Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F6973CAC265711F08B890022C4F9AE02.roa
File: F6973CAC265711F08B890022C4F9AE02.roa (raw, json)
Hash identifier: KE0NcIJe/HsbeRMrn7igNN001HF0F0yMNlsgCqruTr0=
Subject key identifier: 9B:74:78:E9:FC:10:E9:B6:64:CE:0F:95:1D:55:D5:86:DD:1F:9F:7B
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B3AB
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F6973CAC265711F08B890022C4F9AE02.roa
Signing time: Thu 08 May 2025 16:06:02 +0000
ROA not before: Thu 08 May 2025 16:06:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 135872
IP address blocks: 45.251.68.0/22 maxlen: 24
103.59.88.0/24 maxlen: 24
103.60.219.0/24 maxlen: 24
103.135.228.0/23 maxlen: 24
103.151.156.0/23 maxlen: 24
103.165.114.0/23 maxlen: 24
103.171.246.0/23 maxlen: 24
103.175.62.0/23 maxlen: 24
103.175.139.0/24 maxlen: 24
103.175.168.0/23 maxlen: 24
103.177.156.0/23 maxlen: 24
103.179.16.0/23 maxlen: 24
103.186.36.0/23 maxlen: 24
103.188.162.0/23 maxlen: 24
103.205.163.0/24 maxlen: 24
103.211.20.0/22 maxlen: 24
103.211.132.0/22 maxlen: 24
103.234.93.0/24 maxlen: 24
139.5.140.0/24 maxlen: 24
139.5.141.0/24 maxlen: 24
139.5.142.0/24 maxlen: 24
139.5.143.0/24 maxlen: 24
146.196.44.0/22 maxlen: 24
160.238.92.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:54:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 45995 (0xb3ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:06:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd66a-1050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:95:62:6f:f1:5e:ca:3e:c4:33:57:ef:38:71:
21:74:61:ee:57:54:3b:3e:58:14:55:53:ae:07:dd:
4e:74:c3:57:b9:cf:29:bf:c4:8d:78:7b:25:9e:a1:
c8:ae:17:8a:a6:94:39:39:cf:e9:88:d5:44:f3:66:
41:34:5f:99:bc:36:a0:26:d2:e1:48:8a:9d:f6:4e:
47:ae:f6:af:05:ca:cc:44:e0:56:0f:66:95:9d:d7:
23:bf:70:68:33:64:4c:5a:c0:c6:24:50:78:d9:61:
8c:bb:0b:10:42:68:e9:83:b0:40:1c:ca:4a:ae:85:
bd:3c:a4:7b:51:f4:f2:13:e9:2e:d5:95:70:7f:18:
f1:29:eb:3c:f5:0a:fe:cc:74:cc:03:fb:1d:f6:b5:
49:dd:f9:9c:bc:0a:dc:7e:7b:64:ed:7c:c4:cf:07:
5a:99:c9:27:e6:1d:25:26:bb:0e:6d:08:e6:5a:60:
11:bf:5f:e7:c0:b9:d4:6f:7d:9d:bf:58:36:02:b0:
60:82:a2:c3:a7:00:17:c5:0a:1a:57:89:85:ca:72:
23:da:fb:85:d5:cc:14:7e:f3:1f:cd:eb:c0:7b:67:
e3:5f:e5:bc:ad:f6:c6:f4:3a:e1:26:03:9e:99:1d:
22:c9:05:c6:be:ee:8c:01:77:d0:37:c9:70:c1:84:
3d:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:74:78:E9:FC:10:E9:B6:64:CE:0F:95:1D:55:D5:86:DD:1F:9F:7B
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F6973CAC265711F08B890022C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.251.68.0/22
103.59.88.0/24
103.60.219.0/24
103.135.228.0/23
103.151.156.0/23
103.165.114.0/23
103.171.246.0/23
103.175.62.0/23
103.175.139.0/24
103.175.168.0/23
103.177.156.0/23
103.179.16.0/23
103.186.36.0/23
103.188.162.0/23
103.205.163.0/24
103.211.20.0/22
103.211.132.0/22
103.234.93.0/24
139.5.140.0/22
146.196.44.0/22
160.238.92.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:07:af:cd:37:a9:4b:ee:5c:49:2b:16:1d:91:d1:a6:e7:1d:
e7:ee:1f:7b:4b:9f:26:49:8a:e1:9b:cb:11:e0:91:aa:9b:01:
f5:28:c3:45:57:a9:fa:a0:46:ac:17:53:45:78:70:e3:d9:87:
6e:10:dc:13:2d:b5:72:ce:41:58:f1:c3:34:5b:5e:a9:e2:f1:
14:9e:15:c4:31:e1:57:de:f5:d0:eb:df:7e:29:db:ac:8d:19:
2b:6d:a6:46:60:64:c8:18:86:e1:2d:c9:cf:c3:af:3b:ff:3a:
b4:a1:c9:2e:40:79:b7:66:a8:bb:b1:14:e7:d1:2a:da:cd:a8:
22:88:21:88:24:79:ec:65:0b:d9:0e:8a:b1:5d:63:e9:c2:a1:
54:ba:81:4a:e3:fe:da:df:fb:af:25:9a:5b:08:0d:12:64:7a:
f5:06:84:ef:67:56:0f:c1:d4:9c:6f:40:36:39:d9:94:1c:7d:
b0:93:fd:e2:53:6a:dc:c1:99:f8:b2:f4:ed:86:f2:f3:86:f7:
cc:aa:7f:b5:9e:28:c5:93:7a:b3:e8:5a:63:15:79:09:ea:eb:
cf:95:5e:e0:17:01:00:ac:28:a2:f0:61:8a:1b:ab:65:63:b3:
9a:57:e2:43:83:1a:a3:6f:3f:12:02:3e:0d:68:60:37:3a:41:
e6:1b:93:f9
-----BEGIN CERTIFICATE-----
MIIF7jCCBNagAwIBAgIDALOrMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MDYwMloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q2NmEtMTA1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM+VYm/xXso+xDNX7zhxIXRh7ldUOz5YFFVTrgfdTnTDV7nPKb/EjXh7JZ6h
yK4XiqaUOTnP6YjVRPNmQTRfmbw2oCbS4UiKnfZOR672rwXKzETgVg9mlZ3XI79w
aDNkTFrAxiRQeNlhjLsLEEJo6YOwQBzKSq6FvTyke1H08hPpLtWVcH8Y8SnrPPUK
/sx0zAP7Hfa1Sd35nLwK3H57ZO18xM8HWpnJJ+YdJSa7Dm0I5lpgEb9f58C51G99
nb9YNgKwYIKiw6cAF8UKGleJhcpyI9r7hdXMFH7zH83rwHtn41/lvK32xvQ64SYD
npkdIskFxr7ujAF30DfJcMGEPTkCAwEAAaOCAxEwggMNMB0GA1UdDgQWBBSbdHjp
/BDptmTOD5UdVdWG3R+fezAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0Y2OTczQ0FD
MjY1NzExRjA4Qjg5MDAyMkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGaBggrBgEFBQcBBwEB
/wSBijCBhzCBhAQCAAEwfgMEAi37RAMEAGc7WAMEAGc82wMEAWeH5AMEAWeXnAME
AWelcgMEAWer9gMEAWevPgMEAGeviwMEAWevqAMEAWexnAMEAWezEAMEAWe6JAME
AWe8ogMEAGfNowMEAmfTFAMEAmfThAMEAGfqXQMEAosFjAMEApLELAMEAqDuXDAN
BgkqhkiG9w0BAQsFAAOCAQEAqAevzTepS+5cSSsWHZHRpucd5+4fe0ufJkmK4ZvL
EeCRqpsB9SjDRVep+qBGrBdTRXhw49mHbhDcEy21cs5BWPHDNFteqeLxFJ4VxDHh
V9710OvffinbrI0ZK22mRmBkyBiG4S3Jz8OvO/86tKHJLkB5t2aou7EU59Eq2s2o
IoghiCR57GUL2Q6KsV1j6cKhVLqBSuP+2t/7ryWaWwgNEmR69QaE72dWD8HUnG9A
NjnZlBx9sJP94lNq3MGZ+LL07Yby84b3zKp/tZ4oxZN6s+haYxV5Cerrz5Ve4BcB
AKwoovBhihurZWOzmlfiQ4Mao28/EgI+DWhgNzpB5huT+Q==
-----END CERTIFICATE-----
Generated at Tue May 13 00:26:57 2025 by rpki-client