Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
File: CBF7E2CE2D3611EEA81A490BC4F9AE02.roa (raw, json)
Hash identifier: 4yj8sZR6Z/FxcvXrPscntmMUZkXTFX7XG+1HhFVkn+I=
Subject key identifier: 02:56:42:A6:5A:1D:50:66:11:86:AB:07:A1:73:B2:8E:52:7E:B1:CE
Certificate issuer: /CN=A91BB4C2/serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
Certificate serial: 01FF
Authority key identifier: DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
Signing time: Wed 13 Aug 2025 04:11:40 +0000
ROA not before: Wed 13 Aug 2025 04:11:40 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 136395
IP address blocks: 103.213.36.0/23 maxlen: 23
103.213.36.0/24 maxlen: 24
103.213.37.0/24 maxlen: 24
2401:5e0::/32 maxlen: 32
2401:5e0::/36 maxlen: 36
2401:5e0:1::/48 maxlen: 48
2401:5e0:2::/48 maxlen: 48
2401:5e0:3::/48 maxlen: 48
2401:5e0:4::/48 maxlen: 48
2401:5e0:1000::/36 maxlen: 36
2401:5e0:1000::/48 maxlen: 48
2401:5e0:1001::/48 maxlen: 48
2401:5e0:1002::/48 maxlen: 48
2401:5e0:1003::/48 maxlen: 48
2401:5e0:1004::/48 maxlen: 48
2401:5e0:1005::/48 maxlen: 48
2401:5e0:1006::/48 maxlen: 48
2401:5e0:1007::/48 maxlen: 48
2401:5e0:1008::/48 maxlen: 48
2401:5e0:1009::/48 maxlen: 48
2401:5e0:100a::/48 maxlen: 48
2401:5e0:100b::/48 maxlen: 48
2401:5e0:100c::/48 maxlen: 48
2401:5e0:100d::/48 maxlen: 48
2401:5e0:100e::/48 maxlen: 48
2401:5e0:100f::/48 maxlen: 48
2401:5e0:1010::/48 maxlen: 48
2401:5e0:2000::/36 maxlen: 36
2401:5e0:2000::/48 maxlen: 48
2401:5e0:2001::/48 maxlen: 48
2401:5e0:2002::/48 maxlen: 48
2401:5e0:2003::/48 maxlen: 48
2401:5e0:2004::/48 maxlen: 48
2401:5e0:2005::/48 maxlen: 48
2401:5e0:3000::/36 maxlen: 36
2401:5e0:4000::/36 maxlen: 36
2401:5e0:5000::/36 maxlen: 36
2401:5e0:6000::/36 maxlen: 36
2401:5e0:7000::/36 maxlen: 36
2401:5e0:8000::/36 maxlen: 36
2401:5e0:9000::/36 maxlen: 36
2401:5e0:a000::/36 maxlen: 36
2401:5e0:b000::/36 maxlen: 36
2401:5e0:c000::/36 maxlen: 36
2401:5e0:d000::/36 maxlen: 36
2401:5e0:e000::/36 maxlen: 36
2401:5e0:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.crl
rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 20 Aug 2025 04:11:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 511 (0x1ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BB4C2, serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
Validity
Not Before: Aug 13 04:11:40 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=689c107c-344e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:94:1c:5b:ca:e8:96:6d:58:8f:fc:57:05:f9:
e5:cb:ea:f7:25:af:37:bc:fa:93:4d:4a:68:94:a3:
55:93:78:7a:d4:70:95:e5:38:65:95:24:b8:c8:15:
aa:0e:ef:c1:7f:ca:9e:49:34:82:04:70:9f:f8:ac:
2f:2c:8c:55:e9:2a:5d:b2:b4:82:d1:86:49:af:44:
4e:6f:74:db:d0:f1:22:36:23:9c:c2:53:76:25:c8:
8d:e1:18:27:03:00:bd:46:9c:a3:24:b3:93:b5:56:
7c:e6:d3:5f:a0:09:4a:6a:90:c1:48:82:c1:51:7f:
8c:6e:ef:30:61:09:04:c9:28:38:f8:ba:27:a2:7e:
fd:e3:9b:fe:b8:bc:aa:60:5a:e5:73:db:14:d7:1a:
ad:18:71:7e:81:60:59:7a:00:7d:4b:f3:b0:d3:b2:
f4:d9:a9:bd:7d:4f:93:d1:5f:f3:e7:7b:ca:eb:83:
d3:19:14:79:33:33:16:97:d8:05:2f:04:bd:3f:23:
6e:10:88:c6:64:13:cc:36:3f:3c:8e:e3:2f:95:9f:
31:41:d2:0b:8c:01:17:da:f1:d7:24:8c:ee:13:4e:
44:a3:34:5b:5b:b7:fe:0a:ac:bf:80:15:5e:ef:57:
02:2d:72:b7:e2:9d:51:d3:d1:93:88:4d:35:30:65:
41:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:56:42:A6:5A:1D:50:66:11:86:AB:07:A1:73:B2:8E:52:7E:B1:CE
X509v3 Authority Key Identifier:
keyid:DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.213.36.0/23
IPv6:
2401:5e0::/32
Signature Algorithm: sha256WithRSAEncryption
31:81:c4:7b:e7:db:6c:e1:e2:0e:81:83:3c:b9:52:e6:fb:9c:
74:cd:af:b8:b1:34:32:c6:b1:74:74:79:81:05:96:74:95:7b:
93:1d:4e:51:ee:88:0d:27:ce:19:0a:cd:af:48:85:55:3a:28:
ef:38:4b:12:9b:dc:08:75:20:a9:a5:2d:80:3e:72:32:66:55:
2b:dc:d0:d1:7b:e5:07:f6:b8:00:8d:56:c9:09:e5:d3:9c:54:
7b:45:e1:78:74:58:a7:ca:be:b3:5e:82:33:7b:72:75:68:b9:
99:4e:4b:a2:5a:d8:69:96:4f:12:8f:17:d6:92:45:27:b3:c7:
cb:0b:6c:85:11:c2:5d:7e:ba:32:89:47:c7:d7:78:99:f5:e0:
b1:e9:7e:17:91:52:93:f2:fe:48:5a:82:9d:ed:41:4f:2f:e0:
85:92:bc:f9:e9:eb:74:d4:89:36:d7:0d:22:29:08:31:64:67:
57:ee:7d:4e:44:7b:43:b9:f1:db:f7:c0:52:7c:60:fa:55:80:
c0:bf:51:14:51:51:4d:76:66:26:a1:c3:df:e4:8a:47:e4:89:
3b:ab:1a:19:39:a6:83:28:ba:af:e8:75:79:cb:32:d9:e1:3c:
41:93:40:b5:1e:d2:35:13:ae:6f:c9:eb:7a:57:89:4d:59:9b:
a7:65:01:67
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAf8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkI0QzIxMTAvBgNVBAUTKERDMjNBNjlFQTFFRkMxQTM3OTQ5MkMxM0U5QUMxNDdD
NDlGNUFEMDQwHhcNMjUwODEzMDQxMTQwWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODljMTA3Yy0zNDRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx5QcW8rolm1Yj/xXBfnly+r3Ja83vPqTTUpolKNVk3h61HCV5ThllSS4yBWq
Du/Bf8qeSTSCBHCf+KwvLIxV6SpdsrSC0YZJr0ROb3Tb0PEiNiOcwlN2JciN4Rgn
AwC9RpyjJLOTtVZ85tNfoAlKapDBSILBUX+Mbu8wYQkEySg4+Lonon7945v+uLyq
YFrlc9sU1xqtGHF+gWBZegB9S/Ow07L02am9fU+T0V/z53vK64PTGRR5MzMWl9gF
LwS9PyNuEIjGZBPMNj88juMvlZ8xQdILjAEX2vHXJIzuE05EozRbW7f+Cqy/gBVe
71cCLXK34p1R09GTiE01MGVBzwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFAJWQqZa
HVBmEYarB6Fzso5SfrHOMB8GA1UdIwQYMBaAFNwjpp6h78GjeUksE+msFHxJ9a0E
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQjRDMi9CMTdFOTVENjAz
NzAxMUVFOUJCNjJDMkZDNEY5QUUwMi8zQ09tbnFIdndhTjVTU3dUNmF3VWZFbjFy
UVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNDT21ucUh2d2FONVNTd1Q2YXdVZkVuMXJRUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkI0QzIvQjE3RTk1RDYwMzcwMTFFRTlCQjYyQzJGQzRGOUFFMDIvQ0JGN0UyQ0Uy
RDM2MTFFRUE4MUE0OTBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFn1SQwDQQCAAIwBwMFACQBBeAwDQYJKoZIhvcNAQELBQAD
ggEBADGBxHvn22zh4g6Bgzy5Uub7nHTNr7ixNDLGsXR0eYEFlnSVe5MdTlHuiA0n
zhkKza9IhVU6KO84SxKb3Ah1IKmlLYA+cjJmVSvc0NF75Qf2uACNVskJ5dOcVHtF
4Xh0WKfKvrNegjN7cnVouZlOS6Ja2GmWTxKPF9aSRSezx8sLbIURwl1+ujKJR8fX
eJn14LHpfheRUpPy/khagp3tQU8v4IWSvPnp63TUiTbXDSIpCDFkZ1fufU5Ee0O5
8dv3wFJ8YPpVgMC/URRRUU12Ziahw9/kikfkiTurGhk5poMouq/odXnLMtnhPEGT
QLUe0jUTrm/J63pXiU1Zm6dlAWc=
-----END CERTIFICATE-----
Generated at Wed Aug 13 15:59:38 2025 by rpki-client