Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/EEF771D4FED311EF8B263515C4F9AE02.roa
File: EEF771D4FED311EF8B263515C4F9AE02.roa (raw, json)
Hash identifier: 09tGhGYy1EBd0MGX/GluMy6ke+NPb5M4XAtBFpqIk9Y=
Subject key identifier: 43:BD:B3:37:16:80:5A:2E:76:B3:04:84:15:EE:46:28:3E:C4:3E:82
Certificate issuer: /CN=A9149F3E/serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Certificate serial: 3919
Authority key identifier: EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/EEF771D4FED311EF8B263515C4F9AE02.roa
Signing time: Fri 04 Jul 2025 14:50:36 +0000
ROA not before: Fri 04 Jul 2025 14:50:36 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 18305
IP address blocks: 203.244.39.0/24 maxlen: 24
203.244.45.0/24 maxlen: 24
203.244.50.0/24 maxlen: 24
203.244.60.0/24 maxlen: 24
203.244.67.0/24 maxlen: 24
203.244.70.0/24 maxlen: 24
203.244.80.0/24 maxlen: 24
203.244.95.0/24 maxlen: 24
203.245.134.0/24 maxlen: 24
203.245.136.0/24 maxlen: 24
203.245.147.0/24 maxlen: 24
203.245.152.0/24 maxlen: 24
203.245.155.0/24 maxlen: 24
203.245.156.0/24 maxlen: 24
203.245.157.0/24 maxlen: 24
203.245.158.0/24 maxlen: 24
203.245.160.0/24 maxlen: 24
203.245.161.0/24 maxlen: 24
203.245.162.0/24 maxlen: 24
203.245.163.0/24 maxlen: 24
203.245.200.0/24 maxlen: 24
203.245.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 27 Jul 2025 14:22:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14617 (0x3919)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9149F3E, serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Validity
Not Before: Jul 4 14:50:36 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=6867ea3b-f784
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:70:af:9b:99:26:b1:cc:10:22:05:f0:3b:1c:
9b:dc:d0:7c:65:7f:e5:0f:d1:70:85:f7:c6:cb:f0:
1c:ea:85:c5:25:a0:ca:aa:76:88:a7:e6:a7:df:9b:
61:a2:9c:8a:f1:60:db:30:91:21:38:de:00:0c:b7:
57:7c:69:01:fa:3b:72:55:7e:8d:b9:4c:34:0d:f4:
86:ee:f1:2b:c3:ea:a3:82:93:c2:13:f2:d1:c4:82:
ef:85:ad:cb:25:76:5e:61:7d:27:3c:5b:1d:af:43:
47:39:09:5b:79:ef:97:28:a9:7f:0f:09:87:f2:d7:
a0:e8:c6:24:63:c5:d6:fa:24:08:30:9c:a8:21:cf:
c1:b2:6e:d2:8a:04:36:cb:d0:c8:bf:29:4e:c4:6d:
dd:6f:d7:18:be:d8:f5:c1:f1:51:de:3f:9b:26:a3:
0d:6b:15:e6:8a:f7:c0:51:3d:08:1d:c2:a4:e4:a3:
f2:e7:7d:23:af:c3:6b:6c:7b:46:8d:2a:87:c0:b0:
30:69:31:58:d4:ef:69:01:14:7d:fe:cb:81:18:b1:
7c:12:a7:d1:62:95:0e:b5:3b:d7:27:ba:45:8d:af:
df:7b:a3:a6:f5:17:ba:66:a6:11:60:25:ee:ab:c4:
38:f7:c1:6c:01:31:4f:9f:77:e4:93:94:4d:44:10:
8f:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:BD:B3:37:16:80:5A:2E:76:B3:04:84:15:EE:46:28:3E:C4:3E:82
X509v3 Authority Key Identifier:
keyid:EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/EEF771D4FED311EF8B263515C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.244.39.0/24
203.244.45.0/24
203.244.50.0/24
203.244.60.0/24
203.244.67.0/24
203.244.70.0/24
203.244.80.0/24
203.244.95.0/24
203.245.134.0/24
203.245.136.0/24
203.245.147.0/24
203.245.152.0/24
203.245.155.0-203.245.158.255
203.245.160.0/22
203.245.200.0/23
Signature Algorithm: sha256WithRSAEncryption
42:24:61:a6:dd:e6:3c:3a:5e:82:36:6b:2a:84:7f:d0:e9:d5:
2f:8a:ff:31:33:cf:a6:9e:15:e3:da:f5:a2:8e:03:4a:c9:96:
d1:86:ef:65:2f:c1:80:e7:0f:88:f3:8f:0b:96:6c:df:f3:8a:
46:3d:81:79:89:10:14:16:f7:4a:8f:22:65:ac:32:70:fd:ae:
72:0a:6d:a4:46:13:5d:5d:6f:06:58:29:91:6b:b2:d6:7d:3d:
f1:32:cc:7b:87:fa:df:34:4f:3b:ce:4c:c6:81:ae:23:25:9c:
5f:04:8b:0f:56:f6:13:04:b6:e8:a1:d2:72:b1:7c:cb:e6:c5:
50:f3:ba:7d:01:4d:7e:06:75:c7:cb:49:4b:74:56:69:d5:6a:
69:f8:ea:9a:20:11:63:56:7a:d7:0a:92:17:f4:d0:a4:63:fe:
94:f5:bc:5c:00:35:d7:af:63:70:dc:40:d1:b6:c4:74:b9:82:
6e:9e:3a:4d:ed:05:10:90:c8:65:87:a6:0b:19:3b:d2:74:90:
24:a5:bb:60:19:2a:8f:35:b7:cb:ba:f2:31:ce:61:27:31:2d:
38:75:b8:1b:46:7d:92:e0:98:38:68:16:db:8b:c9:ba:64:3c:
2c:96:e2:2a:6e:5f:48:6e:1a:f3:13:e9:e3:02:22:fc:b6:0c:
0a:df:e1:fc
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgICORkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlGM0UxMTAvBgNVBAUTKEVCMzg5RkIzMzlCMzkwOEQ1NDlBNjUzOTBDOTJFMTVG
OURGN0M1NEIwHhcNMjUwNzA0MTQ1MDM2WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY3ZWEzYi1mNzg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx3Cvm5kmscwQIgXwOxyb3NB8ZX/lD9FwhffGy/Ac6oXFJaDKqnaIp+an35th
opyK8WDbMJEhON4ADLdXfGkB+jtyVX6NuUw0DfSG7vErw+qjgpPCE/LRxILvha3L
JXZeYX0nPFsdr0NHOQlbee+XKKl/DwmH8teg6MYkY8XW+iQIMJyoIc/Bsm7SigQ2
y9DIvylOxG3db9cYvtj1wfFR3j+bJqMNaxXmivfAUT0IHcKk5KPy530jr8NrbHtG
jSqHwLAwaTFY1O9pARR9/suBGLF8EqfRYpUOtTvXJ7pFja/fe6Om9Re6ZqYRYCXu
q8Q498FsATFPn3fkk5RNRBCP8QIDAQABo4IC8TCCAu0wHQYDVR0OBBYEFEO9szcW
gFoudrMEhBXuRig+xD6CMB8GA1UdIwQYMBaAFOs4n7M5s5CNVJplOQyS4V+d98VL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUYzRS9BQzUyQjc0ODFE
ODIxMUUyQkM2NDE3RDcwOEIwMkNEMi82emlmc3ptemtJMVVtbVU1REpMaFg1MzN4
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZ6aWZzem16a0kxVW1tVTVESkxoWDUzM3hVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlGM0UvQUM1MkI3NDgxRDgyMTFFMkJDNjQxN0Q3MDhCMDJDRDIvRUVGNzcxRDRG
RUQzMTFFRjhCMjYzNTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwewYIKwYBBQUHAQcBAf8E
bDBqMGgEAgABMGIDBADL9CcDBADL9C0DBADL9DIDBADL9DwDBADL9EMDBADL9EYD
BADL9FADBADL9F8DBADL9YYDBADL9YgDBADL9ZMDBADL9ZgwDAMEAMv1mwMEAMv1
ngMEAsv1oAMEAcv1yDANBgkqhkiG9w0BAQsFAAOCAQEAQiRhpt3mPDpegjZrKoR/
0OnVL4r/MTPPpp4V49r1oo4DSsmW0YbvZS/BgOcPiPOPC5Zs3/OKRj2BeYkQFBb3
So8iZawycP2ucgptpEYTXV1vBlgpkWuy1n098TLMe4f63zRPO85MxoGuIyWcXwSL
D1b2EwS26KHScrF8y+bFUPO6fQFNfgZ1x8tJS3RWadVqafjqmiARY1Z61wqSF/TQ
pGP+lPW8XAA1169jcNxA0bbEdLmCbp46Te0FEJDIZYemCxk70nSQJKW7YBkqjzW3
y7ryMc5hJzEtOHW4G0Z9kuCYOGgW24vJumQ8LJbiKm5fSG4a8xPp4wIi/LYMCt/h
/A==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:57:21 2025 by rpki-client