Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
File: CF6B95A22B0611F095AFC61DC4F9AE02.roa (raw, json)
Hash identifier: Z/zRPe2DhnITKsdqsZS/1BdNv028Ed4X3nLcFzmMS/g=
Subject key identifier: 00:A2:3C:8F:14:62:7D:C7:11:AC:D2:AE:D6:99:F0:32:B1:BB:FD:0F
Certificate issuer: /CN=A917BB9A/serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Certificate serial: CD
Authority key identifier: A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
Signing time: Sun 29 Jun 2025 06:17:08 +0000
ROA not before: Sun 29 Jun 2025 06:17:08 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 56209
IP address blocks: 150.129.172.0/23 maxlen: 23
150.129.172.0/24 maxlen: 24
150.129.173.0/24 maxlen: 24
150.129.174.0/23 maxlen: 23
150.129.174.0/24 maxlen: 24
150.129.175.0/24 maxlen: 24
202.47.112.0/24 maxlen: 24
202.47.113.0/24 maxlen: 24
202.47.114.0/24 maxlen: 24
202.47.115.0/24 maxlen: 24
202.47.116.0/24 maxlen: 24
202.47.117.0/24 maxlen: 24
202.47.118.0/24 maxlen: 24
202.47.119.0/24 maxlen: 24
202.71.0.0/23 maxlen: 23
202.71.0.0/24 maxlen: 24
202.71.1.0/24 maxlen: 24
202.71.2.0/23 maxlen: 23
202.71.2.0/24 maxlen: 24
202.71.3.0/24 maxlen: 24
202.71.24.0/23 maxlen: 23
202.71.24.0/24 maxlen: 24
202.71.25.0/24 maxlen: 24
202.71.26.0/24 maxlen: 24
202.71.27.0/24 maxlen: 24
202.71.28.0/24 maxlen: 24
202.71.29.0/24 maxlen: 24
202.71.30.0/24 maxlen: 24
202.71.31.0/24 maxlen: 24
2401:a3e0::/48 maxlen: 48
2401:a3e0:1::/48 maxlen: 48
2401:a3e0:2::/48 maxlen: 48
2401:a3e0:3::/48 maxlen: 48
2401:a3e0:4::/48 maxlen: 48
2401:a3e0:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 06 Jul 2025 06:17:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 205 (0xcd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917BB9A, serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Validity
Not Before: Jun 29 06:17:08 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=6860da63-6420
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:39:cf:6e:7c:43:a5:12:72:bd:ae:b4:2d:69:
ac:d2:f1:03:af:b0:e8:1c:95:47:f4:c5:7f:f0:68:
8a:3e:4e:be:c2:c3:fc:30:0a:e8:4b:6b:95:84:b9:
01:55:0e:fa:41:08:48:02:6c:58:cc:cf:48:19:36:
5e:ea:ac:f4:de:04:8a:fd:cf:4b:ab:5e:1d:4a:3e:
0d:bd:fa:9d:a0:26:e3:fd:55:ae:73:eb:50:04:fb:
a0:c3:77:92:cd:18:b3:02:cc:d2:4f:7a:33:ce:e8:
f4:ab:76:ed:8a:83:10:1a:05:a0:a1:93:4a:55:fa:
30:e3:34:9b:0b:e1:f2:55:6b:d9:12:4a:f2:02:1d:
3e:13:00:7a:14:57:05:8c:2a:d5:b2:7c:ee:2d:42:
96:b3:46:f3:fe:67:9e:1f:c8:c3:f1:04:ff:98:d4:
ef:6b:dd:30:bd:f9:c1:76:ee:cd:66:58:49:be:6f:
83:33:43:1d:63:a5:88:d3:56:9a:f8:58:5b:fe:03:
de:72:63:ba:a4:9a:9a:af:2b:f4:a6:0d:89:c5:f1:
4f:f8:ad:2d:07:77:ba:3e:7a:e8:ef:cd:e8:09:e0:
bc:2f:8e:ec:74:be:ec:44:5b:e3:a5:c3:f8:0a:c7:
f5:56:1a:f6:d3:91:9c:62:f1:b8:e6:5a:06:1b:7d:
dc:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:A2:3C:8F:14:62:7D:C7:11:AC:D2:AE:D6:99:F0:32:B1:BB:FD:0F
X509v3 Authority Key Identifier:
keyid:A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.129.172.0/22
202.47.112.0/21
202.71.0.0/22
202.71.24.0/21
IPv6:
2401:a3e0::-2401:a3e0:5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
89:53:10:ea:af:2c:87:ac:8a:73:7f:1d:7c:1f:9d:61:e7:5a:
1a:90:f1:bd:a4:6f:09:6c:8e:e0:83:58:b0:15:af:bc:9d:ad:
aa:98:08:07:05:8c:c6:66:70:58:4d:aa:d6:a9:13:87:ad:9b:
68:77:59:e9:c8:bc:af:6d:36:26:e3:5d:bd:20:ff:7a:46:74:
d0:f6:48:1e:3f:1c:14:64:b2:97:9d:3c:a7:62:13:9e:f0:86:
ad:3d:a3:52:f9:24:25:4e:6e:cf:0b:23:01:0f:ad:30:28:0d:
12:a4:2a:ee:8c:10:12:5d:20:20:02:8c:95:59:64:df:9a:ec:
a5:64:2d:9b:a3:1f:cb:fd:5f:b2:e9:31:00:46:d9:1f:57:9a:
ab:af:fd:e4:ce:fa:c3:3d:a2:08:7a:17:43:07:4d:e8:d6:b6:
0b:8b:01:b3:49:ec:95:ec:19:a0:9f:fb:2a:30:ff:72:bd:47:
6f:cf:50:4a:38:a4:b2:d6:9c:56:0c:fa:7d:e4:e6:aa:8a:85:
46:a5:68:80:da:ee:72:08:ef:15:95:ed:4a:70:83:9e:13:a6:
02:2c:5c:95:45:2d:87:5a:3d:3e:3d:41:c2:fd:16:da:2b:1e:
e6:51:29:2f:df:23:f9:6d:84:dd:11:5a:cb:22:9f:ef:2c:e5:
71:85:05:bd
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICAM0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0JCOUExMTAvBgNVBAUTKEE2MTcyRUVCRTFGQ0QxQTk3OENDQTQ2N0UxQjU4QTMw
QjM3OTUxRUIwHhcNMjUwNjI5MDYxNzA4WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODYwZGE2My02NDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuDnPbnxDpRJyva60LWms0vEDr7DoHJVH9MV/8GiKPk6+wsP8MAroS2uVhLkB
VQ76QQhIAmxYzM9IGTZe6qz03gSK/c9Lq14dSj4NvfqdoCbj/VWuc+tQBPugw3eS
zRizAszST3ozzuj0q3btioMQGgWgoZNKVfow4zSbC+HyVWvZEkryAh0+EwB6FFcF
jCrVsnzuLUKWs0bz/meeH8jD8QT/mNTva90wvfnBdu7NZlhJvm+DM0MdY6WI01aa
+Fhb/gPecmO6pJqaryv0pg2JxfFP+K0tB3e6Pnro783oCeC8L47sdL7sRFvjpcP4
Csf1Vhr205GcYvG45loGG33cQwIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFACiPI8U
Yn3HEazSrtaZ8DKxu/0PMB8GA1UdIwQYMBaAFKYXLuvh/NGpeMykZ+G1ijCzeVHr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QkI5QS80OUNEMDMwNENG
RjMxMUVGOTA2MkU1MjFDNEY5QUUwMi9waGN1Ni1IODBhbDR6S1JuNGJXS01MTjVV
ZXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BoY3U2LUg4MGFsNHpLUm40YldLTUxONVVlcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0JCOUEvNDlDRDAzMDRDRkYzMTFFRjkwNjJFNTIxQzRGOUFFMDIvQ0Y2Qjk1QTIy
QjA2MTFGMDk1QUZDNjFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MB4EAgABMBgDBAKWgawDBAPKL3ADBALKRwADBAPKRxgwGAQCAAIwEjAQAwUF
JAGj4AMHASQBo+AABDANBgkqhkiG9w0BAQsFAAOCAQEAiVMQ6q8sh6yKc38dfB+d
YedaGpDxvaRvCWyO4INYsBWvvJ2tqpgIBwWMxmZwWE2q1qkTh62baHdZ6ci8r202
JuNdvSD/ekZ00PZIHj8cFGSyl508p2ITnvCGrT2jUvkkJU5uzwsjAQ+tMCgNEqQq
7owQEl0gIAKMlVlk35rspWQtm6Mfy/1fsukxAEbZH1eaq6/95M76wz2iCHoXQwdN
6Na2C4sBs0nslewZoJ/7KjD/cr1Hb89QSjikstacVgz6feTmqoqFRqVogNrucgjv
FZXtSnCDnhOmAixclUUth1o9Pj1Bwv0W2ise5lEpL98j+W2E3RFayyKf7yzlcYUF
vQ==
-----END CERTIFICATE-----
Generated at Sun Jun 29 20:13:23 2025 by rpki-client