Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
File: F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa (raw, json)
Hash identifier: zdwZO0F8HmTS0a7Wa5QQzty6jheoVPgBvRYPbS/dvxI=
Subject key identifier: DA:9E:33:DF:99:11:05:C2:79:49:BF:57:13:13:23:82:91:26:ED:98
Certificate issuer: /CN=A9194C0D/serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
Certificate serial: 01C3
Authority key identifier: 63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
Signing time: Fri 31 Oct 2025 03:47:50 +0000
ROA not before: Fri 31 Oct 2025 03:47:50 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 134090
IP address blocks: 45.249.116.0/22 maxlen: 24
103.51.112.0/22 maxlen: 24
103.85.36.0/22 maxlen: 24
103.95.112.0/22 maxlen: 24
103.106.88.0/22 maxlen: 24
113.29.240.0/22 maxlen: 23
123.253.188.0/22 maxlen: 24
124.158.96.0/22 maxlen: 23
175.111.176.0/22 maxlen: 23
202.128.112.0/20 maxlen: 20
202.128.112.0/21 maxlen: 24
202.128.120.0/21 maxlen: 24
202.179.128.0/22 maxlen: 24
2400:a840::/31 maxlen: 34
2400:a842::/31 maxlen: 34
2400:a844::/30 maxlen: 30
2400:a844::/31 maxlen: 34
2400:a846::/31 maxlen: 34
2400:a848::/31 maxlen: 34
2400:a84a::/31 maxlen: 34
2400:a84c::/31 maxlen: 34
2400:a84e::/31 maxlen: 34
2402:2c80::/32 maxlen: 34
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.crl
rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 12 Nov 2025 03:38:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 451 (0x1c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9194C0D, serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
Validity
Not Before: Oct 31 03:47:50 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69043166-f94b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:35:64:19:9d:ce:da:9b:cb:38:0d:03:5b:44:
28:e1:9d:58:6a:ca:d7:cf:5b:e9:8f:0a:df:4d:25:
4b:9a:e5:7b:ce:1a:93:c0:08:63:9a:6e:29:42:27:
34:fa:db:f0:1c:7d:ad:ff:07:de:fa:7c:3e:f1:96:
1e:32:57:58:ef:cf:f6:52:07:47:9e:43:48:35:77:
58:12:de:a2:48:60:be:27:3b:98:a2:ac:bd:4a:2d:
26:19:e3:f0:0f:e0:85:93:ed:87:12:85:a7:8d:6a:
75:ce:3d:f1:01:1b:05:09:6f:38:7b:85:1c:97:6b:
fb:69:a0:8f:93:1d:d3:17:4c:fa:86:5d:7d:49:35:
df:07:9b:af:a4:6c:7a:a6:7c:b4:34:1d:ff:43:ed:
1c:0d:15:e2:0a:a6:67:23:80:fe:93:46:27:e9:b3:
0c:81:a8:66:c1:3d:32:a4:93:81:e0:66:72:26:f1:
c8:02:14:23:91:bf:14:10:11:69:0a:ad:25:f1:3e:
e5:9e:bf:e6:0e:26:a0:e1:07:5f:31:b3:d1:39:d2:
1f:73:e9:3f:e2:2c:79:d6:d8:05:8d:e1:75:ca:98:
a2:bc:55:37:90:54:95:52:7d:b0:3d:22:f6:03:2e:
5d:c4:1b:ad:cf:06:69:a4:3e:97:90:94:37:46:b1:
22:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:9E:33:DF:99:11:05:C2:79:49:BF:57:13:13:23:82:91:26:ED:98
X509v3 Authority Key Identifier:
keyid:63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.249.116.0/22
103.51.112.0/22
103.85.36.0/22
103.95.112.0/22
103.106.88.0/22
113.29.240.0/22
123.253.188.0/22
124.158.96.0/22
175.111.176.0/22
202.128.112.0/20
202.179.128.0/22
IPv6:
2400:a840::/28
2402:2c80::/32
Signature Algorithm: sha256WithRSAEncryption
af:87:7b:5a:4a:69:eb:02:13:a2:fa:4a:2e:71:6c:f0:73:51:
f9:6f:f7:af:4b:a0:38:5e:4e:d6:c3:da:1a:db:d1:5a:54:ad:
c3:1a:63:02:dc:88:da:40:29:0f:85:d9:0a:d4:a4:72:72:3d:
17:31:3b:d9:cd:34:06:55:56:49:1f:92:18:18:e8:16:53:2c:
e7:87:57:b4:48:61:39:c9:65:a1:59:50:66:8d:9e:f8:02:96:
87:84:9e:22:52:a5:e7:5e:d3:18:52:76:d9:d1:78:ce:31:49:
61:99:c4:ed:08:c7:bb:52:bf:b8:8a:f0:59:fb:2d:69:cc:d6:
9b:46:3b:a3:1f:7b:a4:b4:13:b2:c2:b4:d0:42:6f:a9:96:d9:
29:fa:30:1e:ad:0f:22:f3:e6:02:c5:92:80:a0:44:e5:e1:5c:
88:de:e5:f2:61:3e:d0:ac:dc:81:c6:88:90:c5:16:35:04:1d:
89:7b:c1:e5:0b:4f:47:3b:1c:04:9f:d6:9e:46:28:b0:45:78:
6d:3c:e8:0f:1c:cd:14:bf:9b:78:ec:7e:71:b5:9d:24:2c:14:
8c:50:b2:65:40:b8:13:d2:cf:ad:f9:0b:11:a7:f0:40:64:4b:
f4:68:6f:b9:5d:18:43:98:be:e7:89:c1:b2:b7:bb:aa:58:e9:
35:65:a6:d0
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgICAcMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTRDMEQxMTAvBgNVBAUTKDYzNEUyOEIxMDAyRTU1NkU4RUIxNEY5NTNFQUQ2M0I2
RDY3NzU4MDkwHhcNMjUxMDMxMDM0NzUwWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OTA0MzE2Ni1mOTRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4jVkGZ3O2pvLOA0DW0Qo4Z1YasrXz1vpjwrfTSVLmuV7zhqTwAhjmm4pQic0
+tvwHH2t/wfe+nw+8ZYeMldY78/2UgdHnkNINXdYEt6iSGC+JzuYoqy9Si0mGePw
D+CFk+2HEoWnjWp1zj3xARsFCW84e4Ucl2v7aaCPkx3TF0z6hl19STXfB5uvpGx6
pny0NB3/Q+0cDRXiCqZnI4D+k0Yn6bMMgahmwT0ypJOB4GZyJvHIAhQjkb8UEBFp
Cq0l8T7lnr/mDiag4QdfMbPROdIfc+k/4ix51tgFjeF1ypiivFU3kFSVUn2wPSL2
Ay5dxButzwZppD6XkJQ3RrEihwIDAQABo4IC5zCCAuMwHQYDVR0OBBYEFNqeM9+Z
EQXCeUm/VxMTI4KRJu2YMB8GA1UdIwQYMBaAFGNOKLEALlVujrFPlT6tY7bWd1gJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NEMwRC9BRDI1ODg5MDU3
NTQxMUVFOTQwQ0Q5NTRDNEY5QUUwMi9ZMDRvc1FBdVZXNk9zVS1WUHExanR0WjNX
QWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1kwNG9zUUF1Vlc2T3NVLVZQcTFqdHRaM1dBay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTRDMEQvQUQyNTg4OTA1NzU0MTFFRTk0MENEOTU0QzRGOUFFMDIvRjZGQUVDNUND
QjA0MTFFRUFCMDVGOTNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcQYIKwYBBQUHAQcBAf8E
YjBgMEgEAgABMEIDBAIt+XQDBAJnM3ADBAJnVSQDBAJnX3ADBAJnalgDBAJxHfAD
BAJ7/bwDBAJ8nmADBAKvb7ADBATKgHADBALKs4AwFAQCAAIwDgMFBCQAqEADBQAk
AiyAMA0GCSqGSIb3DQEBCwUAA4IBAQCvh3taSmnrAhOi+koucWzwc1H5b/evS6A4
Xk7Ww9oa29FaVK3DGmMC3IjaQCkPhdkK1KRycj0XMTvZzTQGVVZJH5IYGOgWUyzn
h1e0SGE5yWWhWVBmjZ74ApaHhJ4iUqXnXtMYUnbZ0XjOMUlhmcTtCMe7Ur+4ivBZ
+y1pzNabRjujH3uktBOywrTQQm+pltkp+jAerQ8i8+YCxZKAoETl4VyI3uXyYT7Q
rNyBxoiQxRY1BB2Je8HlC09HOxwEn9aeRiiwRXhtPOgPHM0Uv5t47H5xtZ0kLBSM
ULJlQLgT0s+t+QsRp/BAZEv0aG+5XRhDmL7nicGyt7uqWOk1ZabQ
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:59:41 2025 by rpki-client