Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
File: DD5934D2205011F0B603CD60C4F9AE02.roa (raw, json)
Hash identifier: U0HNw8pbGRNZIj9bH4Xp/pFwbor+qhnLayWk0c2yMu8=
Subject key identifier: 84:B5:11:E2:3A:BE:70:47:6E:26:65:E9:1E:7A:4D:67:0A:BD:05:04
Certificate issuer: /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial: 4AC4
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
Signing time: Sat 10 May 2025 12:57:44 +0000
ROA not before: Sat 10 May 2025 12:57:44 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 149147
IP address blocks: 103.37.60.0/23 maxlen: 24
103.78.4.0/23 maxlen: 23
103.166.176.0/23 maxlen: 23
103.168.36.0/23 maxlen: 23
103.186.24.0/23 maxlen: 23
103.213.8.0/23 maxlen: 23
103.213.12.0/23 maxlen: 23
103.213.216.0/23 maxlen: 23
103.248.230.0/23 maxlen: 23
113.192.18.0/23 maxlen: 23
163.227.116.0/23 maxlen: 23
2001:df4:cfc0::/48 maxlen: 48
2401:2160::/48 maxlen: 48
2401:3820::/48 maxlen: 48
2401:3e20::/48 maxlen: 48
2401:3e60::/48 maxlen: 48
2401:3ee0::/48 maxlen: 48
2401:5820::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 17 May 2025 14:32:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19140 (0x4ac4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Validity
Not Before: May 10 12:57:44 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=681f4d48-6c43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:65:f5:3a:11:46:d5:03:fd:9e:a7:6c:77:d0:
c7:06:c9:63:eb:1a:e3:c8:b4:f6:d7:6d:52:d9:8f:
70:1e:52:b7:74:1d:e5:57:ac:f4:12:44:1a:ee:45:
99:96:e2:ed:c0:b5:6e:dc:a3:cb:06:67:bd:f3:68:
99:f3:1f:dc:3f:93:ec:83:fb:aa:7b:d7:22:28:e2:
44:dd:d8:0d:db:20:5f:32:3e:9a:2c:bb:11:92:3a:
92:40:6c:e1:83:02:3a:44:b1:42:de:03:70:b1:56:
c5:59:14:30:c5:57:da:07:e1:4d:34:86:d6:93:c2:
45:a2:c3:dc:03:2c:06:e2:82:c4:55:8b:d0:19:73:
3f:c1:55:bd:f3:88:d6:d4:a9:7b:3c:21:5b:18:bd:
e5:df:28:00:77:05:2d:ee:60:78:be:dd:3f:88:f4:
e9:50:e6:46:9d:4f:c4:65:51:5c:73:d8:c2:5f:a5:
65:75:79:7d:4e:5e:ef:b7:65:6c:52:e9:1b:e7:24:
c5:86:88:75:27:05:fa:16:4e:72:8d:7c:c9:82:51:
dc:8e:be:7b:e5:7d:b4:29:55:1b:c2:e1:9c:af:65:
00:bb:6f:f4:81:c0:32:b5:d3:f4:ba:02:53:be:5d:
d0:31:7f:7b:4a:fe:76:47:18:9e:2b:19:8d:ad:da:
ea:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B5:11:E2:3A:BE:70:47:6E:26:65:E9:1E:7A:4D:67:0A:BD:05:04
X509v3 Authority Key Identifier:
keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.37.60.0/23
103.78.4.0/23
103.166.176.0/23
103.168.36.0/23
103.186.24.0/23
103.213.8.0/23
103.213.12.0/23
103.213.216.0/23
103.248.230.0/23
113.192.18.0/23
163.227.116.0/23
IPv6:
2001:df4:cfc0::/48
2401:2160::/48
2401:3820::/48
2401:3e20::/48
2401:3e60::/48
2401:3ee0::/48
2401:5820::/48
Signature Algorithm: sha256WithRSAEncryption
b7:a2:fa:1e:23:52:03:dc:83:8c:91:2d:05:cc:6b:34:ed:96:
bf:fe:f8:52:20:4d:da:38:cd:2a:e9:69:9c:f4:8f:11:5c:be:
c1:ab:62:1d:5b:55:17:26:e9:b9:78:6f:98:c8:c5:ea:4e:f8:
70:f3:68:2b:97:65:ce:1e:66:5a:b4:cf:0e:3d:4f:55:76:ee:
30:39:3b:b2:c5:f4:53:a1:9a:4e:12:4f:18:5c:8a:08:be:57:
67:fc:19:29:e6:77:f4:48:cd:19:ae:87:b5:a2:6a:5b:bc:20:
77:74:e6:54:65:6e:80:f3:c7:b3:12:45:96:54:0d:e3:ac:b3:
f4:ad:4d:18:c8:82:b4:d0:fe:59:5f:c2:d0:c2:f2:4e:99:da:
d7:90:b6:38:43:3a:73:04:4e:29:d6:d3:45:bc:10:28:a8:ef:
e0:4a:ae:73:3e:26:20:fb:86:6d:ba:bd:c7:96:2b:ae:7c:32:
d7:80:2d:6c:92:e9:df:b1:17:4d:8b:9b:9f:7a:29:c8:01:99:
bb:33:26:e2:ab:bd:87:7d:f9:37:db:1a:87:45:50:f8:71:e5:
41:50:b6:e9:cd:6f:87:d3:84:40:27:a5:2e:c4:bf:e1:16:31:
06:dd:1f:a1:38:25:30:69:6f:f3:fe:84:4f:1f:d1:c4:76:74:
e2:c9:54:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgICSsQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwNTEwMTI1NzQ0WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODFmNGQ0OC02YzQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoGX1OhFG1QP9nqdsd9DHBslj6xrjyLT2121S2Y9wHlK3dB3lV6z0EkQa7kWZ
luLtwLVu3KPLBme982iZ8x/cP5Psg/uqe9ciKOJE3dgN2yBfMj6aLLsRkjqSQGzh
gwI6RLFC3gNwsVbFWRQwxVfaB+FNNIbWk8JFosPcAywG4oLEVYvQGXM/wVW984jW
1Kl7PCFbGL3l3ygAdwUt7mB4vt0/iPTpUOZGnU/EZVFcc9jCX6VldXl9Tl7vt2Vs
Uukb5yTFhoh1JwX6Fk5yjXzJglHcjr575X20KVUbwuGcr2UAu2/0gcAytdP0ugJT
vl3QMX97Sv52RxieKxmNrdrqLwIDAQABo4IDGzCCAxcwHQYDVR0OBBYEFIS1EeI6
vnBHbiZl6R56TWcKvQUEMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvREQ1OTM0RDIy
MDUwMTFGMEI2MDNDRDYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaQGCCsGAQUFBwEHAQH/
BIGUMIGRMEgEAgABMEIDBAFnJTwDBAFnTgQDBAFnprADBAFnqCQDBAFnuhgDBAFn
1QgDBAFn1QwDBAFn1dgDBAFn+OYDBAFxwBIDBAGj43QwRQQCAAIwPwMHACABDfTP
wAMHACQBIWAAAAMHACQBOCAAAAMHACQBPiAAAAMHACQBPmAAAAMHACQBPuAAAAMH
ACQBWCAAADANBgkqhkiG9w0BAQsFAAOCAQEAt6L6HiNSA9yDjJEtBcxrNO2Wv/74
UiBN2jjNKulpnPSPEVy+watiHVtVFybpuXhvmMjF6k74cPNoK5dlzh5mWrTPDj1P
VXbuMDk7ssX0U6GaThJPGFyKCL5XZ/wZKeZ39EjNGa6HtaJqW7wgd3TmVGVugPPH
sxJFllQN46yz9K1NGMiCtND+WV/C0MLyTpna15C2OEM6cwROKdbTRbwQKKjv4Equ
cz4mIPuGbbq9x5Yrrnwy14AtbJLp37EXTYubn3opyAGZuzMm4qu9h335N9sah0VQ
+HHlQVC26c1vh9OEQCelLsS/4RYxBt0foTglMGlv8/6ETx/RxHZ04slUgg==
-----END CERTIFICATE-----
Generated at Sun May 11 18:53:18 2025 by rpki-client