Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
File: 966E1C18CCE911EBAB17776BC4F9AE02.roa (raw, json)
Hash identifier: IFb82ZhnwcOYxytmfixK4T+99KmZhub8/pvuqcbBxb4=
Subject key identifier: 8F:CA:6A:B8:41:67:91:02:90:9A:01:AB:9A:DD:37:2C:36:D1:62:B3
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BA2A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
Signing time: Thu 08 May 2025 16:31:18 +0000
ROA not before: Thu 08 May 2025 16:31:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4758
IP address blocks: 43.239.62.0/24 maxlen: 24
45.118.16.0/22 maxlen: 22
45.118.16.0/24 maxlen: 24
45.118.17.0/24 maxlen: 24
45.118.18.0/24 maxlen: 24
45.118.19.0/24 maxlen: 24
45.118.20.0/22 maxlen: 22
45.118.20.0/24 maxlen: 24
45.118.21.0/24 maxlen: 24
45.118.22.0/24 maxlen: 24
45.118.23.0/24 maxlen: 24
45.118.24.0/22 maxlen: 22
45.118.24.0/24 maxlen: 24
45.118.25.0/24 maxlen: 24
45.118.26.0/24 maxlen: 24
45.118.27.0/24 maxlen: 24
45.118.28.0/22 maxlen: 22
45.118.28.0/24 maxlen: 24
45.118.29.0/24 maxlen: 24
45.118.30.0/24 maxlen: 24
45.118.31.0/24 maxlen: 24
103.195.208.0/24 maxlen: 24
103.195.209.0/24 maxlen: 24
103.195.210.0/24 maxlen: 24
103.195.211.0/24 maxlen: 24
103.195.212.0/24 maxlen: 24
103.195.213.0/24 maxlen: 24
103.195.214.0/24 maxlen: 24
103.195.215.0/24 maxlen: 24
103.195.216.0/24 maxlen: 24
103.195.217.0/24 maxlen: 24
103.195.218.0/24 maxlen: 24
103.195.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 15:25:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 47658 (0xba2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:31:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cdc55-4358
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:66:a2:db:09:b1:68:a8:dc:41:92:c8:cc:cb:
30:09:38:26:db:b1:41:0b:32:9e:e7:dc:41:fd:0a:
78:c2:04:de:69:99:9e:5c:95:b9:35:46:09:58:9a:
55:db:cb:96:a8:69:45:53:32:6c:d8:25:1a:bb:a8:
06:e1:b5:e7:5e:05:ef:c9:b3:35:b0:62:99:50:cc:
b8:ba:c0:54:26:3f:f0:90:dc:01:2d:50:8d:77:a7:
68:83:57:43:d4:1b:3f:f4:bb:7c:cb:ad:a1:62:f0:
0a:05:cc:75:a8:55:d0:eb:2e:a1:c8:59:0d:4d:3e:
9f:f5:31:fe:fc:d4:de:a0:2c:d0:f6:18:1b:29:ac:
4b:c7:47:08:b1:08:89:82:03:49:b7:0c:10:00:8c:
b1:ed:a3:19:c3:be:a9:75:21:4f:5e:e7:96:58:66:
87:75:ef:78:a3:b6:8a:a5:bc:dd:2c:aa:bf:a6:13:
59:fb:30:6b:74:60:49:4e:03:ac:7d:2d:38:cd:64:
1e:8a:ba:07:df:1b:04:e3:a1:bf:eb:dd:f3:ac:19:
b7:2e:ca:24:10:bf:b0:28:f0:6a:2f:ae:81:57:5f:
a9:e1:08:0a:0d:d8:8d:da:14:17:3e:33:5d:1c:d7:
17:6b:83:c8:0f:76:b2:d6:62:72:2c:75:5e:3e:40:
66:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:CA:6A:B8:41:67:91:02:90:9A:01:AB:9A:DD:37:2C:36:D1:62:B3
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.62.0/24
45.118.16.0/20
103.195.208.0-103.195.219.255
Signature Algorithm: sha256WithRSAEncryption
9d:3d:db:a5:d6:a3:be:17:c1:e2:99:96:9e:9c:16:75:12:23:
2d:5b:1e:ca:6c:04:85:72:c8:d4:ad:a4:25:40:6e:8f:58:e8:
23:da:9e:18:dd:6a:0d:27:be:15:97:fb:88:53:9a:86:0e:e8:
bf:76:0c:22:09:79:42:5c:8c:b8:1d:dd:44:04:57:8a:f0:be:
5c:a9:0a:b2:47:d7:c0:cd:77:06:4a:2f:f3:a4:c3:e0:92:fe:
f4:4a:41:f6:ec:9b:a7:12:d5:ff:bc:4e:25:62:bf:19:39:72:
4b:05:4c:f5:e5:24:a5:75:4b:80:33:0a:d3:ef:79:84:03:48:
88:9e:cc:b1:db:2f:b6:ec:6c:bd:fd:d2:5e:d8:6f:30:b7:2b:
bb:da:53:8d:33:06:45:e6:8d:7b:0c:50:dd:98:30:72:2e:97:
5d:67:fb:6e:2c:66:bf:32:0c:4e:dd:70:91:5e:0b:80:65:d4:
14:ef:fc:80:ef:1d:ef:15:db:0a:4c:a8:6a:a3:91:93:3b:a7:
af:8e:6f:e9:7d:2d:52:91:45:5f:05:a2:3d:1e:83:96:09:49:
4a:bf:48:b8:39:5f:82:63:e0:02:23:a5:e2:f0:43:54:a6:8c:
74:d4:cd:be:80:96:8a:a7:c7:86:8b:1b:73:7d:95:27:01:0f:
4e:1e:4b:e0
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIDALoqMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MzExOFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2RjNTUtNDM1ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1motsJsWio3EGSyMzLMAk4JtuxQQsynufcQf0KeMIE3mmZnlyVuTVGCVia
VdvLlqhpRVMybNglGruoBuG1514F78mzNbBimVDMuLrAVCY/8JDcAS1QjXenaINX
Q9QbP/S7fMutoWLwCgXMdahV0OsuochZDU0+n/Ux/vzU3qAs0PYYGymsS8dHCLEI
iYIDSbcMEACMse2jGcO+qXUhT17nllhmh3XveKO2iqW83Syqv6YTWfswa3RgSU4D
rH0tOM1kHoq6B98bBOOhv+vd86wZty7KJBC/sCjwai+ugVdfqeEICg3YjdoUFz4z
XRzXF2uDyA92stZicix1Xj5AZkUCAwEAAaOCAqkwggKlMB0GA1UdDgQWBBSPymq4
QWeRApCaAaua3TcsNtFiszAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk2NkUxQzE4
Q0NFOTExRUJBQjE3Nzc2QkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDMGCCsGAQUFBwEHAQH/
BCQwIjAgBAIAATAaAwQAK+8+AwQELXYQMAwDBARnw9ADBAJnw9gwDQYJKoZIhvcN
AQELBQADggEBAJ0926XWo74XweKZlp6cFnUSIy1bHspsBIVyyNStpCVAbo9Y6CPa
nhjdag0nvhWX+4hTmoYO6L92DCIJeUJcjLgd3UQEV4rwvlypCrJH18DNdwZKL/Ok
w+CS/vRKQfbsm6cS1f+8TiVivxk5cksFTPXlJKV1S4AzCtPveYQDSIiezLHbL7bs
bL390l7YbzC3K7vaU40zBkXmjXsMUN2YMHIul11n+24sZr8yDE7dcJFeC4Bl1BTv
/IDvHe8V2wpMqGqjkZM7p6+Ob+l9LVKRRV8Foj0eg5YJSUq/SLg5X4Jj4AIjpeLw
Q1SmjHTUzb6Aloqnx4aLG3N9lScBD04eS+A=
-----END CERTIFICATE-----
Generated at Thu May 15 03:47:32 2025 by rpki-client