Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/084044FC19AC11EB8759456DC4F9AE02.roa
File: 084044FC19AC11EB8759456DC4F9AE02.roa (raw, json)
Hash identifier: tXU3H5G59bPS8ThyDNGfd71Us5C/fJZsYjLpQS/kfKY=
Subject key identifier: E8:05:4D:1C:56:BF:36:0A:B0:E9:86:6F:29:19:1A:CA:06:93:98:09
Certificate issuer: /CN=A9165568/serialNumber=67097E492F73D6DBD31FA016A2D5B5B86A9B3FD8
Certificate serial: 1D3D
Authority key identifier: 67:09:7E:49:2F:73:D6:DB:D3:1F:A0:16:A2:D5:B5:B8:6A:9B:3F:D8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/084044FC19AC11EB8759456DC4F9AE02.roa
Signing time: Tue 04 Nov 2025 15:00:38 +0000
ROA not before: Tue 04 Nov 2025 15:00:38 +0000
ROA not after: Sun 31 Jan 2027 00:00:00 +0000
asID: 9940
IP address blocks: 202.61.56.0/21 maxlen: 21
202.61.56.0/24 maxlen: 24
202.61.57.0/24 maxlen: 24
202.61.58.0/24 maxlen: 24
202.61.59.0/24 maxlen: 24
202.61.60.0/24 maxlen: 24
202.61.61.0/24 maxlen: 24
202.61.62.0/24 maxlen: 24
202.61.63.0/24 maxlen: 24
202.147.160.0/20 maxlen: 24
202.147.176.0/21 maxlen: 24
202.147.184.0/21 maxlen: 24
202.154.224.0/20 maxlen: 24
202.154.240.0/20 maxlen: 20
202.154.240.0/24 maxlen: 24
202.154.241.0/24 maxlen: 24
202.154.242.0/24 maxlen: 24
202.154.243.0/24 maxlen: 24
202.154.244.0/24 maxlen: 24
202.154.245.0/24 maxlen: 24
202.154.246.0/24 maxlen: 24
202.154.247.0/24 maxlen: 24
202.154.248.0/24 maxlen: 24
202.154.249.0/24 maxlen: 24
202.154.250.0/24 maxlen: 24
202.154.251.0/24 maxlen: 24
202.154.252.0/24 maxlen: 24
202.154.253.0/24 maxlen: 24
202.154.254.0/24 maxlen: 24
202.154.255.0/24 maxlen: 24
203.223.160.0/20 maxlen: 24
210.2.128.0/20 maxlen: 21
210.2.128.0/24 maxlen: 24
210.2.129.0/24 maxlen: 24
210.2.130.0/24 maxlen: 24
210.2.131.0/24 maxlen: 24
210.2.132.0/22 maxlen: 22
210.2.132.0/24 maxlen: 24
210.2.133.0/24 maxlen: 24
210.2.134.0/24 maxlen: 24
210.2.135.0/24 maxlen: 24
210.2.136.0/21 maxlen: 22
210.2.136.0/24 maxlen: 24
210.2.137.0/24 maxlen: 24
210.2.138.0/24 maxlen: 24
210.2.139.0/24 maxlen: 24
210.2.140.0/24 maxlen: 24
210.2.141.0/24 maxlen: 24
210.2.142.0/24 maxlen: 24
210.2.143.0/24 maxlen: 24
210.2.144.0/20 maxlen: 21
210.2.144.0/24 maxlen: 24
210.2.145.0/24 maxlen: 24
210.2.146.0/24 maxlen: 24
210.2.147.0/24 maxlen: 24
210.2.148.0/24 maxlen: 24
210.2.149.0/24 maxlen: 24
210.2.150.0/24 maxlen: 24
210.2.151.0/24 maxlen: 24
210.2.152.0/24 maxlen: 24
210.2.153.0/24 maxlen: 24
210.2.154.0/24 maxlen: 24
210.2.155.0/24 maxlen: 24
210.2.156.0/24 maxlen: 24
210.2.157.0/24 maxlen: 24
210.2.158.0/24 maxlen: 24
210.2.159.0/24 maxlen: 24
210.2.160.0/20 maxlen: 21
210.2.160.0/24 maxlen: 24
210.2.161.0/24 maxlen: 24
210.2.162.0/24 maxlen: 24
210.2.163.0/24 maxlen: 24
210.2.164.0/24 maxlen: 24
210.2.165.0/24 maxlen: 24
210.2.166.0/24 maxlen: 24
210.2.167.0/24 maxlen: 24
210.2.168.0/24 maxlen: 24
210.2.169.0/24 maxlen: 24
210.2.170.0/24 maxlen: 24
210.2.171.0/24 maxlen: 24
210.2.172.0/24 maxlen: 24
210.2.173.0/24 maxlen: 24
210.2.174.0/24 maxlen: 24
210.2.175.0/24 maxlen: 24
210.2.176.0/20 maxlen: 22
210.2.176.0/24 maxlen: 24
210.2.177.0/24 maxlen: 24
210.2.178.0/24 maxlen: 24
210.2.179.0/24 maxlen: 24
210.2.180.0/24 maxlen: 24
210.2.181.0/24 maxlen: 24
210.2.182.0/24 maxlen: 24
210.2.183.0/24 maxlen: 24
210.2.184.0/24 maxlen: 24
210.2.185.0/24 maxlen: 24
210.2.186.0/24 maxlen: 24
210.2.187.0/24 maxlen: 24
210.2.188.0/24 maxlen: 24
210.2.189.0/24 maxlen: 24
210.2.190.0/24 maxlen: 24
210.2.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.crl
rsync://rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 15:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7485 (0x1d3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9165568, serialNumber=67097E492F73D6DBD31FA016A2D5B5B86A9B3FD8
Validity
Not Before: Nov 4 15:00:38 2025 GMT
Not After : Jan 31 00:00:00 2027 GMT
Subject: CN=690a1516-8436
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:21:d9:92:95:a0:15:c4:d6:26:9d:b6:36:24:
0f:8a:e9:33:fd:b1:5f:30:90:9c:75:b9:74:80:1c:
4e:ce:18:5c:1a:b2:54:d3:5f:b5:ef:93:7f:f4:10:
b1:6a:2f:9a:9c:7d:bc:bd:ca:3e:04:d1:86:8f:ae:
5b:6a:1f:cd:56:34:60:8c:3f:fe:e0:a7:02:7e:7b:
4d:90:ea:26:43:bc:de:48:c8:79:6f:af:f1:63:b7:
4b:a5:53:f3:3d:5f:e1:fc:04:b3:5a:38:fd:fc:39:
14:8a:bd:36:d5:69:a0:bc:57:46:41:dc:80:68:99:
d3:25:ed:ad:eb:7f:38:9c:82:f4:ea:71:5c:85:e7:
0d:b1:f8:2a:3d:ea:34:7b:a0:49:fa:c6:d9:c1:3f:
fc:a1:23:4c:b0:1f:96:90:52:97:d0:c6:75:63:3d:
91:38:17:b7:fb:30:4c:a8:84:51:b7:23:89:78:70:
29:8f:82:cd:a5:db:5b:42:13:68:d2:c1:53:c7:d2:
d6:3b:41:d4:14:cb:bc:89:53:45:45:17:5c:ef:61:
7d:ac:4e:2a:1d:1d:56:49:ca:51:5d:d3:91:15:89:
50:72:b9:2a:26:9d:fd:4e:15:09:a4:6e:86:3e:9d:
0a:6d:23:1d:44:ae:54:e2:fe:91:41:a0:a2:5f:34:
85:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:05:4D:1C:56:BF:36:0A:B0:E9:86:6F:29:19:1A:CA:06:93:98:09
X509v3 Authority Key Identifier:
keyid:67:09:7E:49:2F:73:D6:DB:D3:1F:A0:16:A2:D5:B5:B8:6A:9B:3F:D8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zwl-SS9z1tvTH6AWotW1uGqbP9g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9165568/BD1A95D21D8711E29BE3E6DF08B02CD2/084044FC19AC11EB8759456DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.61.56.0/21
202.147.160.0/19
202.154.224.0/19
203.223.160.0/20
210.2.128.0/18
Signature Algorithm: sha256WithRSAEncryption
50:5c:3d:36:88:3a:dc:d7:ea:0a:8c:47:67:a8:3d:b8:7a:ac:
75:fb:65:0c:1c:c8:29:7c:6e:3d:03:0c:fa:25:47:d2:2a:e9:
1d:a2:7a:17:b0:60:ea:89:2e:39:b9:49:99:d5:73:3c:46:30:
dc:73:83:af:9b:6a:0c:9c:a7:7d:a5:49:61:2b:5d:38:5c:d5:
88:cb:39:b9:ae:82:dc:be:8e:20:d1:96:15:48:7d:e5:c3:4e:
81:7b:35:d6:62:d6:e2:03:b8:c9:e7:20:4b:9c:5d:6e:01:d6:
d9:d6:8a:53:62:0e:b0:22:86:5d:4a:28:3a:e4:10:3c:10:7d:
39:bb:8a:01:96:a4:61:5d:55:e5:16:c0:b5:b0:b0:b1:32:47:
7b:cd:8d:bf:c2:58:21:f6:6a:e0:35:b0:32:40:03:b4:aa:de:
2f:bf:29:10:8c:47:64:81:3b:ef:c9:e5:f2:67:f2:ba:5c:b0:
bd:de:13:ac:94:e2:7f:9b:3e:a7:c4:ab:70:b2:3e:10:20:e5:
71:9f:db:da:70:ac:ad:12:5b:03:25:47:21:f6:d5:71:00:6f:
95:29:8c:45:ff:74:9a:aa:c1:b4:b3:de:eb:48:53:55:bd:92:
2c:4c:b3:33:41:5a:83:c5:95:0e:f7:33:bc:41:50:54:9f:f2:
bc:49:e0:06
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICHT0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjU1NjgxMTAvBgNVBAUTKDY3MDk3RTQ5MkY3M0Q2REJEMzFGQTAxNkEyRDVCNUI4
NkE5QjNGRDgwHhcNMjUxMTA0MTUwMDM4WhcNMjcwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTBhMTUxNi04NDM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4CHZkpWgFcTWJp22NiQPiukz/bFfMJCcdbl0gBxOzhhcGrJU01+175N/9BCx
ai+anH28vco+BNGGj65bah/NVjRgjD/+4KcCfntNkOomQ7zeSMh5b6/xY7dLpVPz
PV/h/ASzWjj9/DkUir021WmgvFdGQdyAaJnTJe2t6384nIL06nFchecNsfgqPeo0
e6BJ+sbZwT/8oSNMsB+WkFKX0MZ1Yz2ROBe3+zBMqIRRtyOJeHApj4LNpdtbQhNo
0sFTx9LWO0HUFMu8iVNFRRdc72F9rE4qHR1WScpRXdORFYlQcrkqJp39ThUJpG6G
Pp0KbSMdRK5U4v6RQaCiXzSFpQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFOgFTRxW
vzYKsOmGbykZGsoGk5gJMB8GA1UdIwQYMBaAFGcJfkkvc9bb0x+gFqLVtbhqmz/Y
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NTU2OC9CRDFBOTVEMjFE
ODcxMUUyOUJFM0U2REYwOEIwMkNEMi9ad2wtU1M5ejF0dlRINkFXb3RXMXVHcWJQ
OWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1p3bC1TUzl6MXR2VEg2QVdvdFcxdUdxYlA5Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjU1NjgvQkQxQTk1RDIxRDg3MTFFMjlCRTNFNkRGMDhCMDJDRDIvMDg0MDQ0RkMx
OUFDMTFFQjg3NTk0NTZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAPKPTgDBAXKk6ADBAXKmuADBATL36ADBAbSAoAwDQYJKoZI
hvcNAQELBQADggEBAFBcPTaIOtzX6gqMR2eoPbh6rHX7ZQwcyCl8bj0DDPolR9Iq
6R2iehewYOqJLjm5SZnVczxGMNxzg6+bagycp32lSWErXThc1YjLObmugty+jiDR
lhVIfeXDToF7NdZi1uIDuMnnIEucXW4B1tnWilNiDrAihl1KKDrkEDwQfTm7igGW
pGFdVeUWwLWwsLEyR3vNjb/CWCH2auA1sDJAA7Sq3i+/KRCMR2SBO+/J5fJn8rpc
sL3eE6yU4n+bPqfEq3CyPhAg5XGf29pwrK0SWwMlRyH21XEAb5UpjEX/dJqqwbSz
3utIU1W9kixMszNBWoPFlQ73M7xBUFSf8rxJ4AY=
-----END CERTIFICATE-----
Generated at Wed Nov 5 12:22:31 2025 by rpki-client