Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A309C02FD8611EFB0589357C4F9AE02.roa
File: 2A309C02FD8611EFB0589357C4F9AE02.roa (raw, json)
Hash identifier: ayKIpbv0i1kAPEtCHFGb2D8X0MVqzry69gtqM5jse6w=
Subject key identifier: FA:64:7F:4F:99:B5:08:0F:34:5A:99:D9:A5:71:F1:13:84:E6:B3:48
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C30A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A309C02FD8611EFB0589357C4F9AE02.roa
Signing time: Thu 21 Aug 2025 08:53:45 +0000
ROA not before: Thu 21 Aug 2025 08:53:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 151690
IP address blocks: 43.228.166.0/23 maxlen: 24
43.230.132.0/23 maxlen: 24
103.96.15.0/24 maxlen: 24
103.109.220.0/22 maxlen: 24
103.110.244.0/23 maxlen: 24
103.115.128.0/22 maxlen: 24
103.147.93.0/24 maxlen: 24
103.157.162.0/23 maxlen: 24
103.162.74.0/24 maxlen: 24
103.162.75.0/24 maxlen: 24
103.172.56.0/24 maxlen: 24
103.185.100.0/24 maxlen: 24
103.216.99.0/24 maxlen: 24
103.225.70.0/24 maxlen: 24
103.239.12.0/23 maxlen: 24
2001:df1:8040::/48 maxlen: 48
2001:df2:23c0::/48 maxlen: 48
2001:df2:9640::/48 maxlen: 48
2001:df3:29c0::/48 maxlen: 48
2001:df4:88c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Aug 2025 15:25:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 49930 (0xc30a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Aug 21 08:53:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68a6de99-5fd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:20:44:bb:32:8e:7f:b5:3b:0b:bb:f6:b1:bb:
d3:c8:eb:04:f8:67:0f:23:e1:f8:52:c5:9a:f9:75:
bf:28:b7:49:e8:e1:cc:16:c2:a8:a8:fb:be:84:70:
26:e9:22:43:63:3c:4a:5c:6b:75:5e:ce:b1:86:e3:
88:f5:a2:57:28:7f:40:3c:f3:49:de:8e:93:5c:8c:
0b:a4:6d:9b:71:be:71:80:9e:f4:34:92:95:9d:43:
fd:9c:16:14:3e:1e:62:77:fb:b1:cc:4d:26:60:44:
48:cc:dc:e9:99:e3:2a:b9:37:49:30:f5:52:ea:4b:
01:21:77:c4:a5:bd:62:a8:70:7f:35:7a:e5:58:55:
12:0d:55:07:00:d4:49:db:6e:ee:cf:17:d0:8a:9e:
01:84:fe:42:f2:11:5c:2c:c9:16:c9:cc:a1:86:e2:
ed:90:b9:c7:09:dc:d9:4f:7b:f4:60:28:ff:66:de:
00:31:92:e9:35:90:f1:34:1d:56:58:28:2f:87:3f:
23:36:d7:c6:bc:7c:ab:f7:23:5b:0f:b5:38:0f:a9:
86:1e:5b:83:8e:dd:7b:73:5e:05:16:25:75:e3:d6:
f4:f7:1b:97:b1:f5:88:6e:c2:c4:7b:c5:a3:a6:14:
9a:a1:d8:f7:31:09:c8:49:44:98:eb:c1:ae:28:c4:
6d:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:64:7F:4F:99:B5:08:0F:34:5A:99:D9:A5:71:F1:13:84:E6:B3:48
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A309C02FD8611EFB0589357C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.166.0/23
43.230.132.0/23
103.96.15.0/24
103.109.220.0/22
103.110.244.0/23
103.115.128.0/22
103.147.93.0/24
103.157.162.0/23
103.162.74.0/23
103.172.56.0/24
103.185.100.0/24
103.216.99.0/24
103.225.70.0/24
103.239.12.0/23
IPv6:
2001:df1:8040::/48
2001:df2:23c0::/48
2001:df2:9640::/48
2001:df3:29c0::/48
2001:df4:88c0::/48
Signature Algorithm: sha256WithRSAEncryption
00:2a:9d:9b:c1:af:01:eb:58:c4:1a:5a:65:ee:41:44:ac:c2:
08:16:c8:c1:8a:45:01:76:28:e0:14:12:d3:b3:81:29:ff:bc:
8b:72:50:8f:cf:fd:73:92:5a:2d:7b:bd:1b:c2:d9:e0:89:b8:
1e:79:58:c9:29:35:44:41:63:2e:b4:ce:68:42:f1:9e:5e:53:
1e:9f:6d:8a:c3:bb:a4:be:28:05:a5:43:22:69:b8:7d:b2:0d:
71:e0:d2:a1:72:dd:26:47:3d:8d:1d:4f:c0:46:a8:4a:5b:f7:
28:cd:13:af:10:54:e7:e6:69:f2:ac:f5:4d:66:20:f6:19:3d:
29:f8:3a:21:88:b0:02:c1:d1:10:82:3e:91:36:16:83:fa:e2:
aa:de:f4:67:9e:2c:03:53:0e:e7:12:e4:b9:86:a0:60:69:93:
62:14:33:05:ae:7d:a4:c1:f4:56:8f:bb:ab:24:c4:77:3e:22:
e4:e1:57:e2:ed:1f:f2:83:0b:ba:33:07:3a:c6:ba:81:ea:0b:
81:fb:63:a1:53:99:bd:13:de:e5:1e:5f:8e:b5:5b:91:7c:f2:
f3:ff:94:01:af:ac:6d:03:f2:62:eb:99:d7:cd:08:06:7e:77:
8e:76:ac:06:2d:86:b7:a5:29:dd:7d:c8:fb:50:a6:aa:98:6c:
a8:55:73:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIDAMMKMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDgyMTA4NTM0NVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhhNmRlOTktNWZkOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO8gRLsyjn+1Owu79rG708jrBPhnDyPh+FLFmvl1vyi3SejhzBbCqKj7voRw
JukiQ2M8SlxrdV7OsYbjiPWiVyh/QDzzSd6Ok1yMC6Rtm3G+cYCe9DSSlZ1D/ZwW
FD4eYnf7scxNJmBESMzc6ZnjKrk3STD1UupLASF3xKW9YqhwfzV65VhVEg1VBwDU
Sdtu7s8X0IqeAYT+QvIRXCzJFsnMoYbi7ZC5xwnc2U979GAo/2beADGS6TWQ8TQd
VlgoL4c/IzbXxrx8q/cjWw+1OA+phh5bg47de3NeBRYldePW9Pcbl7H1iG7CxHvF
o6YUmqHY9zEJyElEmOvBrijEbQkCAwEAAaOCAxswggMXMB0GA1UdDgQWBBT6ZH9P
mbUIDzRamdmlcfEThOazSDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzJBMzA5QzAy
RkQ4NjExRUZCMDU4OTM1N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGkBggrBgEFBQcBBwEB
/wSBlDCBkTBaBAIAATBUAwQBK+SmAwQBK+aEAwQAZ2APAwQCZ23cAwQBZ270AwQC
Z3OAAwQAZ5NdAwQBZ52iAwQBZ6JKAwQAZ6w4AwQAZ7lkAwQAZ9hjAwQAZ+FGAwQB
Z+8MMDMEAgACMC0DBwAgAQ3xgEADBwAgAQ3yI8ADBwAgAQ3ylkADBwAgAQ3zKcAD
BwAgAQ30iMAwDQYJKoZIhvcNAQELBQADggEBAAAqnZvBrwHrWMQaWmXuQUSswggW
yMGKRQF2KOAUEtOzgSn/vItyUI/P/XOSWi17vRvC2eCJuB55WMkpNURBYy60zmhC
8Z5eUx6fbYrDu6S+KAWlQyJpuH2yDXHg0qFy3SZHPY0dT8BGqEpb9yjNE68QVOfm
afKs9U1mIPYZPSn4OiGIsALB0RCCPpE2FoP64qre9GeeLANTDucS5LmGoGBpk2IU
MwWufaTB9FaPu6skxHc+IuThV+LtH/KDC7ozBzrGuoHqC4H7Y6FTmb0T3uUeX461
W5F88vP/lAGvrG0D8mLrmdfNCAZ+d452rAYthrelKd19yPtQpqqYbKhVc7c=
-----END CERTIFICATE-----
Generated at Sun Aug 24 05:42:36 2025 by rpki-client