Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/F49AA4A889C211EEADFCF27CC4F9AE02.roa
File: F49AA4A889C211EEADFCF27CC4F9AE02.roa (raw, json)
Hash identifier: p3nDO3WF2LVR/VuRYdJhLml5b3M6N0ju1bV/+dQUHBY=
Subject key identifier: 74:87:23:D0:2B:DA:B1:3E:38:C3:E6:34:57:DC:7E:53:7B:B2:00:D3
Certificate issuer: /CN=A917D9FC/serialNumber=7A6E30210642CF4FBB4173F352748E1EA5C2C7C3
Certificate serial: 182A
Authority key identifier: 7A:6E:30:21:06:42:CF:4F:BB:41:73:F3:52:74:8E:1E:A5:C2:C7:C3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/em4wIQZCz0-7QXPzUnSOHqXCx8M.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/F49AA4A889C211EEADFCF27CC4F9AE02.roa
Signing time: Wed 30 Apr 2025 16:55:10 +0000
ROA not before: Wed 30 Apr 2025 16:55:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9287
IP address blocks: 45.125.128.0/22 maxlen: 22
45.125.128.0/24 maxlen: 24
45.125.129.0/24 maxlen: 24
45.125.131.0/24 maxlen: 24
45.252.52.0/22 maxlen: 22
45.252.52.0/24 maxlen: 24
45.252.53.0/24 maxlen: 24
45.252.54.0/24 maxlen: 24
45.252.55.0/24 maxlen: 24
103.55.1.0/24 maxlen: 24
103.55.2.0/24 maxlen: 24
103.76.196.0/22 maxlen: 22
103.76.196.0/24 maxlen: 24
103.76.197.0/24 maxlen: 24
103.76.198.0/24 maxlen: 24
103.76.199.0/24 maxlen: 24
103.115.132.0/22 maxlen: 22
103.115.132.0/24 maxlen: 24
103.115.133.0/24 maxlen: 24
103.115.134.0/24 maxlen: 24
103.115.135.0/24 maxlen: 24
2404:3280::/32 maxlen: 32
2404:3280:1::/48 maxlen: 48
2404:3280:a::/48 maxlen: 48
2404:3280:c::/48 maxlen: 48
2404:3280:f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/em4wIQZCz0-7QXPzUnSOHqXCx8M.crl
rsync://rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/em4wIQZCz0-7QXPzUnSOHqXCx8M.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/em4wIQZCz0-7QXPzUnSOHqXCx8M.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 17 May 2025 16:27:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6186 (0x182a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917D9FC, serialNumber=7A6E30210642CF4FBB4173F352748E1EA5C2C7C3
Validity
Not Before: Apr 30 16:55:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681255ee-bada
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:53:fe:bf:1c:d9:4a:05:3d:ef:b1:7a:b2:87:
65:f4:15:e0:a6:5d:0d:e6:c9:79:93:45:8c:17:34:
1a:a4:79:8f:93:e0:35:f9:1b:1c:01:cd:d2:1d:fa:
1f:3a:91:f7:b4:e8:8c:8e:d3:97:b0:f8:a8:ee:4f:
3c:a7:f8:1e:43:22:09:43:04:87:a8:eb:68:84:57:
cb:8a:e6:1d:9e:9b:2b:17:b7:54:99:c8:e7:04:75:
ac:62:f4:2e:01:c6:26:40:da:c9:ae:16:5d:5e:10:
00:af:f6:f9:94:4c:de:35:cb:fe:91:da:19:aa:f7:
b0:2a:d8:c3:6b:11:59:1d:c8:c2:1e:3a:74:f5:c0:
7c:50:df:76:39:92:ba:0a:2b:bb:79:2d:c2:b1:85:
6b:2e:b4:1f:96:ef:87:e3:8c:45:f9:69:b0:99:c1:
57:ac:6b:75:8b:b2:30:1f:ce:48:5c:39:51:bb:8d:
32:af:32:d9:79:67:45:4f:a4:78:94:e3:ce:3c:c3:
18:8d:6c:96:42:fd:8e:36:28:0e:5c:ee:3c:20:4c:
b7:cc:e5:42:50:8b:ea:0c:89:d0:eb:a6:9c:63:c3:
f0:0c:aa:29:97:c3:c0:73:de:e6:03:f6:ad:8e:c8:
5c:42:4a:b8:6c:61:c1:b2:39:42:c3:5d:e7:b0:94:
73:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:87:23:D0:2B:DA:B1:3E:38:C3:E6:34:57:DC:7E:53:7B:B2:00:D3
X509v3 Authority Key Identifier:
keyid:7A:6E:30:21:06:42:CF:4F:BB:41:73:F3:52:74:8E:1E:A5:C2:C7:C3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/em4wIQZCz0-7QXPzUnSOHqXCx8M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/em4wIQZCz0-7QXPzUnSOHqXCx8M.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917D9FC/C6B034AAB89911E7B269B850C4F9AE02/F49AA4A889C211EEADFCF27CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.125.128.0/22
45.252.52.0/22
103.55.1.0-103.55.2.255
103.76.196.0/22
103.115.132.0/22
IPv6:
2404:3280::/32
Signature Algorithm: sha256WithRSAEncryption
59:e3:a8:77:fd:84:1a:65:91:08:9c:ed:92:0d:05:b1:f1:11:
26:ff:4c:4d:64:2b:08:55:a9:a3:49:ee:5c:d8:f3:0d:6c:92:
3d:47:6e:bb:c1:01:39:fb:14:35:09:bc:0a:74:22:e3:f8:8a:
9a:1e:c8:36:b9:71:06:d8:4e:7a:53:d6:8e:9b:b6:14:14:69:
eb:06:85:02:0f:53:e7:20:9d:3d:4a:2e:d1:40:8f:b0:d8:3d:
f9:7e:15:64:32:41:74:a4:28:97:b2:62:c3:f6:7d:91:07:03:
a5:1b:ae:81:f8:69:4f:3d:68:3a:53:97:99:d4:50:91:15:87:
ff:08:9a:6e:34:4d:2c:19:c7:45:f1:9f:9c:35:15:83:5d:6f:
c1:52:9f:ff:77:47:85:a1:2f:f2:b6:5d:79:a8:d0:e5:89:a1:
86:0f:a1:83:5d:4d:b2:b0:e4:a8:1f:ad:94:fd:ad:43:1a:b4:
a5:7f:61:6e:92:db:17:37:63:84:7e:5c:88:4c:7a:52:56:e3:
25:cb:53:47:51:ce:7e:cf:0b:35:e3:df:09:ce:65:07:c0:be:
4d:ad:98:b5:03:45:f8:6b:4c:94:06:48:91:88:fe:29:42:e6:
c5:b8:3d:f6:c9:27:a3:8a:66:3d:59:df:75:0d:db:a5:0f:36:
a9:f7:cd:2f
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgICGCowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0Q5RkMxMTAvBgNVBAUTKDdBNkUzMDIxMDY0MkNGNEZCQjQxNzNGMzUyNzQ4RTFF
QTVDMkM3QzMwHhcNMjUwNDMwMTY1NTEwWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEyNTVlZS1iYWRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6VP+vxzZSgU977F6sodl9BXgpl0N5sl5k0WMFzQapHmPk+A1+RscAc3SHfof
OpH3tOiMjtOXsPio7k88p/geQyIJQwSHqOtohFfLiuYdnpsrF7dUmcjnBHWsYvQu
AcYmQNrJrhZdXhAAr/b5lEzeNcv+kdoZqvewKtjDaxFZHcjCHjp09cB8UN92OZK6
Ciu7eS3CsYVrLrQflu+H44xF+WmwmcFXrGt1i7IwH85IXDlRu40yrzLZeWdFT6R4
lOPOPMMYjWyWQv2ONigOXO48IEy3zOVCUIvqDInQ66acY8PwDKopl8PAc97mA/at
jshcQkq4bGHBsjlCw13nsJRzSQIDAQABo4ICxDCCAsAwHQYDVR0OBBYEFHSHI9Ar
2rE+OMPmNFfcflN7sgDTMB8GA1UdIwQYMBaAFHpuMCEGQs9Pu0Fz81J0jh6lwsfD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RDlGQy9DNkIwMzRBQUI4
OTkxMUU3QjI2OUI4NTBDNEY5QUUwMi9lbTR3SVFaQ3owLTdRWFB6VW5TT0hxWEN4
OE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VtNHdJUVpDejAtN1FYUHpVblNPSHFYQ3g4TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0Q5RkMvQzZCMDM0QUFCODk5MTFFN0IyNjlCODUwQzRGOUFFMDIvRjQ5QUE0QTg4
OUMyMTFFRUFERkNGMjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTgYIKwYBBQUHAQcBAf8E
PzA9MCwEAgABMCYDBAItfYADBAIt/DQwDAMEAGc3AQMEAGc3AgMEAmdMxAMEAmdz
hDANBAIAAjAHAwUAJAQygDANBgkqhkiG9w0BAQsFAAOCAQEAWeOod/2EGmWRCJzt
kg0FsfERJv9MTWQrCFWpo0nuXNjzDWySPUduu8EBOfsUNQm8CnQi4/iKmh7INrlx
BthOelPWjpu2FBRp6waFAg9T5yCdPUou0UCPsNg9+X4VZDJBdKQol7Jiw/Z9kQcD
pRuugfhpTz1oOlOXmdRQkRWH/wiabjRNLBnHRfGfnDUVg11vwVKf/3dHhaEv8rZd
eajQ5Ymhhg+hg11NsrDkqB+tlP2tQxq0pX9hbpLbFzdjhH5ciEx6UlbjJctTR1HO
fs8LNePfCc5lB8C+Ta2YtQNF+GtMlAZIkYj+KULmxbg99skno4pmPVnfdQ3bpQ82
qffNLw==
-----END CERTIFICATE-----
Generated at Sun May 11 09:32:09 2025 by rpki-client