Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A69EC8A47CED11F090B5F72DC4F9AE02.roa
File: A69EC8A47CED11F090B5F72DC4F9AE02.roa (raw, json)
Hash identifier: qxwdm8vQQ3Els82MDnH2EYek+PwBQD0HL3xQG8pP3dM=
Subject key identifier: F4:EF:8F:5C:C4:4A:C7:09:F5:C8:86:D7:A3:79:30:0F:53:DB:13:94
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C2D3
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A69EC8A47CED11F090B5F72DC4F9AE02.roa
Signing time: Tue 19 Aug 2025 11:14:19 +0000
ROA not before: Tue 19 Aug 2025 11:14:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138296
IP address blocks: 103.2.190.0/23 maxlen: 24
103.31.140.0/23 maxlen: 24
103.31.142.0/23 maxlen: 24
103.41.32.0/22 maxlen: 24
103.93.192.0/22 maxlen: 24
103.111.70.0/24 maxlen: 24
103.115.154.0/23 maxlen: 24
103.119.172.0/23 maxlen: 24
103.123.154.0/23 maxlen: 24
103.123.224.0/22 maxlen: 24
103.124.22.0/23 maxlen: 24
103.124.122.0/23 maxlen: 24
103.127.116.0/23 maxlen: 24
103.127.252.0/24 maxlen: 24
103.132.100.0/23 maxlen: 24
103.133.116.0/24 maxlen: 24
103.134.4.0/22 maxlen: 24
103.142.106.0/23 maxlen: 24
103.143.8.0/23 maxlen: 23
103.143.8.0/24 maxlen: 24
103.143.9.0/24 maxlen: 24
103.157.178.0/23 maxlen: 24
103.157.222.0/23 maxlen: 24
103.158.48.0/23 maxlen: 24
103.167.176.0/23 maxlen: 24
103.171.210.0/23 maxlen: 24
103.172.86.0/23 maxlen: 24
103.172.156.0/23 maxlen: 24
103.173.120.0/23 maxlen: 24
103.173.177.0/24 maxlen: 24
103.173.205.0/24 maxlen: 24
103.173.244.0/24 maxlen: 24
103.173.245.0/24 maxlen: 24
103.174.244.0/23 maxlen: 24
103.175.60.0/23 maxlen: 24
103.179.46.0/23 maxlen: 24
103.179.232.0/24 maxlen: 24
103.179.236.0/23 maxlen: 24
103.181.54.0/23 maxlen: 24
103.190.212.0/24 maxlen: 24
103.190.213.0/24 maxlen: 24
103.195.80.0/23 maxlen: 24
103.204.132.0/22 maxlen: 24
103.206.26.0/23 maxlen: 24
103.207.90.0/23 maxlen: 24
103.208.90.0/23 maxlen: 24
103.209.72.0/23 maxlen: 24
103.212.172.0/23 maxlen: 24
103.215.184.0/23 maxlen: 24
103.217.138.0/23 maxlen: 24
103.218.106.0/23 maxlen: 24
103.218.180.0/23 maxlen: 24
103.218.184.0/23 maxlen: 24
103.218.186.0/23 maxlen: 24
103.220.232.0/23 maxlen: 24
103.225.30.0/23 maxlen: 24
103.225.116.0/23 maxlen: 24
103.227.104.0/23 maxlen: 24
103.228.72.0/23 maxlen: 24
103.229.90.0/23 maxlen: 24
103.244.94.0/23 maxlen: 24
110.44.10.0/24 maxlen: 24
110.44.11.0/24 maxlen: 24
2001:df2:380::/48 maxlen: 48
2400:4fe0::/32 maxlen: 32
2404:58c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Aug 2025 15:25:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 49875 (0xc2d3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Aug 19 11:14:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68a45c8b-44c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:87:b2:dd:93:2e:f5:91:d2:28:04:ec:12:e4:
0c:3e:01:2b:85:9a:45:d0:81:d6:af:de:f2:52:50:
32:5e:bc:38:09:0f:a7:74:b8:98:31:a3:94:26:74:
98:93:a8:7f:59:18:f2:69:6d:b9:df:c5:a6:f9:8e:
fe:0e:98:7f:1a:a4:73:2e:7e:26:3d:77:23:45:2c:
f4:16:9b:bf:9f:33:c0:10:32:ec:50:b8:3f:8d:55:
40:4f:ab:01:a7:04:cf:26:7d:c2:41:5a:e5:73:e7:
77:0d:fb:9c:c2:ff:d8:9c:69:48:ff:32:71:44:db:
a5:34:23:62:c5:a7:7c:51:c6:92:ca:32:ee:eb:a2:
68:22:3b:4f:84:26:5d:bf:41:a1:1f:cd:8d:2a:b6:
3b:bc:c6:11:1e:62:c6:6b:cc:c3:24:22:1b:2f:fb:
82:99:52:da:2e:de:1a:f6:b4:06:40:e6:2c:48:19:
19:4a:41:95:4e:b4:c5:d1:8c:b4:57:f7:51:1f:38:
33:d4:2d:ba:a7:9c:48:a6:b4:ab:bd:45:a1:b4:cb:
cd:7a:c5:5d:f9:4e:c7:39:43:3b:08:bf:c4:0f:e6:
f1:61:c2:b9:2c:13:e9:08:39:e5:02:ef:4a:31:8c:
f5:8f:b9:24:fc:d1:10:ad:5e:14:e5:8a:6a:b5:eb:
82:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:EF:8F:5C:C4:4A:C7:09:F5:C8:86:D7:A3:79:30:0F:53:DB:13:94
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A69EC8A47CED11F090B5F72DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.2.190.0/23
103.31.140.0/22
103.41.32.0/22
103.93.192.0/22
103.111.70.0/24
103.115.154.0/23
103.119.172.0/23
103.123.154.0/23
103.123.224.0/22
103.124.22.0/23
103.124.122.0/23
103.127.116.0/23
103.127.252.0/24
103.132.100.0/23
103.133.116.0/24
103.134.4.0/22
103.142.106.0/23
103.143.8.0/23
103.157.178.0/23
103.157.222.0/23
103.158.48.0/23
103.167.176.0/23
103.171.210.0/23
103.172.86.0/23
103.172.156.0/23
103.173.120.0/23
103.173.177.0/24
103.173.205.0/24
103.173.244.0/23
103.174.244.0/23
103.175.60.0/23
103.179.46.0/23
103.179.232.0/24
103.179.236.0/23
103.181.54.0/23
103.190.212.0/23
103.195.80.0/23
103.204.132.0/22
103.206.26.0/23
103.207.90.0/23
103.208.90.0/23
103.209.72.0/23
103.212.172.0/23
103.215.184.0/23
103.217.138.0/23
103.218.106.0/23
103.218.180.0/23
103.218.184.0/22
103.220.232.0/23
103.225.30.0/23
103.225.116.0/23
103.227.104.0/23
103.228.72.0/23
103.229.90.0/23
103.244.94.0/23
110.44.10.0/23
IPv6:
2001:df2:380::/48
2400:4fe0::/32
2404:58c0::/48
Signature Algorithm: sha256WithRSAEncryption
1c:07:93:74:0f:05:80:58:54:4e:b4:12:5d:c1:33:25:9b:25:
3e:ae:ac:6a:4b:60:0c:1c:2f:e3:6a:14:9c:ce:cf:83:ac:20:
2a:b7:ac:7e:17:0b:48:b7:03:c8:87:04:49:01:0f:b6:9c:d4:
c6:f1:f3:7d:a2:e4:81:8d:be:e9:0b:2d:d0:cc:39:69:cf:65:
24:21:3b:c5:20:3c:46:c6:6c:b2:46:04:c2:6d:45:49:81:eb:
7c:d3:9a:6d:f8:83:bf:36:f2:ed:bd:a1:6c:12:4d:35:7a:66:
69:ea:86:67:59:3f:1a:9d:93:89:7c:85:db:46:bf:41:56:be:
31:c9:ce:13:9d:0b:60:b7:f8:ea:a7:0c:07:d2:d0:36:a2:d9:
22:7c:93:37:e6:52:a9:98:c2:75:db:5f:5b:e7:0b:ea:38:48:
66:d1:e8:43:36:4c:50:f2:bc:26:dc:38:09:3f:85:2b:b3:47:
09:09:af:4a:ac:fb:e9:b8:51:85:ed:26:95:5c:9a:18:00:58:
11:23:4c:a3:56:ce:69:24:11:24:71:f6:1d:ec:9e:59:39:7d:
65:49:b9:e1:41:40:33:ab:24:67:ca:65:dc:bc:93:ec:bd:8d:
44:48:b0:51:24:a2:3e:de:e7:c8:f4:5c:dd:7f:8c:79:a3:75:
db:88:38:21
-----BEGIN CERTIFICATE-----
MIIG5zCCBc+gAwIBAgIDAMLTMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDgxOTExMTQxOVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhhNDVjOGItNDRjNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuHst2TLvWR0igE7BLkDD4BK4WaRdCB1q/e8lJQMl68OAkPp3S4mDGjlCZ0
mJOof1kY8mltud/FpvmO/g6Yfxqkcy5+Jj13I0Us9Babv58zwBAy7FC4P41VQE+r
AacEzyZ9wkFa5XPndw37nML/2JxpSP8ycUTbpTQjYsWnfFHGksoy7uuiaCI7T4Qm
Xb9BoR/NjSq2O7zGER5ixmvMwyQiGy/7gplS2i7eGva0BkDmLEgZGUpBlU60xdGM
tFf3UR84M9QtuqecSKa0q71FobTLzXrFXflOxzlDOwi/xA/m8WHCuSwT6Qg55QLv
SjGM9Y+5JPzREK1eFOWKarXrgvkCAwEAAaOCBAowggQGMB0GA1UdDgQWBBT0749c
xErHCfXIhtejeTAPU9sTlDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0E2OUVDOEE0
N0NFRDExRjA5MEI1RjcyREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBkgYIKwYBBQUHAQcB
Af8EggGBMIIBfTCCAVgEAgABMIIBUAMEAWcCvgMEAmcfjAMEAmcpIAMEAmddwAME
AGdvRgMEAWdzmgMEAWd3rAMEAWd7mgMEAmd74AMEAWd8FgMEAWd8egMEAWd/dAME
AGd//AMEAWeEZAMEAGeFdAMEAmeGBAMEAWeOagMEAWePCAMEAWedsgMEAWed3gME
AWeeMAMEAWensAMEAWer0gMEAWesVgMEAWesnAMEAWeteAMEAGetsQMEAGetzQME
AWet9AMEAWeu9AMEAWevPAMEAWezLgMEAGez6AMEAWez7AMEAWe1NgMEAWe+1AME
AWfDUAMEAmfMhAMEAWfOGgMEAWfPWgMEAWfQWgMEAWfRSAMEAWfUrAMEAWfXuAME
AWfZigMEAWfaagMEAWfatAMEAmfauAMEAWfc6AMEAWfhHgMEAWfhdAMEAWfjaAME
AWfkSAMEAWflWgMEAWf0XgMEAW4sCjAfBAIAAjAZAwcAIAEN8gOAAwUAJABP4AMH
ACQEWMAAADANBgkqhkiG9w0BAQsFAAOCAQEAHAeTdA8FgFhUTrQSXcEzJZslPq6s
aktgDBwv42oUnM7Pg6wgKresfhcLSLcDyIcESQEPtpzUxvHzfaLkgY2+6Qst0Mw5
ac9lJCE7xSA8RsZsskYEwm1FSYHrfNOabfiDvzby7b2hbBJNNXpmaeqGZ1k/Gp2T
iXyF20a/QVa+McnOE50LYLf46qcMB9LQNqLZInyTN+ZSqZjCddtfW+cL6jhIZtHo
QzZMUPK8Jtw4CT+FK7NHCQmvSqz76bhRhe0mlVyaGABYESNMo1bOaSQRJHH2Heye
WTl9ZUm54UFAM6skZ8pl3LyT7L2NREiwUSSiPt7nyPRc3X+MeaN124g4IQ==
-----END CERTIFICATE-----
Generated at Sun Aug 24 02:32:07 2025 by rpki-client