Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
File: EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa (raw, json)
Hash identifier: YcDZtKeRh1UHltnHTYosXa988+fvsMaT0V4n1NKi1tc=
Subject key identifier: 0E:76:58:B6:60:B6:7D:1B:19:F4:AD:90:84:CE:22:3F:FD:8E:37:C8
Certificate issuer: /CN=A9171A5B/serialNumber=AB7D0BD5D2AB5DEE2F1CD696B829BAEF977F78CE
Certificate serial: 1896
Authority key identifier: AB:7D:0B:D5:D2:AB:5D:EE:2F:1C:D6:96:B8:29:BA:EF:97:7F:78:CE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
Signing time: Fri 14 Feb 2025 17:05:45 +0000
ROA not before: Fri 14 Feb 2025 17:05:45 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 18001
IP address blocks: 123.231.0.0/17 maxlen: 17
123.231.0.0/18 maxlen: 18
123.231.0.0/19 maxlen: 19
123.231.0.0/21 maxlen: 21
123.231.2.0/24 maxlen: 24
123.231.8.0/21 maxlen: 21
123.231.16.0/21 maxlen: 21
123.231.24.0/21 maxlen: 21
123.231.32.0/21 maxlen: 21
123.231.40.0/22 maxlen: 22
123.231.44.0/22 maxlen: 22
123.231.48.0/21 maxlen: 21
123.231.56.0/21 maxlen: 21
123.231.64.0/19 maxlen: 19
123.231.64.0/21 maxlen: 21
123.231.64.0/24 maxlen: 24
123.231.65.0/24 maxlen: 24
123.231.68.0/24 maxlen: 24
123.231.69.0/24 maxlen: 24
123.231.72.0/21 maxlen: 21
123.231.72.0/24 maxlen: 24
123.231.73.0/24 maxlen: 24
123.231.80.0/21 maxlen: 22
123.231.88.0/21 maxlen: 21
123.231.96.0/19 maxlen: 19
123.231.96.0/21 maxlen: 21
123.231.104.0/21 maxlen: 22
123.231.112.0/22 maxlen: 22
123.231.116.0/22 maxlen: 22
123.231.120.0/21 maxlen: 22
203.189.64.0/20 maxlen: 21
203.189.70.0/24 maxlen: 24
203.189.73.0/24 maxlen: 24
2405:4400::/32 maxlen: 44
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.crl
rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 16:35:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6294 (0x1896)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9171A5B
Validity
Not Before: Feb 14 17:05:45 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67af77e8-8b18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e8:86:b0:8e:60:50:66:7d:96:e5:15:82:b6:
e0:06:e5:9b:07:cc:1e:c1:0c:14:87:dd:a8:63:05:
92:eb:50:00:b4:53:c5:a7:58:5c:c1:f5:44:06:0f:
fd:59:22:0f:6a:80:da:42:9d:c0:fb:b6:e8:15:8c:
76:6b:f5:ad:6c:a9:7a:fe:fd:36:fd:34:e7:6d:f2:
b5:ec:41:e7:ae:ee:25:76:f0:26:0f:9d:a9:d7:96:
43:c4:26:53:cf:83:2a:95:b6:b9:5d:64:a9:2f:b1:
80:79:db:1b:4b:4f:aa:b6:85:2d:5c:aa:1a:4f:9d:
47:49:99:73:78:99:b7:de:e4:91:86:01:ff:62:90:
ce:71:ab:2c:d3:e3:4b:9c:bd:27:e4:04:03:06:da:
56:b2:9a:60:07:1a:ea:6f:53:02:0b:4c:8f:79:37:
46:35:de:6f:6a:e0:7c:37:20:50:c5:be:f2:ad:ab:
02:20:55:1e:47:50:77:8b:d2:cd:66:ee:8e:be:b6:
21:b2:8e:8d:60:6f:8d:73:ac:0b:b3:0d:70:c0:8c:
97:e0:1c:73:b4:a1:68:2b:3c:f7:cc:92:3e:42:ac:
b9:73:46:36:e6:65:ba:f7:22:6d:e2:27:25:0a:47:
d9:ca:90:6c:8d:b5:94:e0:9c:63:b0:2e:7b:55:98:
a2:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:76:58:B6:60:B6:7D:1B:19:F4:AD:90:84:CE:22:3F:FD:8E:37:C8
X509v3 Authority Key Identifier:
keyid:AB:7D:0B:D5:D2:AB:5D:EE:2F:1C:D6:96:B8:29:BA:EF:97:7F:78:CE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
123.231.0.0/17
203.189.64.0/20
IPv6:
2405:4400::/32
Signature Algorithm: sha256WithRSAEncryption
64:3d:7b:dd:0e:03:3b:28:11:33:0d:15:16:dc:40:3f:7f:75:
56:aa:ab:2b:5d:8a:74:05:de:53:7d:dd:28:a9:6b:6e:d6:c7:
98:8f:0c:a2:ca:fa:5b:d3:3c:51:6c:75:1b:cb:6d:bb:2c:cd:
e5:9a:b1:c1:8b:a4:dc:d3:8a:4a:a3:f3:40:d2:8f:0d:85:71:
b2:18:64:b4:66:d0:66:b9:95:29:7d:22:4c:dc:6e:8f:61:1b:
80:cd:48:f7:b5:33:17:9b:d1:8c:f9:90:e6:6d:cd:54:56:f0:
4a:3e:15:7b:91:c5:16:68:59:fb:f2:a4:63:fb:8f:73:aa:51:
e7:57:2a:b0:f6:09:0a:99:69:df:f2:f6:54:e6:a7:9e:fe:41:
55:c4:ef:36:45:af:88:3b:0b:29:b1:31:a1:ac:35:bb:80:77:
ca:20:e6:73:94:a2:16:b2:8c:75:1d:15:46:c7:97:7d:87:9b:
65:81:ce:05:a0:58:31:b5:e8:3c:47:f8:b4:ea:4b:b2:89:bb:
23:e5:cf:5c:4d:ec:9c:dc:70:db:c6:af:2a:2a:77:63:ff:6b:
ec:c4:ea:b6:52:22:00:35:18:a1:92:87:21:39:79:4b:ab:e1:
4e:af:6e:09:bd:98:be:8c:2d:fd:96:62:d7:be:6e:f8:6b:f6:
10:41:4e:5b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICGJYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzFBNUIxMTAvBgNVBAUTKEFCN0QwQkQ1RDJBQjVERUUyRjFDRDY5NkI4MjlCQUVG
OTc3Rjc4Q0UwHhcNMjUwMjE0MTcwNTQ1WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2FmNzdlOC04YjE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyuiGsI5gUGZ9luUVgrbgBuWbB8wewQwUh92oYwWS61AAtFPFp1hcwfVEBg/9
WSIPaoDaQp3A+7boFYx2a/WtbKl6/v02/TTnbfK17EHnru4ldvAmD52p15ZDxCZT
z4Mqlba5XWSpL7GAedsbS0+qtoUtXKoaT51HSZlzeJm33uSRhgH/YpDOcass0+NL
nL0n5AQDBtpWsppgBxrqb1MCC0yPeTdGNd5vauB8NyBQxb7yrasCIFUeR1B3i9LN
Zu6OvrYhso6NYG+Nc6wLsw1wwIyX4BxztKFoKzz3zJI+Qqy5c0Y25mW69yJt4icl
CkfZypBsjbWU4JxjsC57VZiitQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFA52WLZg
tn0bGfStkITOIj/9jjfIMB8GA1UdIwQYMBaAFKt9C9XSq13uLxzWlrgpuu+Xf3jO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUE1Qi8xN0UxMDEwMjk5
M0IxMUU3OUFCQjgxODFDNEY5QUUwMi9xMzBMMWRLclhlNHZITmFXdUNtNjc1ZF9l
TTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3EzMEwxZEtyWGU0dkhOYVd1Q202NzVkX2VNNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFBNUIvMTdFMTAxMDI5OTNCMTFFNzlBQkI4MTgxQzRGOUFFMDIvRUM4QkI0RjJC
MkI0MTFFRjhCMzg3QzdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAd75wADBATLvUAwDQQCAAIwBwMFACQFRAAwDQYJKoZIhvcN
AQELBQADggEBAGQ9e90OAzsoETMNFRbcQD9/dVaqqytdinQF3lN93Sipa27Wx5iP
DKLK+lvTPFFsdRvLbbsszeWascGLpNzTikqj80DSjw2FcbIYZLRm0Ga5lSl9Ikzc
bo9hG4DNSPe1Mxeb0Yz5kOZtzVRW8Eo+FXuRxRZoWfvypGP7j3OqUedXKrD2CQqZ
ad/y9lTmp57+QVXE7zZFr4g7CymxMaGsNbuAd8og5nOUohayjHUdFUbHl32Hm2WB
zgWgWDG16DxH+LTqS7KJuyPlz1xN7JzccNvGryoqd2P/a+zE6rZSIgA1GKGShyE5
eUur4U6vbgm9mL6MLf2WYte+bvhr9hBBTls=
-----END CERTIFICATE-----
Generated at Sun Apr 6 01:51:45 2025 by rpki-client