Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/11DBC0ACEB3211EFBDFC3E0FC4F9AE02.roa
File: 11DBC0ACEB3211EFBDFC3E0FC4F9AE02.roa (raw, json)
Hash identifier: zYdZV0PmY995jxBgObVxrNeEKm4srCzVt7whFrsxdT8=
Subject key identifier: FF:73:C3:81:66:DE:85:99:DA:C1:0C:BF:A1:7D:F8:CA:D4:5B:6E:28
Certificate issuer: /CN=A912AFA4/serialNumber=51942D25EDBCA51DFA56CE09ED361EB7A26DBD25
Certificate serial: 0964
Authority key identifier: 51:94:2D:25:ED:BC:A5:1D:FA:56:CE:09:ED:36:1E:B7:A2:6D:BD:25
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/11DBC0ACEB3211EFBDFC3E0FC4F9AE02.roa
Signing time: Mon 04 Aug 2025 21:59:12 +0000
ROA not before: Mon 04 Aug 2025 21:59:12 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 135060
IP address blocks: 103.93.150.0/24 maxlen: 24
103.93.151.0/24 maxlen: 24
103.152.128.0/24 maxlen: 24
103.152.129.0/24 maxlen: 24
103.208.4.0/22 maxlen: 22
103.208.4.0/24 maxlen: 24
103.208.5.0/24 maxlen: 24
103.208.6.0/24 maxlen: 24
103.208.7.0/24 maxlen: 24
116.206.128.0/24 maxlen: 24
116.206.129.0/24 maxlen: 24
123.100.140.0/23 maxlen: 24
123.100.143.0/24 maxlen: 24
123.100.144.0/24 maxlen: 24
123.100.145.0/24 maxlen: 24
123.100.146.0/24 maxlen: 24
123.100.147.0/24 maxlen: 24
123.100.148.0/22 maxlen: 22
123.100.148.0/24 maxlen: 24
123.100.149.0/24 maxlen: 24
123.100.150.0/24 maxlen: 24
123.100.151.0/24 maxlen: 24
123.100.152.0/24 maxlen: 24
202.86.52.0/24 maxlen: 24
202.86.53.0/24 maxlen: 24
202.86.54.0/24 maxlen: 24
202.86.55.0/24 maxlen: 24
2404:6a80::/41 maxlen: 41
2404:6a80:200::/41 maxlen: 41
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.crl
rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 14 Aug 2025 05:57:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2404 (0x964)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912AFA4, serialNumber=51942D25EDBCA51DFA56CE09ED361EB7A26DBD25
Validity
Not Before: Aug 4 21:59:12 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=68912d30-a326
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d6:18:ed:cf:db:e9:23:4e:e3:ba:0f:80:06:
13:54:9f:49:3c:c4:8d:c4:19:e9:0a:f4:35:59:af:
3b:95:c0:46:ad:7f:a8:a0:75:d3:e7:cb:33:90:4d:
5e:af:b5:4e:97:89:d1:07:2a:cd:c5:7f:68:1f:2a:
d9:60:e3:1a:e8:04:b6:df:a8:a6:81:8f:a4:b3:7e:
6b:c3:ad:17:f5:ff:6f:f6:fd:3a:ef:1d:02:80:e5:
b5:88:8c:1a:94:7d:e0:b6:c5:f4:17:fb:5b:20:09:
ab:48:36:ce:27:69:a1:d0:ef:35:40:ed:37:dd:24:
e7:3e:f0:5f:b2:9b:9e:7d:59:93:b5:92:1c:e6:21:
0c:27:38:44:82:6b:5d:bc:62:ce:d2:9c:91:08:59:
32:78:38:8a:55:aa:73:68:ea:9d:9b:55:7a:af:12:
66:d6:ee:d9:a1:e8:4e:da:5f:43:c7:65:fa:79:e6:
29:d8:cc:01:15:2e:33:c6:70:63:bd:e9:d2:c8:99:
cb:87:53:64:fa:2e:fd:2a:92:0d:5f:a6:dc:e9:99:
22:1e:bb:73:71:b4:61:a1:4b:36:e0:f9:34:18:bf:
d3:9a:b6:f4:49:fa:6c:74:84:44:c2:db:a2:9b:55:
ff:51:c1:02:94:c2:18:2e:97:3b:b7:f5:59:47:20:
e4:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:73:C3:81:66:DE:85:99:DA:C1:0C:BF:A1:7D:F8:CA:D4:5B:6E:28
X509v3 Authority Key Identifier:
keyid:51:94:2D:25:ED:BC:A5:1D:FA:56:CE:09:ED:36:1E:B7:A2:6D:BD:25
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/11DBC0ACEB3211EFBDFC3E0FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.93.150.0/23
103.152.128.0/23
103.208.4.0/22
116.206.128.0/23
123.100.140.0/23
123.100.143.0-123.100.152.255
202.86.52.0/22
IPv6:
2404:6a80::/41
2404:6a80:200::/41
Signature Algorithm: sha256WithRSAEncryption
46:5a:ea:e8:bb:de:a9:7f:7c:ad:a3:f7:3a:3d:9b:db:8f:98:
fa:7c:cf:0b:d1:cb:b0:e0:11:21:86:a6:39:04:46:00:72:c3:
b5:42:9b:ad:21:d8:d0:88:5c:88:6f:d4:fd:62:d8:96:37:05:
f8:f1:21:3b:93:1d:b5:33:2a:ed:36:24:79:2c:8c:c6:c9:16:
fe:19:3a:04:49:cd:63:63:6d:f9:86:c2:de:57:c3:3f:29:8f:
46:65:fe:9a:7c:ed:dd:4a:9d:85:64:d5:51:30:23:96:9d:c2:
4e:f1:25:5b:de:b9:af:19:33:94:51:0c:06:3f:e6:74:55:61:
5d:1e:77:be:16:ca:31:6b:dd:80:a7:3d:98:13:6e:68:cd:43:
70:34:c5:20:c6:e8:d8:d8:62:b9:24:31:aa:3f:ad:51:f8:47:
e8:11:d3:da:35:e6:9c:13:b2:e4:6a:ca:2e:c1:54:10:2d:3e:
f0:4a:24:2b:56:d5:98:95:98:6a:3b:d2:f3:6e:9b:b2:13:38:
ad:c1:38:de:2a:69:0e:77:eb:c9:68:6c:fa:15:d7:75:78:54:
e9:be:f2:d3:01:59:04:22:5a:5b:20:e2:25:f1:8f:94:6b:d1:
77:e3:5b:e2:0b:fe:e0:6f:5d:11:02:b6:8d:c6:3e:ea:00:6f:
8e:de:17:0d
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICCWQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkFGQTQxMTAvBgNVBAUTKDUxOTQyRDI1RURCQ0E1MURGQTU2Q0UwOUVEMzYxRUI3
QTI2REJEMjUwHhcNMjUwODA0MjE1OTEyWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkxMmQzMC1hMzI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAudYY7c/b6SNO47oPgAYTVJ9JPMSNxBnpCvQ1Wa87lcBGrX+ooHXT58szkE1e
r7VOl4nRByrNxX9oHyrZYOMa6AS236imgY+ks35rw60X9f9v9v067x0CgOW1iIwa
lH3gtsX0F/tbIAmrSDbOJ2mh0O81QO033STnPvBfspuefVmTtZIc5iEMJzhEgmtd
vGLO0pyRCFkyeDiKVapzaOqdm1V6rxJm1u7ZoehO2l9Dx2X6eeYp2MwBFS4zxnBj
venSyJnLh1Nk+i79KpINX6bc6ZkiHrtzcbRhoUs24Pk0GL/Tmrb0SfpsdIREwtui
m1X/UcEClMIYLpc7t/VZRyDkKQIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFP9zw4Fm
3oWZ2sEMv6F9+MrUW24oMB8GA1UdIwQYMBaAFFGULSXtvKUd+lbOCe02Hreibb0l
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQUZBNC9CNjc4NjJGQUFC
OTUxMUVBQjI1NTlDNUJDNEY5QUUwMi9VWlF0SmUyOHBSMzZWczRKN1RZZXQ2SnR2
U1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1VaUXRKZTI4cFIzNlZzNEo3VFlldDZKdHZTVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkFGQTQvQjY3ODYyRkFBQjk1MTFFQUIyNTU5QzVCQzRGOUFFMDIvMTFEQkMwQUNF
QjMyMTFFRkJERkMzRTBGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMDgEAgABMDIDBAFnXZYDBAFnmIADBAJn0AQDBAF0zoADBAF7ZIwwDAMEAHtk
jwMEAHtkmAMEAspWNDAYBAIAAjASAwcHJARqgAAAAwcHJARqgAIAMA0GCSqGSIb3
DQEBCwUAA4IBAQBGWurou96pf3yto/c6PZvbj5j6fM8L0cuw4BEhhqY5BEYAcsO1
QputIdjQiFyIb9T9YtiWNwX48SE7kx21MyrtNiR5LIzGyRb+GToESc1jY235hsLe
V8M/KY9GZf6afO3dSp2FZNVRMCOWncJO8SVb3rmvGTOUUQwGP+Z0VWFdHne+Fsox
a92Apz2YE25ozUNwNMUgxujY2GK5JDGqP61R+EfoEdPaNeacE7LkasouwVQQLT7w
SiQrVtWYlZhqO9LzbpuyEzitwTjeKmkOd+vJaGz6Fdd1eFTpvvLTAVkEIlpbIOIl
8Y+Ua9F341viC/7gb10RAraNxj7qAG+O3hcN
-----END CERTIFICATE-----
Generated at Mon Aug 11 12:51:53 2025 by rpki-client