Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
File: 59F4A758BD2F11EBB84EE532C4F9AE02.roa (raw, json)
Hash identifier: uAMH22czrWhCVXR1Yh4Gb924YIN0PWuUVG5CCQ0T0QI=
Subject key identifier: FB:64:27:BA:F4:A3:3A:51:DB:FF:F1:F4:34:FA:5C:7E:63:24:AF:A1
Certificate issuer: /CN=A91EA958/serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Certificate serial: 34D8
Authority key identifier: FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
Signing time: Wed 02 Jul 2025 15:21:08 +0000
ROA not before: Wed 02 Jul 2025 15:21:08 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 131207
IP address blocks: 43.245.202.0/23 maxlen: 23
43.245.202.0/24 maxlen: 24
43.245.203.0/24 maxlen: 24
103.14.248.0/23 maxlen: 23
103.14.248.0/24 maxlen: 24
103.14.249.0/24 maxlen: 24
103.14.250.0/23 maxlen: 23
103.14.250.0/24 maxlen: 24
103.14.251.0/24 maxlen: 24
180.178.126.0/23 maxlen: 23
180.178.126.0/24 maxlen: 24
180.178.127.0/24 maxlen: 24
203.217.168.0/23 maxlen: 23
203.217.168.0/24 maxlen: 24
203.217.169.0/24 maxlen: 24
203.217.170.0/23 maxlen: 23
203.217.170.0/24 maxlen: 24
203.217.171.0/24 maxlen: 24
2404:b300:1::/48 maxlen: 48
2404:b300:2::/48 maxlen: 48
2404:b300:11::/48 maxlen: 48
2404:b300:12::/48 maxlen: 48
2404:b300:100::/48 maxlen: 48
2404:b300:101::/48 maxlen: 48
2404:b300:133::/48 maxlen: 48
2404:b300:400::/48 maxlen: 48
2404:b300:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 09 Jul 2025 15:21:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13528 (0x34d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EA958, serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Validity
Not Before: Jul 2 15:21:08 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68654e64-981f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:d0:c2:98:d2:b2:d0:50:cc:19:38:7b:d2:30:
f0:07:34:02:97:0c:e2:0a:e4:c9:0a:06:dc:a4:30:
a0:22:53:4d:03:c7:c0:c5:81:5a:b8:eb:50:f6:93:
db:b6:1d:4d:9a:b0:ba:0d:13:9d:8f:22:6f:09:00:
86:50:28:07:56:7b:fd:f4:83:59:ea:9e:50:41:76:
51:45:e1:08:f0:27:8c:75:3b:36:f6:aa:b2:54:80:
5e:2e:aa:e2:2a:77:6b:40:c0:73:11:c1:74:7d:1c:
cb:f3:95:75:76:52:d7:f6:a0:7c:73:3f:4c:75:8c:
be:48:fe:ad:7e:33:b6:07:5d:96:d0:42:7c:76:3c:
65:71:94:bc:53:56:69:de:ce:42:88:d3:49:cd:3a:
a4:e6:2b:3d:34:1a:fc:5e:18:6b:5c:2e:fc:60:6d:
9d:44:15:4b:f4:1f:42:4a:44:08:a8:90:9a:ec:db:
1d:6c:a5:38:a3:31:3e:44:86:7e:12:6c:d0:bf:03:
24:58:74:a6:50:a7:0a:9b:74:35:c7:7f:fb:0c:c3:
5f:6d:2f:96:92:1d:44:aa:20:27:7d:5c:73:58:e1:
17:0b:bc:21:1b:53:c4:ca:8b:38:a5:65:c2:c7:b7:
05:7b:50:d4:0c:84:8f:12:e9:b1:e9:13:79:75:77:
a7:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:64:27:BA:F4:A3:3A:51:DB:FF:F1:F4:34:FA:5C:7E:63:24:AF:A1
X509v3 Authority Key Identifier:
keyid:FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.202.0/23
103.14.248.0/22
180.178.126.0/23
203.217.168.0/22
IPv6:
2404:b300:1::-2404:b300:2:ffff:ffff:ffff:ffff:ffff
2404:b300:11::-2404:b300:12:ffff:ffff:ffff:ffff:ffff
2404:b300:100::/47
2404:b300:133::/48
2404:b300:400::/48
2404:b300:1000::/48
Signature Algorithm: sha256WithRSAEncryption
65:5b:c0:de:09:08:62:25:0f:6c:47:a6:a3:a5:f9:c6:c3:b5:
42:1b:ad:04:c5:6b:f4:19:98:12:ae:41:06:b9:45:76:18:40:
c1:ad:8b:22:fc:e6:70:ee:5f:7e:2c:7b:63:2d:37:dd:a1:66:
75:b9:80:b9:0a:da:4b:e1:ac:20:02:09:23:53:06:35:01:c3:
bc:1e:57:b2:59:8f:8c:5e:6f:8d:36:f6:cb:9a:98:ce:56:8d:
a8:14:d9:18:82:41:b1:82:be:64:75:20:61:fe:4c:ca:83:97:
6b:c9:82:82:55:ce:71:f6:73:04:c0:22:83:c5:2f:5e:91:18:
7f:60:bf:65:bb:df:02:74:79:ba:c9:14:be:c2:a4:a1:78:ad:
7c:d5:91:d2:97:a4:fd:33:44:d6:3b:66:a2:c2:ba:c6:e5:c5:
74:f5:ac:4d:73:d3:0b:5c:a1:bb:c7:9d:fb:65:24:3a:42:80:
83:fd:40:3d:c8:36:98:79:a2:6a:0e:e6:79:d0:e4:30:cd:68:
bd:43:d4:c1:8a:e3:d6:a5:0c:1c:d2:fc:fb:d4:fa:cf:b6:62:
16:a1:97:d6:fe:69:12:a1:09:7f:46:d1:af:06:62:f2:63:69:
a2:ed:a4:6c:51:be:06:80:f4:b5:59:d0:a3:74:82:c3:c2:99:
dc:2f:88:4f
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgICNNgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUE5NTgxMTAvBgNVBAUTKEZEMTYwNzE4NjM3M0U4MUY0NEQxMzdCMkEwRTk2OTU3
RTYyQUI4QTEwHhcNMjUwNzAyMTUyMTA4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY1NGU2NC05ODFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5NDCmNKy0FDMGTh70jDwBzQClwziCuTJCgbcpDCgIlNNA8fAxYFauOtQ9pPb
th1NmrC6DROdjyJvCQCGUCgHVnv99INZ6p5QQXZRReEI8CeMdTs29qqyVIBeLqri
KndrQMBzEcF0fRzL85V1dlLX9qB8cz9MdYy+SP6tfjO2B12W0EJ8djxlcZS8U1Zp
3s5CiNNJzTqk5is9NBr8XhhrXC78YG2dRBVL9B9CSkQIqJCa7NsdbKU4ozE+RIZ+
EmzQvwMkWHSmUKcKm3Q1x3/7DMNfbS+Wkh1EqiAnfVxzWOEXC7whG1PEyos4pWXC
x7cFe1DUDISPEumx6RN5dXenpwIDAQABo4IC/DCCAvgwHQYDVR0OBBYEFPtkJ7r0
ozpR2//x9DT6XH5jJK+hMB8GA1UdIwQYMBaAFP0WBxhjc+gfRNE3sqDpaVfmKrih
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQTk1OC81QUUxOTdGNDFE
OUYxMUUyQkNCRkY3OEYwOEIwMkNEMi9fUllIR0dOejZCOUUwVGV5b09scFYtWXF1
S0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19SWUhHR056NkI5RTBUZXlvT2xwVi1ZcXVLRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUE5NTgvNUFFMTk3RjQxRDlGMTFFMkJDQkZGNzhGMDhCMDJDRDIvNTlGNEE3NThC
RDJGMTFFQkI4NEVFNTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYUGCCsGAQUFBwEHAQH/
BHYwdDAeBAIAATAYAwQBK/XKAwQCZw74AwQBtLJ+AwQCy9moMFIEAgACMEwwEgMH
ACQEswAAAQMHACQEswAAAjASAwcAJASzAAARAwcAJASzAAASAwcBJASzAAEAAwcA
JASzAAEzAwcAJASzAAQAAwcAJASzABAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlW8De
CQhiJQ9sR6ajpfnGw7VCG60ExWv0GZgSrkEGuUV2GEDBrYsi/OZw7l9+LHtjLTfd
oWZ1uYC5CtpL4awgAgkjUwY1AcO8HleyWY+MXm+NNvbLmpjOVo2oFNkYgkGxgr5k
dSBh/kzKg5dryYKCVc5x9nMEwCKDxS9ekRh/YL9lu98CdHm6yRS+wqSheK181ZHS
l6T9M0TWO2aiwrrG5cV09axNc9MLXKG7x537ZSQ6QoCD/UA9yDaYeaJqDuZ50OQw
zWi9Q9TBiuPWpQwc0vz71PrPtmIWoZfW/mkSoQl/RtGvBmLyY2mi7aRsUb4GgPS1
WdCjdILDwpncL4hP
-----END CERTIFICATE-----
Generated at Thu Jul 3 07:06:16 2025 by rpki-client