Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
File: B96D3BB2767311F0B208256DC4F9AE02.roa (raw, json)
Hash identifier: Q4IFrwR91iH9WX+SzlIGRgj019p1vNxNnIkEiqEDRE8=
Subject key identifier: 5C:6F:CA:12:03:45:53:BE:8D:E9:B0:6E:C1:32:A9:90:00:40:B6:23
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C641
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
Signing time: Tue 14 Oct 2025 05:28:14 +0000
ROA not before: Tue 14 Oct 2025 05:28:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9498
IP address blocks: 45.121.44.0/22 maxlen: 24
45.124.224.0/22 maxlen: 24
45.124.228.0/22 maxlen: 24
45.124.232.0/22 maxlen: 24
45.124.236.0/22 maxlen: 24
103.29.197.0/24 maxlen: 24
103.61.132.0/22 maxlen: 24
103.68.220.0/23 maxlen: 24
103.147.90.0/24 maxlen: 24
103.171.87.0/24 maxlen: 24
103.209.96.0/23 maxlen: 24
192.12.109.0/24 maxlen: 24
202.53.87.0/24 maxlen: 24
202.58.102.0/23 maxlen: 24
202.65.141.0/24 maxlen: 24
202.65.142.0/24 maxlen: 24
2405:a700::/32 maxlen: 32
2405:a700:14::/48 maxlen: 48
2405:a700:15::/48 maxlen: 48
2405:a700:1b::/48 maxlen: 48
2405:a700:1c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 15:33:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50753 (0xc641)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Oct 14 05:28:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68eddf6e-a284
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:75:9d:ad:5f:a7:1d:c8:0f:82:c1:bc:e5:ad:
df:d7:ef:4f:32:1b:df:04:d1:26:37:af:33:ec:8e:
76:02:43:fb:cc:62:2b:88:e6:a8:e9:0b:91:2b:94:
50:50:0c:8d:a2:ef:0a:70:fc:a1:da:58:a2:87:5c:
fd:a8:5f:69:5e:50:e4:d7:74:7e:47:c2:3d:de:1b:
70:32:50:49:3b:5c:26:ac:94:20:d1:86:fe:17:c1:
2c:66:a3:44:a8:c8:f9:75:e4:9f:8f:a7:4a:1f:45:
08:6d:a4:20:5d:8d:cc:21:29:f1:23:05:43:a7:67:
20:27:67:36:70:23:b2:21:fe:c1:58:49:fb:a0:27:
25:9f:eb:22:8d:6e:d2:94:7a:17:22:fb:7a:ba:27:
5d:0c:2f:d5:fa:ac:56:59:1d:71:72:ef:de:e9:f5:
e7:70:25:a9:dd:ce:56:a1:a5:14:89:ea:44:80:10:
63:2b:b5:b0:78:07:31:67:d1:7f:84:08:5d:be:20:
7e:22:08:9a:35:d1:e9:ed:d7:a2:ae:42:15:b8:78:
12:b8:6e:ff:4a:cc:65:fc:be:83:0a:31:6f:8e:70:
7d:94:c0:30:26:ea:c5:1b:61:9a:58:74:1d:d6:d3:
d0:95:fc:6a:22:a0:a5:eb:67:9b:eb:a0:01:48:37:
43:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:6F:CA:12:03:45:53:BE:8D:E9:B0:6E:C1:32:A9:90:00:40:B6:23
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.121.44.0/22
45.124.224.0/20
103.29.197.0/24
103.61.132.0/22
103.68.220.0/23
103.147.90.0/24
103.171.87.0/24
103.209.96.0/23
192.12.109.0/24
202.53.87.0/24
202.58.102.0/23
202.65.141.0-202.65.142.255
IPv6:
2405:a700::/32
Signature Algorithm: sha256WithRSAEncryption
91:23:86:41:99:a9:1b:eb:9b:a6:f3:3d:0a:28:72:c0:27:d8:
90:a8:52:af:e7:96:16:3f:0e:4a:8f:dd:0c:c8:41:6b:29:75:
90:53:d4:e0:57:2f:e9:05:93:e3:22:1a:05:af:83:bf:bd:88:
2e:ff:0e:9a:76:73:c6:a0:f2:fe:a1:0c:08:ab:84:f7:b6:5d:
6a:6e:b9:72:11:c6:bf:e9:a6:f4:64:33:32:2b:7d:07:74:e5:
18:5a:4b:4c:56:75:9c:1d:f1:6f:8c:ca:a8:3f:d7:8a:fc:da:
e7:28:b9:9f:69:b0:b7:09:cb:98:11:48:74:f1:c9:5b:40:d7:
39:12:8e:2d:2c:25:8d:72:5f:5a:a7:c9:19:55:47:6b:5a:ac:
61:d0:65:1a:8d:9e:56:83:d1:62:fb:d0:8c:1e:f9:45:be:7b:
71:3e:60:a2:ec:93:60:b6:f1:9e:d5:15:1b:03:87:22:65:fa:
c5:8b:a0:10:88:33:b8:bc:0d:69:6a:29:c7:2d:1d:c6:0d:a9:
4a:6e:f9:69:60:24:45:5e:61:30:3b:4f:46:fd:19:86:e9:15:
bc:ca:bb:14:e9:d9:93:f0:1a:0a:31:56:34:21:19:52:8d:5d:
a2:3f:46:d9:fe:dd:ed:22:3d:dc:62:98:0a:68:1d:fd:f1:7d:
f1:79:08:14
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIDAMZBMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MTAxNDA1MjgxNFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjhlZGRmNmUtYTI4NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZ1na1fpx3ID4LBvOWt39fvTzIb3wTRJjevM+yOdgJD+8xiK4jmqOkLkSuU
UFAMjaLvCnD8odpYoodc/ahfaV5Q5Nd0fkfCPd4bcDJQSTtcJqyUINGG/hfBLGaj
RKjI+XXkn4+nSh9FCG2kIF2NzCEp8SMFQ6dnICdnNnAjsiH+wVhJ+6AnJZ/rIo1u
0pR6FyL7eronXQwv1fqsVlkdcXLv3un153Alqd3OVqGlFInqRIAQYyu1sHgHMWfR
f4QIXb4gfiIImjXR6e3Xoq5CFbh4Erhu/0rMZfy+gwoxb45wfZTAMCbqxRthmlh0
HdbT0JX8aiKgpetnm+ugAUg3Q3UCAwEAAaOCAu4wggLqMB0GA1UdDgQWBBRcb8oS
A0VTvo3psG7BMqmQAEC2IzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I5NkQzQkIy
NzY3MzExRjBCMjA4MjU2REM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMHgGCCsGAQUFBwEHAQH/
BGkwZzBWBAIAATBQAwQCLXksAwQELXzgAwQAZx3FAwQCZz2EAwQBZ0TcAwQAZ5Na
AwQAZ6tXAwQBZ9FgAwQAwAxtAwQAyjVXAwQByjpmMAwDBADKQY0DBADKQY4wDQQC
AAIwBwMFACQFpwAwDQYJKoZIhvcNAQELBQADggEBAJEjhkGZqRvrm6bzPQoocsAn
2JCoUq/nlhY/DkqP3QzIQWspdZBT1OBXL+kFk+MiGgWvg7+9iC7/Dpp2c8ag8v6h
DAirhPe2XWpuuXIRxr/ppvRkMzIrfQd05RhaS0xWdZwd8W+Myqg/14r82ucouZ9p
sLcJy5gRSHTxyVtA1zkSji0sJY1yX1qnyRlVR2tarGHQZRqNnlaD0WL70Iwe+UW+
e3E+YKLsk2C28Z7VFRsDhyJl+sWLoBCIM7i8DWlqKcctHcYNqUpu+WlgJEVeYTA7
T0b9GYbpFbzKuxTp2ZPwGgoxVjQhGVKNXaI/Rtn+3e0iPdximApoHf3xffF5CBQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:29:16 2025 by rpki-client