Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
File: CF6B95A22B0611F095AFC61DC4F9AE02.roa (raw, json)
Hash identifier: 72+yAy5+PMamlDO4Be7a70Zp/yf7SKps1QVgLzoFZIM=
Subject key identifier: 6C:17:61:AD:88:99:24:0D:2E:AB:7C:C2:77:92:F9:4A:03:9C:0C:2C
Certificate issuer: /CN=A917BB9A/serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Certificate serial: AE
Authority key identifier: A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
Signing time: Wed 07 May 2025 05:48:25 +0000
ROA not before: Wed 07 May 2025 05:48:25 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 56209
IP address blocks: 150.129.172.0/23 maxlen: 23
150.129.172.0/24 maxlen: 24
150.129.173.0/24 maxlen: 24
150.129.174.0/23 maxlen: 23
150.129.174.0/24 maxlen: 24
150.129.175.0/24 maxlen: 24
202.47.112.0/24 maxlen: 24
202.47.113.0/24 maxlen: 24
202.47.114.0/24 maxlen: 24
202.47.115.0/24 maxlen: 24
202.47.116.0/24 maxlen: 24
202.47.117.0/24 maxlen: 24
202.47.118.0/24 maxlen: 24
202.47.119.0/24 maxlen: 24
202.71.0.0/23 maxlen: 23
202.71.0.0/24 maxlen: 24
202.71.1.0/24 maxlen: 24
202.71.2.0/23 maxlen: 23
202.71.2.0/24 maxlen: 24
202.71.3.0/24 maxlen: 24
202.71.24.0/23 maxlen: 23
202.71.24.0/24 maxlen: 24
202.71.25.0/24 maxlen: 24
202.71.26.0/24 maxlen: 24
202.71.27.0/24 maxlen: 24
202.71.28.0/24 maxlen: 24
202.71.29.0/24 maxlen: 24
202.71.30.0/24 maxlen: 24
202.71.31.0/24 maxlen: 24
2401:a3e0::/48 maxlen: 48
2401:a3e0:1::/48 maxlen: 48
2401:a3e0:2::/48 maxlen: 48
2401:a3e0:3::/48 maxlen: 48
2401:a3e0:4::/48 maxlen: 48
2401:a3e0:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 18 May 2025 06:12:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 174 (0xae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917BB9A, serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Validity
Not Before: May 7 05:48:25 2025 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=681af429-36ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:7c:ac:4e:8f:1f:e9:a4:48:24:4e:56:ae:c2:
34:1c:e4:0e:64:fa:f5:13:18:22:81:bb:1d:6a:cf:
02:c5:5a:e9:47:b8:c7:c9:c1:f3:c2:22:ac:c2:46:
ac:4b:22:8e:2b:8c:59:0a:cc:56:62:d2:be:16:88:
88:95:9c:2e:4f:f6:da:70:32:81:60:63:5e:5a:01:
b1:1d:38:e4:34:c4:9d:29:2d:41:47:28:94:09:03:
7c:d8:a1:15:80:70:b0:41:26:42:c2:e6:3f:26:4e:
f3:8e:c8:92:6d:e3:4d:ca:01:a6:24:32:0b:d8:ce:
01:d1:4f:a5:eb:1e:ee:ac:2f:53:94:b9:91:51:4d:
e0:58:a1:82:13:ad:14:58:d6:87:eb:82:70:fc:77:
38:87:3b:5c:95:31:83:85:11:74:1d:4a:15:1d:53:
38:ca:56:77:53:23:f2:cf:46:ea:6b:83:47:62:27:
1e:97:6b:09:2e:97:f6:74:92:01:13:fc:ff:78:73:
9e:9f:20:42:54:1d:ca:3d:5a:ab:ee:4a:6a:1a:86:
82:02:97:d6:a1:e3:b6:71:a2:d5:89:c7:30:2e:13:
8d:85:d5:b4:24:66:4e:ff:25:5f:e2:a1:da:a4:d3:
76:08:ff:28:fb:96:82:d8:04:39:2c:8a:00:57:85:
43:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:17:61:AD:88:99:24:0D:2E:AB:7C:C2:77:92:F9:4A:03:9C:0C:2C
X509v3 Authority Key Identifier:
keyid:A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.129.172.0/22
202.47.112.0/21
202.71.0.0/22
202.71.24.0/21
IPv6:
2401:a3e0::-2401:a3e0:5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
82:01:4d:91:59:ad:75:dd:99:b5:44:52:ac:0c:83:e6:5e:0e:
12:78:f4:5b:97:a0:c5:2f:ae:3a:dc:11:6b:fb:96:41:e3:da:
e0:6e:ac:55:1c:4c:a4:e6:14:16:f2:e9:4b:8e:33:8c:4c:de:
4f:12:da:d5:e9:58:c0:2d:d8:2f:73:83:ef:ce:e1:ff:86:aa:
45:4b:22:1b:36:6c:32:bc:08:c2:ab:03:75:36:2e:8e:a9:ef:
c0:ea:47:75:d5:e7:91:fd:51:34:ff:b5:18:65:16:8f:74:28:
dc:4c:57:e4:43:c3:31:73:e6:bb:f9:34:2d:e7:bd:16:2f:45:
62:5f:b4:c3:d0:02:20:ce:5f:a0:c2:6e:cb:c3:43:eb:4e:5e:
6c:bb:3b:5b:77:5f:37:bf:48:ab:9e:9d:0e:2e:5b:e7:98:e5:
49:59:85:7f:a7:22:cd:09:59:01:4e:71:fd:6d:0d:e0:a8:60:
fc:0a:73:28:23:c5:18:e0:f5:54:87:d4:d9:49:b3:e5:7d:fe:
fb:0f:bb:08:be:1d:32:6d:87:06:7c:85:e3:60:46:cb:18:69:
02:1a:47:3a:c7:62:95:e9:7d:2a:bf:b8:2b:c4:37:d6:a1:fc:
72:4b:06:ba:79:24:40:f0:83:d9:85:1b:14:5b:ef:13:1e:7a:
5d:37:54:1a
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICAK4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0JCOUExMTAvBgNVBAUTKEE2MTcyRUVCRTFGQ0QxQTk3OENDQTQ2N0UxQjU4QTMw
QjM3OTUxRUIwHhcNMjUwNTA3MDU0ODI1WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODFhZjQyOS0zNmVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8XysTo8f6aRIJE5WrsI0HOQOZPr1Exgigbsdas8CxVrpR7jHycHzwiKswkas
SyKOK4xZCsxWYtK+FoiIlZwuT/bacDKBYGNeWgGxHTjkNMSdKS1BRyiUCQN82KEV
gHCwQSZCwuY/Jk7zjsiSbeNNygGmJDIL2M4B0U+l6x7urC9TlLmRUU3gWKGCE60U
WNaH64Jw/Hc4hztclTGDhRF0HUoVHVM4ylZ3UyPyz0bqa4NHYicel2sJLpf2dJIB
E/z/eHOenyBCVB3KPVqr7kpqGoaCApfWoeO2caLViccwLhONhdW0JGZO/yVf4qHa
pNN2CP8o+5aC2AQ5LIoAV4VDyQIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFGwXYa2I
mSQNLqt8wneS+UoDnAwsMB8GA1UdIwQYMBaAFKYXLuvh/NGpeMykZ+G1ijCzeVHr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QkI5QS80OUNEMDMwNENG
RjMxMUVGOTA2MkU1MjFDNEY5QUUwMi9waGN1Ni1IODBhbDR6S1JuNGJXS01MTjVV
ZXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BoY3U2LUg4MGFsNHpLUm40YldLTUxONVVlcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0JCOUEvNDlDRDAzMDRDRkYzMTFFRjkwNjJFNTIxQzRGOUFFMDIvQ0Y2Qjk1QTIy
QjA2MTFGMDk1QUZDNjFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MB4EAgABMBgDBAKWgawDBAPKL3ADBALKRwADBAPKRxgwGAQCAAIwEjAQAwUF
JAGj4AMHASQBo+AABDANBgkqhkiG9w0BAQsFAAOCAQEAggFNkVmtdd2ZtURSrAyD
5l4OEnj0W5egxS+uOtwRa/uWQePa4G6sVRxMpOYUFvLpS44zjEzeTxLa1elYwC3Y
L3OD787h/4aqRUsiGzZsMrwIwqsDdTYujqnvwOpHddXnkf1RNP+1GGUWj3Qo3ExX
5EPDMXPmu/k0Lee9Fi9FYl+0w9ACIM5foMJuy8ND605ebLs7W3dfN79Iq56dDi5b
55jlSVmFf6cizQlZAU5x/W0N4Khg/ApzKCPFGOD1VIfU2Umz5X3++w+7CL4dMm2H
BnyF42BGyxhpAhpHOsdilel9Kr+4K8Q31qH8cksGunkkQPCD2YUbFFvvEx56XTdU
Gg==
-----END CERTIFICATE-----
Generated at Mon May 12 08:09:26 2025 by rpki-client