Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
File: C7DDC774650E11EFAECF9A74C4F9AE02.roa (raw, json)
Hash identifier: SuL6ohTNV9508xhebI+kWAg++AibiFvtkfgKoX+Ilt8=
Subject key identifier: CD:6F:F9:D5:37:84:3C:9C:B9:8C:28:82:C6:24:2E:C7:29:F6:16:E5
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B1B9
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
Signing time: Thu 08 May 2025 15:58:20 +0000
ROA not before: Thu 08 May 2025 15:58:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 133275
IP address blocks: 43.228.220.0/22 maxlen: 24
43.248.236.0/22 maxlen: 24
43.249.52.0/22 maxlen: 24
45.115.4.0/22 maxlen: 24
45.119.136.0/22 maxlen: 24
45.119.140.0/22 maxlen: 24
45.125.60.0/22 maxlen: 24
103.13.104.0/22 maxlen: 24
103.36.124.0/22 maxlen: 24
103.46.192.0/23 maxlen: 24
103.46.194.0/23 maxlen: 24
103.47.168.0/22 maxlen: 24
103.47.236.0/22 maxlen: 24
103.59.192.0/22 maxlen: 24
103.59.196.0/22 maxlen: 24
103.73.92.0/22 maxlen: 24
103.86.40.0/22 maxlen: 24
103.95.120.0/22 maxlen: 24
103.124.12.0/22 maxlen: 24
103.173.201.0/24 maxlen: 24
103.176.162.0/23 maxlen: 24
103.193.196.0/22 maxlen: 24
103.196.52.0/22 maxlen: 24
103.197.116.0/22 maxlen: 24
103.206.248.0/22 maxlen: 24
103.208.200.0/22 maxlen: 24
103.215.248.0/22 maxlen: 24
103.216.88.0/22 maxlen: 24
103.243.4.0/24 maxlen: 24
103.248.116.0/22 maxlen: 24
116.204.188.0/22 maxlen: 24
137.59.240.0/22 maxlen: 24
157.119.124.0/22 maxlen: 24
157.119.216.0/24 maxlen: 24
157.119.217.0/24 maxlen: 24
157.119.218.0/24 maxlen: 24
157.119.219.0/24 maxlen: 24
175.111.132.0/22 maxlen: 24
210.16.80.0/22 maxlen: 24
220.158.160.0/22 maxlen: 24
2404:4340::/32 maxlen: 32
2404:4340::/33 maxlen: 33
2404:4340::/48 maxlen: 48
2404:4340:1::/48 maxlen: 48
2404:4340:2::/48 maxlen: 48
2404:4340:3::/48 maxlen: 48
2404:4340:4::/48 maxlen: 48
2404:4340:5::/48 maxlen: 48
2404:4340:6::/48 maxlen: 48
2404:4340:7::/48 maxlen: 48
2404:4340:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:54:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 45497 (0xb1b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 15:58:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd49c-6fb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:e2:85:68:83:60:60:2f:dc:34:14:97:99:61:
73:70:8c:c0:81:ae:21:5c:62:f4:81:ac:40:75:66:
ef:3f:6b:4f:b3:4b:2b:fe:9a:8d:b7:be:74:d8:9f:
ec:60:48:5e:78:27:13:02:61:4f:18:a1:e7:b8:c5:
a7:a1:3b:63:a6:28:de:c6:48:ed:a5:22:39:59:9f:
83:f6:03:70:73:3b:b1:53:86:45:f7:04:c9:8f:f8:
ef:53:97:7e:65:95:10:4b:29:d2:a6:f6:db:0d:e2:
42:db:ea:fd:f0:c5:91:bd:e6:c6:14:20:60:0e:55:
c1:d1:f6:55:ca:12:d1:84:eb:01:45:a1:91:24:00:
02:d7:0a:ce:7c:e9:c6:8d:91:8e:79:b2:50:db:2c:
19:f6:91:e0:d7:41:52:eb:c7:db:d2:2e:67:65:b0:
2e:69:b1:c9:c9:d3:3b:3e:9d:5d:00:e0:e4:5b:35:
2e:a9:b9:8c:4f:50:07:f5:28:4d:a5:45:f8:7a:07:
c8:31:ae:11:41:94:23:42:b8:58:98:6f:d6:61:af:
36:7d:10:3c:76:0e:3d:1b:69:2a:17:24:1c:82:e3:
bc:6c:0b:90:b0:7e:a5:8f:42:f8:0b:ec:18:5d:b0:
5a:5c:20:e1:54:bf:84:e2:67:95:c4:4d:ef:19:64:
75:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:6F:F9:D5:37:84:3C:9C:B9:8C:28:82:C6:24:2E:C7:29:F6:16:E5
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.220.0/22
43.248.236.0/22
43.249.52.0/22
45.115.4.0/22
45.119.136.0/21
45.125.60.0/22
103.13.104.0/22
103.36.124.0/22
103.46.192.0/22
103.47.168.0/22
103.47.236.0/22
103.59.192.0/21
103.73.92.0/22
103.86.40.0/22
103.95.120.0/22
103.124.12.0/22
103.173.201.0/24
103.176.162.0/23
103.193.196.0/22
103.196.52.0/22
103.197.116.0/22
103.206.248.0/22
103.208.200.0/22
103.215.248.0/22
103.216.88.0/22
103.243.4.0/24
103.248.116.0/22
116.204.188.0/22
137.59.240.0/22
157.119.124.0/22
157.119.216.0/22
175.111.132.0/22
210.16.80.0/22
220.158.160.0/22
IPv6:
2404:4340::/32
Signature Algorithm: sha256WithRSAEncryption
63:0a:e6:90:d1:da:b5:6b:2a:dc:99:35:e2:52:77:dc:69:79:
dc:fe:82:79:0f:37:a9:16:30:e4:1b:9f:99:aa:cd:b1:3e:38:
ed:a8:c9:a9:e3:75:7c:c4:ce:7e:0d:dc:9f:ad:aa:bb:b7:ab:
78:fb:44:86:fa:15:a3:94:5c:6e:40:ef:db:3d:b9:13:92:50:
58:64:10:7e:bd:ad:0c:cb:4a:86:0a:34:f7:e4:bc:96:e2:a7:
cb:e8:06:ee:fc:b7:04:e6:83:62:60:b7:a9:dd:42:f9:34:bf:
e9:05:43:c3:17:55:6d:76:4b:ea:02:89:7c:af:28:98:0f:c4:
91:a5:36:aa:c6:8d:cf:f3:e1:a2:e4:39:71:69:02:42:d5:70:
06:11:2d:ca:b7:56:bb:5d:55:ec:3e:fc:e6:56:1c:23:88:52:
98:1a:ee:e3:9c:eb:11:a2:6b:32:a2:df:59:64:5a:5a:d3:06:
48:85:3a:d4:e8:3e:e1:7f:29:a3:6c:26:1b:32:a5:7e:89:14:
0b:75:fd:c1:8d:08:e0:41:3a:a2:c8:27:4d:81:a3:57:52:13:
db:d7:12:8e:f9:41:d3:25:28:5d:7a:eb:61:be:3e:75:60:63:
06:fd:75:62:a9:f0:e0:80:36:ed:ee:6a:19:b9:4b:b5:1e:a9:
90:40:ff:6c
-----BEGIN CERTIFICATE-----
MIIGTDCCBTSgAwIBAgIDALG5MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE1NTgyMFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q0OWMtNmZiNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPjihWiDYGAv3DQUl5lhc3CMwIGuIVxi9IGsQHVm7z9rT7NLK/6ajbe+dNif
7GBIXngnEwJhTxih57jFp6E7Y6Yo3sZI7aUiOVmfg/YDcHM7sVOGRfcEyY/471OX
fmWVEEsp0qb22w3iQtvq/fDFkb3mxhQgYA5VwdH2VcoS0YTrAUWhkSQAAtcKznzp
xo2RjnmyUNssGfaR4NdBUuvH29IuZ2WwLmmxycnTOz6dXQDg5Fs1Lqm5jE9QB/Uo
TaVF+HoHyDGuEUGUI0K4WJhv1mGvNn0QPHYOPRtpKhckHILjvGwLkLB+pY9C+Avs
GF2wWlwg4VS/hOJnlcRN7xlkdbkCAwEAAaOCA28wggNrMB0GA1UdDgQWBBTNb/nV
N4Q8nLmMKILGJC7HKfYW5TAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0M3RERDNzc0
NjUwRTExRUZBRUNGOUE3NEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIH4BggrBgEFBQcBBwEB
/wSB6DCB5TCB0wQCAAEwgcwDBAIr5NwDBAIr+OwDBAIr+TQDBAItcwQDBAMtd4gD
BAItfTwDBAJnDWgDBAJnJHwDBAJnLsADBAJnL6gDBAJnL+wDBANnO8ADBAJnSVwD
BAJnVigDBAJnX3gDBAJnfAwDBABnrckDBAFnsKIDBAJnwcQDBAJnxDQDBAJnxXQD
BAJnzvgDBAJn0MgDBAJn1/gDBAJn2FgDBABn8wQDBAJn+HQDBAJ0zLwDBAKJO/AD
BAKdd3wDBAKdd9gDBAKvb4QDBALSEFADBALcnqAwDQQCAAIwBwMFACQEQ0AwDQYJ
KoZIhvcNAQELBQADggEBAGMK5pDR2rVrKtyZNeJSd9xpedz+gnkPN6kWMOQbn5mq
zbE+OO2oyanjdXzEzn4N3J+tqru3q3j7RIb6FaOUXG5A79s9uROSUFhkEH69rQzL
SoYKNPfkvJbip8voBu78twTmg2Jgt6ndQvk0v+kFQ8MXVW12S+oCiXyvKJgPxJGl
NqrGjc/z4aLkOXFpAkLVcAYRLcq3VrtdVew+/OZWHCOIUpga7uOc6xGiazKi31lk
WlrTBkiFOtToPuF/KaNsJhsypX6JFAt1/cGNCOBBOqLIJ02Bo1dSE9vXEo75QdMl
KF1662G+PnVgYwb9dWKp8OCANu3uahm5S7UeqZBA/2w=
-----END CERTIFICATE-----
Generated at Tue May 13 00:09:21 2025 by rpki-client