Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
File: 9874C54A271F11F0A6A6E371C4F9AE02.roa (raw, json)
Hash identifier: LAC885Vpep/xpTJzVICZpBnfZpv/3LRnLq6l3+kPJzM=
Subject key identifier: 86:34:8E:39:82:C9:5A:DB:8E:DD:6A:20:20:14:9C:46:92:EC:48:FF
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BF31
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
Signing time: Tue 01 Jul 2025 06:04:46 +0000
ROA not before: Tue 01 Jul 2025 06:04:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138311
IP address blocks: 103.96.40.0/24 maxlen: 24
103.96.41.0/24 maxlen: 24
103.96.42.0/24 maxlen: 24
103.132.244.0/23 maxlen: 24
103.133.158.0/23 maxlen: 24
103.139.170.0/24 maxlen: 24
103.139.171.0/24 maxlen: 24
103.157.122.0/23 maxlen: 24
103.160.174.0/23 maxlen: 24
103.163.90.0/24 maxlen: 24
103.163.91.0/24 maxlen: 24
103.169.240.0/23 maxlen: 24
103.171.132.0/24 maxlen: 24
103.171.133.0/24 maxlen: 24
103.175.170.0/23 maxlen: 24
103.176.186.0/24 maxlen: 24
103.176.187.0/24 maxlen: 24
103.195.82.0/23 maxlen: 24
103.196.184.0/23 maxlen: 24
103.207.11.0/24 maxlen: 24
103.212.152.0/23 maxlen: 24
103.212.154.0/23 maxlen: 24
103.239.174.0/24 maxlen: 24
103.239.175.0/24 maxlen: 24
210.16.92.0/24 maxlen: 24
210.16.93.0/24 maxlen: 24
2405:3440::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 09 Jul 2025 15:29:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48945 (0xbf31)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jul 1 06:04:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68637a7d-d996
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:c9:ad:84:8b:39:cf:0e:a4:39:94:a6:a5:6a:
bf:ef:e7:4a:88:af:87:c4:cd:e4:e0:4e:dd:4c:09:
a3:59:37:61:cb:32:09:c4:08:0f:37:e8:71:88:63:
5b:5c:95:6e:2c:72:57:50:f1:98:af:05:8f:e0:0c:
8c:72:25:c5:c9:64:8d:cf:e5:e9:ff:f0:76:77:01:
46:a6:de:dd:ce:c4:f9:09:a5:23:c5:b5:67:bd:4a:
90:70:48:a6:c7:1c:24:6f:b7:0f:31:ab:66:92:c3:
93:98:70:82:65:49:cb:bd:b2:de:7a:ef:84:73:1c:
17:8b:f0:90:5b:7b:b8:30:b2:03:14:f5:93:25:2a:
6f:94:47:18:9f:ac:b2:37:aa:bf:85:8a:52:1e:c2:
09:75:c0:ad:58:ff:e0:23:c8:69:d0:5a:9a:c9:a5:
37:64:cb:32:8c:d4:4d:18:28:98:9e:12:fd:14:fb:
f1:95:0b:4d:0d:a4:95:f0:96:6a:de:4a:fe:a2:e1:
8b:3b:d2:53:28:ac:18:07:8d:d1:ea:10:69:77:d1:
3f:e9:c8:6a:13:28:0d:25:42:0d:1b:58:ba:bc:25:
02:2d:d7:f1:31:2a:bc:5b:08:75:ff:79:3b:e1:9e:
f4:c5:50:9f:f8:e9:ca:54:96:85:d5:f1:53:59:6c:
13:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:34:8E:39:82:C9:5A:DB:8E:DD:6A:20:20:14:9C:46:92:EC:48:FF
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.96.40.0-103.96.42.255
103.132.244.0/23
103.133.158.0/23
103.139.170.0/23
103.157.122.0/23
103.160.174.0/23
103.163.90.0/23
103.169.240.0/23
103.171.132.0/23
103.175.170.0/23
103.176.186.0/23
103.195.82.0/23
103.196.184.0/23
103.207.11.0/24
103.212.152.0/22
103.239.174.0/23
210.16.92.0/23
IPv6:
2405:3440::/32
Signature Algorithm: sha256WithRSAEncryption
64:77:42:9c:a8:05:21:e5:bf:8f:63:ba:e7:18:57:f3:c3:42:
1f:cb:de:af:d6:47:c8:dd:dc:47:f3:2b:dc:49:34:ec:4a:62:
bd:0e:30:7d:ca:f6:23:2a:51:6f:9a:27:fe:be:76:da:a3:18:
54:cb:b9:f8:77:6c:cd:98:d9:c2:d9:d0:98:10:08:73:07:31:
b8:37:44:44:36:90:7f:ab:89:e9:0b:ec:76:8b:2b:ba:4f:10:
1b:e4:12:c8:c6:dd:0d:76:5c:e8:90:8e:f6:00:27:f2:80:94:
08:43:ed:e7:b7:db:9c:34:52:2e:e3:64:c2:48:70:b1:c9:60:
36:76:a9:2c:66:62:80:5a:0e:df:58:3f:c8:50:92:0d:fc:17:
12:c9:07:c3:86:da:39:18:51:57:10:e0:22:f3:ea:96:6b:07:
6b:e6:af:92:7d:93:a7:e6:d9:68:75:80:b2:99:af:0d:2e:5f:
39:fa:75:cc:55:d1:23:31:30:cb:ba:95:69:23:ec:46:83:cd:
f5:0a:b3:bf:b9:1a:59:2c:bf:16:25:f6:60:65:c1:e2:49:6c:
0d:81:80:63:d9:1a:02:df:5c:05:e1:de:4b:97:ce:8b:e6:bf:
42:bb:82:e8:5f:1a:78:78:a6:4e:06:3d:b6:a1:50:cf:d2:06:
65:76:a0:3b
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIDAL8xMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDcwMTA2MDQ0NloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjg2MzdhN2QtZDk5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7JrYSLOc8OpDmUpqVqv+/nSoivh8TN5OBO3UwJo1k3YcsyCcQIDzfocYhj
W1yVbixyV1DxmK8Fj+AMjHIlxclkjc/l6f/wdncBRqbe3c7E+QmlI8W1Z71KkHBI
psccJG+3DzGrZpLDk5hwgmVJy72y3nrvhHMcF4vwkFt7uDCyAxT1kyUqb5RHGJ+s
sjeqv4WKUh7CCXXArVj/4CPIadBamsmlN2TLMozUTRgomJ4S/RT78ZULTQ2klfCW
at5K/qLhizvSUyisGAeN0eoQaXfRP+nIahMoDSVCDRtYurwlAi3X8TEqvFsIdf95
O+Ge9MVQn/jpylSWhdXxU1lsE58CAwEAAaOCAw8wggMLMB0GA1UdDgQWBBSGNI45
gsla247daiAgFJxGkuxI/zAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk4NzRDNTRB
MjcxRjExRjBBNkE2RTM3MUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGYBggrBgEFBQcBBwEB
/wSBiDCBhTB0BAIAATBuMAwDBANnYCgDBABnYCoDBAFnhPQDBAFnhZ4DBAFni6oD
BAFnnXoDBAFnoK4DBAFno1oDBAFnqfADBAFnq4QDBAFnr6oDBAFnsLoDBAFnw1ID
BAFnxLgDBABnzwsDBAJn1JgDBAFn764DBAHSEFwwDQQCAAIwBwMFACQFNEAwDQYJ
KoZIhvcNAQELBQADggEBAGR3QpyoBSHlv49juucYV/PDQh/L3q/WR8jd3EfzK9xJ
NOxKYr0OMH3K9iMqUW+aJ/6+dtqjGFTLufh3bM2Y2cLZ0JgQCHMHMbg3REQ2kH+r
iekL7HaLK7pPEBvkEsjG3Q12XOiQjvYAJ/KAlAhD7ee325w0Ui7jZMJIcLHJYDZ2
qSxmYoBaDt9YP8hQkg38FxLJB8OG2jkYUVcQ4CLz6pZrB2vmr5J9k6fm2Wh1gLKZ
rw0uXzn6dcxV0SMxMMu6lWkj7EaDzfUKs7+5GlksvxYl9mBlweJJbA2BgGPZGgLf
XAXh3kuXzovmv0K7guhfGnh4pk4GPbahUM/SBmV2oDs=
-----END CERTIFICATE-----
Generated at Thu Jul 3 06:04:20 2025 by rpki-client