Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DD42B126B75C11EDB5BD8751C4F9AE02.roa
File: DD42B126B75C11EDB5BD8751C4F9AE02.roa (raw, json)
Hash identifier: 2Imn4Frdg+OqRt9cvqgORciJink3Tf9WN/kFqmZV+zw=
Subject key identifier: B2:DF:2E:71:8C:6E:EF:1E:03:B9:11:6E:87:67:E9:E3:D6:4C:60:1D
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B3FE
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DD42B126B75C11EDB5BD8751C4F9AE02.roa
Signing time: Thu 08 May 2025 16:07:22 +0000
ROA not before: Thu 08 May 2025 16:07:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136377
IP address blocks: 103.99.12.0/22 maxlen: 24
103.144.118.0/24 maxlen: 24
103.144.119.0/24 maxlen: 24
2405:27c0::/32 maxlen: 32
2405:27c0::/48 maxlen: 48
2405:27c0:1::/48 maxlen: 48
2405:27c0:2::/48 maxlen: 48
2405:27c0:3::/48 maxlen: 48
2405:27c0:4::/48 maxlen: 48
2405:27c0:5::/48 maxlen: 48
2405:27c0:6::/48 maxlen: 48
2405:27c0:7::/48 maxlen: 48
2405:27c0:8::/48 maxlen: 48
2405:27c0:9::/48 maxlen: 48
2405:27c0:a::/48 maxlen: 48
2405:27c0:b::/48 maxlen: 48
2405:27c0:c::/48 maxlen: 48
2405:27c0:d::/48 maxlen: 48
2405:27c0:e::/48 maxlen: 48
2405:27c0:f::/48 maxlen: 48
2405:27c0:10::/48 maxlen: 48
2405:27c0:11::/48 maxlen: 48
2405:27c0:12::/48 maxlen: 48
2405:27c0:13::/48 maxlen: 48
2405:27c0:14::/48 maxlen: 48
2405:27c0:15::/48 maxlen: 48
2405:27c0:16::/48 maxlen: 48
2405:27c0:17::/48 maxlen: 48
2405:27c0:18::/48 maxlen: 48
2405:27c0:19::/48 maxlen: 48
2405:27c0:1a::/48 maxlen: 48
2405:27c0:1b::/48 maxlen: 48
2405:27c0:1c::/48 maxlen: 48
2405:27c0:1d::/48 maxlen: 48
2405:27c0:1e::/48 maxlen: 48
2405:27c0:1f::/48 maxlen: 48
2405:27c0:20::/48 maxlen: 48
2405:27c0:21::/48 maxlen: 48
2405:27c0:22::/48 maxlen: 48
2405:27c0:23::/48 maxlen: 48
2405:27c0:24::/48 maxlen: 48
2405:27c0:25::/48 maxlen: 48
2405:27c0:26::/48 maxlen: 48
2405:27c0:27::/48 maxlen: 48
2405:27c0:28::/48 maxlen: 48
2405:27c0:29::/48 maxlen: 48
2405:27c0:2a::/48 maxlen: 48
2405:27c0:2b::/48 maxlen: 48
2405:27c0:2c::/48 maxlen: 48
2405:27c0:2d::/48 maxlen: 48
2405:27c0:2e::/48 maxlen: 48
2405:27c0:2f::/48 maxlen: 48
2405:27c0:30::/48 maxlen: 48
2405:27c0:31::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:54:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46078 (0xb3fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:07:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd6ba-c59b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:d7:2b:d1:0c:1c:90:ef:ab:0e:6e:87:fa:66:
b2:f9:a1:4f:31:f7:27:a6:9e:3e:45:65:31:39:24:
77:a2:4d:84:50:35:0f:7e:ce:e9:b0:08:c0:89:e7:
63:c3:2f:58:ff:79:1c:32:e1:5c:50:7d:f9:13:ce:
75:16:7d:ff:86:63:00:e8:9c:fd:6f:1d:4d:73:f2:
ed:9d:fc:92:28:ff:d5:4c:aa:b7:dc:3f:0b:70:a3:
5c:6b:53:01:9e:a8:79:07:6f:bf:12:73:b0:7e:61:
5b:a0:1f:6e:08:e5:40:0a:55:50:9b:b4:df:d7:7d:
9c:5b:d6:82:7d:00:5f:16:3b:50:05:84:21:fc:ce:
92:e6:e1:69:ff:0a:0d:d8:82:ed:82:eb:a8:c2:1e:
c1:c4:7c:12:1b:f4:98:54:e9:3b:ac:11:b9:8f:02:
5d:fa:49:70:79:c7:d4:0b:31:23:d0:56:84:59:dd:
34:39:57:72:1a:4c:8f:54:80:70:9c:56:79:4d:98:
8c:a0:93:a2:6c:ae:bc:0e:2c:d7:37:6f:6e:41:3d:
b9:8c:f9:8e:4f:7a:4e:25:b7:fa:45:33:b4:58:ee:
32:6f:06:cb:27:8b:1a:ce:f2:41:db:df:7b:00:78:
32:bf:8a:b8:f0:9d:f5:69:c5:96:ce:a5:25:71:25:
c8:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:DF:2E:71:8C:6E:EF:1E:03:B9:11:6E:87:67:E9:E3:D6:4C:60:1D
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DD42B126B75C11EDB5BD8751C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.99.12.0/22
103.144.118.0/23
IPv6:
2405:27c0::/32
Signature Algorithm: sha256WithRSAEncryption
0b:da:5e:f3:b7:10:08:0c:45:ff:9c:38:90:d8:02:18:ff:f6:
e2:23:d4:ea:d7:93:20:ce:7c:7e:36:c9:f8:da:69:ef:6d:2c:
d8:73:48:1c:60:69:70:a1:4f:b0:e0:6f:a4:f2:ab:6c:3c:45:
e0:fe:a1:27:d9:0d:56:f0:a3:e2:b7:f9:2b:b2:ee:71:81:e7:
48:10:fb:17:29:6f:cf:7e:95:1d:8e:82:fa:98:85:f7:ad:cc:
f7:06:9b:93:a6:a3:8b:8a:ca:27:ea:64:be:76:91:9b:6b:b9:
53:90:6d:cc:35:bf:26:b1:34:e0:9c:f4:45:7c:d5:5e:64:01:
f1:b0:9e:83:e1:60:01:dd:88:84:e2:ae:e2:ef:0b:e7:fd:da:
50:75:90:e9:aa:29:92:3c:14:c3:17:24:46:f6:b9:c5:7d:2a:
de:f8:a1:36:2e:89:46:18:cf:c5:ea:f9:6e:a8:46:d4:ad:50:
8c:ec:01:3f:68:c7:6c:3e:18:7d:22:a2:20:35:a2:b6:0a:dd:
f4:ab:1e:2a:fc:8a:ea:76:18:97:46:10:db:86:e2:91:b9:72:
62:da:da:1f:4c:6e:25:cc:fd:7b:e4:27:cd:88:cc:48:f4:17:
65:b6:d0:4f:79:55:34:58:81:1b:fd:9e:03:84:d6:2b:aa:f5:
06:ba:59:7c
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIDALP+MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MDcyMloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q2YmEtYzU5YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXXK9EMHJDvqw5uh/pmsvmhTzH3J6aePkVlMTkkd6JNhFA1D37O6bAIwInn
Y8MvWP95HDLhXFB9+RPOdRZ9/4ZjAOic/W8dTXPy7Z38kij/1Uyqt9w/C3CjXGtT
AZ6oeQdvvxJzsH5hW6AfbgjlQApVUJu039d9nFvWgn0AXxY7UAWEIfzOkubhaf8K
DdiC7YLrqMIewcR8Ehv0mFTpO6wRuY8CXfpJcHnH1AsxI9BWhFndNDlXchpMj1SA
cJxWeU2YjKCTomyuvA4s1zdvbkE9uYz5jk96TiW3+kUztFjuMm8GyyeLGs7yQdvf
ewB4Mr+KuPCd9WnFls6lJXElyIUCAwEAAaOCAqowggKmMB0GA1UdDgQWBBSy3y5x
jG7vHgO5EW6HZ+nj1kxgHTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0RENDJCMTI2
Qjc1QzExRURCNUJEODc1MUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDQGCCsGAQUFBwEHAQH/
BCUwIzASBAIAATAMAwQCZ2MMAwQBZ5B2MA0EAgACMAcDBQAkBSfAMA0GCSqGSIb3
DQEBCwUAA4IBAQAL2l7ztxAIDEX/nDiQ2AIY//biI9Tq15Mgznx+Nsn42mnvbSzY
c0gcYGlwoU+w4G+k8qtsPEXg/qEn2Q1W8KPit/krsu5xgedIEPsXKW/PfpUdjoL6
mIX3rcz3BpuTpqOLison6mS+dpGba7lTkG3MNb8msTTgnPRFfNVeZAHxsJ6D4WAB
3YiE4q7i7wvn/dpQdZDpqimSPBTDFyRG9rnFfSre+KE2LolGGM/F6vluqEbUrVCM
7AE/aMdsPhh9IqIgNaK2Ct30qx4q/IrqdhiXRhDbhuKRuXJi2tofTG4lzP175CfN
iMxI9BdlttBPeVU0WIEb/Z4DhNYrqvUGull8
-----END CERTIFICATE-----
Generated at Tue May 13 01:23:47 2025 by rpki-client