Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
File: 876FDB56D90211EFB7CAB32BC4F9AE02.roa (raw, json)
Hash identifier: cBC1lkGibWb37c/9qQ/ZMY7raeVjjV/WUI+TKPGLd9g=
Subject key identifier: C1:57:43:32:92:90:41:41:88:10:0E:3D:78:A2:28:D8:EB:7F:23:DC
Certificate issuer: /CN=A916BDA4/serialNumber=04E6C9249EE348DCF764DF0B9A40D3E854066444
Certificate serial: 186F
Authority key identifier: 04:E6:C9:24:9E:E3:48:DC:F7:64:DF:0B:9A:40:D3:E8:54:06:64:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
Signing time: Mon 03 Nov 2025 16:22:31 +0000
ROA not before: Mon 03 Nov 2025 16:22:31 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 14789
IP address blocks: 2400:cb00:41::/48 maxlen: 48
2400:cb00:60::/48 maxlen: 48
2400:cb00:142::/48 maxlen: 48
2400:cb00:161::/48 maxlen: 48
2400:cb00:179::/48 maxlen: 48
2400:cb00:230::/48 maxlen: 48
2400:cb00:258::/48 maxlen: 48
2400:cb00:292::/48 maxlen: 48
2400:cb00:303::/48 maxlen: 48
2400:cb00:347::/48 maxlen: 48
2400:cb00:439::/48 maxlen: 48
2400:cb00:477::/48 maxlen: 48
2400:cb00:480::/48 maxlen: 48
2400:cb00:526::/48 maxlen: 48
2400:cb00:529::/48 maxlen: 48
2400:cb00:566::/48 maxlen: 48
2400:cb00:596::/48 maxlen: 48
2400:cb00:610::/48 maxlen: 48
2400:cb00:611::/48 maxlen: 48
2400:cb00:614::/48 maxlen: 48
2400:cb00:616::/48 maxlen: 48
2400:cb00:621::/48 maxlen: 48
2400:cb00:638::/48 maxlen: 48
2400:cb00:651::/48 maxlen: 48
2400:cb00:661::/48 maxlen: 48
2400:cb00:685::/48 maxlen: 48
2400:cb00:695::/48 maxlen: 48
2400:cb00:710::/48 maxlen: 48
2400:cb00:738::/48 maxlen: 48
2400:cb00:750::/48 maxlen: 48
2400:cb00:770::/48 maxlen: 48
2400:cb00:771::/48 maxlen: 48
2400:cb00:776::/48 maxlen: 48
2400:cb00:794::/48 maxlen: 48
2400:cb00:902::/48 maxlen: 48
2400:cb00:909::/48 maxlen: 48
2400:cb00:934::/48 maxlen: 48
2400:cb00:946::/48 maxlen: 48
2400:cb00:1015::/48 maxlen: 48
2400:cb00:1051::/48 maxlen: 48
2400:cb00:1052::/48 maxlen: 48
2400:cb00:1059::/48 maxlen: 48
2400:cb00:1060::/48 maxlen: 48
2400:cb00:1062::/48 maxlen: 48
2400:cb00:1095::/48 maxlen: 48
2400:cb00:1096::/48 maxlen: 48
2400:cb00:1172::/48 maxlen: 48
2400:cb00:1185::/48 maxlen: 48
2400:cb00:1224::/48 maxlen: 48
2400:cb00:c950::/48 maxlen: 48
2400:cb00:c951::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.crl
rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 11 Nov 2025 17:14:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6255 (0x186f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916BDA4, serialNumber=04E6C9249EE348DCF764DF0B9A40D3E854066444
Validity
Not Before: Nov 3 16:22:31 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=6908d6c7-0396
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:84:79:8c:ef:8a:b7:b2:a6:b3:47:e6:f9:0f:
81:48:d0:44:26:a1:c2:56:8e:15:8f:3d:39:89:a6:
10:46:11:2a:ad:62:f5:d7:92:78:11:eb:c9:64:6d:
6a:e2:7c:19:53:4b:83:fb:c8:77:93:43:4c:0a:a1:
13:81:49:d3:47:23:86:8c:78:28:62:7a:ef:6c:8e:
9a:d1:48:f4:50:0a:71:12:78:e9:5d:18:df:9b:3f:
9d:6d:50:1b:cb:00:25:68:62:fa:84:ce:11:32:6b:
26:0c:30:12:8b:f0:34:f9:99:bd:21:3d:94:54:32:
5e:a9:1b:64:ff:d1:5f:47:26:d2:c0:dc:a6:a6:bb:
2f:39:d0:1f:ef:ed:dd:58:30:3d:f6:10:85:f4:08:
67:2f:db:ba:fe:0f:00:7b:55:4f:bd:7b:74:dd:91:
95:45:71:2d:ec:53:07:aa:58:95:9f:d4:a6:e6:0f:
8f:b4:91:39:36:d5:d2:8c:35:75:47:72:0a:16:de:
08:93:a6:85:e8:2d:82:d4:03:13:b3:b4:2a:9a:8c:
e7:b7:6d:37:03:43:8a:dc:d5:9a:55:e5:26:5a:40:
f2:5e:55:64:8d:30:89:6f:02:7f:1d:6d:f8:22:bf:
f1:80:05:2a:d4:9b:bb:40:d5:73:18:c6:1f:0a:7d:
34:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:57:43:32:92:90:41:41:88:10:0E:3D:78:A2:28:D8:EB:7F:23:DC
X509v3 Authority Key Identifier:
keyid:04:E6:C9:24:9E:E3:48:DC:F7:64:DF:0B:9A:40:D3:E8:54:06:64:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BObJJJ7jSNz3ZN8LmkDT6FQGZEQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916BDA4/1EC702BCF1A711E890F06650C4F9AE02/876FDB56D90211EFB7CAB32BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2400:cb00:41::/48
2400:cb00:60::/48
2400:cb00:142::/48
2400:cb00:161::/48
2400:cb00:179::/48
2400:cb00:230::/48
2400:cb00:258::/48
2400:cb00:292::/48
2400:cb00:303::/48
2400:cb00:347::/48
2400:cb00:439::/48
2400:cb00:477::/48
2400:cb00:480::/48
2400:cb00:526::/48
2400:cb00:529::/48
2400:cb00:566::/48
2400:cb00:596::/48
2400:cb00:610::/47
2400:cb00:614::/48
2400:cb00:616::/48
2400:cb00:621::/48
2400:cb00:638::/48
2400:cb00:651::/48
2400:cb00:661::/48
2400:cb00:685::/48
2400:cb00:695::/48
2400:cb00:710::/48
2400:cb00:738::/48
2400:cb00:750::/48
2400:cb00:770::/47
2400:cb00:776::/48
2400:cb00:794::/48
2400:cb00:902::/48
2400:cb00:909::/48
2400:cb00:934::/48
2400:cb00:946::/48
2400:cb00:1015::/48
2400:cb00:1051::-2400:cb00:1052:ffff:ffff:ffff:ffff:ffff
2400:cb00:1059::/48
2400:cb00:1060::/48
2400:cb00:1062::/48
2400:cb00:1095::-2400:cb00:1096:ffff:ffff:ffff:ffff:ffff
2400:cb00:1172::/48
2400:cb00:1185::/48
2400:cb00:1224::/48
2400:cb00:c950::/47
Signature Algorithm: sha256WithRSAEncryption
27:6c:c6:10:b2:2d:ac:cc:6f:a8:2b:44:ea:05:ef:bd:4c:b6:
01:6e:15:4e:aa:30:dc:36:8d:d9:f8:bb:e7:3e:83:67:96:70:
f9:1b:b8:8b:d1:81:63:cc:e2:88:cd:eb:a8:f8:b2:bd:bb:dd:
65:c3:79:a0:e0:fe:8a:cd:35:46:12:e9:6d:f8:c0:d0:e8:fc:
6f:77:72:c4:88:d2:5d:a4:03:d2:a7:a9:f2:be:6e:6a:22:ab:
43:25:56:4e:6b:73:0f:f1:e5:f4:64:46:7e:b0:a7:b6:91:7f:
97:be:a5:79:43:8f:af:93:9e:0f:b5:d0:4a:18:bf:ec:06:b5:
4c:62:5f:b8:30:3a:d5:25:28:79:a7:f6:e6:43:71:de:b2:f0:
e0:af:09:ce:8a:a7:0c:b0:6d:32:79:3b:04:ce:ed:88:6f:62:
2b:da:fe:ef:93:9a:d8:86:93:ec:50:fc:eb:4c:5f:5e:3a:1e:
34:06:a2:30:db:c0:d4:5c:16:5f:16:9c:f5:e9:2f:de:1e:59:
68:68:ba:e7:a6:6f:6c:9d:02:24:3d:e3:e8:dc:e3:1c:9d:02:
eb:20:1d:35:ed:0b:c8:f8:09:2f:03:ef:f9:4c:79:97:34:ec:
8f:ca:05:76:bf:e6:da:18:38:6f:84:97:4f:19:11:f4:ee:3b:
0f:91:39:5c
-----BEGIN CERTIFICATE-----
MIIHKTCCBhGgAwIBAgICGG8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkJEQTQxMTAvBgNVBAUTKDA0RTZDOTI0OUVFMzQ4RENGNzY0REYwQjlBNDBEM0U4
NTQwNjY0NDQwHhcNMjUxMTAzMTYyMjMxWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTA4ZDZjNy0wMzk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt4R5jO+Kt7Kms0fm+Q+BSNBEJqHCVo4Vjz05iaYQRhEqrWL115J4EevJZG1q
4nwZU0uD+8h3k0NMCqETgUnTRyOGjHgoYnrvbI6a0Uj0UApxEnjpXRjfmz+dbVAb
ywAlaGL6hM4RMmsmDDASi/A0+Zm9IT2UVDJeqRtk/9FfRybSwNymprsvOdAf7+3d
WDA99hCF9AhnL9u6/g8Ae1VPvXt03ZGVRXEt7FMHqliVn9Sm5g+PtJE5NtXSjDV1
R3IKFt4Ik6aF6C2C1AMTs7Qqmoznt203A0OK3NWaVeUmWkDyXlVkjTCJbwJ/HW34
Ir/xgAUq1Ju7QNVzGMYfCn009wIDAQABo4IETTCCBEkwHQYDVR0OBBYEFMFXQzKS
kEFBiBAOPXiiKNjrfyPcMB8GA1UdIwQYMBaAFATmySSe40jc92TfC5pA0+hUBmRE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QkRBNC8xRUM3MDJCQ0Yx
QTcxMUU4OTBGMDY2NTBDNEY5QUUwMi9CT2JKSko3alNOejNaTjhMbWtEVDZGUUda
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JPYkpKSjdqU056M1pOOExta0RUNkZRR1pFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkJEQTQvMUVDNzAyQkNGMUE3MTFFODkwRjA2NjUwQzRGOUFFMDIvODc2RkRCNTZE
OTAyMTFFRkI3Q0FCMzJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggHVBggrBgEFBQcBBwEB
/wSCAcQwggHAMIIBvAQCAAIwggG0AwcAJADLAABBAwcAJADLAABgAwcAJADLAAFC
AwcAJADLAAFhAwcAJADLAAF5AwcAJADLAAIwAwcAJADLAAJYAwcAJADLAAKSAwcA
JADLAAMDAwcAJADLAANHAwcAJADLAAQ5AwcAJADLAAR3AwcAJADLAASAAwcAJADL
AAUmAwcAJADLAAUpAwcAJADLAAVmAwcAJADLAAWWAwcBJADLAAYQAwcAJADLAAYU
AwcAJADLAAYWAwcAJADLAAYhAwcAJADLAAY4AwcAJADLAAZRAwcAJADLAAZhAwcA
JADLAAaFAwcAJADLAAaVAwcAJADLAAcQAwcAJADLAAc4AwcAJADLAAdQAwcBJADL
AAdwAwcAJADLAAd2AwcAJADLAAeUAwcAJADLAAkCAwcAJADLAAkJAwcAJADLAAk0
AwcAJADLAAlGAwcAJADLABAVMBIDBwAkAMsAEFEDBwAkAMsAEFIDBwAkAMsAEFkD
BwAkAMsAEGADBwAkAMsAEGIwEgMHACQAywAQlQMHACQAywAQlgMHACQAywARcgMH
ACQAywARhQMHACQAywASJAMHASQAywDJUDANBgkqhkiG9w0BAQsFAAOCAQEAJ2zG
ELItrMxvqCtE6gXvvUy2AW4VTqow3DaN2fi75z6DZ5Zw+Ru4i9GBY8ziiM3rqPiy
vbvdZcN5oOD+is01RhLpbfjA0Oj8b3dyxIjSXaQD0qep8r5uaiKrQyVWTmtzD/Hl
9GRGfrCntpF/l76leUOPr5OeD7XQShi/7Aa1TGJfuDA61SUoeaf25kNx3rLw4K8J
zoqnDLBtMnk7BM7tiG9iK9r+75Oa2IaT7FD860xfXjoeNAaiMNvA1FwWXxac9ekv
3h5ZaGi656ZvbJ0CJD3j6NzjHJ0C6yAdNe0LyPgJLwPv+Ux5lzTsj8oFdr/m2hg4
b4SXTxkR9O47D5E5XA==
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:33:38 2025 by rpki-client