Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/0CC38EEC80E711EBB8CFF825C4F9AE02.roa
File: 0CC38EEC80E711EBB8CFF825C4F9AE02.roa (raw, json)
Hash identifier: MfRtvCwn59famvfu05RMk6NPUwzQW1gti+aq8XhNzyk=
Subject key identifier: FF:B3:16:AD:4F:15:CC:4E:6D:99:69:E1:BD:59:48:40:73:C4:E8:A7
Certificate issuer: /CN=A9146207/serialNumber=897E02CCD8EB4039A783D02379C55FEE9F0CEE59
Certificate serial: 0833
Authority key identifier: 89:7E:02:CC:D8:EB:40:39:A7:83:D0:23:79:C5:5F:EE:9F:0C:EE:59
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iX4CzNjrQDmng9AjecVf7p8M7lk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/0CC38EEC80E711EBB8CFF825C4F9AE02.roa
Signing time: Mon 04 Aug 2025 16:24:34 +0000
ROA not before: Mon 04 Aug 2025 16:24:34 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 4775
IP address blocks: 64.224.21.0/24 maxlen: 24
64.224.96.0/19 maxlen: 19
64.224.128.0/20 maxlen: 20
64.226.56.0/21 maxlen: 21
64.226.56.0/24 maxlen: 24
64.226.57.0/24 maxlen: 24
64.226.58.0/24 maxlen: 24
64.226.59.0/24 maxlen: 24
64.226.60.0/24 maxlen: 24
64.226.61.0/24 maxlen: 24
64.226.62.0/24 maxlen: 24
64.226.63.0/24 maxlen: 24
138.84.64.0/18 maxlen: 18
138.84.64.0/24 maxlen: 24
138.84.65.0/24 maxlen: 24
138.84.66.0/24 maxlen: 24
138.84.67.0/24 maxlen: 24
138.84.70.0/24 maxlen: 24
138.84.71.0/24 maxlen: 24
138.84.74.0/24 maxlen: 24
138.84.75.0/24 maxlen: 24
138.84.76.0/23 maxlen: 23
138.84.78.0/23 maxlen: 23
138.84.110.0/23 maxlen: 23
138.84.112.0/23 maxlen: 23
138.84.114.0/23 maxlen: 23
138.84.126.0/23 maxlen: 23
138.84.128.0/19 maxlen: 19
138.84.192.0/21 maxlen: 21
147.185.169.0/24 maxlen: 24
158.62.0.0/17 maxlen: 17
158.62.106.0/24 maxlen: 24
192.112.243.0/24 maxlen: 24
209.35.160.0/20 maxlen: 20
209.35.160.0/24 maxlen: 24
209.35.161.0/24 maxlen: 24
209.35.162.0/24 maxlen: 24
209.35.163.0/24 maxlen: 24
209.35.164.0/24 maxlen: 24
209.35.165.0/24 maxlen: 24
209.35.166.0/24 maxlen: 24
209.35.167.0/24 maxlen: 24
209.35.169.0/24 maxlen: 24
209.35.170.0/24 maxlen: 24
209.35.171.0/24 maxlen: 24
209.35.172.0/24 maxlen: 24
209.35.173.0/24 maxlen: 24
209.35.174.0/24 maxlen: 24
216.247.0.0/18 maxlen: 18
216.247.80.0/20 maxlen: 20
216.247.80.0/24 maxlen: 24
216.247.81.0/24 maxlen: 24
216.247.82.0/24 maxlen: 24
216.247.83.0/24 maxlen: 24
216.247.84.0/24 maxlen: 24
216.247.85.0/24 maxlen: 24
216.247.86.0/24 maxlen: 24
216.247.87.0/24 maxlen: 24
216.247.88.0/24 maxlen: 24
216.247.89.0/24 maxlen: 24
216.247.90.0/24 maxlen: 24
216.247.91.0/24 maxlen: 24
216.247.92.0/24 maxlen: 24
216.247.93.0/24 maxlen: 24
216.247.94.0/24 maxlen: 24
216.247.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/iX4CzNjrQDmng9AjecVf7p8M7lk.crl
rsync://rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/iX4CzNjrQDmng9AjecVf7p8M7lk.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iX4CzNjrQDmng9AjecVf7p8M7lk.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 13 Aug 2025 16:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2099 (0x833)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9146207, serialNumber=897E02CCD8EB4039A783D02379C55FEE9F0CEE59
Validity
Not Before: Aug 4 16:24:34 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=6890dec1-4af7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:60:ff:2e:29:42:9a:a4:a9:57:e5:00:a9:d1:
f9:f8:d3:a8:43:51:e9:1f:0f:63:08:a3:77:ec:7d:
48:03:e0:6d:d9:b9:18:a9:72:59:5b:0b:fb:99:46:
f7:6c:c6:69:be:6e:8c:2a:e4:d4:b3:22:9b:d2:f0:
dd:d1:dd:b4:f6:69:3c:9e:5f:b2:c8:93:28:81:86:
6c:fd:4b:08:1a:a6:06:d6:ca:55:c1:c0:0d:42:ba:
4c:0f:92:ef:36:46:00:13:ee:b7:45:90:4a:0d:96:
1a:d0:f7:c6:f7:09:f6:f6:d5:f5:1e:3e:ca:15:27:
3e:7f:18:89:b0:d0:16:92:11:54:2c:16:fe:dd:8e:
8e:0a:bc:95:92:3c:6c:d7:20:78:25:4d:86:ed:38:
dd:0b:0f:a9:81:d7:38:ac:1a:0f:ed:a1:82:10:7f:
5b:8d:37:d4:8d:69:cf:c5:c7:79:8f:93:0b:9a:cf:
d8:e9:d5:7b:ab:2d:ad:f5:59:4f:8d:d0:cb:ac:4d:
f4:26:92:1e:4d:f9:d5:51:f5:77:36:b1:df:2b:1a:
8e:6e:e7:64:0d:d2:56:42:50:59:2a:30:e0:2a:58:
13:42:86:fa:d5:ba:dd:70:7e:a1:39:3e:91:51:db:
7b:fd:e3:6e:1e:0a:be:22:61:37:f0:14:c6:f1:92:
10:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:B3:16:AD:4F:15:CC:4E:6D:99:69:E1:BD:59:48:40:73:C4:E8:A7
X509v3 Authority Key Identifier:
keyid:89:7E:02:CC:D8:EB:40:39:A7:83:D0:23:79:C5:5F:EE:9F:0C:EE:59
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/iX4CzNjrQDmng9AjecVf7p8M7lk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iX4CzNjrQDmng9AjecVf7p8M7lk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146207/8C68B9A2098111EB9D461B30C4F9AE02/0CC38EEC80E711EBB8CFF825C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
64.224.21.0/24
64.224.96.0-64.224.143.255
64.226.56.0/21
138.84.64.0-138.84.159.255
138.84.192.0/21
147.185.169.0/24
158.62.0.0/17
192.112.243.0/24
209.35.160.0/20
216.247.0.0/18
216.247.80.0/20
Signature Algorithm: sha256WithRSAEncryption
b6:23:75:66:88:d7:bd:05:81:94:0c:2d:48:95:3c:f5:2c:bd:
15:cb:5c:0b:3b:03:ab:1f:7b:ac:39:28:ed:e4:b9:46:1d:82:
4a:31:eb:ac:2d:65:d6:99:6b:8b:68:6a:29:9e:e6:95:b7:7d:
42:c7:77:af:a4:d1:5b:c9:a5:fc:25:90:30:da:52:c7:9f:0e:
e9:6e:ba:73:05:61:5f:f6:7c:9a:34:9c:47:ab:0b:42:f7:20:
f5:f9:e7:40:00:41:ba:ab:f4:57:3d:75:10:61:ec:6d:a2:f0:
f2:df:d1:0e:8c:f5:eb:f9:b1:f5:3f:08:bb:6e:19:0e:82:21:
b0:ae:cb:0b:04:36:02:7a:35:4f:a9:11:47:6f:d0:e3:36:61:
4e:85:f6:03:59:73:19:d8:f0:1a:69:33:0e:12:9b:cd:2f:cc:
dc:05:fd:11:b3:2e:ba:6f:f7:1f:c0:a1:84:50:89:c1:79:f7:
eb:2c:a9:65:b4:e4:2c:c6:43:a2:58:c7:cc:63:05:2c:63:fb:
1e:e6:05:7a:69:ca:0e:09:b3:0b:3d:bc:d3:d9:07:ca:f9:77:
e3:c8:d7:4d:bd:01:bd:84:e6:1c:2a:61:01:a3:db:db:fc:d0:
76:85:69:cf:dd:81:fb:e1:c2:47:c4:14:f6:7c:b9:b9:e1:52:
df:60:8e:92
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICCDMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDYyMDcxMTAvBgNVBAUTKDg5N0UwMkNDRDhFQjQwMzlBNzgzRDAyMzc5QzU1RkVF
OUYwQ0VFNTkwHhcNMjUwODA0MTYyNDM0WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkwZGVjMS00YWY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1mD/LilCmqSpV+UAqdH5+NOoQ1HpHw9jCKN37H1IA+Bt2bkYqXJZWwv7mUb3
bMZpvm6MKuTUsyKb0vDd0d209mk8nl+yyJMogYZs/UsIGqYG1spVwcANQrpMD5Lv
NkYAE+63RZBKDZYa0PfG9wn29tX1Hj7KFSc+fxiJsNAWkhFULBb+3Y6OCryVkjxs
1yB4JU2G7TjdCw+pgdc4rBoP7aGCEH9bjTfUjWnPxcd5j5MLms/Y6dV7qy2t9VlP
jdDLrE30JpIeTfnVUfV3NrHfKxqObudkDdJWQlBZKjDgKlgTQob61brdcH6hOT6R
Udt7/eNuHgq+ImE38BTG8ZIQKwIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFP+zFq1P
FcxObZlp4b1ZSEBzxOinMB8GA1UdIwQYMBaAFIl+AszY60A5p4PQI3nFX+6fDO5Z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NjIwNy84QzY4QjlBMjA5
ODExMUVCOUQ0NjFCMzBDNEY5QUUwMi9pWDRDek5qclFEbW5nOUFqZWNWZjdwOE03
bGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2lYNEN6TmpyUURtbmc5QWplY1ZmN3A4TTdsay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDYyMDcvOEM2OEI5QTIwOTgxMTFFQjlENDYxQjMwQzRGOUFFMDIvMENDMzhFRUM4
MEU3MTFFQkI4Q0ZGODI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMFgEAgABMFIDBABA4BUwDAMEBUDgYAMEBEDggAMEA0DiODAMAwQGilRAAwQF
ilSAAwQDilTAAwQAk7mpAwQHnj4AAwQAwHDzAwQE0SOgAwQG2PcAAwQE2PdQMA0G
CSqGSIb3DQEBCwUAA4IBAQC2I3VmiNe9BYGUDC1IlTz1LL0Vy1wLOwOrH3usOSjt
5LlGHYJKMeusLWXWmWuLaGopnuaVt31Cx3evpNFbyaX8JZAw2lLHnw7pbrpzBWFf
9nyaNJxHqwtC9yD1+edAAEG6q/RXPXUQYextovDy39EOjPXr+bH1Pwi7bhkOgiGw
rssLBDYCejVPqRFHb9DjNmFOhfYDWXMZ2PAaaTMOEpvNL8zcBf0Rsy66b/cfwKGE
UInBeffrLKlltOQsxkOiWMfMYwUsY/se5gV6acoOCbMLPbzT2QfK+XfjyNdNvQG9
hOYcKmEBo9vb/NB2hWnP3YH74cJHxBT2fLm54VLfYI6S
-----END CERTIFICATE-----
Generated at Fri Aug 8 00:38:18 2025 by rpki-client