Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
File: 002DDDC22B9D11EA92F3094CC4F9AE02.roa (raw, json)
Hash identifier: sV6ALO0axr/VXMBheoOGm2xJXWMWbMsVRF9rlXmaHds=
Subject key identifier: 76:64:00:0D:77:BC:B7:4A:BB:51:8A:96:85:5D:6D:DE:91:8D:83:E8
Certificate issuer: /CN=A91722A3/serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Certificate serial: 0B69
Authority key identifier: 70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
Signing time: Wed 02 Apr 2025 19:18:48 +0000
ROA not before: Wed 02 Apr 2025 19:18:48 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 133421
IP address blocks: 45.117.236.0/22 maxlen: 22
45.117.236.0/24 maxlen: 24
45.117.237.0/24 maxlen: 24
45.117.238.0/24 maxlen: 24
45.117.239.0/24 maxlen: 24
101.78.16.0/20 maxlen: 20
101.78.16.0/24 maxlen: 24
101.78.17.0/24 maxlen: 24
101.78.18.0/24 maxlen: 24
101.78.19.0/24 maxlen: 24
101.78.20.0/24 maxlen: 24
101.78.21.0/24 maxlen: 24
101.78.22.0/24 maxlen: 24
101.78.23.0/24 maxlen: 24
101.78.24.0/24 maxlen: 24
101.78.25.0/24 maxlen: 24
101.78.26.0/24 maxlen: 24
101.78.27.0/24 maxlen: 24
101.78.28.0/24 maxlen: 24
101.78.29.0/24 maxlen: 24
101.78.30.0/24 maxlen: 24
101.78.31.0/24 maxlen: 24
103.228.56.0/22 maxlen: 22
103.228.56.0/24 maxlen: 24
103.228.57.0/24 maxlen: 24
103.228.58.0/24 maxlen: 24
103.228.59.0/24 maxlen: 24
2403:1380::/32 maxlen: 32
2403:1380:1::/48 maxlen: 48
2403:1380:2::/48 maxlen: 48
2403:1380:3::/48 maxlen: 48
2403:1380:11::/48 maxlen: 48
2403:1380:12::/48 maxlen: 48
2403:1380:1380::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 13 Apr 2025 18:53:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2921 (0xb69)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91722A3
Validity
Not Before: Apr 2 19:18:48 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67ed8d97-0541
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b0:01:08:2d:37:35:75:c7:49:dd:8c:92:c5:
cd:65:f6:8f:c2:86:8b:ea:d6:2e:bb:58:37:21:5b:
37:81:ac:18:df:67:c4:f1:8e:37:17:25:69:5b:a9:
19:e0:40:44:8b:f4:20:15:7c:86:89:92:b0:26:2e:
7e:69:25:14:8c:a8:b3:2e:63:45:67:8f:5f:b5:09:
44:2d:29:a5:c8:20:55:42:f3:f5:b1:8e:bf:0f:1d:
74:98:7f:a4:75:8a:0e:fa:a8:86:e7:ee:28:91:21:
29:d2:f2:a4:54:61:97:e0:dc:1f:f9:c3:2a:10:76:
b5:b8:07:58:aa:60:82:f7:db:bb:10:1a:48:77:c9:
4c:80:d9:93:b4:b2:d9:52:79:1a:a4:f5:f0:8e:3f:
d3:fd:20:78:d9:83:aa:e5:6b:61:bc:2c:d8:10:95:
ab:53:53:d1:f1:6c:97:19:aa:15:2f:1f:62:3f:f1:
2e:ba:85:36:1c:5d:fa:3a:bd:6c:04:02:b0:b0:64:
8c:b2:02:06:2a:cd:59:4a:05:77:1a:02:1c:5b:84:
46:64:3e:62:ef:dc:25:f8:a5:64:64:fc:28:93:2c:
b2:ff:61:23:1d:3f:90:1e:6b:1d:77:75:95:b0:86:
54:a8:32:72:39:2f:2c:0f:b9:47:6d:08:35:32:be:
e0:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:64:00:0D:77:BC:B7:4A:BB:51:8A:96:85:5D:6D:DE:91:8D:83:E8
X509v3 Authority Key Identifier:
keyid:70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.117.236.0/22
101.78.16.0/20
103.228.56.0/22
IPv6:
2403:1380::/32
Signature Algorithm: sha256WithRSAEncryption
c6:eb:2d:28:4e:c8:87:89:e9:0c:44:ac:d0:ba:d5:44:06:f4:
38:8c:83:14:b8:a2:b6:9d:84:f0:12:5b:ef:f7:4f:32:62:7d:
65:83:1c:cd:f5:3d:f7:65:d2:bc:5f:6f:01:5c:f1:ae:8c:63:
83:6e:39:f1:46:81:53:b8:04:b1:a2:14:49:4e:b2:c6:7e:45:
6d:e4:f1:7d:06:cd:d8:ec:46:19:ce:12:db:93:c7:a6:fe:82:
52:98:c2:91:e7:90:63:71:bb:c3:71:44:c2:36:2d:61:aa:79:
59:91:e1:94:e5:45:06:5a:e5:b3:27:dd:d6:4c:fc:f1:fa:7c:
7e:dc:25:e6:d8:f1:ff:52:af:22:b3:3c:ef:15:0f:79:6b:3e:
a4:41:3f:c2:29:aa:8b:64:a8:e8:ce:fb:86:35:16:4c:47:01:
17:04:40:26:40:b3:b1:e0:5d:1f:f5:31:17:43:d7:b9:53:76:
2e:32:c4:6e:8c:16:75:79:dd:3c:16:9e:86:1f:bf:4e:c3:82:
3c:0e:b5:7b:f2:f8:09:28:fb:a6:bf:97:52:58:8a:ba:69:b5:
98:16:7b:ad:30:cf:31:62:77:46:06:51:db:bc:2f:d7:25:05:
75:c9:5b:89:65:fd:c5:31:9b:98:7b:7d:c9:41:da:d9:a2:cd:
94:07:20:fe
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICC2kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzIyQTMxMTAvBgNVBAUTKDcwODVCNUI0NTQ5QUNEQjVCNkMyNzA0Qzg1QkE3ODg3
NjBGODhBMjcwHhcNMjUwNDAyMTkxODQ4WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2VkOGQ5Ny0wNTQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtbABCC03NXXHSd2MksXNZfaPwoaL6tYuu1g3IVs3gawY32fE8Y43FyVpW6kZ
4EBEi/QgFXyGiZKwJi5+aSUUjKizLmNFZ49ftQlELSmlyCBVQvP1sY6/Dx10mH+k
dYoO+qiG5+4okSEp0vKkVGGX4Nwf+cMqEHa1uAdYqmCC99u7EBpId8lMgNmTtLLZ
UnkapPXwjj/T/SB42YOq5WthvCzYEJWrU1PR8WyXGaoVLx9iP/EuuoU2HF36Or1s
BAKwsGSMsgIGKs1ZSgV3GgIcW4RGZD5i79wl+KVkZPwokyyy/2EjHT+QHmsdd3WV
sIZUqDJyOS8sD7lHbQg1Mr7gpQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFHZkAA13
vLdKu1GKloVdbd6RjYPoMB8GA1UdIwQYMBaAFHCFtbRUms21tsJwTIW6eIdg+Ion
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MjJBMy9DMDJEODVERTJC
OUIxMUVBOTcyQ0RGNDZDNEY5QUUwMi9jSVcxdEZTYXpiVzJ3bkJNaGJwNGgyRDRp
aWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NJVzF0RlNhemJXMnduQk1oYnA0aDJENGlpYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzIyQTMvQzAyRDg1REUyQjlCMTFFQTk3MkNERjQ2QzRGOUFFMDIvMDAyREREQzIy
QjlEMTFFQTkyRjMwOTRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAItdewDBARlThADBAJn5DgwDQQCAAIwBwMFACQDE4AwDQYJ
KoZIhvcNAQELBQADggEBAMbrLShOyIeJ6QxErNC61UQG9DiMgxS4oradhPASW+/3
TzJifWWDHM31Pfdl0rxfbwFc8a6MY4NuOfFGgVO4BLGiFElOssZ+RW3k8X0Gzdjs
RhnOEtuTx6b+glKYwpHnkGNxu8NxRMI2LWGqeVmR4ZTlRQZa5bMn3dZM/PH6fH7c
JebY8f9SryKzPO8VD3lrPqRBP8IpqotkqOjO+4Y1FkxHARcEQCZAs7HgXR/1MRdD
17lTdi4yxG6MFnV53TwWnoYfv07DgjwOtXvy+Ako+6a/l1JYirpptZgWe60wzzFi
d0YGUdu8L9clBXXJW4ll/cUxm5h7fclB2tmizZQHIP4=
-----END CERTIFICATE-----
Generated at Tue Apr 8 19:17:02 2025 by rpki-client