Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
File: AB20F8C0DD3311EF8B8A711FC4F9AE02.roa (raw, json)
Hash identifier: qF9QEK3QPpy3Uy+0VtrwIu1I68i1XFjo3G0NKyyWueo=
Subject key identifier: B3:2D:CE:00:E1:7C:B9:7F:6B:3C:E5:00:69:5F:DD:84:C0:8E:9E:88
Certificate issuer: /CN=A9148C7B/serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Certificate serial: 087B
Authority key identifier: 7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
Signing time: Wed 14 May 2025 06:02:40 +0000
ROA not before: Wed 14 May 2025 06:02:40 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 38742
IP address blocks: 23.88.194.0/24 maxlen: 24
23.88.195.0/24 maxlen: 24
23.88.196.0/24 maxlen: 24
23.88.197.0/24 maxlen: 24
23.88.198.0/24 maxlen: 24
23.88.199.0/24 maxlen: 24
23.88.200.0/24 maxlen: 24
23.88.201.0/24 maxlen: 24
23.88.202.0/24 maxlen: 24
23.88.203.0/24 maxlen: 24
23.88.204.0/24 maxlen: 24
23.88.205.0/24 maxlen: 24
23.88.206.0/24 maxlen: 24
23.88.207.0/24 maxlen: 24
23.88.208.0/24 maxlen: 24
23.88.209.0/24 maxlen: 24
23.88.210.0/24 maxlen: 24
23.88.211.0/24 maxlen: 24
23.88.212.0/22 maxlen: 22
23.88.212.0/24 maxlen: 24
23.88.213.0/24 maxlen: 24
23.88.214.0/24 maxlen: 24
23.88.215.0/24 maxlen: 24
23.88.216.0/22 maxlen: 22
23.88.216.0/24 maxlen: 24
23.88.217.0/24 maxlen: 24
23.88.218.0/24 maxlen: 24
23.88.219.0/24 maxlen: 24
23.88.220.0/22 maxlen: 22
23.88.220.0/24 maxlen: 24
23.88.221.0/24 maxlen: 24
23.88.222.0/24 maxlen: 24
23.88.223.0/24 maxlen: 24
152.36.194.0/24 maxlen: 24
152.36.195.0/24 maxlen: 24
152.36.200.0/24 maxlen: 24
152.36.202.0/24 maxlen: 24
152.36.206.0/24 maxlen: 24
152.36.207.0/24 maxlen: 24
152.36.209.0/24 maxlen: 24
152.36.210.0/24 maxlen: 24
152.36.216.0/24 maxlen: 24
152.36.217.0/24 maxlen: 24
152.36.218.0/24 maxlen: 24
152.36.219.0/24 maxlen: 24
152.36.220.0/24 maxlen: 24
152.36.221.0/24 maxlen: 24
152.36.222.0/24 maxlen: 24
152.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 14:46:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2171 (0x87b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Validity
Not Before: May 14 06:02:40 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=682431ff-8475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:73:59:33:e9:15:8f:70:be:ca:b2:6a:e0:af:
fa:55:0e:99:72:f6:43:c0:ec:7d:b8:3b:38:7b:28:
f0:cd:70:c9:df:2c:76:11:fd:fd:cb:61:b5:ad:6a:
b8:f9:e8:e9:b9:0e:9b:2a:c8:bb:79:25:e1:1d:55:
53:79:fd:40:94:0d:c0:57:61:f1:10:56:45:08:a6:
0b:2c:fa:2f:7b:e0:fa:f3:b8:97:8d:49:6f:84:bf:
36:0e:68:fa:b9:73:a4:b9:14:a3:ed:2d:1a:53:c5:
c3:bf:46:d1:2d:99:b4:ea:44:10:9e:88:d4:a5:91:
7e:22:05:5f:5b:59:d1:e5:4f:fb:18:ca:00:dd:88:
41:6c:4b:36:d1:1a:49:ff:73:87:04:24:ad:49:0c:
48:86:e6:0e:f5:22:7b:cc:12:12:ca:57:b8:2b:9f:
47:97:c4:b6:0e:cb:09:5e:13:95:5e:4f:88:d3:49:
06:07:e4:9c:47:45:31:da:29:1c:d1:33:db:e4:fc:
70:48:2d:dd:24:7d:d9:18:a0:22:d6:97:57:22:c6:
59:f2:70:dc:bf:b8:1f:9f:50:e2:fd:85:76:75:3c:
d5:ac:7e:5a:f7:d2:05:17:81:30:8a:85:ce:2a:d2:
62:59:7b:8e:94:04:48:18:60:d3:ea:0c:0a:ff:a0:
11:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:2D:CE:00:E1:7C:B9:7F:6B:3C:E5:00:69:5F:DD:84:C0:8E:9E:88
X509v3 Authority Key Identifier:
keyid:7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
23.88.194.0-23.88.223.255
152.36.194.0/23
152.36.200.0/24
152.36.202.0/24
152.36.206.0/23
152.36.209.0-152.36.210.255
152.36.216.0/21
Signature Algorithm: sha256WithRSAEncryption
5f:df:1b:c7:61:47:57:f5:4e:b8:37:3a:88:62:46:c7:bb:6a:
58:31:57:d8:6c:a5:d1:5b:f3:3a:5b:be:16:6e:89:f1:98:fc:
97:ec:75:3e:6a:15:3d:22:79:07:a8:27:5d:0a:fa:63:7e:e7:
ed:84:c2:f4:3e:30:a8:99:30:fe:3b:81:1b:1e:7e:84:80:36:
e2:a8:ef:49:5f:90:7f:2a:c3:c3:65:6b:62:7b:65:0e:dc:bc:
93:11:00:d8:7c:cb:23:89:06:9a:1d:7d:55:1f:08:ba:2b:d8:
21:a6:a9:b8:7c:74:5d:df:ee:0a:74:5a:31:50:2c:d5:ed:13:
a3:8d:30:7d:c5:73:41:66:76:ad:be:96:f5:0a:b9:15:27:e2:
21:ce:ac:96:20:fb:ab:ea:66:2a:e0:39:aa:a5:45:05:e2:f1:
95:5a:1e:4c:bb:33:df:fb:e4:c5:51:99:81:13:33:c2:e4:08:
46:b0:35:4a:4a:2d:15:c7:bb:57:3c:97:78:f9:df:fe:8a:b4:
33:40:2f:e7:dd:f3:22:dd:57:39:ed:fc:b7:4c:33:1f:a8:53:
3a:84:6d:13:9e:29:4a:c1:a2:12:5e:f0:f6:9d:2c:d4:a8:38:
d1:76:56:26:98:0d:8a:72:f4:dd:e5:09:46:eb:7f:83:b0:4b:
0a:80:37:11
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgICCHswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDdGNzk2NjVFNjNCRjNDRDU2REMyNEEwQTcwRDU3RjlB
OTQyREQxQjgwHhcNMjUwNTE0MDYwMjQwWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI0MzFmZi04NDc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAunNZM+kVj3C+yrJq4K/6VQ6ZcvZDwOx9uDs4eyjwzXDJ3yx2Ef39y2G1rWq4
+ejpuQ6bKsi7eSXhHVVTef1AlA3AV2HxEFZFCKYLLPove+D687iXjUlvhL82Dmj6
uXOkuRSj7S0aU8XDv0bRLZm06kQQnojUpZF+IgVfW1nR5U/7GMoA3YhBbEs20RpJ
/3OHBCStSQxIhuYO9SJ7zBISyle4K59Hl8S2DssJXhOVXk+I00kGB+ScR0Ux2ikc
0TPb5PxwSC3dJH3ZGKAi1pdXIsZZ8nDcv7gfn1Di/YV2dTzVrH5a99IFF4EwioXO
KtJiWXuOlARIGGDT6gwK/6ARbwIDAQABo4ICyTCCAsUwHQYDVR0OBBYEFLMtzgDh
fLl/azzlAGlf3YTAjp6IMB8GA1UdIwQYMBaAFH95Zl5jvzzVbcJKCnDVf5qULdG4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi81QkZDRkY4Q0Q2
MzAxMUVBOTQwREEwMzlDNEY5QUUwMi9mM2xtWG1PX1BOVnR3a29LY05WX21wUXQw
YmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2YzbG1YbU9fUE5WdHdrb0tjTlZfbXBRdDBiZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNUJGQ0ZGOENENjMwMTFFQTk0MERBMDM5QzRGOUFFMDIvQUIyMEY4QzBE
RDMzMTFFRjhCOEE3MTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUwYIKwYBBQUHAQcBAf8E
RDBCMEAEAgABMDowDAMEARdYwgMEBRdYwAMEAZgkwgMEAJgkyAMEAJgkygMEAZgk
zjAMAwQAmCTRAwQAmCTSAwQDmCTYMA0GCSqGSIb3DQEBCwUAA4IBAQBf3xvHYUdX
9U64NzqIYkbHu2pYMVfYbKXRW/M6W74WbonxmPyX7HU+ahU9InkHqCddCvpjfuft
hML0PjComTD+O4EbHn6EgDbiqO9JX5B/KsPDZWtie2UO3LyTEQDYfMsjiQaaHX1V
Hwi6K9ghpqm4fHRd3+4KdFoxUCzV7ROjjTB9xXNBZnatvpb1CrkVJ+IhzqyWIPur
6mYq4DmqpUUF4vGVWh5MuzPf++TFUZmBEzPC5AhGsDVKSi0Vx7tXPJd4+d/+irQz
QC/n3fMi3Vc57fy3TDMfqFM6hG0TnilKwaISXvD2nSzUqDjRdlYmmA2KcvTd5QlG
63+DsEsKgDcR
-----END CERTIFICATE-----
Generated at Thu May 15 19:03:45 2025 by rpki-client