Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/D016C916EF5A11EDA6863E67C4F9AE02.roa
File: D016C916EF5A11EDA6863E67C4F9AE02.roa (raw, json)
Hash identifier: eiPnVd5qH0st8XKPTvL7lm0W7OhTr1gyWFD5Z01ogbw=
Subject key identifier: E5:39:E6:14:F9:7A:F4:18:4B:16:42:73:04:62:BC:CB:88:8C:18:84
Certificate issuer: /CN=A919C0F6/serialNumber=AD4667CEE8E3F9EDFF92E7FBBB37FFC66C0073A2
Certificate serial: 017B
Authority key identifier: AD:46:67:CE:E8:E3:F9:ED:FF:92:E7:FB:BB:37:FF:C6:6C:00:73:A2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rUZnzujj-e3_kuf7uzf_xmwAc6I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/D016C916EF5A11EDA6863E67C4F9AE02.roa
Signing time: Sat 03 May 2025 03:39:40 +0000
ROA not before: Sat 03 May 2025 03:39:40 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 58594
IP address blocks: 43.250.120.0/22 maxlen: 22
43.250.120.0/24 maxlen: 24
43.250.121.0/24 maxlen: 24
43.250.122.0/24 maxlen: 24
43.250.123.0/24 maxlen: 24
103.9.12.0/22 maxlen: 22
103.9.12.0/24 maxlen: 24
103.9.13.0/24 maxlen: 24
103.9.14.0/24 maxlen: 24
103.9.15.0/24 maxlen: 24
2401:27c0::/32 maxlen: 32
2401:27c0::/36 maxlen: 36
2401:27c0:1000::/36 maxlen: 36
2401:27c0:2000::/36 maxlen: 36
2401:27c0:3000::/36 maxlen: 36
2401:27c0:4000::/36 maxlen: 36
2401:27c0:5000::/36 maxlen: 36
2401:27c0:6000::/36 maxlen: 36
2401:27c0:7000::/36 maxlen: 36
2401:27c0:8000::/36 maxlen: 36
2401:27c0:9000::/36 maxlen: 36
2401:27c0:a000::/36 maxlen: 36
2401:27c0:b000::/36 maxlen: 36
2401:27c0:c000::/36 maxlen: 36
2401:27c0:d000::/36 maxlen: 36
2401:27c0:e000::/36 maxlen: 36
2401:27c0:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/rUZnzujj-e3_kuf7uzf_xmwAc6I.crl
rsync://rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/rUZnzujj-e3_kuf7uzf_xmwAc6I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rUZnzujj-e3_kuf7uzf_xmwAc6I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 20 May 2025 02:57:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 379 (0x17b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919C0F6, serialNumber=AD4667CEE8E3F9EDFF92E7FBBB37FFC66C0073A2
Validity
Not Before: May 3 03:39:40 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=68158ffc-6fb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:83:88:11:ab:3c:6a:6d:00:eb:e5:44:69:9a:
02:b5:d9:b0:09:8a:bc:6c:ce:99:76:4b:fd:fe:9c:
a8:6e:38:84:a2:48:d7:ca:0e:4f:d4:e0:73:8e:71:
f1:53:af:8b:88:17:cb:b3:c6:c5:6a:5b:f7:ea:f2:
ad:a2:3e:5e:f9:8b:88:87:11:35:e9:74:3d:72:01:
81:41:55:65:72:10:ea:7c:6d:9d:01:94:c6:22:00:
e6:df:cf:33:30:1c:69:3b:a4:bb:c5:74:79:13:c8:
4b:e2:35:66:41:7d:3d:7a:94:0a:dc:37:e6:70:70:
4c:28:ad:c5:cf:fa:51:7f:f2:1b:f9:ec:bd:2b:5c:
5c:b6:0a:1e:c1:4c:4b:7b:be:16:5b:33:d3:17:e9:
2b:4a:b5:16:fd:fd:04:58:df:18:40:35:90:c4:32:
5d:94:d8:a5:07:9a:3b:5f:16:ae:60:22:c5:90:bc:
df:ca:94:0f:87:de:dc:37:04:fe:ae:68:c3:22:ac:
15:4d:33:35:9c:99:bc:9e:c1:95:1d:24:f7:a8:f6:
85:95:b8:47:5b:90:36:38:6e:d1:9b:f9:54:ad:d7:
30:06:e4:04:7d:a9:17:c2:4f:21:79:aa:8e:0f:9f:
a1:80:4b:a9:df:a5:01:24:3b:3e:45:5d:a5:5e:8e:
45:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:39:E6:14:F9:7A:F4:18:4B:16:42:73:04:62:BC:CB:88:8C:18:84
X509v3 Authority Key Identifier:
keyid:AD:46:67:CE:E8:E3:F9:ED:FF:92:E7:FB:BB:37:FF:C6:6C:00:73:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/rUZnzujj-e3_kuf7uzf_xmwAc6I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rUZnzujj-e3_kuf7uzf_xmwAc6I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919C0F6/D2BB755AEF4F11EDB5D71F46C4F9AE02/D016C916EF5A11EDA6863E67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.250.120.0/22
103.9.12.0/22
IPv6:
2401:27c0::/32
Signature Algorithm: sha256WithRSAEncryption
8b:e2:89:14:37:40:d0:a0:02:e5:9e:55:95:6e:78:f4:c9:26:
5b:fa:77:03:5a:f8:26:d9:b9:c6:06:f5:41:d1:d3:96:29:40:
35:4b:b6:12:80:9f:8f:b8:da:b3:60:a6:f3:a7:1d:3a:4d:ea:
3d:15:9d:90:4b:15:45:d8:07:02:86:2f:9f:41:fa:41:f9:a6:
57:36:39:6f:da:b4:2b:d8:d9:42:37:39:21:93:da:1b:fa:bb:
a0:7a:60:f4:5b:18:89:4e:f7:48:f9:1b:24:6c:78:6a:72:f5:
17:c4:b7:83:44:bb:10:90:99:dc:45:57:45:70:ef:bb:e8:81:
6b:88:d1:06:b6:e4:4b:77:c1:ed:72:72:d5:ea:d7:5a:d4:a0:
92:e4:38:f1:44:ac:76:78:64:5b:b0:8b:10:08:44:45:a7:a7:
7d:f6:3f:48:7b:a4:43:f1:04:24:ea:18:0d:7c:1e:4d:1a:8b:
93:8f:8c:67:23:e4:e1:66:b9:2e:ba:ea:00:66:24:2d:6b:21:
86:de:00:c3:98:8d:5f:ae:3d:e2:25:4d:8d:f3:31:b5:28:ca:
31:df:b0:7b:97:6a:8c:a2:b1:f5:08:9c:f4:c1:45:ad:c1:42:
ec:5a:6a:e5:82:5d:4f:35:44:1e:98:a6:93:4a:68:f9:8b:b6:
e1:48:4f:4b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAXswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUMwRjYxMTAvBgNVBAUTKEFENDY2N0NFRThFM0Y5RURGRjkyRTdGQkJCMzdGRkM2
NkMwMDczQTIwHhcNMjUwNTAzMDMzOTQwWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODE1OGZmYy02ZmI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA84OIEas8am0A6+VEaZoCtdmwCYq8bM6Zdkv9/pyobjiEokjXyg5P1OBzjnHx
U6+LiBfLs8bFalv36vKtoj5e+YuIhxE16XQ9cgGBQVVlchDqfG2dAZTGIgDm388z
MBxpO6S7xXR5E8hL4jVmQX09epQK3DfmcHBMKK3Fz/pRf/Ib+ey9K1xctgoewUxL
e74WWzPTF+krSrUW/f0EWN8YQDWQxDJdlNilB5o7XxauYCLFkLzfypQPh97cNwT+
rmjDIqwVTTM1nJm8nsGVHST3qPaFlbhHW5A2OG7Rm/lUrdcwBuQEfakXwk8heaqO
D5+hgEup36UBJDs+RV2lXo5FKQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFOU55hT5
evQYSxZCcwRivMuIjBiEMB8GA1UdIwQYMBaAFK1GZ87o4/nt/5Ln+7s3/8ZsAHOi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QzBGNi9EMkJCNzU1QUVG
NEYxMUVEQjVENzFGNDZDNEY5QUUwMi9yVVpuenVqai1lM19rdWY3dXpmX3htd0Fj
NkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JVWm56dWpqLWUzX2t1Zjd1emZfeG13QWM2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUMwRjYvRDJCQjc1NUFFRjRGMTFFREI1RDcxRjQ2QzRGOUFFMDIvRDAxNkM5MTZF
RjVBMTFFREE2ODYzRTY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIr+ngDBAJnCQwwDQQCAAIwBwMFACQBJ8AwDQYJKoZIhvcN
AQELBQADggEBAIviiRQ3QNCgAuWeVZVuePTJJlv6dwNa+CbZucYG9UHR05YpQDVL
thKAn4+42rNgpvOnHTpN6j0VnZBLFUXYBwKGL59B+kH5plc2OW/atCvY2UI3OSGT
2hv6u6B6YPRbGIlO90j5GyRseGpy9RfEt4NEuxCQmdxFV0Vw77vogWuI0Qa25Et3
we1yctXq11rUoJLkOPFErHZ4ZFuwixAIREWnp332P0h7pEPxBCTqGA18Hk0ai5OP
jGcj5OFmuS666gBmJC1rIYbeAMOYjV+uPeIlTY3zMbUoyjHfsHuXaoyisfUInPTB
Ra3BQuxaauWCXU81RB6YppNKaPmLtuFIT0s=
-----END CERTIFICATE-----
Generated at Tue May 13 18:42:44 2025 by rpki-client