Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
File: B04675FC959711EA9F290A33C4F9AE02.roa (raw, json)
Hash identifier: ivQeuywrXd2HV3FA6lQn6A/OFE5M8rNHrmCwXxaSoOo=
Subject key identifier: 3C:AA:4C:DC:D6:6E:BD:13:33:0B:B3:97:9C:A6:39:A1:2A:39:31:AD
Certificate issuer: /CN=A918495F/serialNumber=90C22F7393850E8ECF6B5F1E320D07B2D1ACD8FD
Certificate serial: 17D5
Authority key identifier: 90:C2:2F:73:93:85:0E:8E:CF:6B:5F:1E:32:0D:07:B2:D1:AC:D8:FD
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
Signing time: Thu 08 May 2025 17:17:47 +0000
ROA not before: Thu 08 May 2025 17:17:47 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 4515
IP address blocks: 42.3.226.0/24 maxlen: 24
58.152.0.0/21 maxlen: 21
203.198.40.0/23 maxlen: 23
203.198.42.0/23 maxlen: 23
203.198.44.0/23 maxlen: 23
203.198.46.0/23 maxlen: 23
203.198.48.0/21 maxlen: 21
203.198.56.0/21 maxlen: 21
203.198.64.0/24 maxlen: 24
203.198.65.0/24 maxlen: 24
203.198.66.0/23 maxlen: 23
203.198.68.0/23 maxlen: 23
203.198.70.0/23 maxlen: 23
203.198.72.0/22 maxlen: 22
203.198.76.0/22 maxlen: 22
203.198.152.0/22 maxlen: 22
203.198.156.0/22 maxlen: 22
203.198.160.0/21 maxlen: 21
203.198.168.0/21 maxlen: 21
203.198.176.0/22 maxlen: 22
203.198.180.0/22 maxlen: 22
203.198.180.0/24 maxlen: 24
203.198.184.0/22 maxlen: 22
203.198.185.0/24 maxlen: 24
203.198.188.0/22 maxlen: 22
203.198.192.0/22 maxlen: 22
203.198.196.0/22 maxlen: 22
203.198.196.0/24 maxlen: 24
203.198.200.0/22 maxlen: 22
203.198.204.0/23 maxlen: 23
203.198.204.0/24 maxlen: 24
203.198.206.0/23 maxlen: 23
203.198.208.0/21 maxlen: 21
203.198.216.0/21 maxlen: 21
203.198.236.0/22 maxlen: 22
218.103.0.0/19 maxlen: 19
218.103.40.0/22 maxlen: 22
218.103.44.0/22 maxlen: 22
218.103.48.0/21 maxlen: 21
218.103.56.0/23 maxlen: 23
218.103.58.0/23 maxlen: 23
218.103.60.0/22 maxlen: 22
218.103.64.0/22 maxlen: 22
218.103.68.0/22 maxlen: 22
218.103.72.0/22 maxlen: 22
218.103.76.0/22 maxlen: 22
218.103.80.0/20 maxlen: 20
218.103.96.0/20 maxlen: 20
219.76.192.0/19 maxlen: 19
219.76.220.0/22 maxlen: 22
219.76.224.0/20 maxlen: 20
220.246.0.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.crl
rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 16:33:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6101 (0x17d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918495F, serialNumber=90C22F7393850E8ECF6B5F1E320D07B2D1ACD8FD
Validity
Not Before: May 8 17:17:47 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=681ce73b-34f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:3d:a6:fa:16:1b:dc:fd:2f:77:9f:39:55:5d:
2c:19:83:69:27:4e:30:ed:16:08:93:50:99:17:35:
fe:73:44:82:8c:1f:62:77:e8:cd:fe:36:fb:7e:ec:
fd:c7:a6:47:6f:9d:bc:7e:ae:06:ba:f5:33:09:e7:
a3:94:5c:71:b8:ab:c0:7a:ad:81:ee:e6:f5:6e:5b:
90:8d:13:33:45:95:ec:9f:1b:ec:3f:ed:18:19:68:
80:20:8a:7d:0a:64:c7:ca:77:6a:8f:a3:6f:b2:c1:
77:ef:ad:bb:97:73:59:29:92:c8:9e:61:64:2c:79:
6e:84:ac:b6:c5:a4:9d:ca:c7:8d:52:1d:f7:c7:e4:
f0:f4:b6:f4:83:14:c6:73:4c:8a:10:a0:2d:e3:4a:
31:2f:ac:2b:29:34:96:14:42:c5:fa:0c:3b:94:fd:
a8:31:41:14:d7:cb:32:99:d6:6a:f2:3c:86:2a:52:
13:08:06:d2:51:10:53:67:26:c4:ab:9e:d9:2a:67:
3b:74:a2:f2:87:63:88:96:c4:ff:df:ff:55:1f:b7:
c3:75:54:f4:b9:ea:f0:34:e5:a7:a4:2a:3f:4c:53:
4d:77:45:d3:f7:eb:35:bc:80:70:ac:a6:3e:14:81:
ff:bc:55:8a:ec:fa:4a:66:15:ca:9f:a2:32:2e:a4:
ec:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:AA:4C:DC:D6:6E:BD:13:33:0B:B3:97:9C:A6:39:A1:2A:39:31:AD
X509v3 Authority Key Identifier:
keyid:90:C2:2F:73:93:85:0E:8E:CF:6B:5F:1E:32:0D:07:B2:D1:AC:D8:FD
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/kMIvc5OFDo7Pa18eMg0HstGs2P0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kMIvc5OFDo7Pa18eMg0HstGs2P0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918495F/848C857CDFEC11E7A27A2213C4F9AE02/B04675FC959711EA9F290A33C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
42.3.226.0/24
58.152.0.0/21
203.198.40.0-203.198.79.255
203.198.152.0-203.198.223.255
203.198.236.0/22
218.103.0.0/19
218.103.40.0-218.103.111.255
219.76.192.0-219.76.239.255
220.246.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0f:9d:0a:3e:80:75:9c:d9:da:28:cb:22:1f:a6:0c:b1:ac:53:
f0:19:94:e1:ad:95:96:3b:05:79:06:7b:ec:2c:a4:9d:6f:f3:
e5:21:14:54:2b:52:24:4e:45:96:f9:37:52:71:ab:ee:81:24:
95:b4:ce:e7:b4:1c:88:5c:85:74:83:19:7b:ec:66:4f:30:e5:
e3:41:41:04:92:5a:c6:d6:8c:e9:b8:f1:91:65:62:71:9b:7e:
fe:5c:fb:b0:70:88:97:9f:bc:a0:15:dc:af:63:2f:3f:5f:ba:
70:e9:65:2a:74:0b:53:b2:cc:fb:31:8b:88:3a:89:e6:f5:aa:
42:5a:50:0b:56:3d:af:3b:d6:63:2c:4d:b4:17:61:f4:ea:5d:
d2:48:20:eb:69:6c:be:13:ef:71:35:d2:12:38:70:f3:73:f2:
3f:f5:df:43:0e:04:d3:dd:82:f5:35:fc:e8:02:68:16:67:54:
e2:af:d8:9e:4e:35:de:12:61:ee:39:da:82:cd:25:56:a8:cf:
01:2f:ba:29:03:fa:37:a6:1e:01:a5:18:f1:a5:f7:08:b7:39:
ba:cb:5e:49:40:99:e0:78:aa:29:e6:92:06:d2:c1:9e:36:0a:
28:2d:95:23:44:ca:e5:59:0c:88:c9:1b:77:c3:b3:f4:b3:f6:
37:07:ee:bc
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICF9UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODQ5NUYxMTAvBgNVBAUTKDkwQzIyRjczOTM4NTBFOEVDRjZCNUYxRTMyMEQwN0Iy
RDFBQ0Q4RkQwHhcNMjUwNTA4MTcxNzQ3WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODFjZTczYi0zNGY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxz2m+hYb3P0vd585VV0sGYNpJ04w7RYIk1CZFzX+c0SCjB9id+jN/jb7fuz9
x6ZHb528fq4GuvUzCeejlFxxuKvAeq2B7ub1bluQjRMzRZXsnxvsP+0YGWiAIIp9
CmTHyndqj6NvssF37627l3NZKZLInmFkLHluhKy2xaSdyseNUh33x+Tw9Lb0gxTG
c0yKEKAt40oxL6wrKTSWFELF+gw7lP2oMUEU18symdZq8jyGKlITCAbSURBTZybE
q57ZKmc7dKLyh2OIlsT/3/9VH7fDdVT0uerwNOWnpCo/TFNNd0XT9+s1vIBwrKY+
FIH/vFWK7PpKZhXKn6IyLqTsBQIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFDyqTNzW
br0TMwuzl5ymOaEqOTGtMB8GA1UdIwQYMBaAFJDCL3OThQ6Oz2tfHjINB7LRrNj9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NDk1Ri84NDhDODU3Q0RG
RUMxMUU3QTI3QTIyMTNDNEY5QUUwMi9rTUl2YzVPRkRvN1BhMThlTWcwSHN0R3My
UDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tNSXZjNU9GRG83UGExOGVNZzBIc3RHczJQMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODQ5NUYvODQ4Qzg1N0NERkVDMTFFN0EyN0EyMjEzQzRGOUFFMDIvQjA0Njc1RkM5
NTk3MTFFQTlGMjkwQTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMFwEAgABMFYDBAAqA+IDBAM6mAAwDAMEA8vGKAMEBMvGQDAMAwQDy8aYAwQF
y8bAAwQCy8bsAwQF2mcAMAwDBAPaZygDBATaZ2AwDAMEBttMwAMEBNtM4AMEBdz2
ADANBgkqhkiG9w0BAQsFAAOCAQEAD50KPoB1nNnaKMsiH6YMsaxT8BmU4a2VljsF
eQZ77CyknW/z5SEUVCtSJE5Flvk3UnGr7oEklbTO57QciFyFdIMZe+xmTzDl40FB
BJJaxtaM6bjxkWVicZt+/lz7sHCIl5+8oBXcr2MvP1+6cOllKnQLU7LM+zGLiDqJ
5vWqQlpQC1Y9rzvWYyxNtBdh9Opd0kgg62lsvhPvcTXSEjhw83PyP/XfQw4E092C
9TX86AJoFmdU4q/Ynk413hJh7jnags0lVqjPAS+6KQP6N6YeAaUY8aX3CLc5uste
SUCZ4HiqKeaSBtLBnjYKKC2VI0TK5VkMiMkbd8Oz9LP2NwfuvA==
-----END CERTIFICATE-----
Generated at Mon May 12 22:46:33 2025 by rpki-client