Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
File: C2F7AE40C03111EA9777314AC4F9AE02.roa (raw, json)
Hash identifier: 5UVYc1gM3pcN5MyLC+3d2F4QJ6pH7wnclugT6lLmPzA=
Subject key identifier: 70:50:02:D3:11:D4:3F:2F:89:AC:AE:AD:69:E1:07:F0:F9:E2:C4:73
Certificate issuer: /CN=A91577DD/serialNumber=95D1BEF3900B416584164BB74631771302291688
Certificate serial: 3455
Authority key identifier: 95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
Signing time: Mon 30 Dec 2024 15:10:46 +0000
ROA not before: Mon 30 Dec 2024 15:10:46 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 132196
IP address blocks: 43.254.76.0/22 maxlen: 22
43.254.76.0/24 maxlen: 24
43.254.77.0/24 maxlen: 24
43.254.78.0/24 maxlen: 24
43.254.79.0/24 maxlen: 24
103.238.124.0/22 maxlen: 22
103.238.124.0/24 maxlen: 24
103.238.125.0/24 maxlen: 24
103.238.126.0/24 maxlen: 24
103.238.127.0/24 maxlen: 24
120.50.48.0/20 maxlen: 20
120.50.48.0/24 maxlen: 24
120.50.49.0/24 maxlen: 24
120.50.50.0/24 maxlen: 24
120.50.51.0/24 maxlen: 24
120.50.52.0/24 maxlen: 24
120.50.53.0/24 maxlen: 24
120.50.54.0/24 maxlen: 24
120.50.55.0/24 maxlen: 24
120.50.56.0/24 maxlen: 24
120.50.57.0/24 maxlen: 24
120.50.58.0/24 maxlen: 24
120.50.59.0/24 maxlen: 24
120.50.60.0/24 maxlen: 24
120.50.61.0/24 maxlen: 24
120.50.62.0/24 maxlen: 24
120.50.63.0/24 maxlen: 24
202.176.13.0/24 maxlen: 24
2404:99c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 19 Apr 2025 14:50:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13397 (0x3455)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91577DD, serialNumber=95D1BEF3900B416584164BB74631771302291688
Validity
Not Before: Dec 30 15:10:46 2024 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=6772b7f6-72f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b9:21:94:cd:bd:e0:99:9c:a8:f3:3a:9b:de:
16:d4:91:06:4c:69:97:36:1c:6d:00:e1:f8:6d:51:
e6:41:e1:84:e3:5d:27:3a:04:92:66:1a:f4:06:d0:
e4:37:6c:cc:22:30:a0:a8:f5:0e:0f:69:2e:1d:b8:
6d:14:94:3d:bf:bc:dd:86:82:ad:7c:b4:6d:ad:31:
13:8d:b5:70:61:64:0c:5c:2c:35:d7:64:d3:62:13:
67:4a:94:dc:08:28:3e:41:01:b2:b8:12:1d:2a:d5:
0e:95:09:08:d7:9b:32:f9:d0:84:dc:fd:15:a9:21:
53:68:a0:e2:fb:79:98:c6:d8:9d:00:ef:d9:63:33:
7d:bd:7d:24:86:27:c7:20:47:b6:ec:3c:a9:58:fb:
9d:24:bd:1c:75:c7:48:3d:d4:8e:f8:27:02:69:1f:
c3:06:c1:c8:bf:02:d5:eb:e1:ac:6f:95:84:f2:72:
21:7b:20:f1:6f:3a:f5:a1:e6:85:ce:60:65:54:10:
5c:59:fb:19:c5:38:82:ba:29:88:b1:c1:37:fb:90:
81:ec:8a:b0:b3:f5:9f:a5:b6:29:07:74:80:b0:e2:
f7:e6:f5:99:58:e7:e0:e8:09:a1:b0:80:3d:54:35:
7f:d7:25:af:17:78:32:ef:48:c1:d4:79:cf:b8:db:
9d:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:50:02:D3:11:D4:3F:2F:89:AC:AE:AD:69:E1:07:F0:F9:E2:C4:73
X509v3 Authority Key Identifier:
keyid:95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.76.0/22
103.238.124.0/22
120.50.48.0/20
202.176.13.0/24
IPv6:
2404:99c0::/32
Signature Algorithm: sha256WithRSAEncryption
ad:e1:10:fe:94:17:ae:0f:3e:1f:99:71:89:81:35:76:e4:36:
e5:9f:60:5d:27:4f:65:b4:f2:ab:7b:ab:d1:41:8c:16:87:7b:
5f:f5:e7:2e:8e:4b:00:70:9b:83:04:a5:c4:7d:40:95:68:67:
b8:97:3b:60:f5:ca:76:97:b6:2e:9b:03:2d:1c:bf:d9:53:1f:
1b:26:d5:c4:9e:e6:7c:83:64:26:93:f6:fc:b2:27:e1:b6:26:
b2:b1:5e:ab:13:52:a0:f8:f5:a7:22:d2:d2:3b:5b:ad:9b:a7:
6a:f6:4d:06:c3:82:1e:4f:19:75:c7:22:c1:e6:3c:96:fd:8d:
a3:f2:9d:1e:c8:9c:26:2a:35:48:05:c6:f0:8b:ae:88:48:a4:
7a:8f:71:24:9e:db:9a:83:d8:b2:3f:f5:26:40:58:e4:ad:9a:
f6:8b:c2:92:16:49:9a:2d:84:3b:7f:e2:7e:8b:9f:d6:cc:bf:
a3:cb:f3:4e:4d:c6:d7:08:62:f1:c5:59:84:9f:70:b8:06:9e:
ee:63:46:0f:36:75:99:f8:ce:bb:62:f1:3e:a6:1c:55:a4:ea:
28:ae:e7:2a:1d:de:bb:5f:ce:41:09:13:3e:20:a8:79:bd:ad:
ef:4d:97:c0:9c:4b:b9:ab:7b:a8:10:52:63:d0:d8:49:41:ae:
ed:78:62:21
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICNFUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTc3REQxMTAvBgNVBAUTKDk1RDFCRUYzOTAwQjQxNjU4NDE2NEJCNzQ2MzE3NzEz
MDIyOTE2ODgwHhcNMjQxMjMwMTUxMDQ2WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzcyYjdmNi03MmYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArbkhlM294JmcqPM6m94W1JEGTGmXNhxtAOH4bVHmQeGE410nOgSSZhr0BtDk
N2zMIjCgqPUOD2kuHbhtFJQ9v7zdhoKtfLRtrTETjbVwYWQMXCw112TTYhNnSpTc
CCg+QQGyuBIdKtUOlQkI15sy+dCE3P0VqSFTaKDi+3mYxtidAO/ZYzN9vX0khifH
IEe27DypWPudJL0cdcdIPdSO+CcCaR/DBsHIvwLV6+Gsb5WE8nIheyDxbzr1oeaF
zmBlVBBcWfsZxTiCuimIscE3+5CB7Iqws/WfpbYpB3SAsOL35vWZWOfg6AmhsIA9
VDV/1yWvF3gy70jB1HnPuNudqwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFHBQAtMR
1D8viayurWnhB/D54sRzMB8GA1UdIwQYMBaAFJXRvvOQC0FlhBZLt0YxdxMCKRaI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NzdERC9EMUM1QjAyQTFE
OTYxMUUyQTFDQUI0N0YwOEIwMkNEMi9sZEctODVBTFFXV0VGa3UzUmpGM0V3SXBG
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xkRy04NUFMUVdXRUZrdTNSakYzRXdJcEZvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTc3REQvRDFDNUIwMkExRDk2MTFFMkExQ0FCNDdGMDhCMDJDRDIvQzJGN0FFNDBD
MDMxMTFFQTk3NzczMTRBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr/kwDBAJn7nwDBAR4MjADBADKsA0wDQQCAAIwBwMFACQE
mcAwDQYJKoZIhvcNAQELBQADggEBAK3hEP6UF64PPh+ZcYmBNXbkNuWfYF0nT2W0
8qt7q9FBjBaHe1/15y6OSwBwm4MEpcR9QJVoZ7iXO2D1ynaXti6bAy0cv9lTHxsm
1cSe5nyDZCaT9vyyJ+G2JrKxXqsTUqD49aci0tI7W62bp2r2TQbDgh5PGXXHIsHm
PJb9jaPynR7InCYqNUgFxvCLrohIpHqPcSSe25qD2LI/9SZAWOStmvaLwpIWSZot
hDt/4n6Ln9bMv6PL805NxtcIYvHFWYSfcLgGnu5jRg82dZn4zrti8T6mHFWk6iiu
5yod3rtfzkEJEz4gqHm9re9Nl8CcS7mre6gQUmPQ2ElBru14YiE=
-----END CERTIFICATE-----
Generated at Sun Apr 13 01:53:23 2025 by rpki-client