Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
File: 485D694A454911EEB8718378C4F9AE02.roa (raw, json)
Hash identifier: 8goNJpX3SWLmR+a+Wvt1jnrzs1RIuPAmcWPIzJu1GEE=
Subject key identifier: 86:17:0D:9F:1C:A9:64:26:F3:BC:A4:A9:CF:43:BD:A4:29:E4:26:98
Certificate issuer: /CN=A9125C22/serialNumber=C70B4E047CAA737724B89D584DB5C0C1A858D28E
Certificate serial: 06B8
Authority key identifier: C7:0B:4E:04:7C:AA:73:77:24:B8:9D:58:4D:B5:C0:C1:A8:58:D2:8E
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
Signing time: Fri 24 Oct 2025 23:41:25 +0000
ROA not before: Fri 24 Oct 2025 23:41:25 +0000
ROA not after: Sun 31 Jan 2027 00:00:00 +0000
asID: 133771
IP address blocks: 207.174.176.0/20 maxlen: 20
207.174.176.0/22 maxlen: 22
207.174.176.0/24 maxlen: 24
207.174.177.0/24 maxlen: 24
207.174.178.0/24 maxlen: 24
207.174.179.0/24 maxlen: 24
207.174.180.0/22 maxlen: 22
207.174.180.0/24 maxlen: 24
207.174.181.0/24 maxlen: 24
207.174.182.0/24 maxlen: 24
207.174.183.0/24 maxlen: 24
207.174.184.0/22 maxlen: 22
207.174.184.0/24 maxlen: 24
207.174.185.0/24 maxlen: 24
207.174.186.0/24 maxlen: 24
207.174.187.0/24 maxlen: 24
207.174.188.0/22 maxlen: 22
207.174.188.0/24 maxlen: 24
207.174.189.0/24 maxlen: 24
207.174.190.0/24 maxlen: 24
207.174.191.0/24 maxlen: 24
216.108.240.0/20 maxlen: 20
216.108.240.0/22 maxlen: 24
216.108.244.0/22 maxlen: 22
216.108.244.0/24 maxlen: 24
216.108.245.0/24 maxlen: 24
216.108.246.0/24 maxlen: 24
216.108.247.0/24 maxlen: 24
216.108.248.0/22 maxlen: 22
216.108.248.0/24 maxlen: 24
216.108.249.0/24 maxlen: 24
216.108.250.0/24 maxlen: 24
216.108.251.0/24 maxlen: 24
216.108.252.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.crl
rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 22:14:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1720 (0x6b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9125C22, serialNumber=C70B4E047CAA737724B89D584DB5C0C1A858D28E
Validity
Not Before: Oct 24 23:41:25 2025 GMT
Not After : Jan 31 00:00:00 2027 GMT
Subject: CN=68fc0ea5-6deb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:d0:70:f9:8a:1f:ff:2c:d2:90:3c:cc:fd:04:
17:b1:4b:f6:eb:18:14:20:96:b5:80:95:83:c3:80:
39:75:16:bf:76:47:db:62:8f:ee:4c:65:e3:09:d4:
4c:b0:e6:f9:cb:6c:83:fb:ba:08:fe:71:1f:5b:03:
8e:7f:b3:7d:e4:00:ec:27:5e:ed:a8:ea:d3:0b:41:
67:6f:a4:32:68:ee:d8:b8:cc:a4:86:5a:67:ff:ce:
d1:b6:aa:35:ba:8d:c7:8f:e8:88:cb:6b:11:e4:5a:
30:e8:be:79:2e:0d:e7:0a:78:de:d2:b7:0d:b5:64:
8b:f5:0d:bf:2a:6d:ef:f9:28:e8:59:ae:76:28:e0:
13:76:0f:ef:51:97:18:22:fe:2b:d0:20:27:26:47:
4e:86:44:0c:da:de:c7:78:81:eb:62:e5:69:2f:f6:
9b:e8:4c:74:6d:11:0f:99:a4:43:fe:53:e6:ab:b6:
94:fb:81:9a:a7:3f:b4:50:98:58:f9:fb:ec:a1:c6:
35:ae:7e:b7:49:01:6d:69:2f:22:d0:5e:05:a1:dc:
cc:c6:51:78:d6:88:ee:80:52:d8:45:d4:9a:77:71:
52:d7:dc:41:1e:ed:b2:5c:2f:68:c1:45:ad:3b:fd:
02:2f:41:52:a7:1f:6e:f9:33:d7:86:f4:8e:ff:2f:
2e:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:17:0D:9F:1C:A9:64:26:F3:BC:A4:A9:CF:43:BD:A4:29:E4:26:98
X509v3 Authority Key Identifier:
keyid:C7:0B:4E:04:7C:AA:73:77:24:B8:9D:58:4D:B5:C0:C1:A8:58:D2:8E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
207.174.176.0/20
216.108.240.0/20
Signature Algorithm: sha256WithRSAEncryption
3c:9d:d1:65:7c:64:6f:5f:f9:4e:b8:cb:33:bb:fe:a8:c5:b3:
da:98:95:84:71:a8:fe:3d:57:44:ce:10:c7:8e:31:e3:49:c1:
a8:d7:fc:a9:fd:1f:5f:5e:ba:72:41:e9:3b:f2:08:70:bc:f7:
6a:3f:05:6d:51:ec:2e:84:5e:21:af:90:44:34:82:63:fc:25:
bc:41:53:e0:08:22:36:90:02:ed:5f:46:6c:75:07:d7:38:e6:
af:f5:41:e5:32:00:b2:37:3a:8c:6b:04:d0:ea:ae:6c:4a:6f:
28:59:b4:54:09:bf:0d:13:54:f9:15:b5:7c:d2:65:ac:f5:ed:
a4:1f:75:63:9e:f6:38:5a:06:82:7a:3a:14:01:d6:f2:1f:ae:
75:90:2a:39:64:59:a1:f2:73:5d:72:d9:fa:70:1e:66:55:1a:
32:a3:cc:a8:f6:e4:2d:d9:f1:ab:d4:41:91:a7:38:4a:b9:05:
11:f4:3a:87:40:42:ff:79:48:86:7c:35:d7:fa:f0:64:21:d7:
33:15:ec:4c:9e:16:8f:36:76:d8:e6:a0:d5:50:8d:37:11:74:
84:f7:dd:a3:46:40:29:b3:db:ff:a0:fc:db:a2:06:8d:cc:1a:
d1:16:6c:8c:49:3a:cd:d6:07:ed:1c:c9:41:0c:58:ef:ff:ad:
b2:1e:7a:cb
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBrgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjVDMjIxMTAvBgNVBAUTKEM3MEI0RTA0N0NBQTczNzcyNEI4OUQ1ODREQjVDMEMx
QTg1OEQyOEUwHhcNMjUxMDI0MjM0MTI1WhcNMjcwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGZjMGVhNS02ZGViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvdBw+Yof/yzSkDzM/QQXsUv26xgUIJa1gJWDw4A5dRa/dkfbYo/uTGXjCdRM
sOb5y2yD+7oI/nEfWwOOf7N95ADsJ17tqOrTC0Fnb6QyaO7YuMykhlpn/87Rtqo1
uo3Hj+iIy2sR5Fow6L55Lg3nCnje0rcNtWSL9Q2/Km3v+SjoWa52KOATdg/vUZcY
Iv4r0CAnJkdOhkQM2t7HeIHrYuVpL/ab6Ex0bREPmaRD/lPmq7aU+4Gapz+0UJhY
+fvsocY1rn63SQFtaS8i0F4FodzMxlF41ojugFLYRdSad3FS19xBHu2yXC9owUWt
O/0CL0FSpx9u+TPXhvSO/y8uXwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIYXDZ8c
qWQm87ykqc9DvaQp5CaYMB8GA1UdIwQYMBaAFMcLTgR8qnN3JLidWE21wMGoWNKO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNUMyMi9GQUNDQkM1QzdG
QUQxMUVCOTc3QjUzMzVDNEY5QUUwMi94d3RPQkh5cWMzY2t1SjFZVGJYQXdhaFkw
bzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3h3dE9CSHlxYzNja3VKMVlUYlhBd2FoWTBvNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjVDMjIvRkFDQ0JDNUM3RkFEMTFFQjk3N0I1MzM1QzRGOUFFMDIvNDg1RDY5NEE0
NTQ5MTFFRUI4NzE4Mzc4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBATPrrADBATYbPAwDQYJKoZIhvcNAQELBQADggEBADyd0WV8
ZG9f+U64yzO7/qjFs9qYlYRxqP49V0TOEMeOMeNJwajX/Kn9H19eunJB6TvyCHC8
92o/BW1R7C6EXiGvkEQ0gmP8JbxBU+AIIjaQAu1fRmx1B9c45q/1QeUyALI3Ooxr
BNDqrmxKbyhZtFQJvw0TVPkVtXzSZaz17aQfdWOe9jhaBoJ6OhQB1vIfrnWQKjlk
WaHyc11y2fpwHmZVGjKjzKj25C3Z8avUQZGnOEq5BRH0OodAQv95SIZ8Ndf68GQh
1zMV7EyeFo82dtjmoNVQjTcRdIT33aNGQCmz2/+g/NuiBo3MGtEWbIxJOs3WB+0c
yUEMWO//rbIeess=
-----END CERTIFICATE-----
Generated at Wed Nov 5 02:02:24 2025 by rpki-client