Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/F255CD0A5EC411ED810B8584C4F9AE02.roa
File: F255CD0A5EC411ED810B8584C4F9AE02.roa (raw, json)
Hash identifier: auW4UnHxJ31+muxSOzUSAXH6xyqbP7eemMf3Mu9GQdY=
Subject key identifier: 2D:CC:F8:C9:B6:50:D2:65:A5:62:94:A8:EF:48:5C:D5:03:BE:3B:C3
Certificate issuer: /CN=A917B4BF/serialNumber=8035090A057327E1200593C20C88C519A45C9ECB
Certificate serial: 03F3
Authority key identifier: 80:35:09:0A:05:73:27:E1:20:05:93:C2:0C:88:C5:19:A4:5C:9E:CB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gDUJCgVzJ-EgBZPCDIjFGaRcnss.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/F255CD0A5EC411ED810B8584C4F9AE02.roa
Signing time: Sat 05 Apr 2025 01:05:44 +0000
ROA not before: Sat 05 Apr 2025 01:05:44 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 149500
IP address blocks: 2400:58a0:1000::/44 maxlen: 44
2400:58a0:1000::/48 maxlen: 48
2400:58a0:1001::/48 maxlen: 48
2400:58a0:1002::/48 maxlen: 48
2400:58a0:1003::/48 maxlen: 48
2400:58a0:1004::/48 maxlen: 48
2400:58a0:1005::/48 maxlen: 48
2400:58a0:1006::/48 maxlen: 48
2400:58a0:1007::/48 maxlen: 48
2400:58a0:1008::/48 maxlen: 48
2400:58a0:1009::/48 maxlen: 48
2400:58a0:100a::/48 maxlen: 48
2400:58a0:100b::/48 maxlen: 48
2400:58a0:100c::/48 maxlen: 48
2400:58a0:100d::/48 maxlen: 48
2400:58a0:100e::/48 maxlen: 48
2400:58a0:100f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/gDUJCgVzJ-EgBZPCDIjFGaRcnss.crl
rsync://rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/gDUJCgVzJ-EgBZPCDIjFGaRcnss.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gDUJCgVzJ-EgBZPCDIjFGaRcnss.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 20 Apr 2025 00:18:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1011 (0x3f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917B4BF, serialNumber=8035090A057327E1200593C20C88C519A45C9ECB
Validity
Not Before: Apr 5 01:05:44 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67f081e8-8cc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:08:3d:b1:a5:8d:11:e5:a1:d3:c1:26:58:89:
a7:38:b5:17:6d:1f:1a:f0:be:8c:1a:15:88:22:f0:
a5:47:0b:b0:2f:62:ed:5f:b1:69:bf:99:96:f6:f9:
33:21:af:04:fe:f6:6c:f6:89:ee:e6:b2:f4:87:4e:
94:06:f1:5a:0e:5f:e3:89:b0:07:2c:9d:16:1d:c1:
dd:f5:44:2a:6e:07:ce:92:9a:77:40:ba:b9:23:6f:
9c:12:22:c6:1b:04:52:f8:f4:80:ed:aa:02:e2:be:
99:f1:6f:bb:85:ad:1a:b8:df:03:4e:6c:e0:a6:a7:
00:7c:e2:dd:6f:97:59:cc:7a:a6:d9:aa:14:d4:53:
bf:7f:2d:b4:85:d2:c9:89:86:14:ad:e1:59:85:44:
c8:21:23:0e:06:02:a1:56:00:40:7f:a5:57:96:83:
2b:88:b6:f3:65:e1:56:c2:16:81:62:da:f9:7a:e8:
8e:3c:fa:80:a2:de:1f:15:94:44:55:fe:b1:8e:ac:
05:f7:34:b6:61:c4:2b:8d:c7:72:59:de:3d:bc:4b:
f4:e5:43:33:99:b5:f5:a7:9c:41:28:b1:26:99:77:
1e:55:e2:c6:41:a9:7d:25:59:3b:be:cb:5c:3f:67:
8b:f5:3a:44:e9:3e:01:dc:e9:a2:5e:93:01:27:48:
54:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:CC:F8:C9:B6:50:D2:65:A5:62:94:A8:EF:48:5C:D5:03:BE:3B:C3
X509v3 Authority Key Identifier:
keyid:80:35:09:0A:05:73:27:E1:20:05:93:C2:0C:88:C5:19:A4:5C:9E:CB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/gDUJCgVzJ-EgBZPCDIjFGaRcnss.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gDUJCgVzJ-EgBZPCDIjFGaRcnss.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B4BF/B8CC693C855C11EC8E3CBB51C4F9AE02/F255CD0A5EC411ED810B8584C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2400:58a0:1000::/44
Signature Algorithm: sha256WithRSAEncryption
71:03:58:64:aa:f8:45:c3:2c:6e:97:d1:ec:d4:b1:f3:d7:ab:
9a:a9:87:57:a1:6b:df:9c:dd:af:ce:7c:bb:fc:ea:26:0e:fe:
43:a1:14:a3:a8:d5:d3:69:b0:82:45:de:47:8e:d8:87:6a:df:
8e:8c:62:e3:dd:bc:b2:3b:af:9d:b9:af:57:03:51:bc:84:3b:
42:b8:8e:81:a1:b8:7b:d4:9c:14:71:38:fa:21:32:99:67:a4:
b3:0d:0b:21:a0:6d:12:26:e3:e2:cf:43:86:d1:8a:50:c2:67:
c1:c4:7b:55:83:16:a4:e9:45:60:38:70:f1:4e:fd:a6:18:e3:
1b:d2:f1:30:66:6c:b5:17:ff:91:42:a6:b8:98:c7:8c:da:79:
48:1d:bf:f1:8e:b0:9f:a9:c9:2a:39:87:00:a0:6b:fa:11:29:
b2:ae:0b:9b:25:42:f6:0c:09:2f:42:35:17:07:09:3d:e0:f4:
58:a1:d8:ea:f1:d8:bf:f3:1f:60:36:40:49:4a:e4:ea:37:5d:
39:55:e3:80:53:a8:7b:10:12:c6:76:c8:1d:26:7f:47:6e:ef:
e6:ec:a5:d9:99:6f:e1:2e:aa:8c:58:c6:26:f5:50:79:58:ea:
29:73:ed:db:00:66:a1:fd:d8:62:56:fa:aa:f8:e1:be:63:b3:
d9:b4:f8:9a
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICA/MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0I0QkYxMTAvBgNVBAUTKDgwMzUwOTBBMDU3MzI3RTEyMDA1OTNDMjBDODhDNTE5
QTQ1QzlFQ0IwHhcNMjUwNDA1MDEwNTQ0WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2YwODFlOC04Y2MyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsgg9saWNEeWh08EmWImnOLUXbR8a8L6MGhWIIvClRwuwL2LtX7Fpv5mW9vkz
Ia8E/vZs9onu5rL0h06UBvFaDl/jibAHLJ0WHcHd9UQqbgfOkpp3QLq5I2+cEiLG
GwRS+PSA7aoC4r6Z8W+7ha0auN8DTmzgpqcAfOLdb5dZzHqm2aoU1FO/fy20hdLJ
iYYUreFZhUTIISMOBgKhVgBAf6VXloMriLbzZeFWwhaBYtr5euiOPPqAot4fFZRE
Vf6xjqwF9zS2YcQrjcdyWd49vEv05UMzmbX1p5xBKLEmmXceVeLGQal9JVk7vstc
P2eL9TpE6T4B3OmiXpMBJ0hUoQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFC3M+Mm2
UNJlpWKUqO9IXNUDvjvDMB8GA1UdIwQYMBaAFIA1CQoFcyfhIAWTwgyIxRmkXJ7L
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QjRCRi9COENDNjkzQzg1
NUMxMUVDOEUzQ0JCNTFDNEY5QUUwMi9nRFVKQ2dWekotRWdCWlBDRElqRkdhUmNu
c3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dEVUpDZ1Z6Si1FZ0JaUENESWpGR2FSY25zcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0I0QkYvQjhDQzY5M0M4NTVDMTFFQzhFM0NCQjUxQzRGOUFFMDIvRjI1NUNEMEE1
RUM0MTFFRDgxMEI4NTg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQkAFigEAAwDQYJKoZIhvcNAQELBQADggEBAHEDWGSq+EXD
LG6X0ezUsfPXq5qph1eha9+c3a/OfLv86iYO/kOhFKOo1dNpsIJF3keO2Idq346M
YuPdvLI7r525r1cDUbyEO0K4joGhuHvUnBRxOPohMplnpLMNCyGgbRIm4+LPQ4bR
ilDCZ8HEe1WDFqTpRWA4cPFO/aYY4xvS8TBmbLUX/5FCpriYx4zaeUgdv/GOsJ+p
ySo5hwCga/oRKbKuC5slQvYMCS9CNRcHCT3g9Fih2Orx2L/zH2A2QElK5Oo3XTlV
44BTqHsQEsZ2yB0mf0du7+bspdmZb+EuqoxYxib1UHlY6ilz7dsAZqH92GJW+qr4
4b5js9m0+Jo=
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:06:43 2025 by rpki-client