Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
File: CEBECC28D38811E8A763B462C4F9AE02.roa (raw, json)
Hash identifier: IgiJhZRqcSbgHymfJ2UkdTHsUcRz7FOMB1+md3krEv8=
Subject key identifier: CF:D0:DC:0A:62:DA:73:00:62:76:C1:0C:2D:61:A0:68:8A:6E:CF:1A
Certificate issuer: /CN=A91BFE6A/serialNumber=EF62F155C1971D504941F571EEDFAC0AFCC52859
Certificate serial: 1283
Authority key identifier: EF:62:F1:55:C1:97:1D:50:49:41:F5:71:EE:DF:AC:0A:FC:C5:28:59
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
Signing time: Wed 14 May 2025 17:38:56 +0000
ROA not before: Wed 14 May 2025 17:38:56 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 38001
IP address blocks: 43.245.60.0/24 maxlen: 24
43.245.61.0/24 maxlen: 24
43.245.62.0/24 maxlen: 24
43.245.63.0/24 maxlen: 24
45.119.200.0/24 maxlen: 24
45.119.201.0/24 maxlen: 24
45.119.202.0/24 maxlen: 24
103.14.76.0/24 maxlen: 24
103.14.77.0/24 maxlen: 24
103.14.79.0/24 maxlen: 24
103.25.52.0/24 maxlen: 24
103.60.8.0/24 maxlen: 24
103.200.216.0/24 maxlen: 24
103.200.217.0/24 maxlen: 24
103.200.218.0/24 maxlen: 24
103.200.219.0/24 maxlen: 24
119.161.101.0/24 maxlen: 24
119.161.102.0/24 maxlen: 24
119.161.103.0/24 maxlen: 24
202.150.208.0/20 maxlen: 20
202.150.208.0/24 maxlen: 24
202.150.209.0/24 maxlen: 24
202.150.210.0/24 maxlen: 24
202.150.211.0/24 maxlen: 24
202.150.212.0/24 maxlen: 24
202.150.213.0/24 maxlen: 24
202.150.214.0/24 maxlen: 24
202.150.215.0/24 maxlen: 24
202.150.216.0/24 maxlen: 24
202.150.217.0/24 maxlen: 24
202.150.218.0/24 maxlen: 24
202.150.219.0/24 maxlen: 24
202.150.220.0/24 maxlen: 24
202.150.221.0/24 maxlen: 24
202.150.222.0/24 maxlen: 24
202.150.223.0/24 maxlen: 24
203.174.80.0/21 maxlen: 21
203.174.80.0/24 maxlen: 24
203.174.81.0/24 maxlen: 24
203.174.82.0/24 maxlen: 24
203.174.83.0/24 maxlen: 24
203.174.84.0/24 maxlen: 24
203.174.85.0/24 maxlen: 24
203.174.86.0/24 maxlen: 24
203.174.87.0/24 maxlen: 24
2406:f400::/32 maxlen: 32
2406:f400::/44 maxlen: 44
2406:f400:20::/44 maxlen: 44
2406:f400:40::/44 maxlen: 44
2406:f400:80::/44 maxlen: 44
2406:f400:b0::/44 maxlen: 44
2406:f400:100::/44 maxlen: 44
2406:f400:130::/44 maxlen: 44
2406:f400:160::/44 maxlen: 44
2406:f400:161::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.crl
rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 21 May 2025 17:38:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4739 (0x1283)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BFE6A, serialNumber=EF62F155C1971D504941F571EEDFAC0AFCC52859
Validity
Not Before: May 14 17:38:56 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=6824d530-722a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c2:76:bb:53:4f:63:2d:dd:b2:04:9a:8d:e2:
35:2c:2a:16:f7:04:76:be:42:a7:b9:a2:c6:d9:e4:
eb:33:91:bf:01:c6:34:96:28:ec:39:8f:9f:50:75:
84:af:5d:d6:90:41:51:ae:33:bf:e5:3a:8d:9f:7d:
89:de:b9:fc:e5:c7:17:20:64:c3:61:40:e7:33:ba:
2a:cd:46:a3:53:29:ba:2e:2d:f1:44:52:fa:52:c1:
bd:10:4c:23:f9:0d:e4:c0:5c:ea:ec:f3:89:50:21:
09:06:b2:8d:d9:18:19:b1:35:c6:10:2b:93:46:62:
7f:7f:7b:3a:f2:14:aa:55:40:dd:73:51:8e:0f:1a:
12:29:45:1a:91:69:ae:15:ee:ee:dc:59:75:bd:2c:
ee:88:f5:36:4c:0d:fa:9e:77:62:37:0c:38:0c:0c:
d9:58:4b:2b:3c:e4:60:f6:91:b5:e0:0f:dc:43:c3:
30:66:ad:f1:8e:f9:b2:d7:b5:97:00:ff:07:2a:a9:
3c:a3:10:a1:b2:27:d9:25:81:44:fa:ad:52:aa:d0:
16:ca:e7:f4:57:bb:be:9b:d1:fb:62:9f:82:a9:7e:
5a:95:19:02:f5:b9:08:c4:87:28:42:82:92:ac:87:
29:21:85:2c:21:f8:ec:7f:b8:57:e5:d7:eb:a1:32:
a7:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:D0:DC:0A:62:DA:73:00:62:76:C1:0C:2D:61:A0:68:8A:6E:CF:1A
X509v3 Authority Key Identifier:
keyid:EF:62:F1:55:C1:97:1D:50:49:41:F5:71:EE:DF:AC:0A:FC:C5:28:59
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.60.0/22
45.119.200.0-45.119.202.255
103.14.76.0/23
103.14.79.0/24
103.25.52.0/24
103.60.8.0/24
103.200.216.0/22
119.161.101.0-119.161.103.255
202.150.208.0/20
203.174.80.0/21
IPv6:
2406:f400::/32
Signature Algorithm: sha256WithRSAEncryption
b1:43:9a:07:38:25:8a:8d:d8:50:0a:27:96:e8:84:3e:0a:29:
7f:f6:a9:01:4f:ac:3a:b1:38:24:9d:1a:a5:01:07:fe:83:07:
23:59:87:d9:ea:25:dc:ca:b3:b9:73:af:18:5d:7a:9c:2d:2a:
06:1e:64:9b:d6:43:03:02:13:0a:17:00:cf:70:43:74:08:58:
c4:50:f4:20:cf:fd:bc:37:f0:55:8c:c2:5f:e2:f7:f3:89:52:
be:f1:d3:b9:8a:a9:12:db:9f:56:4d:c2:b9:ab:25:ec:51:c8:
a3:c3:6c:29:b6:6a:b8:82:31:76:e6:81:38:6c:12:45:c7:81:
a4:d8:51:cc:a0:6a:e8:06:45:a5:63:b4:64:64:df:32:fd:c8:
7f:46:fe:5f:61:cc:8d:83:2c:d2:e4:f2:78:84:67:ba:a4:e7:
98:2f:a0:bc:82:f4:d6:9b:b7:d8:4f:34:bb:e8:62:db:ee:60:
a2:9e:4d:4a:7c:61:72:cf:e8:fb:e3:6d:6f:4b:18:9b:e2:ce:
40:0f:ed:73:97:30:fc:d3:9d:af:45:92:84:48:0f:cf:d1:b7:
29:2d:21:f8:35:a6:f3:b4:ef:d8:da:ba:34:65:8a:db:79:d8:
dc:94:2e:4e:2f:94:5d:39:63:aa:81:43:39:73:68:32:99:52:
bd:ce:35:ad
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgICEoMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkZFNkExMTAvBgNVBAUTKEVGNjJGMTU1QzE5NzFENTA0OTQxRjU3MUVFREZBQzBB
RkNDNTI4NTkwHhcNMjUwNTE0MTczODU2WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI0ZDUzMC03MjJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsMJ2u1NPYy3dsgSajeI1LCoW9wR2vkKnuaLG2eTrM5G/AcY0lijsOY+fUHWE
r13WkEFRrjO/5TqNn32J3rn85ccXIGTDYUDnM7oqzUajUym6Li3xRFL6UsG9EEwj
+Q3kwFzq7POJUCEJBrKN2RgZsTXGECuTRmJ/f3s68hSqVUDdc1GODxoSKUUakWmu
Fe7u3Fl1vSzuiPU2TA36nndiNww4DAzZWEsrPORg9pG14A/cQ8MwZq3xjvmy17WX
AP8HKqk8oxChsifZJYFE+q1SqtAWyuf0V7u+m9H7Yp+CqX5alRkC9bkIxIcoQoKS
rIcpIYUsIfjsf7hX5dfroTKnEwIDAQABo4IC6jCCAuYwHQYDVR0OBBYEFM/Q3Api
2nMAYnbBDC1hoGiKbs8aMB8GA1UdIwQYMBaAFO9i8VXBlx1QSUH1ce7frAr8xShZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRkU2QS8xRDY0MzI4RUQz
ODcxMUU4QkQ3MDc1NUNDNEY5QUUwMi83Mkx4VmNHWEhWQkpRZlZ4N3Qtc0N2ekZL
RmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzcyTHhWY0dYSFZCSlFmVng3dC1zQ3Z6RktGay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkZFNkEvMUQ2NDMyOEVEMzg3MTFFOEJENzA3NTVDQzRGOUFFMDIvQ0VCRUNDMjhE
Mzg4MTFFOEE3NjNCNDYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdAYIKwYBBQUHAQcBAf8E
ZTBjMFIEAgABMEwDBAIr9TwwDAMEAy13yAMEAC13ygMEAWcOTAMEAGcOTwMEAGcZ
NAMEAGc8CAMEAmfI2DAMAwQAd6FlAwQDd6FgAwQEypbQAwQDy65QMA0EAgACMAcD
BQAkBvQAMA0GCSqGSIb3DQEBCwUAA4IBAQCxQ5oHOCWKjdhQCieW6IQ+Cil/9qkB
T6w6sTgknRqlAQf+gwcjWYfZ6iXcyrO5c68YXXqcLSoGHmSb1kMDAhMKFwDPcEN0
CFjEUPQgz/28N/BVjMJf4vfziVK+8dO5iqkS259WTcK5qyXsUcijw2wptmq4gjF2
5oE4bBJFx4Gk2FHMoGroBkWlY7RkZN8y/ch/Rv5fYcyNgyzS5PJ4hGe6pOeYL6C8
gvTWm7fYTzS76GLb7mCink1KfGFyz+j7421vSxib4s5AD+1zlzD8052vRZKESA/P
0bcpLSH4NabztO/Y2ro0ZYrbedjclC5OL5RdOWOqgUM5c2gymVK9zjWt
-----END CERTIFICATE-----
Generated at Thu May 15 19:25:38 2025 by rpki-client