Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
File: DE61D0DC2A7311F08DDC6D17C4F9AE02.roa (raw, json)
Hash identifier: fo5MHUuRRZ0aet/6odghmGpOjhNAEkaCj7xDRNlqGJo=
Subject key identifier: 45:EF:A2:81:7E:AD:44:FF:49:15:6F:E4:6B:47:B4:97:64:38:7A:A2
Certificate issuer: /CN=A91DA2D5/serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Certificate serial: 2CCC
Authority key identifier: 3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
Signing time: Tue 06 May 2025 12:16:20 +0000
ROA not before: Tue 06 May 2025 12:16:20 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 58717
IP address blocks: 43.245.140.0/22 maxlen: 22
43.245.140.0/22 maxlen: 24
43.245.140.0/23 maxlen: 23
43.245.140.0/24 maxlen: 24
43.245.141.0/24 maxlen: 24
43.245.142.0/23 maxlen: 23
43.245.142.0/24 maxlen: 24
43.245.143.0/24 maxlen: 24
103.15.244.0/22 maxlen: 24
103.15.246.64/26 maxlen: 26
103.75.238.0/23 maxlen: 24
103.96.68.0/23 maxlen: 24
103.96.70.0/23 maxlen: 24
103.108.144.0/22 maxlen: 24
103.199.84.0/22 maxlen: 24
103.242.216.0/24 maxlen: 24
103.242.217.0/24 maxlen: 24
103.242.218.0/23 maxlen: 24
144.48.148.0/23 maxlen: 23
144.48.148.0/24 maxlen: 24
144.48.149.0/24 maxlen: 24
2405:1500::/30 maxlen: 31
2405:1500::/32 maxlen: 32
2405:1500::/32 maxlen: 48
2405:1500::/48 maxlen: 48
2405:1500:12::/48 maxlen: 48
2405:1500:30::/48 maxlen: 48
2405:1500:40::/48 maxlen: 48
2405:1500:60::/48 maxlen: 48
2405:1500:70::/48 maxlen: 48
2405:1500:80::/48 maxlen: 48
2405:1500:82::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 15:31:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11468 (0x2ccc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DA2D5, serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Validity
Not Before: May 6 12:16:20 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=6819fd94-fd92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:de:d7:b9:7e:73:ad:69:00:ac:85:99:b0:51:
fc:1f:21:96:83:6a:37:f3:54:b0:ff:58:03:5a:db:
ec:41:87:7c:d2:87:86:b8:7a:ce:8b:78:ec:e6:f7:
c4:0f:7d:71:2c:2c:01:b9:81:17:9f:5f:b3:81:dd:
67:df:1b:75:cc:52:b8:d9:eb:3b:08:2c:28:55:05:
7d:a7:b8:af:96:08:dc:16:63:56:6b:9c:dc:23:71:
7d:7e:62:ed:8c:04:e3:69:11:94:cb:37:79:b5:ad:
0a:7e:c7:a5:21:6d:84:47:a3:0f:7f:4b:68:18:24:
03:e8:eb:f8:9c:dd:27:96:25:3b:5f:f2:4c:25:27:
e6:30:bb:27:9a:7c:2a:7b:50:b8:41:63:2c:18:2f:
d1:f5:c0:66:91:70:9d:b0:af:52:57:ec:40:f4:7a:
e6:82:2f:0a:01:4b:f7:b5:15:68:2e:d2:40:a5:50:
7e:da:25:9e:83:9e:c7:6a:8c:85:da:33:fc:e3:48:
c0:c1:ef:7a:8d:f6:87:a3:db:0c:f3:af:25:43:08:
02:72:2b:ca:1f:23:96:16:9a:42:ac:49:42:80:8c:
7c:c0:29:d4:f7:ad:8a:9f:17:2d:99:80:d7:54:99:
3d:04:84:3e:33:79:17:ad:58:38:06:6a:57:3e:85:
9e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:EF:A2:81:7E:AD:44:FF:49:15:6F:E4:6B:47:B4:97:64:38:7A:A2
X509v3 Authority Key Identifier:
keyid:3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.140.0/22
103.15.244.0/22
103.75.238.0/23
103.96.68.0/22
103.108.144.0/22
103.199.84.0/22
103.242.216.0/22
144.48.148.0/23
IPv6:
2405:1500::/30
Signature Algorithm: sha256WithRSAEncryption
48:33:30:37:d0:b0:85:f0:b7:d4:75:8e:f6:34:3e:05:22:b7:
40:88:63:21:ca:d0:16:7d:36:30:69:0c:17:2c:14:40:11:58:
03:25:27:ba:86:58:c8:c4:1f:c8:9d:74:18:38:34:e6:e0:db:
f5:fa:7f:61:31:f1:a8:dd:d0:17:2d:60:09:82:e9:34:84:93:
b1:75:4e:13:51:a2:ad:a5:71:a9:07:6a:a4:2d:d9:44:27:2b:
63:3f:af:86:c1:f7:bf:d3:cd:db:86:5b:46:b4:b4:19:54:11:
32:16:d7:f7:fc:86:9c:22:89:6d:09:7a:23:5e:93:61:ea:e0:
a1:eb:97:7f:55:72:e2:fd:5d:5b:10:96:b2:77:20:cc:be:47:
95:a5:08:ab:32:9e:db:3f:01:f5:4f:27:36:3e:41:71:91:71:
3d:c4:c8:63:93:a9:77:e6:65:1e:fb:10:f1:f0:a4:bd:cb:e6:
26:3f:07:04:cb:a8:28:2a:94:fc:21:22:bd:15:66:1c:4d:f5:
f6:f9:be:8f:f9:fa:31:1c:f2:32:0c:5e:01:81:7c:83:a4:87:
8f:04:13:87:ae:6c:8f:13:9e:c7:bd:d5:f9:04:42:74:81:2f:
06:89:00:49:fa:5f:ba:f4:fc:29:27:d5:6e:85:51:75:8e:0c:
44:c1:e6:56
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICLMwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REEyRDUxMTAvBgNVBAUTKDNDMUM4NzczNDdFRTgyNzI5NjM2QUYwRjNBMzc1RDM5
MTA5MEY5MjEwHhcNMjUwNTA2MTIxNjIwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODE5ZmQ5NC1mZDkyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvd7XuX5zrWkArIWZsFH8HyGWg2o381Sw/1gDWtvsQYd80oeGuHrOi3js5vfE
D31xLCwBuYEXn1+zgd1n3xt1zFK42es7CCwoVQV9p7ivlgjcFmNWa5zcI3F9fmLt
jATjaRGUyzd5ta0KfselIW2ER6MPf0toGCQD6Ov4nN0nliU7X/JMJSfmMLsnmnwq
e1C4QWMsGC/R9cBmkXCdsK9SV+xA9Hrmgi8KAUv3tRVoLtJApVB+2iWeg57HaoyF
2jP840jAwe96jfaHo9sM868lQwgCcivKHyOWFppCrElCgIx8wCnU962KnxctmYDX
VJk9BIQ+M3kXrVg4BmpXPoWeRwIDAQABo4ICzjCCAsowHQYDVR0OBBYEFEXvooF+
rUT/SRVv5GtHtJdkOHqiMB8GA1UdIwQYMBaAFDwch3NH7oJyljavDzo3XTkQkPkh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQTJENS81Rjg2MUVFNkI4
OUExMUUzQjRBQzdFNzg1OTExRUEzMi9QQnlIYzBmdWduS1dOcThQT2pkZE9SQ1Et
U0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BCeUhjMGZ1Z25LV05xOFBPamRkT1JDUS1TRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REEyRDUvNUY4NjFFRTZCODlBMTFFM0I0QUM3RTc4NTkxMUVBMzIvREU2MUQwREMy
QTczMTFGMDhEREM2RDE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMDYEAgABMDADBAIr9YwDBAJnD/QDBAFnS+4DBAJnYEQDBAJnbJADBAJnx1QD
BAJn8tgDBAGQMJQwDQQCAAIwBwMFAiQFFQAwDQYJKoZIhvcNAQELBQADggEBAEgz
MDfQsIXwt9R1jvY0PgUit0CIYyHK0BZ9NjBpDBcsFEARWAMlJ7qGWMjEH8iddBg4
NObg2/X6f2Ex8ajd0BctYAmC6TSEk7F1ThNRoq2lcakHaqQt2UQnK2M/r4bB97/T
zduGW0a0tBlUETIW1/f8hpwiiW0JeiNek2Hq4KHrl39VcuL9XVsQlrJ3IMy+R5Wl
CKsynts/AfVPJzY+QXGRcT3EyGOTqXfmZR77EPHwpL3L5iY/BwTLqCgqlPwhIr0V
ZhxN9fb5vo/5+jEc8jIMXgGBfIOkh48EE4eubI8Tnse91fkEQnSBLwaJAEn6X7r0
/Ckn1W6FUXWODETB5lY=
-----END CERTIFICATE-----
Generated at Tue May 13 22:44:26 2025 by rpki-client