Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
File: EFE8CDF6C8D111EE95249F25C4F9AE02.roa (raw, json)
Hash identifier: 8hTBYho7Wl/PAQj3XMQdwTxzLXCHLSq50BmnZke9xMc=
Subject key identifier: 73:C6:F8:DC:B5:6F:C5:71:7C:9F:E9:2D:A7:6D:BB:DF:C4:F5:B3:AC
Certificate issuer: /CN=A9167D07/serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
Certificate serial: 15FD
Authority key identifier: 03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
Signing time: Wed 26 Feb 2025 17:14:56 +0000
ROA not before: Wed 26 Feb 2025 17:14:56 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 55427
IP address blocks: 43.245.92.0/22 maxlen: 22
43.245.92.0/23 maxlen: 23
43.245.92.0/24 maxlen: 24
43.245.93.0/24 maxlen: 24
43.245.94.0/23 maxlen: 23
43.245.94.0/24 maxlen: 24
43.245.95.0/24 maxlen: 24
103.232.228.0/22 maxlen: 22
103.232.228.0/23 maxlen: 23
103.232.228.0/24 maxlen: 24
103.232.229.0/24 maxlen: 24
103.232.230.0/23 maxlen: 23
103.232.230.0/24 maxlen: 24
103.232.231.0/24 maxlen: 24
182.50.64.0/22 maxlen: 24
2402:a300::/32 maxlen: 32
2402:a300:3e6::/48 maxlen: 48
2402:a300:3e7::/48 maxlen: 48
2402:a300:3e8::/48 maxlen: 48
2402:a300:13e6::/48 maxlen: 48
2402:a300:13e7::/48 maxlen: 48
2402:a300:13e8::/48 maxlen: 48
2402:a300:23e8::/48 maxlen: 48
2402:a300:4000::/36 maxlen: 36
2402:a300:4005::/48 maxlen: 48
2402:a300:8000::/36 maxlen: 36
2402:a300:8005::/48 maxlen: 48
2402:a300:800a::/48 maxlen: 48
2402:a300:c000::/36 maxlen: 36
2402:a300:c005::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl
rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 19 Apr 2025 14:50:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5629 (0x15fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9167D07, serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
Validity
Not Before: Feb 26 17:14:56 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67bf4c10-ec6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:94:29:21:79:c0:cd:03:da:a5:e1:d6:20:6a:
92:23:df:83:96:3c:30:39:64:06:4b:67:06:7e:ee:
ac:51:ca:0b:13:8f:6a:f3:e9:c6:27:5e:69:f7:2a:
bd:e1:e7:d6:dc:78:4f:65:00:52:7b:39:27:3b:8a:
e9:db:81:c5:f6:6e:fd:52:2b:4a:32:41:e3:1e:59:
93:8d:a8:b8:96:da:aa:15:43:cc:47:eb:b8:2b:d3:
92:12:64:2b:e7:d3:94:84:64:70:e0:46:ca:58:42:
40:2b:ad:89:b2:77:42:d5:bf:e6:bd:d1:7b:08:2b:
29:01:2d:48:55:44:19:60:85:c8:92:e2:ad:cd:93:
48:97:96:7d:8a:78:9b:18:4e:89:b5:bd:57:62:59:
fe:02:17:90:e6:8a:5d:bb:37:2a:7d:d1:18:90:77:
95:d6:03:f0:cc:99:be:6d:c9:3a:2c:e0:ae:4c:1c:
78:6f:3b:df:eb:6b:1e:d3:11:d7:61:3f:8d:c6:f6:
29:0d:d6:7b:fb:5d:82:9c:c5:17:d5:21:d1:53:e2:
7a:eb:f6:7b:23:0c:1c:47:16:ed:7b:6d:55:9b:8b:
9c:14:39:bd:49:2e:38:7b:db:9c:bd:99:ee:18:de:
fa:eb:c9:d9:2e:38:f7:b3:d1:8f:2a:78:65:3b:53:
9e:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:C6:F8:DC:B5:6F:C5:71:7C:9F:E9:2D:A7:6D:BB:DF:C4:F5:B3:AC
X509v3 Authority Key Identifier:
keyid:03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.92.0/22
103.232.228.0/22
182.50.64.0/22
IPv6:
2402:a300::/32
Signature Algorithm: sha256WithRSAEncryption
17:46:db:1e:28:d9:c0:e4:ab:82:7c:4e:d4:86:a0:af:5b:38:
a8:29:9e:37:96:03:bc:79:dd:9f:44:79:31:df:b8:ab:4f:ce:
48:0b:a8:04:5e:93:94:8a:04:91:77:69:ec:b9:cd:03:91:b1:
d9:9c:aa:65:fa:ef:f8:57:f2:72:a9:61:5f:2f:5f:fa:ca:12:
ed:6a:c6:b5:f9:6b:76:7d:0b:f3:fc:00:c2:23:4d:f9:34:e8:
e2:e8:ee:3b:a8:14:8d:06:5b:a1:7f:a3:f8:7d:da:01:69:a9:
cf:27:89:65:4b:16:6e:0b:2f:7c:64:9e:aa:97:04:e9:03:3d:
37:c9:cc:ff:27:4c:c5:1b:69:bd:b9:81:9b:dd:e7:5b:5e:54:
f2:e1:1e:3e:af:b9:90:7a:31:e4:92:19:36:b8:95:7c:ca:1f:
f3:a2:15:23:c2:99:f2:7d:a1:ed:e5:ac:63:a4:18:32:f5:35:
cb:37:af:c3:5d:52:93:a7:0c:64:29:22:5e:18:5f:3f:3f:df:
9e:a8:4e:db:15:16:6d:5c:bc:8e:08:a9:8b:c4:c0:eb:28:05:
62:5e:81:23:31:b4:00:fc:10:12:7e:60:a9:b6:49:25:b2:ef:
2b:83:53:70:26:72:58:47:f0:e0:38:93:60:45:2c:89:9b:38:
b9:03:92:71
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICFf0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdEMDcxMTAvBgNVBAUTKDAzN0I4RjA1RjQ5MDJEOURBOEI0MjRDMzkzNDA4NjVG
M0RBQzlCMjYwHhcNMjUwMjI2MTcxNDU2WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2JmNGMxMC1lYzZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtJQpIXnAzQPapeHWIGqSI9+DljwwOWQGS2cGfu6sUcoLE49q8+nGJ15p9yq9
4efW3HhPZQBSezknO4rp24HF9m79UitKMkHjHlmTjai4ltqqFUPMR+u4K9OSEmQr
59OUhGRw4EbKWEJAK62JsndC1b/mvdF7CCspAS1IVUQZYIXIkuKtzZNIl5Z9inib
GE6Jtb1XYln+AheQ5opduzcqfdEYkHeV1gPwzJm+bck6LOCuTBx4bzvf62se0xHX
YT+NxvYpDdZ7+12CnMUX1SHRU+J66/Z7IwwcRxbte21Vm4ucFDm9SS44e9ucvZnu
GN7668nZLjj3s9GPKnhlO1OeOQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFHPG+Ny1
b8VxfJ/pLadtu9/E9bOsMB8GA1UdIwQYMBaAFAN7jwX0kC2dqLQkw5NAhl89rJsm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0QwNy9ENzRBRTI3NDFC
QTkxMUU4QThGNTc4NjVDNEY5QUUwMi9BM3VQQmZTUUxaMm90Q1REazBDR1h6MnNt
eVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0EzdVBCZlNRTFoyb3RDVERrMENHWHoyc215WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdEMDcvRDc0QUUyNzQxQkE5MTFFOEE4RjU3ODY1QzRGOUFFMDIvRUZFOENERjZD
OEQxMTFFRTk1MjQ5RjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIr9VwDBAJn6OQDBAK2MkAwDQQCAAIwBwMFACQCowAwDQYJ
KoZIhvcNAQELBQADggEBABdG2x4o2cDkq4J8TtSGoK9bOKgpnjeWA7x53Z9EeTHf
uKtPzkgLqARek5SKBJF3aey5zQORsdmcqmX67/hX8nKpYV8vX/rKEu1qxrX5a3Z9
C/P8AMIjTfk06OLo7juoFI0GW6F/o/h92gFpqc8niWVLFm4LL3xknqqXBOkDPTfJ
zP8nTMUbab25gZvd51teVPLhHj6vuZB6MeSSGTa4lXzKH/OiFSPCmfJ9oe3lrGOk
GDL1Ncs3r8NdUpOnDGQpIl4YXz8/356oTtsVFm1cvI4IqYvEwOsoBWJegSMxtAD8
EBJ+YKm2SSWy7yuDU3AmclhH8OA4k2BFLImbOLkDknE=
-----END CERTIFICATE-----
Generated at Sat Apr 12 18:49:30 2025 by rpki-client