Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4B237494B1E211ED84E4AC4FC4F9AE02.roa
File: 4B237494B1E211ED84E4AC4FC4F9AE02.roa (raw, json)
Hash identifier: crO2FdmHT+KdKz0CIqZ24QMThin17zp3ITi//VprU9I=
Subject key identifier: F2:89:4B:5F:59:78:E8:56:EB:76:FD:D4:D4:A8:35:93:D2:F7:A4:E2
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B242
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4B237494B1E211ED84E4AC4FC4F9AE02.roa
Signing time: Thu 08 May 2025 16:00:28 +0000
ROA not before: Thu 08 May 2025 16:00:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 134033
IP address blocks: 43.241.64.0/24 maxlen: 24
43.241.65.0/24 maxlen: 24
43.241.67.0/24 maxlen: 24
43.241.120.0/24 maxlen: 24
43.241.121.0/24 maxlen: 24
43.241.122.0/24 maxlen: 24
43.241.123.0/24 maxlen: 24
45.117.64.0/22 maxlen: 24
103.57.132.0/24 maxlen: 24
103.57.133.0/24 maxlen: 24
103.57.134.0/24 maxlen: 24
103.57.135.0/24 maxlen: 24
103.96.16.0/24 maxlen: 24
103.96.17.0/24 maxlen: 24
103.96.18.0/24 maxlen: 24
103.96.19.0/24 maxlen: 24
103.152.185.0/24 maxlen: 24
103.172.210.0/24 maxlen: 24
103.172.211.0/24 maxlen: 24
103.224.155.0/24 maxlen: 24
103.224.156.0/22 maxlen: 24
2400:7be0::/32 maxlen: 32
2400:7be0::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 09:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 45634 (0xb242)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:00:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd51c-d0fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:25:b1:24:77:b1:f3:0e:a0:a4:eb:19:bc:27:
f5:62:7e:6d:62:c2:3d:4c:48:b1:fc:9f:e4:fc:74:
36:aa:22:13:29:e1:28:e1:2f:31:7a:c3:d6:00:c0:
8e:47:a6:45:a0:38:ea:f7:35:8c:ab:3e:da:18:b4:
4f:98:41:e3:eb:c5:a4:4a:c3:b6:9c:64:1a:ba:7c:
b5:f2:22:1d:9a:f0:5d:2c:31:41:56:9e:dd:c8:de:
40:04:c7:d2:0d:0d:b9:77:f1:3f:fd:e4:0f:48:d8:
d3:85:7b:0d:e0:e2:96:d9:42:28:f3:40:4c:35:14:
c0:b5:c0:cd:36:7e:38:6e:a4:fe:c3:da:bc:2f:21:
ef:b9:d7:fc:ae:5f:a2:fa:97:0a:6f:be:8d:be:9a:
4c:8d:db:a6:ad:cb:cc:bb:72:97:e3:f7:d1:d6:cf:
9b:9f:0a:48:58:54:40:04:f4:e5:75:1d:bb:67:f2:
ea:41:5f:20:8e:bd:e7:7e:98:7f:32:cf:80:55:0b:
da:ac:7f:2a:16:87:7a:2c:bc:49:d2:24:9f:73:b6:
8f:d8:4a:f9:23:35:c0:87:5a:3f:ee:d9:9b:d2:27:
ef:ce:36:9f:5f:a3:e2:79:ff:9a:a2:f2:92:91:31:
c2:2c:2d:14:db:67:3a:57:65:08:2f:33:bd:20:02:
fe:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:89:4B:5F:59:78:E8:56:EB:76:FD:D4:D4:A8:35:93:D2:F7:A4:E2
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4B237494B1E211ED84E4AC4FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.241.64.0/23
43.241.67.0/24
43.241.120.0/22
45.117.64.0/22
103.57.132.0/22
103.96.16.0/22
103.152.185.0/24
103.172.210.0/23
103.224.155.0-103.224.159.255
IPv6:
2400:7be0::/32
Signature Algorithm: sha256WithRSAEncryption
81:84:da:91:13:6b:e5:b3:e4:31:42:f6:7f:2c:a6:e1:7d:05:
8f:ad:13:e2:d1:df:25:02:2d:f0:98:7f:a5:59:c8:97:1e:8e:
59:3a:8a:46:62:da:29:a4:f3:cd:bd:d7:d9:41:29:4a:28:7b:
dc:fb:96:0e:fb:88:1d:b4:cc:eb:eb:fd:cf:95:44:46:b6:7b:
52:e7:3f:a7:86:9b:84:d1:22:83:ed:eb:0b:9b:58:8e:da:a7:
06:d6:4f:88:57:f6:43:57:43:79:97:60:b1:3d:62:ab:75:8d:
b9:9c:0e:5e:22:5e:4e:f3:25:ca:c9:8c:ca:cc:dd:11:09:6f:
24:2c:17:7b:81:30:23:ad:7b:c0:ef:ae:10:2a:0d:09:ca:be:
a5:a4:00:54:86:c5:b7:6a:7e:39:74:19:d7:32:7a:89:e1:42:
79:3b:69:82:61:95:51:55:bc:0c:66:a0:a8:e5:13:a3:f1:73:
76:03:81:81:40:0c:60:4e:23:61:b1:31:0f:f9:07:0c:d7:34:
a6:81:ab:2b:66:af:0a:1a:66:2f:ea:dc:71:a1:94:6e:06:44:
cc:b0:71:7d:c8:03:f7:01:46:9c:b1:49:95:dc:68:47:07:ad:
6d:83:f2:cb:a4:01:d8:17:bf:ea:01:f3:44:ba:a2:26:9b:14:
be:35:98:f3
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgIDALJCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MDAyOFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q1MWMtZDBmZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALklsSR3sfMOoKTrGbwn9WJ+bWLCPUxIsfyf5Px0NqoiEynhKOEvMXrD1gDA
jkemRaA46vc1jKs+2hi0T5hB4+vFpErDtpxkGrp8tfIiHZrwXSwxQVae3cjeQATH
0g0NuXfxP/3kD0jY04V7DeDiltlCKPNATDUUwLXAzTZ+OG6k/sPavC8h77nX/K5f
ovqXCm++jb6aTI3bpq3LzLtyl+P30dbPm58KSFhUQAT05XUdu2fy6kFfII69536Y
fzLPgFUL2qx/KhaHeiy8SdIkn3O2j9hK+SM1wIdaP+7Zm9In7842n1+j4nn/mqLy
kpExwiwtFNtnOldlCC8zvSAC/m8CAwEAAaOCAtwwggLYMB0GA1UdDgQWBBTyiUtf
WXjoVut2/dTUqDWT0vek4jAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzRCMjM3NDk0
QjFFMjExRUQ4NEU0QUM0RkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMGYGCCsGAQUFBwEHAQH/
BFcwVTBEBAIAATA+AwQBK/FAAwQAK/FDAwQCK/F4AwQCLXVAAwQCZzmEAwQCZ2AQ
AwQAZ5i5AwQBZ6zSMAwDBABn4JsDBAVn4IAwDQQCAAIwBwMFACQAe+AwDQYJKoZI
hvcNAQELBQADggEBAIGE2pETa+Wz5DFC9n8spuF9BY+tE+LR3yUCLfCYf6VZyJce
jlk6ikZi2imk882919lBKUooe9z7lg77iB20zOvr/c+VREa2e1LnP6eGm4TRIoPt
6wubWI7apwbWT4hX9kNXQ3mXYLE9Yqt1jbmcDl4iXk7zJcrJjMrM3REJbyQsF3uB
MCOte8DvrhAqDQnKvqWkAFSGxbdqfjl0GdcyeonhQnk7aYJhlVFVvAxmoKjlE6Px
c3YDgYFADGBOI2GxMQ/5BwzXNKaBqytmrwoaZi/q3HGhlG4GRMywcX3IA/cBRpyx
SZXcaEcHrW2D8sukAdgXv+oB80S6oiabFL41mPM=
-----END CERTIFICATE-----
Generated at Wed May 14 13:07:12 2025 by rpki-client