Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/392036B4808B11EFAB024F45C4F9AE02.roa
File: 392036B4808B11EFAB024F45C4F9AE02.roa (raw, json)
Hash identifier: jLmFIeuFfW/kA9gB2qa9B520Ov6OJzEYyswQvxuxZy4=
Subject key identifier: 4C:AE:5A:E1:B0:D5:99:55:79:CE:B2:7E:01:6C:32:12:D3:C7:2B:E8
Certificate issuer: /CN=A912F1D5/serialNumber=FBBA4A9609B4174E6CB47B95834E2A9C3D968663
Certificate serial: 0C4D
Authority key identifier: FB:BA:4A:96:09:B4:17:4E:6C:B4:7B:95:83:4E:2A:9C:3D:96:86:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-7pKlgm0F05stHuVg04qnD2WhmM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/392036B4808B11EFAB024F45C4F9AE02.roa
Signing time: Wed 30 Apr 2025 18:58:09 +0000
ROA not before: Wed 30 Apr 2025 18:58:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 38026
IP address blocks: 43.240.100.0/24 maxlen: 24
43.240.101.0/24 maxlen: 24
43.240.102.0/24 maxlen: 24
43.240.103.0/24 maxlen: 24
103.36.100.0/22 maxlen: 22
103.36.100.0/24 maxlen: 24
103.36.101.0/24 maxlen: 24
103.36.102.0/24 maxlen: 24
103.36.103.0/24 maxlen: 24
116.193.216.0/24 maxlen: 24
116.193.217.0/24 maxlen: 24
116.193.219.0/24 maxlen: 24
116.193.220.0/24 maxlen: 24
116.193.221.0/24 maxlen: 24
116.193.222.0/24 maxlen: 24
116.193.223.0/24 maxlen: 24
202.164.208.0/21 maxlen: 24
2404:af80::/32 maxlen: 32
2404:af80::/48 maxlen: 48
2404:af80:1::/48 maxlen: 48
2404:af80:2::/48 maxlen: 48
2404:af80:3::/48 maxlen: 48
2404:af80:4::/48 maxlen: 48
2404:af80:10::/48 maxlen: 48
2404:af80:11::/48 maxlen: 48
2404:af80:12::/48 maxlen: 48
2404:af80:13::/48 maxlen: 48
2404:af80:14::/48 maxlen: 48
2404:af80:15::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/-7pKlgm0F05stHuVg04qnD2WhmM.crl
rsync://rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/-7pKlgm0F05stHuVg04qnD2WhmM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-7pKlgm0F05stHuVg04qnD2WhmM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 18:38:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3149 (0xc4d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912F1D5, serialNumber=FBBA4A9609B4174E6CB47B95834E2A9C3D968663
Validity
Not Before: Apr 30 18:58:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681272c1-b8eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:3e:e2:6e:64:97:38:14:e5:46:b0:2a:89:31:
42:7b:fb:88:96:bf:a1:4a:52:02:f6:f9:2d:38:2c:
30:25:07:05:1e:d3:60:ef:e7:9c:3e:1f:6a:69:41:
24:18:df:a9:38:bb:99:d5:c1:66:60:92:87:31:59:
9a:a2:ce:52:c5:3c:43:1d:da:d8:26:55:51:26:ba:
ae:cc:a6:ab:ae:9d:b9:4c:96:97:14:ea:83:f7:25:
22:0d:79:0e:1d:b2:eb:77:e0:11:39:00:76:46:81:
9a:13:47:ad:de:8d:e1:52:40:f9:d7:d9:eb:49:3e:
d7:ef:ed:1d:63:81:f6:0a:f0:12:4d:54:ca:5f:c7:
ed:22:e3:a8:aa:27:20:3c:e0:e5:dc:f7:22:51:86:
be:56:4f:d6:1c:50:b2:12:4a:37:b1:2c:53:77:6f:
c0:d0:07:2f:9b:1d:ea:b5:98:c0:bd:ba:2b:57:36:
58:d6:d2:b9:13:67:66:f1:2e:66:d7:6b:e3:18:60:
13:6d:3c:ad:e8:c9:56:ba:59:26:8e:25:a1:34:83:
33:d2:ff:4b:df:0e:46:ef:78:27:cd:5c:1b:14:dc:
c8:7b:26:99:0b:66:99:f4:4b:e1:67:1f:9f:4b:74:
1f:aa:3a:41:5c:80:dc:93:07:a0:a5:6d:3d:9e:4a:
64:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:AE:5A:E1:B0:D5:99:55:79:CE:B2:7E:01:6C:32:12:D3:C7:2B:E8
X509v3 Authority Key Identifier:
keyid:FB:BA:4A:96:09:B4:17:4E:6C:B4:7B:95:83:4E:2A:9C:3D:96:86:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/-7pKlgm0F05stHuVg04qnD2WhmM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-7pKlgm0F05stHuVg04qnD2WhmM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912F1D5/EE0180780F6211EAA706AF3DC4F9AE02/392036B4808B11EFAB024F45C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.240.100.0/22
103.36.100.0/22
116.193.216.0/23
116.193.219.0-116.193.223.255
202.164.208.0/21
IPv6:
2404:af80::/32
Signature Algorithm: sha256WithRSAEncryption
0c:fc:97:ad:09:3b:95:2e:78:d5:46:ba:12:49:db:3c:62:02:
9a:7a:b4:df:8e:1e:ef:be:9d:f9:1e:8f:26:6c:aa:8b:6b:5a:
4b:7c:d1:84:fe:2a:dc:13:df:60:c5:63:cf:f0:d5:c9:63:5f:
31:71:84:ad:fd:e0:e8:d8:17:58:f6:6e:13:de:cd:cc:c5:5c:
e8:9b:63:0d:4a:1a:fd:9a:29:da:52:68:b1:37:b8:07:c7:d2:
ee:ac:74:56:06:7e:11:46:f5:21:37:f7:67:e0:c0:94:8e:3c:
b3:66:5e:07:af:a2:36:3c:27:b3:47:6e:93:33:d6:89:75:8b:
1f:e3:be:0f:99:7a:e7:a0:4b:6d:3d:be:bc:bf:f6:08:49:d4:
2a:5f:4e:28:02:28:7f:01:e2:e0:81:6a:ea:62:7f:94:82:81:
bd:4f:b1:26:3f:f4:12:c9:15:03:b1:ef:18:a0:81:34:63:2e:
01:8f:85:4f:e4:0d:ec:7c:ce:3d:d7:14:d2:08:54:d8:03:d4:
87:bc:a7:10:1f:21:8d:1d:cf:1f:65:31:70:9a:f3:b4:c9:34:
d7:cd:b7:9c:cc:28:a6:f0:bb:4b:6b:5c:c5:51:93:26:09:4f:
1a:d6:d2:eb:fa:22:7b:14:c3:91:f2:c9:c7:2c:a9:dd:97:6f:
7f:a3:f5:b5
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgICDE0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkYxRDUxMTAvBgNVBAUTKEZCQkE0QTk2MDlCNDE3NEU2Q0I0N0I5NTgzNEUyQTlD
M0Q5Njg2NjMwHhcNMjUwNDMwMTg1ODA5WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEyNzJjMS1iOGViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvD7ibmSXOBTlRrAqiTFCe/uIlr+hSlIC9vktOCwwJQcFHtNg7+ecPh9qaUEk
GN+pOLuZ1cFmYJKHMVmaos5SxTxDHdrYJlVRJrquzKarrp25TJaXFOqD9yUiDXkO
HbLrd+AROQB2RoGaE0et3o3hUkD519nrST7X7+0dY4H2CvASTVTKX8ftIuOoqicg
PODl3PciUYa+Vk/WHFCyEko3sSxTd2/A0Acvmx3qtZjAvborVzZY1tK5E2dm8S5m
12vjGGATbTyt6MlWulkmjiWhNIMz0v9L3w5G73gnzVwbFNzIeyaZC2aZ9EvhZx+f
S3QfqjpBXIDckwegpW09nkpkwwIDAQABo4ICxDCCAsAwHQYDVR0OBBYEFEyuWuGw
1ZlVec6yfgFsMhLTxyvoMB8GA1UdIwQYMBaAFPu6SpYJtBdObLR7lYNOKpw9loZj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRjFENS9FRTAxODA3ODBG
NjIxMUVBQTcwNkFGM0RDNEY5QUUwMi8tN3BLbGdtMEYwNXN0SHVWZzA0cW5EMldo
bU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy03cEtsZ20wRjA1c3RIdVZnMDRxbkQyV2htTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkYxRDUvRUUwMTgwNzgwRjYyMTFFQUE3MDZBRjNEQzRGOUFFMDIvMzkyMDM2QjQ4
MDhCMTFFRkFCMDI0RjQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTgYIKwYBBQUHAQcBAf8E
PzA9MCwEAgABMCYDBAIr8GQDBAJnJGQDBAF0wdgwDAMEAHTB2wMEBXTBwAMEA8qk
0DANBAIAAjAHAwUAJASvgDANBgkqhkiG9w0BAQsFAAOCAQEADPyXrQk7lS541Ua6
EknbPGICmnq0344e776d+R6PJmyqi2taS3zRhP4q3BPfYMVjz/DVyWNfMXGErf3g
6NgXWPZuE97NzMVc6JtjDUoa/Zop2lJosTe4B8fS7qx0VgZ+EUb1ITf3Z+DAlI48
s2ZeB6+iNjwns0dukzPWiXWLH+O+D5l656BLbT2+vL/2CEnUKl9OKAIofwHi4IFq
6mJ/lIKBvU+xJj/0EskVA7HvGKCBNGMuAY+FT+QN7HzOPdcU0ghU2APUh7ynEB8h
jR3PH2UxcJrztMk01823nMwopvC7S2tcxVGTJglPGtbS6/oiexTDkfLJxyyp3Zdv
f6P1tQ==
-----END CERTIFICATE-----
Generated at Wed May 14 20:56:17 2025 by rpki-client