Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/FCF99042301011EFBC350682C4F9AE02.roa
File: FCF99042301011EFBC350682C4F9AE02.roa (raw, json)
Hash identifier: L2/9JjFiWgQt59AFuV+uoqbPdz+ScN9QlotCi7wxs3k=
Subject key identifier: DB:40:E4:C4:04:96:69:BB:36:C2:69:FB:DF:5D:63:93:4E:02:46:3D
Certificate issuer: /CN=A91A7169/serialNumber=4042C2490D7DAFEC3320316ED5AA74E0BECAA9A9
Certificate serial: 0149
Authority key identifier: 40:42:C2:49:0D:7D:AF:EC:33:20:31:6E:D5:AA:74:E0:BE:CA:A9:A9
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QELCSQ19r-wzIDFu1ap04L7Kqak.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/FCF99042301011EFBC350682C4F9AE02.roa
Signing time: Sat 02 Aug 2025 19:16:48 +0000
ROA not before: Sat 02 Aug 2025 19:16:48 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 53813
IP address blocks: 167.103.2.0/23 maxlen: 24
167.103.4.0/23 maxlen: 24
167.103.6.0/23 maxlen: 24
167.103.8.0/23 maxlen: 24
167.103.10.0/23 maxlen: 24
167.103.12.0/23 maxlen: 24
167.103.14.0/23 maxlen: 24
167.103.16.0/23 maxlen: 24
167.103.18.0/23 maxlen: 24
167.103.20.0/23 maxlen: 24
167.103.22.0/23 maxlen: 24
167.103.24.0/23 maxlen: 24
167.103.26.0/23 maxlen: 24
167.103.28.0/23 maxlen: 24
167.103.30.0/23 maxlen: 24
167.103.32.0/23 maxlen: 24
167.103.34.0/23 maxlen: 24
167.103.36.0/24 maxlen: 24
167.103.37.0/24 maxlen: 24
167.103.38.0/24 maxlen: 24
167.103.39.0/24 maxlen: 24
167.103.40.0/24 maxlen: 24
167.103.41.0/24 maxlen: 24
167.103.42.0/23 maxlen: 24
167.103.44.0/23 maxlen: 24
167.103.46.0/23 maxlen: 24
167.103.48.0/24 maxlen: 24
167.103.49.0/24 maxlen: 24
167.103.54.0/23 maxlen: 24
167.103.56.0/23 maxlen: 24
167.103.58.0/23 maxlen: 24
167.103.60.0/23 maxlen: 24
167.103.62.0/23 maxlen: 24
167.103.64.0/23 maxlen: 24
167.103.66.0/23 maxlen: 24
167.103.68.0/23 maxlen: 24
167.103.70.0/23 maxlen: 24
167.103.72.0/23 maxlen: 24
167.103.74.0/23 maxlen: 24
167.103.76.0/23 maxlen: 24
167.103.78.0/23 maxlen: 24
167.103.80.0/23 maxlen: 24
167.103.82.0/23 maxlen: 24
167.103.84.0/24 maxlen: 24
167.103.85.0/24 maxlen: 24
167.103.86.0/24 maxlen: 24
167.103.87.0/24 maxlen: 24
167.103.88.0/23 maxlen: 24
167.103.96.0/23 maxlen: 24
167.103.98.0/23 maxlen: 24
167.103.100.0/23 maxlen: 24
167.103.102.0/23 maxlen: 24
167.103.110.0/24 maxlen: 24
167.103.111.0/24 maxlen: 24
167.103.112.0/23 maxlen: 24
167.103.114.0/23 maxlen: 24
167.103.116.0/23 maxlen: 24
167.103.118.0/23 maxlen: 24
167.103.120.0/23 maxlen: 24
167.103.122.0/23 maxlen: 24
167.103.124.0/23 maxlen: 24
167.103.126.0/23 maxlen: 24
167.103.132.0/23 maxlen: 24
167.103.134.0/23 maxlen: 24
167.103.136.0/23 maxlen: 24
167.103.138.0/23 maxlen: 24
167.103.140.0/23 maxlen: 24
167.103.142.0/23 maxlen: 24
167.103.144.0/23 maxlen: 24
167.103.146.0/23 maxlen: 24
167.103.154.0/23 maxlen: 24
167.103.156.0/23 maxlen: 24
167.103.158.0/23 maxlen: 24
167.103.160.0/23 maxlen: 24
167.103.162.0/23 maxlen: 24
167.103.164.0/23 maxlen: 24
167.103.166.0/23 maxlen: 24
167.103.186.0/23 maxlen: 24
167.103.188.0/23 maxlen: 24
167.103.190.0/23 maxlen: 24
167.103.192.0/23 maxlen: 24
167.103.196.0/23 maxlen: 24
167.103.198.0/23 maxlen: 24
167.103.200.0/23 maxlen: 24
167.103.202.0/23 maxlen: 24
167.103.204.0/23 maxlen: 24
167.103.206.0/23 maxlen: 24
167.103.208.0/23 maxlen: 24
167.103.210.0/23 maxlen: 24
167.103.212.0/23 maxlen: 24
167.103.214.0/23 maxlen: 24
167.103.216.0/23 maxlen: 24
167.103.228.0/23 maxlen: 24
167.103.230.0/23 maxlen: 24
167.103.232.0/23 maxlen: 24
167.103.234.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/QELCSQ19r-wzIDFu1ap04L7Kqak.crl
rsync://rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/QELCSQ19r-wzIDFu1ap04L7Kqak.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QELCSQ19r-wzIDFu1ap04L7Kqak.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 14 Aug 2025 05:57:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 329 (0x149)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A7169, serialNumber=4042C2490D7DAFEC3320316ED5AA74E0BECAA9A9
Validity
Not Before: Aug 2 19:16:48 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=688e6420-acdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:d3:f3:64:a4:c1:d7:3a:3c:18:47:ac:45:2c:
43:19:d3:5a:16:76:d8:55:bd:f2:e8:61:d6:a2:7c:
e3:c6:9a:5b:54:5d:05:7f:72:1e:12:ec:16:62:b5:
21:f6:5c:b1:7b:4b:c1:f5:62:39:ea:73:57:0e:46:
df:a0:f1:df:65:6f:e2:9a:dc:8a:65:82:12:16:4a:
e9:e8:33:2d:82:29:a8:14:31:bd:06:fb:00:a0:8a:
4f:4f:1c:f6:d6:a8:a4:40:8e:95:94:36:f1:a3:1d:
07:35:8e:69:98:d9:d3:a0:4d:85:84:f8:58:c1:63:
19:39:ff:e9:0c:41:bf:c9:13:29:da:ab:94:07:c2:
f3:5e:51:a1:a1:23:e7:9a:1d:17:8f:fc:12:f0:a2:
8d:c9:93:3c:a6:11:d1:b6:d7:fa:77:46:ed:a8:b0:
77:f8:9d:26:54:f9:38:5d:46:44:08:c3:32:06:6f:
98:48:76:e5:8e:b6:ca:97:87:e1:e8:77:03:72:98:
dc:49:9c:84:f5:10:86:41:d1:d8:c7:df:ab:32:3c:
88:14:64:8d:47:4f:21:a8:1f:0c:9b:c5:f0:5b:90:
80:ea:f2:6e:71:1c:ad:77:d3:8a:88:52:6d:a0:f1:
36:c0:91:fb:03:5f:5a:f1:05:88:9a:7c:46:98:42:
82:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:40:E4:C4:04:96:69:BB:36:C2:69:FB:DF:5D:63:93:4E:02:46:3D
X509v3 Authority Key Identifier:
keyid:40:42:C2:49:0D:7D:AF:EC:33:20:31:6E:D5:AA:74:E0:BE:CA:A9:A9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/QELCSQ19r-wzIDFu1ap04L7Kqak.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QELCSQ19r-wzIDFu1ap04L7Kqak.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A7169/6233DD3EEBAE11EE8A0ED964C4F9AE02/FCF99042301011EFBC350682C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
167.103.2.0-167.103.49.255
167.103.54.0-167.103.89.255
167.103.96.0/21
167.103.110.0-167.103.127.255
167.103.132.0-167.103.147.255
167.103.154.0-167.103.167.255
167.103.186.0-167.103.193.255
167.103.196.0-167.103.217.255
167.103.228.0-167.103.235.255
Signature Algorithm: sha256WithRSAEncryption
41:bc:71:e5:0c:72:c0:ca:58:e7:08:2b:31:f3:14:b3:5e:0b:
ed:ed:1f:bc:87:21:35:4c:5d:1b:ca:75:66:12:37:8c:a6:fb:
8c:5d:10:07:a3:06:33:1e:3e:dc:d6:e4:23:2c:94:a6:6d:57:
ae:e0:41:e7:c3:cc:be:62:8a:e4:f5:60:b2:92:f4:9e:96:de:
46:57:f5:82:24:db:cf:37:e8:ec:a2:29:53:d9:55:47:d9:91:
14:b4:95:4e:61:bb:dd:3c:4d:03:69:02:b8:90:48:89:fc:60:
59:22:a3:3b:82:6a:ee:93:32:15:67:6b:d3:d9:e4:3a:93:d7:
b2:de:de:fd:82:8f:3b:fd:05:bf:9c:c9:35:5c:70:11:7d:bc:
f9:92:f0:d7:7e:b2:f9:4d:c7:54:55:09:74:e4:fc:1c:ae:fd:
8b:93:e8:fb:26:1b:00:dc:7b:d7:84:ba:e8:f0:dc:94:a8:63:
e6:98:a9:7d:5a:3c:42:79:21:55:42:79:a4:a3:84:eb:62:46:
fb:5b:69:1d:10:08:8a:15:19:6c:99:01:13:da:56:e8:90:4e:
fd:b5:18:a0:2a:4e:92:1d:50:1b:55:7b:86:77:c9:f0:4c:4b:
4d:c9:49:8e:ac:04:b4:83:07:25:f4:9e:da:a8:f4:4c:d3:a4:
6a:08:2a:db
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgICAUkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTcxNjkxMTAvBgNVBAUTKDQwNDJDMjQ5MEQ3REFGRUMzMzIwMzE2RUQ1QUE3NEUw
QkVDQUE5QTkwHhcNMjUwODAyMTkxNjQ4WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhlNjQyMC1hY2RjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA59PzZKTB1zo8GEesRSxDGdNaFnbYVb3y6GHWonzjxppbVF0Ff3IeEuwWYrUh
9lyxe0vB9WI56nNXDkbfoPHfZW/imtyKZYISFkrp6DMtgimoFDG9BvsAoIpPTxz2
1qikQI6VlDbxox0HNY5pmNnToE2FhPhYwWMZOf/pDEG/yRMp2quUB8LzXlGhoSPn
mh0Xj/wS8KKNyZM8phHRttf6d0btqLB3+J0mVPk4XUZECMMyBm+YSHbljrbKl4fh
6HcDcpjcSZyE9RCGQdHYx9+rMjyIFGSNR08hqB8Mm8XwW5CA6vJucRytd9OKiFJt
oPE2wJH7A19a8QWImnxGmEKCYwIDAQABo4IDBzCCAwMwHQYDVR0OBBYEFNtA5MQE
lmm7NsJp+99dY5NOAkY9MB8GA1UdIwQYMBaAFEBCwkkNfa/sMyAxbtWqdOC+yqmp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNzE2OS82MjMzREQzRUVC
QUUxMUVFOEEwRUQ5NjRDNEY5QUUwMi9RRUxDU1ExOXItd3pJREZ1MWFwMDRMN0tx
YWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1FFTENTUTE5ci13eklERnUxYXAwNEw3S3Fhay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTcxNjkvNjIzM0REM0VFQkFFMTFFRThBMEVEOTY0QzRGOUFFMDIvRkNGOTkwNDIz
MDEwMTFFRkJDMzUwNjgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZAGCCsGAQUFBwEHAQH/
BIGAMH4wfAQCAAEwdjAMAwQBp2cCAwQBp2cwMAwDBAGnZzYDBAGnZ1gDBAOnZ2Aw
DAMEAadnbgMEB6dnADAMAwQCp2eEAwQCp2eQMAwDBAGnZ5oDBAOnZ6AwDAMEAadn
ugMEAadnwDAMAwQCp2fEAwQBp2fYMAwDBAKnZ+QDBAKnZ+gwDQYJKoZIhvcNAQEL
BQADggEBAEG8ceUMcsDKWOcIKzHzFLNeC+3tH7yHITVMXRvKdWYSN4ym+4xdEAej
BjMePtzW5CMslKZtV67gQefDzL5iiuT1YLKS9J6W3kZX9YIk28836OyiKVPZVUfZ
kRS0lU5hu908TQNpAriQSIn8YFkiozuCau6TMhVna9PZ5DqT17Le3v2Cjzv9Bb+c
yTVccBF9vPmS8Nd+svlNx1RVCXTk/Byu/YuT6PsmGwDce9eEuujw3JSoY+aYqX1a
PEJ5IVVCeaSjhOtiRvtbaR0QCIoVGWyZARPaVuiQTv21GKAqTpIdUBtVe4Z3yfBM
S03JSY6sBLSDByX0ntqo9EzTpGoIKts=
-----END CERTIFICATE-----
Generated at Sun Aug 10 21:07:46 2025 by rpki-client