Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
File: 966E1C18CCE911EBAB17776BC4F9AE02.roa (raw, json)
Hash identifier: qS9zVGLhhhHl+CZC5neJwGhHDqlYOYyox+69WDMaDn8=
Subject key identifier: 10:F2:7C:56:6E:B6:F7:0A:F0:53:33:BA:73:94:A7:E7:C0:58:CB:68
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C52B
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
Signing time: Thu 18 Sep 2025 09:06:18 +0000
ROA not before: Thu 18 Sep 2025 09:06:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4758
IP address blocks: 43.239.62.0/24 maxlen: 24
45.118.16.0/22 maxlen: 22
45.118.16.0/24 maxlen: 24
45.118.17.0/24 maxlen: 24
45.118.18.0/24 maxlen: 24
45.118.19.0/24 maxlen: 24
45.118.20.0/22 maxlen: 22
45.118.20.0/24 maxlen: 24
45.118.21.0/24 maxlen: 24
45.118.22.0/24 maxlen: 24
45.118.23.0/24 maxlen: 24
45.118.24.0/22 maxlen: 22
45.118.24.0/24 maxlen: 24
45.118.25.0/24 maxlen: 24
45.118.26.0/24 maxlen: 24
45.118.27.0/24 maxlen: 24
45.118.28.0/22 maxlen: 22
45.118.28.0/24 maxlen: 24
45.118.29.0/24 maxlen: 24
45.118.30.0/24 maxlen: 24
45.118.31.0/24 maxlen: 24
45.127.75.0/24 maxlen: 24
103.70.96.0/24 maxlen: 24
103.195.208.0/24 maxlen: 24
103.195.209.0/24 maxlen: 24
103.195.210.0/24 maxlen: 24
103.195.211.0/24 maxlen: 24
103.195.212.0/24 maxlen: 24
103.195.213.0/24 maxlen: 24
103.195.214.0/24 maxlen: 24
103.195.215.0/24 maxlen: 24
103.195.216.0/24 maxlen: 24
103.195.217.0/24 maxlen: 24
103.195.218.0/24 maxlen: 24
103.195.219.0/24 maxlen: 24
137.59.128.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 15:33:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50475 (0xc52b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Sep 18 09:06:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68cbcb8a-7910
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:bb:49:5d:cc:c3:8a:d4:fe:33:08:04:7d:0a:
ed:93:3e:cb:0c:f4:79:16:87:06:9b:58:e3:a9:d7:
f3:e9:ad:8d:26:43:18:49:7a:00:ca:87:f7:b0:11:
cb:d0:1c:f8:f1:aa:f4:16:48:0a:91:67:4f:d8:be:
3e:5a:a0:9e:3b:fd:e9:95:e1:dd:3b:76:cb:cb:02:
05:c5:be:6f:8c:c8:bd:7c:01:ba:1d:cb:1c:b7:b7:
39:93:91:6a:e2:f2:6e:9f:6f:bc:85:e5:49:9b:10:
d1:4e:bf:0d:e3:de:65:3a:db:11:c6:6a:e8:72:4a:
f8:24:1a:9f:89:be:43:1c:46:72:25:3a:f1:d8:5f:
fb:71:80:51:3c:9c:3a:86:bd:4a:19:fd:d2:45:24:
19:70:2e:f7:9b:9d:76:ba:c6:23:03:6e:16:a9:9d:
23:a2:23:32:d3:9d:3d:0d:07:f5:14:46:a6:6a:9d:
05:ee:84:5e:63:c3:3d:bf:a5:af:ba:6a:c4:22:8d:
bb:4e:f5:a2:b7:f0:f0:73:e4:8a:cc:37:de:65:f7:
e3:0c:9d:04:48:62:80:15:d3:9d:a2:77:2f:8c:f3:
cc:d4:b8:26:87:f7:36:6d:1f:02:a6:2c:79:c1:f8:
f3:03:2e:b1:bd:98:b3:dd:02:56:ed:2e:4e:7f:8b:
5e:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:F2:7C:56:6E:B6:F7:0A:F0:53:33:BA:73:94:A7:E7:C0:58:CB:68
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.62.0/24
45.118.16.0/20
45.127.75.0/24
103.70.96.0/24
103.195.208.0-103.195.219.255
137.59.128.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:2a:eb:a9:27:ed:9d:f0:de:80:1f:87:bb:0d:d1:61:6c:70:
42:e3:de:d0:55:aa:72:9d:e7:3d:46:27:20:bc:9e:0b:89:9d:
6d:db:c5:75:bc:d7:94:f3:a8:6d:0c:e1:24:9a:2a:9a:66:b3:
a0:88:b0:e1:1a:c2:8a:f2:34:91:fb:b8:8a:e9:fe:7b:ab:a1:
7f:3d:cb:70:3b:df:0f:ab:ba:66:8c:6e:1a:93:84:c8:fe:f9:
64:67:c1:bd:ce:83:12:df:c7:7d:66:0e:0b:ae:a8:11:01:7c:
ea:59:b6:ab:e2:28:71:47:74:11:75:61:53:98:29:ee:70:56:
cb:f0:ca:83:a0:00:98:83:9c:98:86:dd:8e:e7:3b:29:37:58:
92:16:f2:10:54:12:ed:3e:20:6d:24:19:2f:a1:23:68:d3:6d:
a6:97:41:52:de:58:17:d2:59:85:ac:59:79:0a:d8:49:db:b1:
0b:64:2e:91:08:65:4d:a1:28:a4:ec:d1:ea:d3:bf:37:8f:4c:
90:e6:e1:ff:e0:40:23:14:46:2e:75:72:78:e9:f5:15:fb:d7:
ce:31:2f:a5:b9:19:ca:ff:aa:be:da:a2:0e:d5:f0:38:45:bf:
90:44:71:a2:b1:22:46:14:f6:8a:15:74:c5:16:7e:17:4c:d6:
06:c0:66:12
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIDAMUrMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDkxODA5MDYxOFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhjYmNiOGEtNzkxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+7SV3Mw4rU/jMIBH0K7ZM+ywz0eRaHBptY46nX8+mtjSZDGEl6AMqH97AR
y9Ac+PGq9BZICpFnT9i+Plqgnjv96ZXh3Tt2y8sCBcW+b4zIvXwBuh3LHLe3OZOR
auLybp9vvIXlSZsQ0U6/DePeZTrbEcZq6HJK+CQan4m+QxxGciU68dhf+3GAUTyc
Ooa9Shn90kUkGXAu95uddrrGIwNuFqmdI6IjMtOdPQ0H9RRGpmqdBe6EXmPDPb+l
r7pqxCKNu071orfw8HPkisw33mX34wydBEhigBXTnaJ3L4zzzNS4Jof3Nm0fAqYs
ecH48wMusb2Ys90CVu0uTn+LXkkCAwEAAaOCArswggK3MB0GA1UdDgQWBBQQ8nxW
brb3CvBTM7pzlKfnwFjLaDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk2NkUxQzE4
Q0NFOTExRUJBQjE3Nzc2QkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMEUGCCsGAQUFBwEHAQH/
BDYwNDAyBAIAATAsAwQAK+8+AwQELXYQAwQALX9LAwQAZ0ZgMAwDBARnw9ADBAJn
w9gDBAKJO4AwDQYJKoZIhvcNAQELBQADggEBACwq66kn7Z3w3oAfh7sN0WFscELj
3tBVqnKd5z1GJyC8nguJnW3bxXW815TzqG0M4SSaKppms6CIsOEaworyNJH7uIrp
/nuroX89y3A73w+rumaMbhqThMj++WRnwb3OgxLfx31mDguuqBEBfOpZtqviKHFH
dBF1YVOYKe5wVsvwyoOgAJiDnJiG3Y7nOyk3WJIW8hBUEu0+IG0kGS+hI2jTbaaX
QVLeWBfSWYWsWXkK2EnbsQtkLpEIZU2hKKTs0erTvzePTJDm4f/gQCMURi51cnjp
9RX7184xL6W5Gcr/qr7aog7V8DhFv5BEcaKxIkYU9ooVdMUWfhdM1gbAZhI=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:52:03 2025 by rpki-client