Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/FCDDE0E43A9711F0B287E242C4F9AE02.roa
File: FCDDE0E43A9711F0B287E242C4F9AE02.roa (raw, json)
Hash identifier: gdClAXKEmLWKPnVwWA+Uz874fCRSQJnkexCUUVpQ/K4=
Subject key identifier: 1F:DC:05:7A:B0:CC:4E:ED:AA:C5:9D:07:37:70:90:B8:BF:59:DC:3F
Certificate issuer: /CN=A91C911D/serialNumber=475B62A5F233ED05AC72D8781234E109BF3A908C
Certificate serial: 06F0
Authority key identifier: 47:5B:62:A5:F2:33:ED:05:AC:72:D8:78:12:34:E1:09:BF:3A:90:8C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/FCDDE0E43A9711F0B287E242C4F9AE02.roa
Signing time: Mon 02 Jun 2025 22:30:47 +0000
ROA not before: Mon 02 Jun 2025 22:30:47 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 133736
IP address blocks: 43.245.132.0/22 maxlen: 22
43.245.132.0/24 maxlen: 24
43.245.133.0/24 maxlen: 24
43.245.134.0/24 maxlen: 24
43.245.135.0/24 maxlen: 24
103.31.88.0/22 maxlen: 22
103.31.88.0/24 maxlen: 24
103.31.89.0/24 maxlen: 24
103.31.90.0/24 maxlen: 24
103.31.91.0/24 maxlen: 24
103.47.0.0/24 maxlen: 24
103.55.134.0/23 maxlen: 24
103.61.128.0/24 maxlen: 24
103.61.130.0/24 maxlen: 24
103.79.172.0/22 maxlen: 22
144.48.232.0/22 maxlen: 22
144.48.232.0/24 maxlen: 24
144.48.233.0/24 maxlen: 24
144.48.234.0/24 maxlen: 24
144.48.235.0/24 maxlen: 24
202.179.144.0/22 maxlen: 22
202.179.144.0/24 maxlen: 24
202.179.145.0/24 maxlen: 24
202.179.146.0/24 maxlen: 24
202.179.147.0/24 maxlen: 24
203.166.216.0/24 maxlen: 24
203.189.124.0/22 maxlen: 22
203.189.124.0/24 maxlen: 24
203.189.125.0/24 maxlen: 24
203.189.126.0/24 maxlen: 24
203.189.127.0/24 maxlen: 24
221.120.164.0/22 maxlen: 22
221.120.164.0/24 maxlen: 24
221.120.165.0/24 maxlen: 24
221.120.166.0/24 maxlen: 24
221.120.167.0/24 maxlen: 24
2401:8140::/32 maxlen: 32
2401:8140::/35 maxlen: 35
2401:8140:2000::/35 maxlen: 35
2401:8140:4000::/35 maxlen: 35
2401:8140:6000::/35 maxlen: 35
2401:8140:8000::/35 maxlen: 35
2401:8140:a000::/35 maxlen: 35
2401:8140:c000::/35 maxlen: 35
2401:8140:e000::/35 maxlen: 35
2402:4c80::/32 maxlen: 32
2402:4c80::/35 maxlen: 35
2402:4c80:2000::/35 maxlen: 35
2402:4c80:4000::/35 maxlen: 35
2402:4c80:6000::/35 maxlen: 35
2402:4c80:8000::/35 maxlen: 35
2402:4c80:a000::/35 maxlen: 35
2402:4c80:c000::/35 maxlen: 35
2402:4c80:e000::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.crl
rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 09 Jul 2025 22:23:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1776 (0x6f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C911D, serialNumber=475B62A5F233ED05AC72D8781234E109BF3A908C
Validity
Not Before: Jun 2 22:30:47 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=683e2617-1d63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:6c:d1:11:60:7d:b8:7a:c9:28:84:96:e1:f1:
70:38:c4:b1:11:0f:19:00:2e:00:25:a9:72:2b:2a:
cc:8f:b5:d4:94:42:28:9b:7b:cd:1c:76:40:68:16:
51:61:71:8c:c1:1c:15:f7:e2:97:c5:b5:ea:0d:a0:
4d:7e:68:99:5b:a0:37:9f:38:8d:ad:de:4e:93:68:
d6:a9:84:87:ac:57:ed:a8:0a:3f:13:d3:cf:e9:32:
ea:10:b0:47:9c:03:46:2e:42:e3:5d:ae:94:c5:43:
7b:38:54:8b:ed:c7:57:3b:0e:18:b9:20:f9:46:54:
fd:8e:6d:b1:13:a0:6a:8f:28:72:ab:83:78:c0:d5:
25:22:9e:a3:a2:43:15:f0:37:7c:58:f0:72:1f:20:
f3:38:83:a5:a2:6f:c1:e1:df:4f:a4:8f:54:f4:bf:
29:29:c4:c4:19:f5:cd:ad:ab:5d:65:3f:16:95:b4:
a6:86:b9:f1:9e:5c:20:83:44:0b:3b:8c:51:ce:cc:
c0:e8:14:33:a0:da:3f:65:17:7e:3b:09:2a:d5:d5:
51:8e:3a:4f:eb:49:e2:02:a4:03:01:1c:8b:35:52:
eb:04:2e:62:0c:d5:7a:52:bb:02:eb:9b:f7:7e:48:
ab:b4:bb:e9:51:7d:8f:c7:96:1b:7a:02:53:77:ea:
5c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:DC:05:7A:B0:CC:4E:ED:AA:C5:9D:07:37:70:90:B8:BF:59:DC:3F
X509v3 Authority Key Identifier:
keyid:47:5B:62:A5:F2:33:ED:05:AC:72:D8:78:12:34:E1:09:BF:3A:90:8C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/FCDDE0E43A9711F0B287E242C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.132.0/22
103.31.88.0/22
103.47.0.0/24
103.55.134.0/23
103.61.128.0/24
103.61.130.0/24
103.79.172.0/22
144.48.232.0/22
202.179.144.0/22
203.166.216.0/24
203.189.124.0/22
221.120.164.0/22
IPv6:
2401:8140::/32
2402:4c80::/32
Signature Algorithm: sha256WithRSAEncryption
10:50:67:31:88:09:7e:7c:d8:a7:3d:f9:d7:51:93:d5:29:62:
60:c6:28:d8:8b:01:b8:e7:b7:1e:83:66:48:f2:a1:01:cc:46:
9f:91:14:1f:00:ef:a7:8e:1a:da:5f:ed:a3:ed:fe:6b:dc:0a:
53:4f:55:32:09:05:cb:69:ab:37:b8:fc:34:0d:4b:a5:82:32:
35:7f:50:0c:1d:b0:08:ff:eb:8a:0a:af:11:b6:ee:91:7c:5e:
96:b5:ff:fe:37:25:ba:a6:91:a8:ce:61:34:19:b3:f5:56:5e:
5f:0e:6a:aa:95:e5:62:4c:9f:85:a8:53:80:da:d7:38:d2:b5:
9e:c5:bf:9c:aa:77:07:be:c6:89:40:c4:61:8b:45:e1:9e:b2:
85:83:3d:8e:08:35:75:85:e8:07:42:c9:9d:4e:0b:22:3e:69:
37:51:be:74:88:19:c2:ba:3f:07:03:95:d5:c3:ab:05:78:5a:
56:e0:7c:0a:db:9f:12:2c:1f:05:42:b8:9a:6f:e4:bc:72:04:
47:31:d6:52:b2:c0:cc:9e:a1:16:77:ce:a8:83:d4:c4:08:56:
52:18:bf:a3:ef:25:7a:e0:d6:fe:16:f1:6e:2c:6b:e4:dd:8a:
a7:c5:ce:3b:2f:0a:2b:cd:9c:7f:de:dd:d2:68:7a:83:cd:48:
64:c8:e3:ab
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgICBvAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzkxMUQxMTAvBgNVBAUTKDQ3NUI2MkE1RjIzM0VEMDVBQzcyRDg3ODEyMzRFMTA5
QkYzQTkwOEMwHhcNMjUwNjAyMjIzMDQ3WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNlMjYxNy0xZDYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvmzREWB9uHrJKISW4fFwOMSxEQ8ZAC4AJalyKyrMj7XUlEIom3vNHHZAaBZR
YXGMwRwV9+KXxbXqDaBNfmiZW6A3nziNrd5Ok2jWqYSHrFftqAo/E9PP6TLqELBH
nANGLkLjXa6UxUN7OFSL7cdXOw4YuSD5RlT9jm2xE6Bqjyhyq4N4wNUlIp6jokMV
8Dd8WPByHyDzOIOlom/B4d9PpI9U9L8pKcTEGfXNratdZT8WlbSmhrnxnlwgg0QL
O4xRzszA6BQzoNo/ZRd+Owkq1dVRjjpP60niAqQDARyLNVLrBC5iDNV6UrsC65v3
fkirtLvpUX2Px5YbegJTd+pclQIDAQABo4IC7TCCAukwHQYDVR0OBBYEFB/cBXqw
zE7tqsWdBzdwkLi/Wdw/MB8GA1UdIwQYMBaAFEdbYqXyM+0FrHLYeBI04Qm/OpCM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTExRC83QjEzQjM4NDZD
MDMxMUVCODg0NDc4NEJDNEY5QUUwMi9SMXRpcGZJejdRV3NjdGg0RWpUaENiODZr
SXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1IxdGlwZkl6N1FXc2N0aDRFalRoQ2I4NmtJdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzkxMUQvN0IxM0IzODQ2QzAzMTFFQjg4NDQ3ODRCQzRGOUFFMDIvRkNEREUwRTQz
QTk3MTFGMEIyODdFMjQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdwYIKwYBBQUHAQcBAf8E
aDBmME4EAgABMEgDBAIr9YQDBAJnH1gDBABnLwADBAFnN4YDBABnPYADBABnPYID
BAJnT6wDBAKQMOgDBALKs5ADBADLptgDBALLvXwDBALdeKQwFAQCAAIwDgMFACQB
gUADBQAkAkyAMA0GCSqGSIb3DQEBCwUAA4IBAQAQUGcxiAl+fNinPfnXUZPVKWJg
xijYiwG457ceg2ZI8qEBzEafkRQfAO+njhraX+2j7f5r3ApTT1UyCQXLaas3uPw0
DUulgjI1f1AMHbAI/+uKCq8Rtu6RfF6Wtf/+NyW6ppGozmE0GbP1Vl5fDmqqleVi
TJ+FqFOA2tc40rWexb+cqncHvsaJQMRhi0XhnrKFgz2OCDV1hegHQsmdTgsiPmk3
Ub50iBnCuj8HA5XVw6sFeFpW4HwK258SLB8FQriab+S8cgRHMdZSssDMnqEWd86o
g9TECFZSGL+j7yV64Nb+FvFuLGvk3Yqnxc47LworzZx/3t3SaHqDzUhkyOOr
-----END CERTIFICATE-----
Generated at Thu Jul 3 00:30:50 2025 by rpki-client