Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
File: B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa (raw, json)
Hash identifier: 4DBjk9RooSzZolI3F0wRR+UkFptKPPbZZIJnu5t3sTc=
Subject key identifier: 2E:25:86:C8:06:D0:58:2E:26:E0:19:9E:A2:B7:64:F7:FB:49:2D:B3
Certificate issuer: /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial: 0684
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
Signing time: Thu 24 Jul 2025 02:23:29 +0000
ROA not before: Thu 24 Jul 2025 02:23:29 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 137872
IP address blocks: 43.252.52.0/22 maxlen: 24
58.82.192.0/19 maxlen: 24
58.82.224.0/19 maxlen: 24
103.15.84.0/22 maxlen: 24
123.136.0.0/20 maxlen: 24
161.81.0.0/16 maxlen: 24
182.239.64.0/21 maxlen: 24
182.239.96.0/21 maxlen: 24
203.142.96.0/24 maxlen: 24
203.142.100.0/22 maxlen: 24
203.142.104.0/21 maxlen: 24
203.142.112.0/21 maxlen: 24
203.142.120.0/22 maxlen: 24
203.142.124.0/23 maxlen: 24
203.142.126.0/24 maxlen: 24
223.122.0.0/18 maxlen: 24
223.122.64.0/18 maxlen: 24
223.122.128.0/17 maxlen: 24
223.123.128.0/18 maxlen: 24
223.123.192.0/20 maxlen: 24
2401:3000:a000::/36 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 14 Aug 2025 05:57:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1668 (0x684)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9132B4D, serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Validity
Not Before: Jul 24 02:23:29 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68819921-57ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:27:4c:7d:78:62:bd:78:bf:92:97:cd:d3:9a:
8a:43:cd:7e:80:f0:55:66:73:3f:02:7d:99:d3:d9:
45:8e:35:94:c5:f0:c1:dd:53:30:a2:84:f8:76:64:
35:eb:fc:10:4f:7d:53:67:cd:0b:30:59:1d:92:40:
59:d2:93:f3:41:33:54:a7:6e:5c:7e:77:f9:01:e7:
a0:c7:fd:90:27:5b:2b:69:52:eb:3d:e4:a1:19:44:
b9:c2:e2:4d:bf:76:b3:73:df:f6:8b:ac:e6:7a:9a:
a4:ca:cb:3b:8c:63:2f:eb:d4:de:7d:67:e1:ec:0b:
67:64:07:28:9a:d9:70:5d:04:c3:2f:42:5c:1d:12:
c0:34:25:31:a9:7d:17:b9:93:89:13:bd:18:27:c1:
98:94:ba:fa:ba:0b:94:10:43:96:1b:dc:81:e7:26:
03:7d:2a:d9:c2:00:ea:d4:ff:3c:8a:a1:8d:b4:94:
6f:cb:ac:f8:2b:4c:39:b7:02:b1:1c:dc:6f:fc:1c:
64:63:63:a6:9b:ee:03:3d:52:ff:41:35:91:66:38:
50:c9:46:5e:92:02:6d:a7:0d:a9:9b:a5:20:46:5f:
4f:8e:1a:b7:72:fd:3a:7f:be:24:30:31:71:ae:16:
1a:a5:1b:7c:e6:cc:62:88:6c:a9:c9:56:69:19:c8:
90:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:25:86:C8:06:D0:58:2E:26:E0:19:9E:A2:B7:64:F7:FB:49:2D:B3
X509v3 Authority Key Identifier:
keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.52.0/22
58.82.192.0/18
103.15.84.0/22
123.136.0.0/20
161.81.0.0/16
182.239.64.0/21
182.239.96.0/21
203.142.96.0/24
203.142.100.0-203.142.126.255
223.122.0.0/16
223.123.128.0-223.123.207.255
IPv6:
2401:3000:a000::/36
Signature Algorithm: sha256WithRSAEncryption
2c:34:6d:01:2b:5d:01:0c:5c:65:28:12:93:13:13:bb:95:e9:
cf:63:2c:58:5e:f1:b0:44:ca:5f:db:65:fd:a4:ef:c7:fb:45:
88:1f:4a:23:99:b9:92:01:0f:dc:de:e1:91:4c:a2:4a:33:41:
cb:64:ca:6b:fc:da:1f:8c:f5:3b:b0:51:30:8b:33:1e:26:38:
42:25:ec:40:29:4c:5a:50:b8:63:d5:7d:41:38:b2:00:bb:dc:
63:92:9b:c0:f3:82:a7:fa:5c:79:85:f8:05:5b:a8:76:c6:e4:
f0:62:77:17:13:9c:23:32:2f:5a:06:cd:5d:21:3c:f6:2b:2b:
a7:90:41:20:cb:12:ff:1e:01:5f:4d:b8:e8:3a:85:b3:9d:64:
c6:03:87:f8:b3:1d:e8:b2:42:60:76:56:4f:8b:b0:87:f7:14:
a8:44:8a:4e:09:a6:65:e7:6f:fc:e2:8a:40:eb:ac:28:cf:3d:
1b:92:3d:09:4b:5d:6d:37:34:83:1d:49:0a:d5:6f:d3:12:b8:
6d:13:b1:73:41:d8:c8:b7:0a:0c:57:76:7c:23:25:f1:da:6e:
ab:1a:3d:df:3c:59:5c:63:05:d5:16:f2:b7:16:be:39:e9:75:
04:cb:8c:60:f2:d8:27:01:3c:b6:46:87:84:0c:75:20:3b:79:
2e:aa:1c:ea
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgICBoQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjUwNzI0MDIyMzI5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgxOTkyMS01N2FlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwidMfXhivXi/kpfN05qKQ81+gPBVZnM/An2Z09lFjjWUxfDB3VMwooT4dmQ1
6/wQT31TZ80LMFkdkkBZ0pPzQTNUp25cfnf5Aeegx/2QJ1sraVLrPeShGUS5wuJN
v3azc9/2i6zmepqkyss7jGMv69TefWfh7AtnZAcomtlwXQTDL0JcHRLANCUxqX0X
uZOJE70YJ8GYlLr6uguUEEOWG9yB5yYDfSrZwgDq1P88iqGNtJRvy6z4K0w5twKx
HNxv/BxkY2Omm+4DPVL/QTWRZjhQyUZekgJtpw2pm6UgRl9Pjhq3cv06f74kMDFx
rhYapRt85sxiiGypyVZpGciQ0wIDAQABo4IC7zCCAuswHQYDVR0OBBYEFC4lhsgG
0FguJuAZnqK3ZPf7SS2zMB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvQjNFNERDRjhC
RTRDMTFFRUIxMzI3QTU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwweQYIKwYBBQUHAQcBAf8E
ajBoMFYEAgABMFADBAIr/DQDBAY6UsADBAJnD1QDBAR7iAADAwChUQMEA7bvQAME
A7bvYAMEAMuOYDAMAwQCy45kAwQAy45+AwMA33owDAMEB997gAMEBN97wDAOBAIA
AjAIAwYEJAEwAKAwDQYJKoZIhvcNAQELBQADggEBACw0bQErXQEMXGUoEpMTE7uV
6c9jLFhe8bBEyl/bZf2k78f7RYgfSiOZuZIBD9ze4ZFMokozQctkymv82h+M9Tuw
UTCLMx4mOEIl7EApTFpQuGPVfUE4sgC73GOSm8Dzgqf6XHmF+AVbqHbG5PBidxcT
nCMyL1oGzV0hPPYrK6eQQSDLEv8eAV9NuOg6hbOdZMYDh/izHeiyQmB2Vk+LsIf3
FKhEik4JpmXnb/ziikDrrCjPPRuSPQlLXW03NIMdSQrVb9MSuG0TsXNB2Mi3CgxX
dnwjJfHabqsaPd88WVxjBdUW8rcWvjnpdQTLjGDy2CcBPLZGh4QMdSA7eS6qHOo=
-----END CERTIFICATE-----
Generated at Sat Aug 9 14:23:23 2025 by rpki-client