Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/AC8EE79E975B11EFB1D18E82C4F9AE02.roa
File: AC8EE79E975B11EFB1D18E82C4F9AE02.roa (raw, json)
Hash identifier: sqDKPZ1qrocmicYcNGEqHeOR7eFUFOhb8W65lVkqel0=
Subject key identifier: F8:84:C7:81:B2:EA:A5:10:B4:09:B5:C5:AC:CD:27:9F:E5:50:DD:7E
Certificate issuer: /CN=A91CD60C/serialNumber=E72376339DBD5D302A59CCFA77AC09CD1723954D
Certificate serial: 6C
Authority key identifier: E7:23:76:33:9D:BD:5D:30:2A:59:CC:FA:77:AC:09:CD:17:23:95:4D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5yN2M529XTAqWcz6d6wJzRcjlU0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/AC8EE79E975B11EFB1D18E82C4F9AE02.roa
Signing time: Sat 03 May 2025 06:42:58 +0000
ROA not before: Sat 03 May 2025 06:42:58 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 56190
IP address blocks: 202.51.128.0/24 maxlen: 24
202.51.129.0/24 maxlen: 24
202.51.130.0/24 maxlen: 24
202.51.131.0/24 maxlen: 24
202.51.132.0/24 maxlen: 24
202.51.133.0/24 maxlen: 24
202.51.134.0/24 maxlen: 24
202.51.135.0/24 maxlen: 24
202.51.136.0/24 maxlen: 24
202.51.137.0/24 maxlen: 24
202.51.138.0/24 maxlen: 24
202.51.139.0/24 maxlen: 24
202.51.140.0/24 maxlen: 24
202.51.141.0/24 maxlen: 24
202.51.142.0/24 maxlen: 24
202.51.143.0/24 maxlen: 24
202.51.144.0/24 maxlen: 24
202.51.145.0/24 maxlen: 24
202.51.146.0/24 maxlen: 24
202.51.147.0/24 maxlen: 24
202.51.148.0/24 maxlen: 24
202.51.149.0/24 maxlen: 24
202.51.150.0/24 maxlen: 24
202.51.151.0/24 maxlen: 24
202.51.152.0/24 maxlen: 24
202.51.153.0/24 maxlen: 24
202.51.154.0/24 maxlen: 24
202.51.155.0/24 maxlen: 24
202.51.156.0/24 maxlen: 24
202.51.157.0/24 maxlen: 24
202.51.158.0/24 maxlen: 24
202.51.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/5yN2M529XTAqWcz6d6wJzRcjlU0.crl
rsync://rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/5yN2M529XTAqWcz6d6wJzRcjlU0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5yN2M529XTAqWcz6d6wJzRcjlU0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 20 May 2025 06:11:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 108 (0x6c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CD60C, serialNumber=E72376339DBD5D302A59CCFA77AC09CD1723954D
Validity
Not Before: May 3 06:42:58 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=6815baf2-effb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:c5:0c:a8:98:f7:e6:0a:8a:7d:ff:84:98:79:
e2:cd:33:8f:c7:fe:d4:da:02:77:ae:6c:5b:c9:b2:
26:49:b8:5a:f0:36:8d:3e:d5:40:88:3e:df:76:0c:
77:ab:5a:68:f0:43:61:5c:16:ec:bc:58:8a:57:dd:
34:06:85:5d:6a:ac:49:98:f1:c9:88:51:21:a8:c0:
e7:7d:d3:b2:09:c9:a3:9e:d0:ac:9f:7b:65:96:e1:
33:5e:8b:90:23:46:ad:7d:eb:8a:8a:db:ed:96:44:
0e:c8:93:45:99:8c:96:c3:91:38:f7:c3:76:c1:91:
21:da:78:1f:aa:5b:9b:fa:fa:35:68:a0:b9:cd:1c:
98:98:0b:92:13:c9:82:09:44:2d:8f:08:ff:0c:24:
22:8b:1d:4a:ce:1e:37:ae:6f:7c:85:d9:19:14:fb:
12:f1:ed:0b:92:f4:f4:e0:f8:16:4c:ec:db:01:09:
86:a1:a1:7e:81:a7:94:6c:ec:5e:5c:cc:78:6b:4e:
da:1b:a4:b3:44:9d:2a:05:bf:e9:1d:e2:6a:a5:eb:
c8:e4:a3:12:6c:e7:58:7e:75:dc:b0:2f:3a:46:6f:
7f:af:18:8e:11:4c:d7:65:28:47:31:0f:c6:2c:aa:
fa:5b:e8:0d:cc:68:b1:2e:78:40:71:29:31:6e:18:
eb:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:84:C7:81:B2:EA:A5:10:B4:09:B5:C5:AC:CD:27:9F:E5:50:DD:7E
X509v3 Authority Key Identifier:
keyid:E7:23:76:33:9D:BD:5D:30:2A:59:CC:FA:77:AC:09:CD:17:23:95:4D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/5yN2M529XTAqWcz6d6wJzRcjlU0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5yN2M529XTAqWcz6d6wJzRcjlU0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CD60C/188F1172973D11EFA5196058C4F9AE02/AC8EE79E975B11EFB1D18E82C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.51.128.0/19
Signature Algorithm: sha256WithRSAEncryption
ca:70:a3:1d:0e:01:37:4d:11:a4:ac:b5:05:59:d8:99:3a:96:
c5:8d:48:48:d7:47:53:fa:af:7b:24:7a:d2:6e:96:c6:b0:40:
e8:96:4d:05:2b:8f:49:28:e6:97:84:84:74:56:9d:bc:7c:ee:
82:ad:b3:74:3e:ab:b2:9d:40:87:d7:7f:cf:45:db:96:7f:a3:
ce:ac:a9:19:35:66:45:ba:3a:30:3f:de:d4:f3:5b:b3:05:d3:
de:70:d9:a0:36:67:70:f3:85:70:a3:ab:40:4c:5e:0a:c6:51:
f2:fd:e1:48:f5:88:a0:7b:ce:ec:8a:25:af:d1:d4:fd:17:a6:
72:58:70:61:cb:ca:77:fc:62:cf:69:17:c4:f9:f6:e2:70:2f:
b2:93:58:f6:be:95:c3:cf:1a:fa:a2:67:c9:07:66:35:f2:9e:
e8:0b:01:e7:d5:00:ae:bf:79:df:85:f3:5a:d7:2e:a2:b1:b4:
b0:c5:b3:78:f7:48:2d:47:87:e3:03:ce:47:a5:ed:a0:ed:27:
d0:8b:4e:a2:c5:a0:6e:e2:06:43:fd:a9:d2:59:e0:69:aa:05:
51:b1:48:ba:30:f9:22:41:a0:bd:1b:36:bf:bf:71:f8:50:a4:
0b:40:b0:ea:26:f3:65:d2:fe:b8:01:65:3b:fa:44:a3:bc:6e:
54:82:bf:dd
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBbDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RDYwQzExMC8GA1UEBRMoRTcyMzc2MzM5REJENUQzMDJBNTlDQ0ZBNzdBQzA5Q0Qx
NzIzOTU0RDAeFw0yNTA1MDMwNjQyNThaFw0yNjA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4MTViYWYyLWVmZmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMxQyomPfmCop9/4SYeeLNM4/H/tTaAneubFvJsiZJuFrwNo0+1UCIPt92DHer
WmjwQ2FcFuy8WIpX3TQGhV1qrEmY8cmIUSGowOd907IJyaOe0Kyfe2WW4TNei5Aj
Rq1964qK2+2WRA7Ik0WZjJbDkTj3w3bBkSHaeB+qW5v6+jVooLnNHJiYC5ITyYIJ
RC2PCP8MJCKLHUrOHjeub3yF2RkU+xLx7QuS9PTg+BZM7NsBCYahoX6Bp5Rs7F5c
zHhrTtobpLNEnSoFv+kd4mql68jkoxJs51h+ddywLzpGb3+vGI4RTNdlKEcxD8Ys
qvpb6A3MaLEueEBxKTFuGOsNAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU+ITHgbLq
pRC0CbXFrM0nn+VQ3X4wHwYDVR0jBBgwFoAU5yN2M529XTAqWcz6d6wJzRcjlU0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNENjBDLzE4OEYxMTcyOTcz
RDExRUZBNTE5NjA1OEM0RjlBRTAyLzV5TjJNNTI5WFRBcVdjejZkNndKelJjamxV
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNXlOMk01MjlYVEFxV2N6NmQ2d0p6UmNqbFUwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RDYwQy8xODhGMTE3Mjk3M0QxMUVGQTUxOTYwNThDNEY5QUUwMi9BQzhFRTc5RTk3
NUIxMUVGQjFEMThFODJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEBcozgDANBgkqhkiG9w0BAQsFAAOCAQEAynCjHQ4BN00RpKy1
BVnYmTqWxY1ISNdHU/qveyR60m6WxrBA6JZNBSuPSSjml4SEdFadvHzugq2zdD6r
sp1Ah9d/z0Xbln+jzqypGTVmRbo6MD/e1PNbswXT3nDZoDZncPOFcKOrQExeCsZR
8v3hSPWIoHvO7Iolr9HU/RemclhwYcvKd/xiz2kXxPn24nAvspNY9r6Vw88a+qJn
yQdmNfKe6AsB59UArr9534XzWtcuorG0sMWzePdILUeH4wPOR6XtoO0n0ItOosWg
buIGQ/2p0lngaaoFUbFIujD5IkGgvRs2v79x+FCkC0Cw6ibzZdL+uAFlO/pEo7xu
VIK/3Q==
-----END CERTIFICATE-----
Generated at Thu May 15 00:33:33 2025 by rpki-client