Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/0EF775B2EFCD11EF92BCB66CC4F9AE02.roa
File: 0EF775B2EFCD11EF92BCB66CC4F9AE02.roa (raw, json)
Hash identifier: N7nsErlzveEnISxiIX6awL6ZI+EjGdyZ1xE6eFlduvE=
Subject key identifier: E4:5B:FC:FE:00:51:66:DF:AF:13:2A:41:B5:3C:A2:A1:F2:7D:93:A1
Certificate issuer: /CN=A91778C2/serialNumber=6D4AE89FA97A716A2D92661FF2CF5BD3CCDC29FC
Certificate serial: 1713
Authority key identifier: 6D:4A:E8:9F:A9:7A:71:6A:2D:92:66:1F:F2:CF:5B:D3:CC:DC:29:FC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/0EF775B2EFCD11EF92BCB66CC4F9AE02.roa
Signing time: Thu 20 Feb 2025 20:55:47 +0000
ROA not before: Thu 20 Feb 2025 20:55:47 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 132817
IP address blocks: 43.242.0.0/22 maxlen: 22
45.249.104.0/22 maxlen: 22
45.252.56.0/22 maxlen: 23
59.152.84.0/22 maxlen: 22
103.66.64.0/22 maxlen: 22
103.69.156.0/22 maxlen: 22
103.73.52.0/22 maxlen: 22
103.74.132.0/22 maxlen: 22
103.74.176.0/22 maxlen: 22
103.75.220.0/22 maxlen: 22
103.76.236.0/22 maxlen: 22
103.211.144.0/22 maxlen: 22
103.214.92.0/22 maxlen: 22
103.221.56.0/22 maxlen: 22
103.228.224.0/22 maxlen: 22
116.206.48.0/22 maxlen: 22
119.42.36.0/22 maxlen: 22
144.48.96.0/22 maxlen: 22
160.238.16.0/22 maxlen: 22
192.144.88.0/22 maxlen: 22
2402:54c0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.crl
rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 19 Apr 2025 16:36:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5907 (0x1713)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91778C2, serialNumber=6D4AE89FA97A716A2D92661FF2CF5BD3CCDC29FC
Validity
Not Before: Feb 20 20:55:47 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67b796d3-855a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:54:6a:c8:52:ad:9e:89:a8:6e:5a:29:48:6d:
4a:33:cc:69:bf:45:88:30:97:57:51:81:29:39:c9:
58:b4:11:2d:a4:45:93:0d:cf:70:f6:56:ce:e7:3d:
75:d0:5a:9a:a8:7a:2e:c6:54:5d:f3:40:59:81:3a:
91:c3:53:52:0e:18:84:2f:6a:3f:1b:ae:76:9d:f5:
82:2c:7f:16:f7:60:63:b2:45:e9:fa:2d:14:80:b9:
97:32:10:c7:2f:ce:b9:70:cb:5b:48:b0:f1:0d:61:
ef:3b:64:44:a7:d3:8e:2a:c4:3c:0d:08:73:1c:5b:
d4:94:8b:0a:97:6f:ac:19:71:de:dc:23:79:99:3d:
40:6d:3e:fe:95:ec:06:2d:0e:d3:de:4c:8d:be:1a:
cd:68:00:2e:19:b6:3d:cc:13:5c:b2:ad:d6:11:a5:
77:71:77:2f:d2:f3:3c:77:22:e8:37:f0:db:79:79:
ac:c1:76:69:33:a7:a3:75:dc:b1:4f:c9:6b:3a:c5:
37:aa:a8:f5:68:46:38:54:2e:0f:95:52:d6:a6:13:
de:6f:9a:6f:85:da:b3:f8:90:24:b9:e5:ce:4d:12:
9a:36:aa:24:8d:bb:3d:c2:73:6a:5d:62:73:e0:ee:
c6:cf:15:3f:d9:4e:b1:62:8c:b0:80:29:fa:cd:3c:
dc:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:5B:FC:FE:00:51:66:DF:AF:13:2A:41:B5:3C:A2:A1:F2:7D:93:A1
X509v3 Authority Key Identifier:
keyid:6D:4A:E8:9F:A9:7A:71:6A:2D:92:66:1F:F2:CF:5B:D3:CC:DC:29:FC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/0EF775B2EFCD11EF92BCB66CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.242.0.0/22
45.249.104.0/22
45.252.56.0/22
59.152.84.0/22
103.66.64.0/22
103.69.156.0/22
103.73.52.0/22
103.74.132.0/22
103.74.176.0/22
103.75.220.0/22
103.76.236.0/22
103.211.144.0/22
103.214.92.0/22
103.221.56.0/22
103.228.224.0/22
116.206.48.0/22
119.42.36.0/22
144.48.96.0/22
160.238.16.0/22
192.144.88.0/22
IPv6:
2402:54c0::/32
Signature Algorithm: sha256WithRSAEncryption
a3:4f:bb:64:f1:b2:89:fb:aa:d3:db:64:85:ed:65:24:14:86:
6e:ff:c3:8d:51:1b:3e:05:60:02:f0:f8:8a:a2:7c:b0:b9:21:
17:be:27:76:91:33:cd:5d:30:a5:8f:b0:08:c7:6e:55:73:30:
ab:7a:b9:8f:71:6d:1c:45:00:82:87:77:b1:20:c6:e6:8e:c8:
21:f1:a9:cc:25:95:5b:18:54:c5:85:52:bb:a8:62:54:a5:7d:
67:68:fe:07:9e:03:ce:c9:5f:ed:e1:5c:f2:d4:0b:e4:8f:e3:
4c:b4:b5:ac:60:c6:cf:09:42:a7:f6:50:f3:c4:b2:ff:4a:d8:
77:0c:99:d3:03:9d:34:9c:e3:ac:d9:22:70:2a:03:40:bc:5d:
80:f1:9d:18:0c:7e:a6:c5:90:f5:b5:3e:de:36:95:66:21:54:
58:3f:35:7f:6a:bb:49:f3:c2:29:f7:f6:97:c0:06:9a:ca:f1:
d2:b5:dd:71:92:7c:2a:2e:b8:3c:34:82:0f:1c:f5:64:ca:6e:
e8:9f:53:bc:91:9d:d1:85:2b:0a:2c:6f:6d:75:e4:4b:89:46:
7b:3a:95:9f:68:30:0a:f7:f0:06:da:43:99:b0:3f:e7:dc:f7:
77:a5:17:a0:35:82:16:04:0d:03:0a:30:3e:7b:2d:f0:a8:e2:
ac:28:d4:41
-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgICFxMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Nzc4QzIxMTAvBgNVBAUTKDZENEFFODlGQTk3QTcxNkEyRDkyNjYxRkYyQ0Y1QkQz
Q0NEQzI5RkMwHhcNMjUwMjIwMjA1NTQ3WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2I3OTZkMy04NTVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyFRqyFKtnomoblopSG1KM8xpv0WIMJdXUYEpOclYtBEtpEWTDc9w9lbO5z11
0FqaqHouxlRd80BZgTqRw1NSDhiEL2o/G652nfWCLH8W92BjskXp+i0UgLmXMhDH
L865cMtbSLDxDWHvO2REp9OOKsQ8DQhzHFvUlIsKl2+sGXHe3CN5mT1AbT7+lewG
LQ7T3kyNvhrNaAAuGbY9zBNcsq3WEaV3cXcv0vM8dyLoN/DbeXmswXZpM6ejddyx
T8lrOsU3qqj1aEY4VC4PlVLWphPeb5pvhdqz+JAkueXOTRKaNqokjbs9wnNqXWJz
4O7GzxU/2U6xYoywgCn6zTzcQQIDAQABo4IDGTCCAxUwHQYDVR0OBBYEFORb/P4A
UWbfrxMqQbU8oqHyfZOhMB8GA1UdIwQYMBaAFG1K6J+penFqLZJmH/LPW9PM3Cn8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NzhDMi9FRDJCQkM3MEY4
ODcxMUU3OTIxRjg2NjhDNEY5QUUwMi9iVXJvbjZsNmNXb3RrbVlmOHM5YjA4emNL
ZncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JVcm9uNmw2Y1dvdGttWWY4czliMDh6Y0tmdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Nzc4QzIvRUQyQkJDNzBGODg3MTFFNzkyMUY4NjY4QzRGOUFFMDIvMEVGNzc1QjJF
RkNEMTFFRjkyQkNCNjZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaIGCCsGAQUFBwEHAQH/
BIGSMIGPMH4EAgABMHgDBAIr8gADBAIt+WgDBAIt/DgDBAI7mFQDBAJnQkADBAJn
RZwDBAJnSTQDBAJnSoQDBAJnSrADBAJnS9wDBAJnTOwDBAJn05ADBAJn1lwDBAJn
3TgDBAJn5OADBAJ0zjADBAJ3KiQDBAKQMGADBAKg7hADBALAkFgwDQQCAAIwBwMF
ACQCVMAwDQYJKoZIhvcNAQELBQADggEBAKNPu2Txson7qtPbZIXtZSQUhm7/w41R
Gz4FYALw+IqifLC5IRe+J3aRM81dMKWPsAjHblVzMKt6uY9xbRxFAIKHd7EgxuaO
yCHxqcwllVsYVMWFUruoYlSlfWdo/geeA87JX+3hXPLUC+SP40y0taxgxs8JQqf2
UPPEsv9K2HcMmdMDnTSc46zZInAqA0C8XYDxnRgMfqbFkPW1Pt42lWYhVFg/NX9q
u0nzwin39pfABprK8dK13XGSfCouuDw0gg8c9WTKbuifU7yRndGFKwosb2115EuJ
Rns6lZ9oMAr38AbaQ5mwP+fc93elF6A1ghYEDQMKMD57LfCo4qwo1EE=
-----END CERTIFICATE-----
Generated at Sun Apr 13 18:22:39 2025 by rpki-client