Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
File: 9874C54A271F11F0A6A6E371C4F9AE02.roa (raw, json)
Hash identifier: RnOMR2WI2TZg0BGGE9VXkuCQzEvuqhd6kOeh1Af+uDE=
Subject key identifier: 72:E7:C1:68:18:13:18:33:1B:A9:4D:BB:59:CB:2A:DB:B4:69:2A:53
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B51C
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
Signing time: Thu 08 May 2025 16:11:43 +0000
ROA not before: Thu 08 May 2025 16:11:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138311
IP address blocks: 103.96.40.0/24 maxlen: 24
103.96.41.0/24 maxlen: 24
103.96.42.0/24 maxlen: 24
103.132.244.0/23 maxlen: 24
103.133.158.0/23 maxlen: 24
103.139.170.0/24 maxlen: 24
103.139.171.0/24 maxlen: 24
103.157.122.0/23 maxlen: 24
103.163.90.0/24 maxlen: 24
103.163.91.0/24 maxlen: 24
103.169.240.0/23 maxlen: 24
103.171.132.0/24 maxlen: 24
103.171.133.0/24 maxlen: 24
103.175.170.0/23 maxlen: 24
103.176.186.0/24 maxlen: 24
103.176.187.0/24 maxlen: 24
103.195.82.0/23 maxlen: 24
103.196.184.0/23 maxlen: 24
103.207.11.0/24 maxlen: 24
103.212.152.0/23 maxlen: 24
103.212.154.0/23 maxlen: 24
103.239.174.0/24 maxlen: 24
103.239.175.0/24 maxlen: 24
210.16.92.0/24 maxlen: 24
210.16.93.0/24 maxlen: 24
2405:3440::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 15:25:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46364 (0xb51c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:11:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd7bf-5da7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:10:81:2c:a7:98:c0:ef:cc:db:be:76:79:47:
30:dd:a6:6c:6a:e9:7b:5f:25:e6:b2:85:7f:c1:20:
8f:05:b7:3c:2c:4c:94:36:c5:96:6d:d7:70:58:5f:
0b:08:00:24:b5:86:d4:2f:c8:3d:eb:d6:c5:a3:05:
7d:dd:fd:ae:f0:54:36:ec:f4:e9:93:94:f8:06:73:
53:81:fe:7a:96:64:b2:90:20:2a:c7:53:98:2b:cb:
78:31:fd:3f:55:21:e8:b4:f5:30:6c:7b:d7:31:d1:
a7:8b:86:60:f4:e4:9a:fc:c0:29:fb:79:4f:de:c9:
5b:0e:d2:08:3f:f8:c8:6a:17:5b:b6:8f:73:05:09:
c1:42:55:2d:42:9a:b3:28:eb:dd:3e:ae:d9:0e:67:
cc:29:3d:c2:33:54:43:f9:f0:de:a9:8a:47:46:be:
e9:c3:0e:a9:e7:af:9c:ff:44:57:f7:f8:13:61:c1:
42:27:c0:6b:be:1d:ff:e7:c4:28:a8:a2:20:8b:34:
9c:fc:32:d2:45:4e:c8:64:09:56:40:4d:2d:fa:1f:
49:32:4f:1c:88:3b:7b:0e:66:bb:f6:ec:4b:90:7a:
42:89:81:bd:a3:da:72:75:21:81:5c:f6:6e:be:c9:
ef:5e:07:9e:65:7c:88:64:8b:67:22:ef:8e:29:1b:
73:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E7:C1:68:18:13:18:33:1B:A9:4D:BB:59:CB:2A:DB:B4:69:2A:53
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9874C54A271F11F0A6A6E371C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.96.40.0-103.96.42.255
103.132.244.0/23
103.133.158.0/23
103.139.170.0/23
103.157.122.0/23
103.163.90.0/23
103.169.240.0/23
103.171.132.0/23
103.175.170.0/23
103.176.186.0/23
103.195.82.0/23
103.196.184.0/23
103.207.11.0/24
103.212.152.0/22
103.239.174.0/23
210.16.92.0/23
IPv6:
2405:3440::/32
Signature Algorithm: sha256WithRSAEncryption
2d:bf:fc:8d:6a:62:a9:96:18:a6:b5:b1:fd:bf:80:2e:63:9d:
5d:7c:e7:8f:94:70:13:79:78:f9:6e:12:a3:d1:14:83:20:69:
c1:b1:60:10:f1:a3:70:5a:a9:27:27:8f:9a:63:3e:3c:a5:46:
c4:ad:4c:c0:c6:89:11:5e:21:b6:5f:b6:de:c3:eb:ea:d9:4e:
43:ff:c1:77:65:37:ff:ce:49:12:3f:a7:d8:54:a8:db:67:c2:
25:19:86:83:60:56:ab:9a:93:dd:f5:62:49:df:28:fc:ca:2a:
64:c1:6f:b3:46:bc:10:ae:a3:df:22:c6:f3:53:c9:4c:31:e3:
26:f8:54:c2:dc:4c:58:1b:04:5c:6c:4b:ca:4a:f9:76:21:4b:
b5:fb:3a:a9:1a:f6:86:a1:45:88:7c:bd:a7:dc:f5:61:14:08:
f0:11:d2:15:67:ef:0a:88:d7:3a:c8:95:17:dd:e1:a7:fb:dd:
15:30:9c:66:24:b2:4e:66:74:ff:2b:2c:1b:d0:c0:d5:77:f5:
63:b2:ce:03:8a:b6:66:a2:a4:3e:21:83:9a:1e:30:c3:3b:d3:
57:76:e1:d5:e2:4f:7b:30:db:44:97:18:92:aa:b2:f3:9c:d3:
49:ae:30:c0:2d:f0:c1:5b:fa:91:e9:bf:58:59:d1:3b:5c:96:
f6:b4:1d:ba
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgIDALUcMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MTE0M1oXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q3YmYtNWRhNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKsQgSynmMDvzNu+dnlHMN2mbGrpe18l5rKFf8EgjwW3PCxMlDbFlm3XcFhf
CwgAJLWG1C/IPevWxaMFfd39rvBUNuz06ZOU+AZzU4H+epZkspAgKsdTmCvLeDH9
P1Uh6LT1MGx71zHRp4uGYPTkmvzAKft5T97JWw7SCD/4yGoXW7aPcwUJwUJVLUKa
syjr3T6u2Q5nzCk9wjNUQ/nw3qmKR0a+6cMOqeevnP9EV/f4E2HBQifAa74d/+fE
KKiiIIs0nPwy0kVOyGQJVkBNLfofSTJPHIg7ew5mu/bsS5B6QomBvaPacnUhgVz2
br7J714HnmV8iGSLZyLvjikbcwMCAwEAAaOCAwgwggMEMB0GA1UdDgQWBBRy58Fo
GBMYMxupTbtZyyrbtGkqUzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk4NzRDNTRB
MjcxRjExRjBBNkE2RTM3MUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGRBggrBgEFBQcBBwEB
/wSBgTB/MG4EAgABMGgwDAMEA2dgKAMEAGdgKgMEAWeE9AMEAWeFngMEAWeLqgME
AWedegMEAWejWgMEAWep8AMEAWerhAMEAWevqgMEAWewugMEAWfDUgMEAWfEuAME
AGfPCwMEAmfUmAMEAWfvrgMEAdIQXDANBAIAAjAHAwUAJAU0QDANBgkqhkiG9w0B
AQsFAAOCAQEALb/8jWpiqZYYprWx/b+ALmOdXXznj5RwE3l4+W4So9EUgyBpwbFg
EPGjcFqpJyePmmM+PKVGxK1MwMaJEV4htl+23sPr6tlOQ//Bd2U3/85JEj+n2FSo
22fCJRmGg2BWq5qT3fViSd8o/MoqZMFvs0a8EK6j3yLG81PJTDHjJvhUwtxMWBsE
XGxLykr5diFLtfs6qRr2hqFFiHy9p9z1YRQI8BHSFWfvCojXOsiVF93hp/vdFTCc
ZiSyTmZ0/yssG9DA1Xf1Y7LOA4q2ZqKkPiGDmh4wwzvTV3bh1eJPezDbRJcYkqqy
85zTSa4wwC3wwVv6kem/WFnRO1yW9rQdug==
-----END CERTIFICATE-----
Generated at Wed May 14 18:33:56 2025 by rpki-client