Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
File: 346F90C45F7A11EFB8032057C4F9AE02.roa (raw, json)
Hash identifier: IGGDjyarnHANd109CV989LNRJIuyS/ahKze2i6JEUXQ=
Subject key identifier: 68:18:53:FD:BE:D9:79:27:50:A6:BF:E4:55:D9:86:C9:A6:61:E1:0D
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C5EA
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
Signing time: Sat 04 Oct 2025 07:06:34 +0000
ROA not before: Sat 04 Oct 2025 07:06:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 17625
IP address blocks: 36.255.8.0/22 maxlen: 24
43.252.192.0/22 maxlen: 24
45.64.196.0/22 maxlen: 24
45.64.204.0/22 maxlen: 24
45.114.56.0/22 maxlen: 24
45.114.64.0/22 maxlen: 24
45.114.212.0/22 maxlen: 24
45.114.216.0/22 maxlen: 24
45.116.56.0/24 maxlen: 24
45.116.57.0/24 maxlen: 24
45.116.58.0/24 maxlen: 24
45.116.59.0/24 maxlen: 24
103.19.196.0/22 maxlen: 24
103.54.12.0/22 maxlen: 24
103.54.20.0/22 maxlen: 24
103.54.188.0/22 maxlen: 24
103.54.196.0/22 maxlen: 24
103.56.88.0/22 maxlen: 24
103.91.132.0/22 maxlen: 24
103.206.56.0/22 maxlen: 24
103.208.224.0/22 maxlen: 24
103.254.32.0/22 maxlen: 24
103.254.244.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 15:33:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50666 (0xc5ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Oct 4 07:06:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68e0c77a-64f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:86:59:59:60:f3:c0:c1:12:39:59:55:13:56:
4b:38:6a:c3:c3:e7:45:5b:c1:92:dd:a9:0c:8e:b9:
73:d5:ea:0f:8d:f4:6b:39:82:8e:b0:c7:44:f3:99:
83:a1:39:ac:16:8c:48:9d:34:da:5c:b1:9f:00:12:
42:ff:8e:98:db:ba:84:4f:d2:ad:e3:db:69:3e:9d:
22:7d:8d:b3:68:ef:83:84:39:5f:c7:75:3e:35:a8:
ee:59:bb:8f:c0:f4:75:c9:39:16:c7:34:04:3f:c4:
07:c8:7d:d4:be:38:90:9d:3d:a8:16:d2:d3:a5:23:
30:49:31:96:89:88:c0:01:c1:12:94:6d:ea:46:95:
5f:b4:1a:59:2d:63:39:13:9c:fe:70:c9:2e:01:60:
b4:22:29:a6:cd:b1:6c:8f:fa:60:ea:d9:6a:38:e1:
73:c4:2f:d8:6d:1d:5f:18:1b:bc:6b:6e:79:81:4c:
0b:c8:74:75:f3:92:19:81:e2:a4:95:4b:89:f1:65:
73:33:f4:95:26:54:f9:c8:56:de:ca:23:ea:92:6c:
41:4f:06:0e:45:7f:81:90:ea:72:5b:02:00:d9:ed:
dd:4e:83:1e:8c:52:96:f9:22:81:e0:a9:53:7e:75:
4d:30:12:a7:5c:d0:9a:6f:86:69:3f:e6:82:84:01:
ab:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:18:53:FD:BE:D9:79:27:50:A6:BF:E4:55:D9:86:C9:A6:61:E1:0D
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
36.255.8.0/22
43.252.192.0/22
45.64.196.0/22
45.64.204.0/22
45.114.56.0/22
45.114.64.0/22
45.114.212.0-45.114.219.255
45.116.56.0/22
103.19.196.0/22
103.54.12.0/22
103.54.20.0/22
103.54.188.0/22
103.54.196.0/22
103.56.88.0/22
103.91.132.0/22
103.206.56.0/22
103.208.224.0/22
103.254.32.0/22
103.254.244.0/22
Signature Algorithm: sha256WithRSAEncryption
3f:d3:cf:77:9f:81:2b:f2:d0:e1:07:a9:5b:30:9f:11:cb:eb:
3e:b8:67:d4:04:a9:b4:f3:d9:c9:1d:f9:2d:bd:35:0f:da:45:
da:16:35:12:e0:ec:d5:28:b9:f4:af:82:a9:2e:db:0b:e3:44:
51:b3:2f:3d:6e:8f:23:75:0e:fd:9e:2d:ad:95:83:1e:07:78:
60:97:8b:54:0b:33:dd:07:79:56:da:cd:87:6e:f7:c4:3c:0b:
17:5f:62:a0:1a:c7:0a:1e:05:91:31:35:0b:a0:d4:4a:9b:69:
84:c8:91:20:08:98:6a:1c:e6:2f:90:bb:3f:c5:ec:e7:6e:88:
c6:63:8e:1c:24:94:07:06:c4:d5:22:41:b7:db:b2:51:5e:1b:
37:42:13:e2:3a:0c:39:26:bf:28:1a:7b:24:dd:b6:86:0d:6a:
5d:b3:78:52:54:ab:53:01:37:8f:3e:af:9c:c4:7b:e9:98:41:
41:00:6d:cc:da:16:8f:03:c1:32:82:01:59:58:a1:ad:a7:71:
a4:af:49:9b:29:20:a1:44:7d:e0:31:25:76:ff:87:06:ba:f8:
72:e2:1f:5b:dd:ac:c2:4a:bf:79:f0:36:ca:e5:5e:97:17:e4:
92:a9:c9:31:23:41:0f:79:94:c7:d1:83:43:c9:fe:ef:5c:21:
be:0a:5a:e4
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgIDAMXqMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MTAwNDA3MDYzNFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhlMGM3N2EtNjRmMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqGWVlg88DBEjlZVRNWSzhqw8PnRVvBkt2pDI65c9XqD430azmCjrDHRPOZ
g6E5rBaMSJ002lyxnwASQv+OmNu6hE/SrePbaT6dIn2Ns2jvg4Q5X8d1PjWo7lm7
j8D0dck5Fsc0BD/EB8h91L44kJ09qBbS06UjMEkxlomIwAHBEpRt6kaVX7QaWS1j
OROc/nDJLgFgtCIpps2xbI/6YOrZajjhc8Qv2G0dXxgbvGtueYFMC8h0dfOSGYHi
pJVLifFlczP0lSZU+chW3soj6pJsQU8GDkV/gZDqclsCANnt3U6DHoxSlvkigeCp
U351TTASp1zQmm+GaT/mgoQBqxECAwEAAaOCAw0wggMJMB0GA1UdDgQWBBRoGFP9
vtl5J1Cmv+RV2YbJpmHhDTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzM0NkY5MEM0
NUY3QTExRUZCODAzMjA1N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGWBggrBgEFBQcBBwEB
/wSBhjCBgzCBgAQCAAEwegMEAiT/CAMEAiv8wAMEAi1AxAMEAi1AzAMEAi1yOAME
Ai1yQDAMAwQCLXLUAwQCLXLYAwQCLXQ4AwQCZxPEAwQCZzYMAwQCZzYUAwQCZza8
AwQCZzbEAwQCZzhYAwQCZ1uEAwQCZ844AwQCZ9DgAwQCZ/4gAwQCZ/70MA0GCSqG
SIb3DQEBCwUAA4IBAQA/0893n4Er8tDhB6lbMJ8Ry+s+uGfUBKm089nJHfktvTUP
2kXaFjUS4OzVKLn0r4KpLtsL40RRsy89bo8jdQ79ni2tlYMeB3hgl4tUCzPdB3lW
2s2HbvfEPAsXX2KgGscKHgWRMTULoNRKm2mEyJEgCJhqHOYvkLs/xeznbojGY44c
JJQHBsTVIkG327JRXhs3QhPiOgw5Jr8oGnsk3baGDWpds3hSVKtTATePPq+cxHvp
mEFBAG3M2haPA8EyggFZWKGtp3Gkr0mbKSChRH3gMSV2/4cGuvhy4h9b3azCSr95
8DbK5V6XF+SSqckxI0EPeZTH0YNDyf7vXCG+Clrk
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:28:14 2025 by rpki-client