Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/A2F568A08CDC11EEA05B6E55C4F9AE02.roa
File: A2F568A08CDC11EEA05B6E55C4F9AE02.roa (raw, json)
Hash identifier: 1BbW+GzFmicFxrJi47abULi9jqJhPlJkmCnwzd461wM=
Subject key identifier: 14:AC:55:9C:8E:E3:32:1E:3A:3E:ED:1B:0A:F7:1C:74:FF:4A:30:C2
Certificate issuer: /CN=A9127C2D/serialNumber=8B65A5294377D686378C46B3E9DAD7CDB5B66791
Certificate serial: DA
Authority key identifier: 8B:65:A5:29:43:77:D6:86:37:8C:46:B3:E9:DA:D7:CD:B5:B6:67:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/i2WlKUN31oY3jEaz6drXzbW2Z5E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/A2F568A08CDC11EEA05B6E55C4F9AE02.roa
Signing time: Sun 05 Jan 2025 03:47:15 +0000
ROA not before: Sun 05 Jan 2025 03:47:15 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 4768
IP address blocks: 202.49.252.0/22 maxlen: 22
202.49.252.0/24 maxlen: 24
202.49.253.0/24 maxlen: 24
202.49.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/i2WlKUN31oY3jEaz6drXzbW2Z5E.crl
rsync://rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/i2WlKUN31oY3jEaz6drXzbW2Z5E.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/i2WlKUN31oY3jEaz6drXzbW2Z5E.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 16 Apr 2025 03:59:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 218 (0xda)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9127C2D
Validity
Not Before: Jan 5 03:47:15 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=677a00c3-7eb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:b3:2c:62:a4:83:8b:d6:34:a9:6c:68:02:dd:
e8:8b:84:26:2b:d0:8a:12:31:1f:5c:cf:1f:39:f4:
7e:a5:17:bb:6f:d8:5a:19:53:f5:49:02:21:fc:4b:
3f:40:82:87:d4:91:64:6f:7b:89:86:7d:b2:69:af:
3a:2b:83:dc:a3:c4:db:51:3d:37:eb:ff:30:69:4a:
51:24:f8:a4:d2:e4:f4:d2:ef:ca:39:56:34:e8:a1:
bb:1a:5d:de:52:13:4e:72:e5:e7:ad:6a:4b:7c:1e:
11:95:be:90:a3:72:38:c9:af:c9:c6:51:7d:ff:be:
cc:e2:3c:d6:4e:6c:2d:db:3d:3e:1e:95:f7:8a:3f:
32:ac:09:b3:b0:d2:f2:26:6e:a5:65:d2:70:86:51:
cf:2a:9f:df:07:7f:d9:bd:f4:31:14:0c:22:74:32:
8e:20:6d:44:fa:77:d1:e0:e0:2e:cd:43:29:eb:5b:
79:45:df:e2:4d:ae:bc:0c:21:7f:6d:c5:d0:4c:fb:
fd:82:7d:d7:3e:55:44:fe:93:37:55:fa:22:35:4f:
55:e3:cf:a7:50:f7:dd:69:2a:f7:f2:24:80:9e:cc:
2c:f1:62:90:fc:0f:2d:0b:4f:cc:76:2f:7d:ca:85:
06:4f:75:fd:84:a3:e7:78:9c:0c:72:8c:1b:6e:72:
00:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:AC:55:9C:8E:E3:32:1E:3A:3E:ED:1B:0A:F7:1C:74:FF:4A:30:C2
X509v3 Authority Key Identifier:
keyid:8B:65:A5:29:43:77:D6:86:37:8C:46:B3:E9:DA:D7:CD:B5:B6:67:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/i2WlKUN31oY3jEaz6drXzbW2Z5E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/i2WlKUN31oY3jEaz6drXzbW2Z5E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9127C2D/9E39F9368C9E11EE87C8EE78C4F9AE02/A2F568A08CDC11EEA05B6E55C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.49.252.0/22
Signature Algorithm: sha256WithRSAEncryption
88:40:72:d1:60:33:90:7f:20:b0:d7:00:80:5a:76:ff:d2:4f:
1c:77:10:f5:f9:8f:f4:80:b9:06:f4:c3:7e:dd:5f:ee:a4:38:
46:75:ff:e6:96:3b:50:12:4c:2c:42:80:14:2b:37:d6:b9:a0:
a4:34:39:b0:b2:35:52:eb:88:11:f9:12:79:c4:8a:4a:68:9c:
cb:f1:64:2d:ee:c3:6a:6d:79:46:39:42:12:7c:86:03:c2:88:
7a:05:6e:f5:35:d2:39:6d:6d:42:01:96:e8:7d:c5:21:a0:cc:
17:e0:b8:fd:29:e8:82:9e:f1:51:c2:92:c6:e8:85:2a:f2:db:
0a:83:50:42:f6:15:d2:90:05:af:0b:11:ef:ac:85:f2:8f:f4:
03:22:57:6e:89:8d:da:4c:67:7d:08:73:0a:f8:f2:7e:ec:bc:
7b:67:86:64:d7:db:b4:7e:ba:63:50:58:42:af:e4:2d:c4:f6:
ac:f0:57:2e:f2:4e:d6:91:ec:da:8d:08:85:4f:65:c3:0a:43:
4b:06:f4:42:6f:e6:c9:b3:a5:6f:ae:63:a0:b3:3f:34:f4:e6:
26:c1:74:0b:37:a6:68:0c:09:e4:00:8f:53:a6:13:52:e2:71:
87:80:0b:3b:e5:e5:6a:a1:42:0e:15:72:97:ca:35:c7:2f:63:
a0:67:45:33
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICANowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjdDMkQxMTAvBgNVBAUTKDhCNjVBNTI5NDM3N0Q2ODYzNzhDNDZCM0U5REFEN0NE
QjVCNjY3OTEwHhcNMjUwMTA1MDM0NzE1WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzdhMDBjMy03ZWI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6bMsYqSDi9Y0qWxoAt3oi4QmK9CKEjEfXM8fOfR+pRe7b9haGVP1SQIh/Es/
QIKH1JFkb3uJhn2yaa86K4Pco8TbUT036/8waUpRJPik0uT00u/KOVY06KG7Gl3e
UhNOcuXnrWpLfB4Rlb6Qo3I4ya/JxlF9/77M4jzWTmwt2z0+HpX3ij8yrAmzsNLy
Jm6lZdJwhlHPKp/fB3/ZvfQxFAwidDKOIG1E+nfR4OAuzUMp61t5Rd/iTa68DCF/
bcXQTPv9gn3XPlVE/pM3VfoiNU9V48+nUPfdaSr38iSAnsws8WKQ/A8tC0/Mdi99
yoUGT3X9hKPneJwMcowbbnIARwIDAQABo4IClTCCApEwHQYDVR0OBBYEFBSsVZyO
4zIeOj7tGwr3HHT/SjDCMB8GA1UdIwQYMBaAFItlpSlDd9aGN4xGs+na1821tmeR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyN0MyRC85RTM5RjkzNjhD
OUUxMUVFODdDOEVFNzhDNEY5QUUwMi9pMldsS1VOMzFvWTNqRWF6NmRyWHpiVzJa
NUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2kyV2xLVU4zMW9ZM2pFYXo2ZHJYemJXMlo1RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjdDMkQvOUUzOUY5MzY4QzlFMTFFRTg3QzhFRTc4QzRGOUFFMDIvQTJGNTY4QTA4
Q0RDMTFFRUEwNUI2RTU1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALKMfwwDQYJKoZIhvcNAQELBQADggEBAIhActFgM5B/ILDX
AIBadv/STxx3EPX5j/SAuQb0w37dX+6kOEZ1/+aWO1ASTCxCgBQrN9a5oKQ0ObCy
NVLriBH5EnnEikponMvxZC3uw2pteUY5QhJ8hgPCiHoFbvU10jltbUIBluh9xSGg
zBfguP0p6IKe8VHCksbohSry2wqDUEL2FdKQBa8LEe+shfKP9AMiV26JjdpMZ30I
cwr48n7svHtnhmTX27R+umNQWEKv5C3E9qzwVy7yTtaR7NqNCIVPZcMKQ0sG9EJv
5smzpW+uY6CzPzT05ibBdAs3pmgMCeQAj1OmE1LicYeACzvl5WqhQg4VcpfKNccv
Y6BnRTM=
-----END CERTIFICATE-----
Generated at Fri Apr 11 09:33:22 2025 by rpki-client