Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
File: 0FAA7244A7D211F0BEE84D58C4F9AE02.roa (raw, json)
Hash identifier: NdGdprVspyCu7ooBV/jtWTcZH1ps5ycDugcPtORVorA=
Subject key identifier: E7:D2:4A:3F:9B:04:0C:04:D3:B6:87:82:00:32:4F:A1:EF:AF:2B:C2
Certificate issuer: /CN=A91E6194/serialNumber=67DD7747A9DB8B01A5E7CCA146C48965A2308091
Certificate serial: 05AB
Authority key identifier: 67:DD:77:47:A9:DB:8B:01:A5:E7:CC:A1:46:C4:89:65:A2:30:80:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
Signing time: Mon 13 Oct 2025 01:44:40 +0000
ROA not before: Mon 13 Oct 2025 01:44:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7628
IP address blocks: 103.68.202.0/24 maxlen: 24
103.212.217.0/24 maxlen: 24
103.212.218.0/24 maxlen: 24
103.212.219.0/24 maxlen: 24
203.56.23.0/24 maxlen: 24
2402:1b40:1001::/48 maxlen: 48
2402:1b40:1002::/48 maxlen: 48
2402:1b40:1003::/48 maxlen: 48
2402:1b40:1004::/48 maxlen: 48
2402:1b40:1005::/48 maxlen: 48
2402:1b40:2000::/37 maxlen: 37
2402:1b40:2000::/48 maxlen: 48
2402:1b40:2004::/48 maxlen: 48
2402:1b40:2008::/48 maxlen: 48
2402:1b40:200c::/48 maxlen: 48
2402:1b40:2010::/48 maxlen: 48
2402:1b40:2014::/48 maxlen: 48
2402:1b40:2018::/48 maxlen: 48
2402:1b40:8000::/36 maxlen: 36
2402:1b40:9000::/36 maxlen: 36
2402:1b40:a000::/36 maxlen: 36
2402:1b40:b000::/36 maxlen: 36
2402:1b40:c000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.crl
rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 00:52:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1451 (0x5ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E6194, serialNumber=67DD7747A9DB8B01A5E7CCA146C48965A2308091
Validity
Not Before: Oct 13 01:44:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68ec5988-3add
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:f7:f7:6f:a7:68:4d:fd:88:c8:8f:bf:ac:77:
04:17:76:d4:d7:e0:2c:5f:01:d0:a9:a9:37:d2:09:
cb:17:b3:23:ef:68:d3:a9:27:e2:55:91:ef:1a:5e:
0e:20:56:df:a9:39:5e:67:09:0b:1a:73:aa:e1:52:
15:35:b5:5f:5a:45:59:62:52:7c:52:d5:30:e2:23:
21:da:c2:0c:d0:0d:c6:b6:e9:25:11:c8:bc:91:12:
ba:41:33:2c:ec:04:40:91:cb:60:d4:c9:31:13:2e:
dd:d0:81:b0:26:c5:73:c7:6b:a8:b9:a1:44:c6:23:
1e:17:06:27:55:12:b0:64:8d:e9:99:5d:8e:3b:7b:
5e:b8:76:77:d8:7a:c9:5c:8d:ff:76:07:8e:04:ad:
a2:42:92:3a:46:0d:34:7e:6a:8a:10:0a:94:67:4e:
3b:29:c2:c6:45:bf:f6:7a:d7:10:37:40:c9:66:ca:
a9:eb:7c:99:58:14:fa:11:ea:0b:b4:9f:9b:06:25:
c2:01:07:d2:de:a8:64:f9:62:64:72:6d:92:4e:33:
d0:64:a6:db:aa:64:07:00:33:33:7b:13:67:6f:21:
d7:02:59:3c:52:e3:92:d1:e7:60:aa:12:84:3b:a7:
97:f5:7f:db:f9:32:f6:87:f5:2a:18:57:d0:dc:48:
5f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:D2:4A:3F:9B:04:0C:04:D3:B6:87:82:00:32:4F:A1:EF:AF:2B:C2
X509v3 Authority Key Identifier:
keyid:67:DD:77:47:A9:DB:8B:01:A5:E7:CC:A1:46:C4:89:65:A2:30:80:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.68.202.0/24
103.212.217.0-103.212.219.255
203.56.23.0/24
IPv6:
2402:1b40:1001::-2402:1b40:1005:ffff:ffff:ffff:ffff:ffff
2402:1b40:2000::/37
2402:1b40:8000::-2402:1b40:cfff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
93:dc:a3:04:0a:4f:e7:e0:dd:f8:71:dc:65:1d:89:b6:d1:62:
35:31:ec:90:b7:1e:48:a7:a5:82:c9:e5:5f:49:b1:e3:be:ff:
2d:3e:fc:d3:8b:9e:27:87:fc:55:71:77:53:8f:99:0d:58:46:
3e:ec:15:1d:c3:1b:8a:c7:6b:1a:f8:01:87:ef:5d:53:2e:9b:
a2:49:99:42:14:39:d2:e6:dd:fe:37:98:aa:62:7f:8e:50:fc:
b8:d9:92:c2:3b:f8:1b:34:8c:a0:7e:ba:85:16:b8:a0:9f:c7:
2c:4e:3c:c9:6c:8e:8e:ab:4b:10:42:37:e4:bd:a7:5f:f7:fb:
9d:45:6e:48:5a:e6:2e:e9:46:13:a1:dc:a6:70:0e:11:41:16:
22:e4:65:20:e8:51:ce:d8:7a:49:22:0a:5d:11:3d:e0:3e:ac:
14:73:cd:d9:01:ec:d3:40:d5:f9:a2:65:69:96:fe:f3:76:29:
96:f5:ab:86:8d:77:14:b5:f5:20:7f:05:a2:7c:c6:69:92:8c:
1c:33:92:69:84:f4:61:61:77:5d:63:5c:5f:e5:3d:dc:cd:ed:
31:11:aa:0b:b5:34:0c:a8:dc:49:78:a7:fd:02:f2:02:a6:e3:
d4:18:5f:cb:73:d2:bc:4e:b1:06:cf:a6:31:2d:cc:8c:74:86:
9a:58:26:a1
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgICBaswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxOTQxMTAvBgNVBAUTKDY3REQ3NzQ3QTlEQjhCMDFBNUU3Q0NBMTQ2QzQ4OTY1
QTIzMDgwOTEwHhcNMjUxMDEzMDE0NDQwWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVjNTk4OC0zYWRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuPf3b6doTf2IyI+/rHcEF3bU1+AsXwHQqak30gnLF7Mj72jTqSfiVZHvGl4O
IFbfqTleZwkLGnOq4VIVNbVfWkVZYlJ8UtUw4iMh2sIM0A3GtuklEci8kRK6QTMs
7ARAkctg1MkxEy7d0IGwJsVzx2uouaFExiMeFwYnVRKwZI3pmV2OO3teuHZ32HrJ
XI3/dgeOBK2iQpI6Rg00fmqKEAqUZ047KcLGRb/2etcQN0DJZsqp63yZWBT6EeoL
tJ+bBiXCAQfS3qhk+WJkcm2STjPQZKbbqmQHADMzexNnbyHXAlk8UuOS0edgqhKE
O6eX9X/b+TL2h/UqGFfQ3Ehf3wIDAQABo4IC3zCCAtswHQYDVR0OBBYEFOfSSj+b
BAwE07aHggAyT6HvryvCMB8GA1UdIwQYMBaAFGfdd0ep24sBpefMoUbEiWWiMICR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjE5NC81RjM3QjlFRUVG
NkIxMUVCQjM3NkVDNzVDNEY5QUUwMi9aOTEzUjZuYml3R2w1OHloUnNTSlphSXdn
SkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1o5MTNSNm5iaXdHbDU4eWhSc1NKWmFJd2dKRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxOTQvNUYzN0I5RUVFRjZCMTFFQkIzNzZFQzc1QzRGOUFFMDIvMEZBQTcyNDRB
N0QyMTFGMEJFRTg0RDU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwaQYIKwYBBQUHAQcBAf8E
WjBYMCAEAgABMBoDBABnRMowDAMEAGfU2QMEAmfU2AMEAMs4FzA0BAIAAjAuMBID
BwAkAhtAEAEDBwEkAhtAEAQDBgMkAhtAIDAQAwYHJAIbQIADBgQkAhtAwDANBgkq
hkiG9w0BAQsFAAOCAQEAk9yjBApP5+Dd+HHcZR2JttFiNTHskLceSKelgsnlX0mx
477/LT7804ueJ4f8VXF3U4+ZDVhGPuwVHcMbisdrGvgBh+9dUy6bokmZQhQ50ubd
/jeYqmJ/jlD8uNmSwjv4GzSMoH66hRa4oJ/HLE48yWyOjqtLEEI35L2nX/f7nUVu
SFrmLulGE6HcpnAOEUEWIuRlIOhRzth6SSIKXRE94D6sFHPN2QHs00DV+aJlaZb+
83YplvWrho13FLX1IH8FonzGaZKMHDOSaYT0YWF3XWNcX+U93M3tMRGqC7U0DKjc
SXin/QLyAqbj1Bhfy3PSvE6xBs+mMS3MjHSGmlgmoQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:32:17 2025 by rpki-client