Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B425D8782CC011F08B53AF5CC4F9AE02.roa
File: B425D8782CC011F08B53AF5CC4F9AE02.roa (raw, json)
Hash identifier: 5jcPPG0TMGN+NppggCDcWeKrsyJMWaj1rsr0o3gzRLY=
Subject key identifier: 38:5F:3F:E3:BD:A3:D3:D3:25:43:88:DC:48:33:C8:3B:AE:54:01:26
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BA94
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B425D8782CC011F08B53AF5CC4F9AE02.roa
Signing time: Fri 09 May 2025 10:31:02 +0000
ROA not before: Fri 09 May 2025 10:31:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 133001
IP address blocks: 43.225.160.0/22 maxlen: 24
43.251.216.0/22 maxlen: 24
45.117.220.0/22 maxlen: 24
45.119.44.0/22 maxlen: 22
45.119.44.0/24 maxlen: 24
45.119.45.0/24 maxlen: 24
45.119.46.0/24 maxlen: 24
45.119.47.0/24 maxlen: 24
103.38.36.0/22 maxlen: 24
103.42.166.0/23 maxlen: 24
103.51.132.0/24 maxlen: 24
103.51.133.0/24 maxlen: 24
103.51.134.0/24 maxlen: 24
103.51.135.0/24 maxlen: 24
103.54.76.0/24 maxlen: 24
103.54.77.0/24 maxlen: 24
103.56.227.0/24 maxlen: 24
103.110.102.0/24 maxlen: 24
103.114.0.0/22 maxlen: 23
103.114.2.0/23 maxlen: 24
103.116.147.0/24 maxlen: 24
103.116.238.0/24 maxlen: 24
103.116.239.0/24 maxlen: 24
103.140.26.0/24 maxlen: 24
103.140.27.0/24 maxlen: 24
103.165.68.0/24 maxlen: 24
103.165.69.0/24 maxlen: 24
103.176.74.0/23 maxlen: 24
103.176.211.0/24 maxlen: 24
103.196.76.0/22 maxlen: 24
103.200.74.0/23 maxlen: 23
103.201.148.0/22 maxlen: 24
111.125.225.0/24 maxlen: 24
183.87.251.0/24 maxlen: 24
183.87.252.0/22 maxlen: 24
202.94.160.0/22 maxlen: 24
2401:b240::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:54:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 47764 (0xba94)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 9 10:31:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681dd965-aae9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:fb:5f:6f:5f:8d:1f:af:9f:5a:d6:5c:48:4e:
16:cb:c9:45:70:0b:9f:89:33:9a:2e:55:ea:59:70:
a5:0a:2d:85:b8:98:65:32:41:1c:9c:95:56:15:06:
19:20:66:4c:a9:00:39:0b:38:96:26:95:26:fd:0a:
2f:db:68:82:d9:d6:78:06:8a:a7:dd:70:87:73:f1:
d5:b4:33:e5:14:17:ba:20:7d:58:cc:58:5f:02:36:
a7:b9:9f:ee:4c:ee:f8:37:6a:08:f2:b6:32:22:bc:
d1:0e:cc:43:8a:4c:c5:2a:cd:07:6a:00:a9:dc:65:
67:ed:e7:c9:6b:53:c5:3d:21:90:24:b8:0a:5a:ee:
c1:5a:b2:d0:ce:ff:ea:c4:63:0b:25:6b:43:b5:ef:
d2:80:92:ee:f8:1e:c6:19:15:7f:71:04:b7:53:28:
e2:9b:e8:74:0f:68:65:b4:80:de:31:52:ac:20:9c:
f1:20:97:ad:3b:5e:b7:37:2c:d0:c2:94:10:56:61:
7f:4c:53:37:93:56:b1:34:1a:9e:97:7b:62:a3:97:
63:b8:36:e6:b3:f0:61:dd:86:01:6e:15:96:c6:e5:
a5:c3:9d:17:6d:08:ec:15:a0:c2:d0:ce:e7:2b:3c:
e0:2c:6f:19:4b:8a:60:71:63:4b:f6:b1:e3:fd:19:
b5:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:5F:3F:E3:BD:A3:D3:D3:25:43:88:DC:48:33:C8:3B:AE:54:01:26
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B425D8782CC011F08B53AF5CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.160.0/22
43.251.216.0/22
45.117.220.0/22
45.119.44.0/22
103.38.36.0/22
103.42.166.0/23
103.51.132.0/22
103.54.76.0/23
103.56.227.0/24
103.110.102.0/24
103.114.0.0/22
103.116.147.0/24
103.116.238.0/23
103.140.26.0/23
103.165.68.0/23
103.176.74.0/23
103.176.211.0/24
103.196.76.0/22
103.200.74.0/23
103.201.148.0/22
111.125.225.0/24
183.87.251.0-183.87.255.255
202.94.160.0/22
IPv6:
2401:b240::/32
Signature Algorithm: sha256WithRSAEncryption
48:9a:a8:71:25:60:be:d9:bd:36:26:6c:73:8f:84:cd:eb:c2:
64:fb:97:77:a8:ca:99:60:71:c7:86:6a:ac:15:c8:19:68:63:
24:0a:f5:4f:eb:1f:ee:e3:f2:2a:5f:77:21:55:a4:74:dc:f8:
33:d6:61:91:ea:59:84:e7:0b:00:fc:b6:34:4f:b2:43:b3:28:
bd:b9:2d:69:26:0e:af:50:88:fe:85:e8:3b:c0:7a:61:11:89:
a5:1c:fc:a6:d1:76:d1:f1:5a:ba:08:3f:2e:44:91:c9:25:4d:
b9:df:4f:03:6f:45:fa:05:12:ba:7c:88:dc:37:e3:1d:7b:62:
51:cb:87:c6:3c:4e:0a:f3:78:2e:8c:7d:3f:1d:f1:c2:93:d6:
c9:a2:03:d1:c5:be:d8:45:c9:77:94:4d:4a:33:28:42:73:e7:
76:df:8c:51:9a:b1:0d:b7:44:3a:b2:0f:40:65:c0:99:40:2f:
7c:e3:56:36:0b:b3:f7:2c:63:c7:69:4a:59:77:f0:4d:57:6c:
07:16:60:ff:7c:e8:45:e7:4c:6f:f1:25:0c:c3:92:e1:5b:3f:
56:50:dc:a0:56:bf:cf:95:ed:48:3f:9f:62:7b:d2:fd:6e:ba:
6d:f9:ff:b2:7a:8e:73:ed:9b:51:2f:d4:12:bd:0f:cc:0d:8d:
9f:4e:4f:4f
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgIDALqUMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwOTEwMzEwMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxZGQ5NjUtYWFlOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPj7X29fjR+vn1rWXEhOFsvJRXALn4kzmi5V6llwpQothbiYZTJBHJyVVhUG
GSBmTKkAOQs4liaVJv0KL9togtnWeAaKp91wh3Px1bQz5RQXuiB9WMxYXwI2p7mf
7kzu+DdqCPK2MiK80Q7MQ4pMxSrNB2oAqdxlZ+3nyWtTxT0hkCS4ClruwVqy0M7/
6sRjCyVrQ7Xv0oCS7vgexhkVf3EEt1Mo4pvodA9oZbSA3jFSrCCc8SCXrTtetzcs
0MKUEFZhf0xTN5NWsTQanpd7YqOXY7g25rPwYd2GAW4VlsblpcOdF20I7BWgwtDO
5ys84CxvGUuKYHFjS/ax4/0ZtWMCAwEAAaOCAzQwggMwMB0GA1UdDgQWBBQ4Xz/j
vaPT0yVDiNxIM8g7rlQBJjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I0MjVEODc4
MkNDMDExRjA4QjUzQUY1Q0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIG9BggrBgEFBQcBBwEB
/wSBrTCBqjCBmAQCAAEwgZEDBAIr4aADBAIr+9gDBAItddwDBAItdywDBAJnJiQD
BAFnKqYDBAJnM4QDBAFnNkwDBABnOOMDBABnbmYDBAJncgADBABndJMDBAFndO4D
BAFnjBoDBAFnpUQDBAFnsEoDBABnsNMDBAJnxEwDBAFnyEoDBAJnyZQDBABvfeEw
CwMEALdX+wMDA7dQAwQCyl6gMA0EAgACMAcDBQAkAbJAMA0GCSqGSIb3DQEBCwUA
A4IBAQBImqhxJWC+2b02Jmxzj4TN68Jk+5d3qMqZYHHHhmqsFcgZaGMkCvVP6x/u
4/IqX3chVaR03Pgz1mGR6lmE5wsA/LY0T7JDsyi9uS1pJg6vUIj+heg7wHphEYml
HPym0XbR8Vq6CD8uRJHJJU25308Db0X6BRK6fIjcN+Mde2JRy4fGPE4K83gujH0/
HfHCk9bJogPRxb7YRcl3lE1KMyhCc+d234xRmrENt0Q6sg9AZcCZQC9841Y2C7P3
LGPHaUpZd/BNV2wHFmD/fOhF50xv8SUMw5LhWz9WUNygVr/Ple1IP59ie9L9brpt
+f+yeo5z7ZtRL9QSvQ/MDY2fTk9P
-----END CERTIFICATE-----
Generated at Tue May 13 01:07:20 2025 by rpki-client