Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E40743E6FAAC11EBAB4C5D16C4F9AE02.roa
File: E40743E6FAAC11EBAB4C5D16C4F9AE02.roa (raw, json)
Hash identifier: 9jvQ5p7bbMNE5tpf9mUefR880WPzatg2E67nSLIXi4o=
Subject key identifier: DF:74:20:10:0B:2F:3E:74:B8:48:EB:F4:EF:B5:06:C4:50:BA:28:B1
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BA2E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E40743E6FAAC11EBAB4C5D16C4F9AE02.roa
Signing time: Thu 08 May 2025 16:31:21 +0000
ROA not before: Thu 08 May 2025 16:31:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 55341
IP address blocks: 43.248.72.0/22 maxlen: 24
45.116.148.0/22 maxlen: 22
45.116.148.0/24 maxlen: 24
45.116.149.0/24 maxlen: 24
45.116.150.0/24 maxlen: 24
45.116.151.0/24 maxlen: 24
103.56.196.0/22 maxlen: 22
103.56.196.0/24 maxlen: 24
103.56.197.0/24 maxlen: 24
103.56.198.0/24 maxlen: 24
103.56.199.0/24 maxlen: 24
103.73.212.0/24 maxlen: 24
103.73.213.0/24 maxlen: 24
103.73.214.0/24 maxlen: 24
103.73.215.0/24 maxlen: 24
103.171.80.0/23 maxlen: 24
103.171.196.0/23 maxlen: 24
103.229.24.0/22 maxlen: 22
103.229.24.0/24 maxlen: 24
103.229.25.0/24 maxlen: 24
103.229.26.0/24 maxlen: 24
103.229.27.0/24 maxlen: 24
183.177.124.0/24 maxlen: 24
183.177.125.0/24 maxlen: 24
183.177.126.0/24 maxlen: 24
183.177.127.0/24 maxlen: 24
2001:df1:73c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:54:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 47662 (0xba2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:31:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cdc58-e820
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:a5:01:c4:6a:a7:69:3d:dc:62:f4:a2:e2:96:
7f:85:9c:dc:cd:69:1f:fe:47:7d:fd:90:f3:a7:fe:
76:cb:8c:d4:0a:3d:e2:cd:2c:78:2f:ca:19:5f:0b:
f4:14:e8:92:da:88:ab:fc:7c:09:cb:33:86:20:c1:
32:07:38:33:73:50:65:6e:64:52:fa:f7:06:43:7e:
2b:75:96:bd:65:e9:9b:98:c2:00:01:a8:ac:30:2e:
6a:72:24:35:84:af:4d:08:d8:36:56:6e:99:83:80:
85:fd:ec:c6:e9:79:90:d1:fb:0f:28:16:8d:b3:25:
68:34:30:59:1c:65:79:16:fb:85:f4:47:f9:c3:00:
41:da:1c:eb:62:cd:0f:8a:56:47:2c:78:39:2d:a8:
99:d1:6e:1a:a0:54:90:c9:72:6e:86:66:57:2c:6c:
32:3a:d3:95:da:70:9f:5e:3d:7c:e0:b3:6f:6a:f2:
61:73:9b:3f:37:08:1e:bc:bb:fa:c1:9d:11:33:9c:
9d:5f:ff:02:65:14:5d:22:09:9d:2e:60:ce:f7:4d:
cf:a3:5f:d9:e3:eb:69:ad:ea:2b:7d:06:04:d7:c4:
11:f9:3d:6a:da:72:1f:8e:ff:4e:f1:fb:38:ff:bb:
70:4d:86:e5:c0:01:0d:4a:84:ea:90:68:52:7c:b3:
c6:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:74:20:10:0B:2F:3E:74:B8:48:EB:F4:EF:B5:06:C4:50:BA:28:B1
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E40743E6FAAC11EBAB4C5D16C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.72.0/22
45.116.148.0/22
103.56.196.0/22
103.73.212.0/22
103.171.80.0/23
103.171.196.0/23
103.229.24.0/22
183.177.124.0/22
IPv6:
2001:df1:73c0::/48
Signature Algorithm: sha256WithRSAEncryption
36:55:91:e5:03:6d:77:b4:0c:9e:9a:7d:6e:c9:60:36:84:12:
75:5c:45:4b:c9:1a:8e:3f:c8:7f:6c:e3:79:08:22:07:29:ee:
5c:04:dd:ad:a6:47:63:a0:3b:5d:31:f0:3b:2f:cd:4c:2c:fd:
33:55:d0:a2:b5:b9:e1:f9:cd:82:25:6c:3e:18:a4:fe:1e:59:
d4:e8:fc:df:6b:cc:09:00:c3:eb:62:98:8e:ff:3d:66:91:b2:
e9:11:a3:c9:fa:1a:ec:47:be:8c:ad:2d:40:7d:9e:9c:81:69:
1e:e0:b0:fe:13:ce:3d:8f:4a:11:33:36:bb:5a:ee:d0:7e:6f:
39:14:91:2e:6d:c4:34:27:5d:d4:5c:22:12:40:58:9a:63:b3:
8d:49:1f:6e:ec:58:b1:32:de:cf:2c:1a:8f:2f:59:94:aa:47:
dd:86:c3:aa:12:63:f2:06:b4:d2:bf:2d:8f:19:36:4a:ee:f7:
7c:83:af:32:84:d1:be:14:3f:79:38:48:7f:db:07:01:07:36:
87:5b:f3:36:1b:a2:26:9d:2b:f1:e7:b0:0c:d1:55:fa:51:75:
db:e3:cb:85:5a:c2:d4:32:64:dc:4a:21:42:ab:c3:c3:0f:81:
dc:58:6d:4b:b4:01:4d:68:e3:52:23:b1:93:56:34:bc:02:81:
0f:5f:8d:29
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgIDALouMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MzEyMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2RjNTgtZTgyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWlAcRqp2k93GL0ouKWf4Wc3M1pH/5Hff2Q86f+dsuM1Ao94s0seC/KGV8L
9BToktqIq/x8CcszhiDBMgc4M3NQZW5kUvr3BkN+K3WWvWXpm5jCAAGorDAuanIk
NYSvTQjYNlZumYOAhf3sxul5kNH7DygWjbMlaDQwWRxleRb7hfRH+cMAQdoc62LN
D4pWRyx4OS2omdFuGqBUkMlyboZmVyxsMjrTldpwn149fOCzb2ryYXObPzcIHry7
+sGdETOcnV//AmUUXSIJnS5gzvdNz6Nf2ePraa3qK30GBNfEEfk9atpyH47/TvH7
OP+7cE2G5cABDUqE6pBoUnyzxoUCAwEAAaOCAtAwggLMMB0GA1UdDgQWBBTfdCAQ
Cy8+dLhI6/TvtQbEULoosTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0U0MDc0M0U2
RkFBQzExRUJBQjRDNUQxNkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMFoGCCsGAQUFBwEHAQH/
BEswSTA2BAIAATAwAwQCK/hIAwQCLXSUAwQCZzjEAwQCZ0nUAwQBZ6tQAwQBZ6vE
AwQCZ+UYAwQCt7F8MA8EAgACMAkDBwAgAQ3xc8AwDQYJKoZIhvcNAQELBQADggEB
ADZVkeUDbXe0DJ6afW7JYDaEEnVcRUvJGo4/yH9s43kIIgcp7lwE3a2mR2OgO10x
8DsvzUws/TNV0KK1ueH5zYIlbD4YpP4eWdTo/N9rzAkAw+timI7/PWaRsukRo8n6
GuxHvoytLUB9npyBaR7gsP4Tzj2PShEzNrta7tB+bzkUkS5txDQnXdRcIhJAWJpj
s41JH27sWLEy3s8sGo8vWZSqR92Gw6oSY/IGtNK/LY8ZNkru93yDrzKE0b4UP3k4
SH/bBwEHNodb8zYboiadK/HnsAzRVfpRddvjy4VawtQyZNxKIUKrw8MPgdxYbUu0
AU1o41IjsZNWNLwCgQ9fjSk=
-----END CERTIFICATE-----
Generated at Tue May 13 01:36:20 2025 by rpki-client