Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: fzQzGSAIs0EVXNYEuUhQCq5Xv3M4UYk0ENH+A/wJ0lg=
Subject key identifier: F6:BD:28:97:B8:6F:90:F1:21:07:2E:D2:AE:60:93:85:B0:B7:74:6B
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: 0148
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Wed 03 Sep 2025 05:54:40 +0000
ROA not before: Wed 03 Sep 2025 05:54:40 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.97.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
2403:ad80:5000::/38 maxlen: 38
2403:ad80:8100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 07:32:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 328 (0x148)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777, serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: Sep 3 05:54:40 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68b7d81f-1408
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:7d:40:67:53:34:21:da:56:f1:55:69:a1:9c:
d1:c1:80:14:b4:a6:89:41:c3:b2:dc:ed:e3:74:25:
6b:ea:c4:37:31:79:86:93:3e:12:b6:4e:50:c1:f2:
74:80:ec:66:84:54:15:1c:0c:c2:53:09:51:d7:8e:
c1:fe:fd:96:ad:3b:af:eb:5a:44:ae:8b:45:93:d1:
d2:78:b9:ce:7f:1e:78:2d:7a:05:15:49:39:ec:f3:
80:86:24:c2:77:80:6d:c5:13:ee:b7:f9:99:49:06:
1d:2e:34:e2:e7:37:2f:94:b9:1f:47:ac:b1:a8:25:
7c:2d:41:43:c0:30:7a:be:2d:17:cd:e6:1c:36:9f:
32:c1:5a:e7:46:08:ba:e2:53:36:1d:27:a7:a7:68:
15:fe:0a:b2:3a:b3:20:4e:0c:92:97:e0:6c:85:a3:
67:b8:81:4c:22:35:95:80:a1:6e:ca:55:e0:78:12:
3e:1a:ef:f8:69:6e:40:03:eb:6b:f7:12:a2:51:7f:
d3:5f:44:ce:b5:c1:80:a9:a2:39:76:db:36:a4:e8:
dc:9b:8b:dc:0f:08:c1:31:70:fa:8c:e0:1a:8f:46:
47:e9:75:70:ad:43:63:23:c0:e2:c8:74:54:cf:62:
66:c4:03:68:6e:f1:1b:a5:f0:1e:db:5e:2f:19:d8:
89:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:BD:28:97:B8:6F:90:F1:21:07:2E:D2:AE:60:93:85:B0:B7:74:6B
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/23
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::-2403:ad80:53ff:ffff:ffff:ffff:ffff:ffff
2403:ad80:8100::/40
Signature Algorithm: sha256WithRSAEncryption
1d:60:e3:4c:46:0d:e1:e1:c1:59:91:1a:85:bd:8c:53:83:6a:
88:a2:c4:16:75:f2:92:15:d9:6e:13:bd:07:d5:22:34:1a:a5:
73:95:23:24:8e:64:f5:80:23:63:b4:57:8b:ab:f9:a6:3e:ff:
d5:c9:6c:1f:b9:ca:8b:f4:e9:73:85:ac:81:6f:fe:32:48:12:
3c:ee:98:fd:b5:df:03:10:b3:f8:ed:f2:5e:48:74:fd:e2:7a:
ed:1b:62:3d:7e:f1:30:e7:95:eb:e3:7a:39:ae:da:f2:f5:28:
d7:10:a5:d6:4a:8a:4e:8f:2e:e2:b2:11:35:41:67:dc:4a:01:
c5:34:95:72:e3:c8:26:96:0c:c9:49:f1:cc:81:f8:9e:57:7f:
8a:71:8e:9b:7e:1c:85:ad:30:fa:c7:75:fe:f9:44:c6:90:80:
e0:b5:8f:9a:d5:79:85:e6:0a:eb:be:94:66:11:87:30:bb:3e:
a3:09:fa:22:91:bc:43:d1:92:34:be:5d:75:88:b2:72:93:22:
d2:6c:a3:28:c7:b7:5d:96:42:26:c2:2a:ef:3f:85:db:85:7d:
fd:be:3f:2f:22:75:fb:27:d1:f0:ce:bc:c3:e7:a6:85:52:1a:
f6:71:64:b0:c5:ea:b5:86:73:e0:69:b6:d8:84:aa:d7:4f:3a:
4c:5c:0b:67
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICAUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjUwOTAzMDU1NDQwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGI3ZDgxZi0xNDA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7H1AZ1M0IdpW8VVpoZzRwYAUtKaJQcOy3O3jdCVr6sQ3MXmGkz4Stk5QwfJ0
gOxmhFQVHAzCUwlR147B/v2WrTuv61pErotFk9HSeLnOfx54LXoFFUk57POAhiTC
d4BtxRPut/mZSQYdLjTi5zcvlLkfR6yxqCV8LUFDwDB6vi0XzeYcNp8ywVrnRgi6
4lM2HSenp2gV/gqyOrMgTgySl+BshaNnuIFMIjWVgKFuylXgeBI+Gu/4aW5AA+tr
9xKiUX/TX0TOtcGAqaI5dts2pOjcm4vcDwjBMXD6jOAaj0ZH6XVwrUNjI8DiyHRU
z2JmxANobvEbpfAe214vGdiJYwIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFPa9KJe4
b5DxIQcu0q5gk4Wwt3RrMB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMEoEAgABMEQDBAEteJwDBAAteJ8DBAItfaQDBABnONkDBABnONswDAME
AGfCKQMEAmfCKAMEAWfIYAMEAmfMrAMEAXqAYAMEAHqAYzBOBAIAAjBIAwcDJAOt
gABgAwcEJAOtgACAMBIDBwMkA62AAJgDBwMkA62AAKADBgIkA62APDAQAwYCJAOt
gEwDBgIkA62AUAMGACQDrYCBMA0GCSqGSIb3DQEBCwUAA4IBAQAdYONMRg3h4cFZ
kRqFvYxTg2qIosQWdfKSFdluE70H1SI0GqVzlSMkjmT1gCNjtFeLq/mmPv/VyWwf
ucqL9OlzhayBb/4ySBI87pj9td8DELP47fJeSHT94nrtG2I9fvEw55Xr43o5rtry
9SjXEKXWSopOjy7ishE1QWfcSgHFNJVy48gmlgzJSfHMgfieV3+KcY6bfhyFrTD6
x3X++UTGkIDgtY+a1XmF5grrvpRmEYcwuz6jCfoikbxD0ZI0vl11iLJykyLSbKMo
x7ddlkImwirvP4XbhX39vj8vInX7J9HwzrzD56aFUhr2cWSwxeq1hnPgabbYhKrX
TzpMXAtn
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:38:07 2025 by rpki-client