:
62:3b:fb:c4:92:d1:85:a5:b3:e5:ce:4b:d3:65:ab:
92:53:92:63:eb:f4:0c:e7:07:0b:6d:40:5a:13:69:
a3:1d:92:0b:90:c8:12:98:a8:21:f6:09:aa:2d:ad:
f7:20:37:04:9d:f1:de:1f:44:26:43:17:35:f4:46:
f4:7d:a2:41:86:b7:d7:27:c3:13:90:b6:ea:9d:51:
e7:a9:17:ca:84:a5:22:5d:de:f1:97:6b:cd:94:82:
3c:9c:ee:de:74:1a:93:39:9b:f4:57:a1:54:79:f1:
07:8d:18:eb:6c:c1:c2:35:42:9b:1f:28:53:6d:74:
b9:07:68:13:c0:1d:e7:ed:8b:c8:09:84:f6:4c:d3:
44:ce:da:e2:c3:9b:d1:2e:93:09:cd:aa:a3:5e:99:
20:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:14:E0:4B:84:29:13:D8:D2:36:7F:B2:6E:00:35:CE:C1:8E:2C:A9
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/210AF2A29C3D11F080E2A01BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.2.190.0/23
103.31.140.0/22
103.31.220.0/23
103.41.32.0/22
103.93.192.0/22
103.111.70.0/24
103.115.154.0/23
103.119.172.0/23
103.123.154.0/23
103.123.224.0/22
103.124.22.0/23
103.124.122.0/23
103.127.116.0/23
103.127.252.0/24
103.132.100.0/23
103.133.116.0/24
103.134.4.0/22
103.142.106.0/24
103.143.8.0/23
103.157.178.0/23
103.157.222.0/23
103.158.48.0/23
103.167.176.0/23
103.171.210.0/23
103.172.86.0/23
103.172.156.0/23
103.173.120.0/23
103.173.177.0/24
103.173.205.0/24
103.173.244.0/23
103.174.244.0/23
103.175.60.0/23
103.179.46.0/23
103.179.232.0/24
103.179.236.0/23
103.181.54.0/23
103.190.212.0/23
103.195.80.0/23
103.204.132.0/22
103.212.172.0/23
103.215.184.0/23
103.217.138.0/23
103.218.106.0/23
103.218.180.0/23
103.218.184.0/22
103.220.232.0/23
103.225.30.0/23
103.225.116.0/23
103.227.104.0/23
103.228.72.0/23
103.229.90.0/23
103.244.94.0/23
110.44.10.0/23
IPv6:
2001:df2:380::/48
2400:4fe0::/32
2404:58c0::/48
Signature Algorithm: sha256WithRSAEncryption
9f:c7:12:5e:c3:e8:09:1d:de:07:45:0b:cd:47:0a:33:70:05:
48:ac:96:d2:42:02:f8:bf:54:08:4f:e1:57:f5:b9:ff:71:8f:
8b:1c:de:35:5e:0f:e7:bc:98:8f:af:b2:15:a6:bb:5e:32:bf:
30:db:b0:e3:30:71:90:f1:bc:34:5a:74:ba:4f:a1:70:50:4f:
90:5d:34:1d:e8:4d:fb:ca:5f:6c:7a:4d:2a:2a:93:ee:dd:f8:
cf:74:aa:88:33:f4:d6:03:61:62:56:24:bd:ba:4a:82:9f:74:
c3:21:62:28:1c:c7:98:f3:33:27:9a:c2:f3:6b:f7:d9:47:ac:
9e:cc:39:5a:20:85:cc:cb:dc:f2:f2:01:90:1a:5b:fb:11:f0:
2f:b2:95:5e:7d:9a:aa:20:e7:a3:08:15:61:e3:a9:d6:3a:35:
e1:e2:0c:fb:5a:bf:ef:31:9c:e6:df:3c:cc:48:b8:37:9a:36:
1e:94:e0:53:49:78:a5:94:f7:ca:c5:26:77:f9:92:b8:e9:9f:
bc:f7:df:46:ec:cd:ec:a1:97:3f:77:33:24:bd:2e:ff:1f:c6:
6b:a7:f9:22:34:33:9a:eb:51:13:63:25:6b:29:1c:a4:4c:32:
34:3e:37:f8:19:49:ca:d2:9c:05:d8:9e:d6:6f:ab:7d:ff:b5:
cb:36:53:a6
-----BEGIN CERTIFICATE-----
MIIG1TCCBb2gAwIBAgIDAMWkMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDkyODA3MzEyMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhkOGU0NDktZjUxYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHKhcm8Oww3yOJcaImgfZ49/FVIgCqqCCFnqAQeuK3JvNoQYfWenMQNF4lG
NMznhCiXi175wN6xVisJozbGtnDPhyjyKs8kEYBcaaoEbfwL2MotyRwcQ7rpPx6S
kqfO+PMitZRNOxGlYjv7xJLRhaWz5c5L02WrklOSY+v0DOcHC21AWhNpox2SC5DI
EpioIfYJqi2t9yA3BJ3x3h9EJkMXNfRG9H2iQYa31yfDE5C26p1R56kXyoSlIl3e
8ZdrzZSCPJzu3nQakzmb9FehVHnxB40Y62zBwjVCmx8oU210uQdoE8Ad5+2LyAmE
9kzTRM7a4sOb0S6TCc2qo16ZIJsCAwEAAaOCA/gwggP0MB0GA1UdDgQWBBTDFOBL
hCkT2NI2f7JuADXOwY4sqTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzIxMEFGMkEy
OUMzRDExRjA4MEUyQTAxQkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBgAYIKwYBBQUHAQcB
Af8EggFvMIIBazCCAUYEAgABMIIBPgMEAWcCvgMEAmcfjAMEAWcf3AMEAmcpIAME
AmddwAMEAGdvRgMEAWdzmgMEAWd3rAMEAWd7mgMEAmd74AMEAWd8FgMEAWd8egME
AWd/dAMEAGd//AMEAWeEZAMEAGeFdAMEAmeGBAMEAGeOagMEAWePCAMEAWedsgME
AWed3gMEAWeeMAMEAWensAMEAWer0gMEAWesVgMEAWesnAMEAWeteAMEAGetsQME
AGetzQMEAWet9AMEAWeu9AMEAWevPAMEAWezLgMEAGez6AMEAWez7AMEAWe1NgME
AWe+1AMEAWfDUAMEAmfMhAMEAWfUrAMEAWfXuAMEAWfZigMEAWfaagMEAWfatAME
AmfauAMEAWfc6AMEAWfhHgMEAWfhdAMEAWfjaAMEAWfkSAMEAWflWgMEAWf0XgME
AW4sCjAfBAIAAjAZAwcAIAEN8gOAAwUAJABP4AMHACQEWMAAADANBgkqhkiG9w0B
AQsFAAOCAQEAn8cSXsPoCR3eB0ULzUcKM3AFSKyW0kIC+L9UCE/hV/W5/3GPixze
NV4P57yYj6+yFaa7XjK/MNuw4zBxkPG8NFp0uk+hcFBPkF00HehN+8pfbHpNKiqT
7t34z3SqiDP01gNhYlYkvbpKgp90wyFiKBzHmPMzJ5rC82v32Uesnsw5WiCFzMvc
8vIBkBpb+xHwL7KVXn2aqiDnowgVYeOp1jo14eIM+1q/7zGc5t88zEi4N5o2HpTg
U0l4pZT3ysUmd/mSuOmfvPffRuzN7KGXP3czJL0u/x/Ga6f5IjQzmutRE2Mlaykc
pEwyND43+BlJytKcBdie1m+rff+1yzZTpg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:25:21 2025 by rpki-client