Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
File: 8F6D3D583AEA11EC84E6634EC4F9AE02.roa (raw, json)
Hash identifier: uFc9CX8gCqYE3ybkkqYy7RyIDr1v8VpIQJv28YrAC7o=
Subject key identifier: DE:AF:04:5F:24:5F:A9:CF:A2:E0:B4:C4:D8:9A:1E:9D:9C:46:37:0B
Certificate issuer: /CN=A91B885C/serialNumber=5374C6E75F186052455A2D8DA5292FEF009CC9AF
Certificate serial: 0D2C
Authority key identifier: 53:74:C6:E7:5F:18:60:52:45:5A:2D:8D:A5:29:2F:EF:00:9C:C9:AF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
Signing time: Wed 30 Apr 2025 06:29:19 +0000
ROA not before: Wed 30 Apr 2025 06:29:19 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 63916
IP address blocks: 27.122.56.0/24 maxlen: 24
27.122.57.0/24 maxlen: 24
27.122.58.0/24 maxlen: 24
27.122.59.0/24 maxlen: 24
43.239.156.0/22 maxlen: 22
43.239.156.0/23 maxlen: 23
43.239.156.0/24 maxlen: 24
43.239.157.0/24 maxlen: 24
43.239.158.0/23 maxlen: 23
43.239.158.0/24 maxlen: 24
43.239.159.0/24 maxlen: 24
43.245.196.0/23 maxlen: 23
43.245.196.0/24 maxlen: 24
43.245.197.0/24 maxlen: 24
43.245.198.0/24 maxlen: 24
43.245.199.0/24 maxlen: 24
43.251.157.0/24 maxlen: 24
43.251.158.0/24 maxlen: 24
43.251.159.0/24 maxlen: 24
103.1.154.0/24 maxlen: 24
103.10.196.0/24 maxlen: 24
103.10.198.0/24 maxlen: 24
103.35.72.0/22 maxlen: 22
103.35.72.0/24 maxlen: 24
103.35.73.0/24 maxlen: 24
103.35.74.0/24 maxlen: 24
103.35.75.0/24 maxlen: 24
103.68.223.0/24 maxlen: 24
103.71.254.0/24 maxlen: 24
103.72.4.0/23 maxlen: 24
182.161.32.0/22 maxlen: 22
182.161.32.0/24 maxlen: 24
182.161.33.0/24 maxlen: 24
182.161.34.0/24 maxlen: 24
182.161.35.0/24 maxlen: 24
202.144.192.0/22 maxlen: 22
202.144.192.0/24 maxlen: 24
202.144.193.0/24 maxlen: 24
202.144.194.0/24 maxlen: 24
202.144.195.0/24 maxlen: 24
2402:c480::/32 maxlen: 32
2402:c480:3000::/48 maxlen: 48
2402:c480:3001::/48 maxlen: 48
2402:c480:3002::/48 maxlen: 48
2402:c480:3003::/48 maxlen: 48
2402:c480:3004::/48 maxlen: 48
2402:c480:5000::/48 maxlen: 48
2402:c480:6000::/48 maxlen: 48
2402:c480:6001::/48 maxlen: 48
2402:c480:6002::/48 maxlen: 48
2402:c480:7000::/48 maxlen: 48
2402:c480:7001::/48 maxlen: 48
2402:c480:8000::/48 maxlen: 48
2402:c480:8001::/48 maxlen: 48
2402:c480:8003::/48 maxlen: 48
2402:c480:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.crl
rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 18:02:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3372 (0xd2c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B885C, serialNumber=5374C6E75F186052455A2D8DA5292FEF009CC9AF
Validity
Not Before: Apr 30 06:29:19 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=6811c33f-9f31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:81:aa:c7:fc:6d:a8:00:5a:2f:4a:9a:e3:02:
ad:28:54:f4:ec:a4:3f:56:6c:7a:32:32:7f:fe:59:
cb:30:da:6d:fd:df:77:1e:b2:4b:57:6d:69:f8:6b:
61:48:7d:1a:4c:58:42:1e:9b:64:f5:69:fb:35:a7:
17:77:53:d3:d2:f3:d1:6a:12:f7:05:0a:93:89:03:
5c:1a:12:4a:14:6b:9c:01:31:77:8a:6d:46:d5:4a:
34:70:4f:bd:ed:01:c0:30:eb:7d:a7:51:c6:71:5c:
18:68:62:8f:0b:8c:b3:e7:35:2a:fd:db:29:e9:bb:
88:20:e0:87:7f:ba:72:4c:6e:c6:67:2d:1b:33:8d:
eb:49:40:45:43:3c:86:49:e0:ca:d5:44:b1:23:77:
d4:be:41:c3:53:8e:5c:e0:40:04:2c:20:f4:45:6b:
6c:0d:76:58:17:b1:21:6e:a6:74:f8:32:98:85:6f:
6f:0d:ef:20:63:45:7e:14:64:5a:0c:a2:a9:6d:65:
70:af:41:dc:28:63:9f:4a:d6:9b:36:75:92:c5:9a:
29:c6:77:e9:43:12:8c:1d:a7:e0:a5:06:4e:e1:1f:
36:0a:95:8e:6f:c8:ba:d7:a2:0f:3f:b5:1c:67:db:
aa:55:34:71:b4:1c:a4:1a:98:d6:a6:8d:b6:e6:1e:
a2:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:AF:04:5F:24:5F:A9:CF:A2:E0:B4:C4:D8:9A:1E:9D:9C:46:37:0B
X509v3 Authority Key Identifier:
keyid:53:74:C6:E7:5F:18:60:52:45:5A:2D:8D:A5:29:2F:EF:00:9C:C9:AF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.122.56.0/22
43.239.156.0/22
43.245.196.0/22
43.251.157.0-43.251.159.255
103.1.154.0/24
103.10.196.0/24
103.10.198.0/24
103.35.72.0/22
103.68.223.0/24
103.71.254.0/24
103.72.4.0/23
182.161.32.0/22
202.144.192.0/22
IPv6:
2402:c480::/32
Signature Algorithm: sha256WithRSAEncryption
02:21:e7:55:60:7c:b7:38:06:5e:05:4c:3a:0b:36:ad:ba:eb:
50:f3:6c:6b:95:a5:6b:46:62:32:89:4a:a0:8a:f1:16:80:79:
13:73:1f:2a:e1:15:a7:28:71:cd:10:92:e2:c4:c7:03:ae:c3:
91:17:a6:24:24:3b:7a:2f:95:94:69:7b:b6:ae:63:68:05:b7:
b9:49:0f:c7:e1:34:38:f9:3d:ee:1e:26:19:92:cf:39:85:43:
f7:42:2f:9b:16:50:76:59:bf:15:f0:40:14:c1:a2:f4:34:0e:
e2:e4:40:34:d9:e1:a3:05:6a:6a:92:ca:f0:18:0c:57:43:6a:
1c:b0:71:fb:45:20:4d:b6:8f:28:06:3e:7c:3f:ee:88:9e:44:
40:92:12:f8:1b:bd:9e:42:cd:c1:4a:8b:bf:53:f3:08:7e:9c:
ae:17:41:fd:06:a7:61:e3:62:b7:f1:08:61:d5:27:e0:fe:61:
3e:9e:5c:27:e4:15:37:47:c4:5e:37:fe:56:b0:6e:76:91:a0:
45:71:a8:4f:25:a8:ec:69:0e:e4:a4:6f:47:b7:31:52:e9:e6:
55:bd:b1:f4:67:fe:ef:3f:b8:45:59:32:90:12:67:10:b5:a4:
06:b6:39:a6:6e:7d:a2:72:79:25:4f:ba:ea:3a:b1:a1:cb:76:
30:55:78:c6
-----BEGIN CERTIFICATE-----
MIIF0DCCBLigAwIBAgICDSwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjg4NUMxMTAvBgNVBAUTKDUzNzRDNkU3NUYxODYwNTI0NTVBMkQ4REE1MjkyRkVG
MDA5Q0M5QUYwHhcNMjUwNDMwMDYyOTE5WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODExYzMzZi05ZjMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2oGqx/xtqABaL0qa4wKtKFT07KQ/Vmx6MjJ//lnLMNpt/d93HrJLV21p+Gth
SH0aTFhCHptk9Wn7NacXd1PT0vPRahL3BQqTiQNcGhJKFGucATF3im1G1Uo0cE+9
7QHAMOt9p1HGcVwYaGKPC4yz5zUq/dsp6buIIOCHf7pyTG7GZy0bM43rSUBFQzyG
SeDK1USxI3fUvkHDU45c4EAELCD0RWtsDXZYF7EhbqZ0+DKYhW9vDe8gY0V+FGRa
DKKpbWVwr0HcKGOfStabNnWSxZopxnfpQxKMHafgpQZO4R82CpWOb8i616IPP7Uc
Z9uqVTRxtBykGpjWpo225h6idQIDAQABo4IC9DCCAvAwHQYDVR0OBBYEFN6vBF8k
X6nPouC0xNiaHp2cRjcLMB8GA1UdIwQYMBaAFFN0xudfGGBSRVotjaUpL+8AnMmv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCODg1Qy81QzE5Rjg0MkYy
NjcxMUU5ODdDNzEzMUZDNEY5QUUwMi9VM1RHNTE4WVlGSkZXaTJOcFNrdjd3Q2N5
YTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1UzVEc1MThZWUZKRldpMk5wU2t2N3dDY3lhOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjg4NUMvNUMxOUY4NDJGMjY3MTFFOTg3QzcxMzFGQzRGOUFFMDIvOEY2RDNENTgz
QUVBMTFFQzg0RTY2MzRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfgYIKwYBBQUHAQcBAf8E
bzBtMFwEAgABMFYDBAIbejgDBAIr75wDBAIr9cQwDAMEACv7nQMEBSv7gAMEAGcB
mgMEAGcKxAMEAGcKxgMEAmcjSAMEAGdE3wMEAGdH/gMEAWdIBAMEArahIAMEAsqQ
wDANBAIAAjAHAwUAJALEgDANBgkqhkiG9w0BAQsFAAOCAQEAAiHnVWB8tzgGXgVM
Ogs2rbrrUPNsa5Wla0ZiMolKoIrxFoB5E3MfKuEVpyhxzRCS4sTHA67DkRemJCQ7
ei+VlGl7tq5jaAW3uUkPx+E0OPk97h4mGZLPOYVD90IvmxZQdlm/FfBAFMGi9DQO
4uRANNnhowVqapLK8BgMV0NqHLBx+0UgTbaPKAY+fD/uiJ5EQJIS+Bu9nkLNwUqL
v1PzCH6crhdB/QanYeNit/EIYdUn4P5hPp5cJ+QVN0fEXjf+VrBudpGgRXGoTyWo
7GkO5KRvR7cxUunmVb2x9Gf+7z+4RVkykBJnELWkBrY5pm59onJ5JU+66jqxoct2
MFV4xg==
-----END CERTIFICATE-----
Generated at Tue May 13 04:31:50 2025 by rpki-client