Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
File: 398848523A0011EFB7007939C4F9AE02.roa (raw, json)
Hash identifier: Zlhwy82VHpRYLPT4enDdRaV9Hjue+wnu8x2KNE0lTzk=
Subject key identifier: 38:C9:CC:9B:66:5F:9F:33:0D:55:00:60:44:B6:F5:F0:66:BF:E2:8F
Certificate issuer: /CN=A91C4003/serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Certificate serial: 0C10
Authority key identifier: 03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
Signing time: Wed 30 Jul 2025 19:28:52 +0000
ROA not before: Wed 30 Jul 2025 19:28:52 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 38835
IP address blocks: 43.231.68.0/22 maxlen: 24
43.245.36.0/22 maxlen: 24
43.251.52.0/22 maxlen: 24
103.18.252.0/22 maxlen: 24
103.21.132.0/22 maxlen: 24
103.24.47.0/24 maxlen: 24
103.42.140.0/22 maxlen: 24
103.205.246.0/23 maxlen: 24
103.206.28.0/24 maxlen: 24
103.232.196.0/22 maxlen: 24
113.21.32.0/20 maxlen: 23
113.21.32.0/22 maxlen: 24
113.21.37.0/24 maxlen: 24
113.21.38.0/23 maxlen: 24
113.21.40.0/21 maxlen: 24
113.61.96.0/21 maxlen: 23
113.61.96.0/22 maxlen: 24
113.61.100.0/23 maxlen: 24
113.61.102.0/24 maxlen: 24
163.47.64.0/22 maxlen: 24
182.161.44.0/22 maxlen: 24
183.81.144.0/21 maxlen: 24
203.31.34.0/23 maxlen: 24
203.160.8.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 14 Aug 2025 05:57:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3088 (0xc10)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C4003, serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Validity
Not Before: Jul 30 19:28:52 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=688a7274-bafb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:d8:e7:14:2c:03:59:6a:ac:01:a6:71:43:56:
86:8d:4d:81:d7:79:22:8e:9e:81:7e:c5:ae:a5:5d:
0f:ab:b5:61:52:6d:d0:64:b5:89:2d:27:d4:50:18:
e5:31:5b:69:19:f5:26:15:f1:c6:fd:1f:0a:2f:75:
e5:78:5a:8c:cc:52:9e:70:57:de:d9:d6:03:f9:59:
77:0b:10:25:77:1f:af:7e:f2:f4:67:99:86:68:5c:
23:bf:6b:c2:d3:af:f6:76:fd:ad:1d:01:62:da:d5:
17:38:8f:51:33:f5:c7:71:43:3b:69:e3:06:4f:06:
16:21:d3:3a:3f:19:67:27:10:de:87:8d:1f:15:fb:
49:a1:19:6d:fa:4b:d4:22:c8:01:f6:ad:37:10:39:
74:ba:d4:d4:ea:7c:4a:3f:d2:43:1c:79:a6:7d:4e:
8c:b6:ab:71:73:1c:64:e3:fa:ec:de:9b:44:06:05:
9c:79:ac:a9:ba:16:58:3e:80:ed:ff:e9:b4:e9:69:
26:b4:4d:22:81:00:91:19:5e:7e:67:82:89:d3:91:
93:e9:59:77:26:4a:c1:07:fb:dd:38:9c:9b:0d:84:
02:70:1a:45:03:0f:73:d7:28:0a:03:50:49:66:ad:
3a:74:21:6f:34:cb:f1:2f:69:a1:cf:0a:a0:ce:e9:
82:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:C9:CC:9B:66:5F:9F:33:0D:55:00:60:44:B6:F5:F0:66:BF:E2:8F
X509v3 Authority Key Identifier:
keyid:03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.231.68.0/22
43.245.36.0/22
43.251.52.0/22
103.18.252.0/22
103.21.132.0/22
103.24.47.0/24
103.42.140.0/22
103.205.246.0/23
103.206.28.0/24
103.232.196.0/22
113.21.32.0/20
113.61.96.0/21
163.47.64.0/22
182.161.44.0/22
183.81.144.0/21
203.31.34.0/23
203.160.8.0/21
Signature Algorithm: sha256WithRSAEncryption
59:ea:5e:8c:38:f0:77:1a:0d:d8:ef:d0:96:4c:bc:fd:91:10:
fe:b6:f9:73:dc:17:63:5b:74:b8:11:e5:93:16:98:df:ad:42:
34:88:47:ff:c7:5a:d2:39:76:1c:26:ba:c4:51:76:4f:8f:61:
de:e9:22:03:a0:7a:a4:2b:4c:c2:33:b1:9c:db:40:f3:50:ff:
7a:c9:44:08:b2:67:5e:91:bd:b5:7d:a6:df:42:b8:72:c9:30:
66:49:e5:b8:4e:62:2e:bb:e1:85:4d:05:9f:d3:13:ae:5a:12:
00:73:b2:43:1f:7a:e9:4c:12:28:df:5a:8f:26:97:ad:c7:fd:
4d:ed:e8:6f:32:b3:7f:81:64:23:16:25:fd:3a:7d:76:03:4a:
7f:5f:78:af:ae:13:8a:ec:af:4e:0e:6c:9c:1e:7a:79:d7:bf:
bc:af:56:bd:49:b2:b3:96:18:24:42:a6:1f:35:07:2b:93:0f:
bd:ff:d3:41:e8:c0:43:d9:93:3b:7a:bc:5f:51:a0:49:e2:a0:
51:53:cc:38:71:cc:1f:c4:70:70:12:8e:95:fe:18:fb:08:1e:
cd:9c:98:9d:09:71:d6:96:98:d1:2d:44:97:17:96:0d:20:1a:
9a:e3:dc:70:dd:bb:e4:40:35:6f:f7:f5:96:b0:0b:2d:ab:aa:
da:86:cf:b6
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgICDBAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzQwMDMxMTAvBgNVBAUTKDAzOEE4NkYzNjJCMjU1N0Y5NEJFNzcyRUUwQzVGRDMx
ODQ1RkUyNjMwHhcNMjUwNzMwMTkyODUyWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhhNzI3NC1iYWZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6NjnFCwDWWqsAaZxQ1aGjU2B13kijp6BfsWupV0Pq7VhUm3QZLWJLSfUUBjl
MVtpGfUmFfHG/R8KL3XleFqMzFKecFfe2dYD+Vl3CxAldx+vfvL0Z5mGaFwjv2vC
06/2dv2tHQFi2tUXOI9RM/XHcUM7aeMGTwYWIdM6PxlnJxDeh40fFftJoRlt+kvU
IsgB9q03EDl0utTU6nxKP9JDHHmmfU6Mtqtxcxxk4/rs3ptEBgWceaypuhZYPoDt
/+m06WkmtE0igQCRGV5+Z4KJ05GT6Vl3JkrBB/vdOJybDYQCcBpFAw9z1ygKA1BJ
Zq06dCFvNMvxL2mhzwqgzumCTQIDAQABo4IC9TCCAvEwHQYDVR0OBBYEFDjJzJtm
X58zDVUAYES29fBmv+KPMB8GA1UdIwQYMBaAFAOKhvNislV/lL53LuDF/TGEX+Jj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNDAwMy9COEU4QUQ3MjFB
RDgxMUVBODJFNzRCMkZDNEY5QUUwMi9BNHFHODJLeVZYLVV2bmN1NE1YOU1ZUmY0
bU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0E0cUc4Mkt5VlgtVXZuY3U0TVg5TVlSZjRtTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzQwMDMvQjhFOEFENzIxQUQ4MTFFQTgyRTc0QjJGQzRGOUFFMDIvMzk4ODQ4NTIz
QTAwMTFFRkI3MDA3OTM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfwYIKwYBBQUHAQcBAf8E
cDBuMGwEAgABMGYDBAIr50QDBAIr9SQDBAIr+zQDBAJnEvwDBAJnFYQDBABnGC8D
BAJnKowDBAFnzfYDBABnzhwDBAJn6MQDBARxFSADBANxPWADBAKjL0ADBAK2oSwD
BAO3UZADBAHLHyIDBAPLoAgwDQYJKoZIhvcNAQELBQADggEBAFnqXow48HcaDdjv
0JZMvP2REP62+XPcF2NbdLgR5ZMWmN+tQjSIR//HWtI5dhwmusRRdk+PYd7pIgOg
eqQrTMIzsZzbQPNQ/3rJRAiyZ16RvbV9pt9CuHLJMGZJ5bhOYi674YVNBZ/TE65a
EgBzskMfeulMEijfWo8ml63H/U3t6G8ys3+BZCMWJf06fXYDSn9feK+uE4rsr04O
bJweennXv7yvVr1JsrOWGCRCph81ByuTD73/00HowEPZkzt6vF9RoEnioFFTzDhx
zB/EcHASjpX+GPsIHs2cmJ0JcdaWmNEtRJcXlg0gGprj3HDdu+RANW/39ZawCy2r
qtqGz7Y=
-----END CERTIFICATE-----
Generated at Mon Aug 11 10:31:18 2025 by rpki-client