Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/054DC680CE7411EAA3A39A3EC4F9AE02.roa
File: 054DC680CE7411EAA3A39A3EC4F9AE02.roa (raw, json)
Hash identifier: tOOpFlVehdre7+VYiGaBuYQR/Vo4EGkW1VHTBCn7RFE=
Subject key identifier: 9A:BC:C8:B4:E5:5D:E9:AA:29:54:74:91:93:36:58:B4:2E:C1:CD:72
Certificate issuer: /CN=A917B9CB/serialNumber=33A7AEAFA5526DCDC56CF0876BBD41133E3D2479
Certificate serial: 3472
Authority key identifier: 33:A7:AE:AF:A5:52:6D:CD:C5:6C:F0:87:6B:BD:41:13:3E:3D:24:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M6eur6VSbc3FbPCHa71BEz49JHk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/054DC680CE7411EAA3A39A3EC4F9AE02.roa
Signing time: Mon 31 Mar 2025 14:40:42 +0000
ROA not before: Mon 31 Mar 2025 14:40:42 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 132789
IP address blocks: 203.105.192.0/24 maxlen: 24
203.105.193.0/24 maxlen: 24
203.105.194.0/24 maxlen: 24
203.105.195.0/24 maxlen: 24
203.105.196.0/24 maxlen: 24
203.105.197.0/24 maxlen: 24
203.105.198.0/24 maxlen: 24
203.105.199.0/24 maxlen: 24
203.105.207.0/24 maxlen: 24
203.105.208.0/24 maxlen: 24
203.105.209.0/24 maxlen: 24
203.105.210.0/24 maxlen: 24
203.105.211.0/24 maxlen: 24
203.105.212.0/24 maxlen: 24
203.105.213.0/24 maxlen: 24
203.105.214.0/24 maxlen: 24
203.105.215.0/24 maxlen: 24
203.105.216.0/24 maxlen: 24
203.105.217.0/24 maxlen: 24
203.105.218.0/24 maxlen: 24
203.105.219.0/24 maxlen: 24
203.105.221.0/24 maxlen: 24
203.105.222.0/24 maxlen: 24
203.105.223.0/24 maxlen: 24
2402:3780::/48 maxlen: 48
2402:3780:2::/48 maxlen: 48
2402:3780:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/M6eur6VSbc3FbPCHa71BEz49JHk.crl
rsync://rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/M6eur6VSbc3FbPCHa71BEz49JHk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M6eur6VSbc3FbPCHa71BEz49JHk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 13 Apr 2025 14:38:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13426 (0x3472)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917B9CB
Validity
Not Before: Mar 31 14:40:42 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67eaa969-e50a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e4:8b:98:91:75:69:2a:94:33:26:91:0e:d9:
7c:e3:1f:b2:61:08:a7:45:7c:2d:66:e4:f1:a6:dc:
58:f7:0a:55:59:bc:fc:89:6a:78:89:fa:a8:d6:35:
f9:65:01:8f:92:d9:14:7e:1b:59:a0:a5:dc:5c:2b:
23:99:e0:c2:1c:29:cd:d4:a4:7b:74:84:55:bb:34:
ce:38:5b:7a:eb:d0:3c:83:ad:95:58:29:29:e0:e2:
56:c2:3b:e2:47:bc:9d:d5:02:8e:85:d0:96:0e:d3:
ce:4d:03:a6:a5:22:4b:2c:c4:c7:dd:7b:0c:64:85:
01:4b:19:3b:73:73:57:e3:8c:16:f5:31:d8:08:c7:
fa:8c:16:55:43:e7:69:2d:9c:71:33:41:4a:82:38:
4e:65:5c:74:e3:19:46:85:2b:ee:b0:8f:e5:02:05:
07:b9:62:91:e4:d8:4d:05:38:07:e4:53:e6:bc:71:
b9:dd:02:57:0a:e2:03:38:cb:e7:6d:7d:4a:6b:ac:
6d:09:32:71:10:52:8f:06:e0:96:15:9b:3b:7a:94:
b2:cd:c3:83:76:65:94:5a:b1:a7:f4:e4:21:d8:cf:
19:a9:e0:a0:62:45:e8:e3:8b:53:a4:08:0d:4e:85:
c9:bd:41:9d:5b:36:f1:78:91:b6:ba:85:e7:f4:18:
f6:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:BC:C8:B4:E5:5D:E9:AA:29:54:74:91:93:36:58:B4:2E:C1:CD:72
X509v3 Authority Key Identifier:
keyid:33:A7:AE:AF:A5:52:6D:CD:C5:6C:F0:87:6B:BD:41:13:3E:3D:24:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/M6eur6VSbc3FbPCHa71BEz49JHk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M6eur6VSbc3FbPCHa71BEz49JHk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B9CB/6F6EDC601D8E11E2885CDFEC08B02CD2/054DC680CE7411EAA3A39A3EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.105.192.0/21
203.105.207.0-203.105.219.255
203.105.221.0-203.105.223.255
IPv6:
2402:3780::/48
2402:3780:2::/48
2402:3780:1000::/48
Signature Algorithm: sha256WithRSAEncryption
07:ae:86:c7:2d:90:89:cc:c1:a3:4c:15:02:c1:8d:e4:0a:76:
c1:13:34:d6:6d:29:5b:95:97:6f:c8:c8:f3:aa:e5:23:93:71:
4c:30:35:84:7d:3e:20:6a:cc:53:25:20:12:a4:71:fd:39:b0:
7e:aa:d2:3f:94:f7:77:7b:22:75:d0:06:12:7a:1e:03:1b:15:
ce:bc:ae:1f:12:5b:d3:ce:4a:2a:93:32:42:b1:e8:03:04:c5:
c3:69:07:41:60:74:d4:5e:93:9e:54:eb:7a:ce:c5:37:7c:db:
a8:b9:7f:d1:74:06:2e:6b:e0:13:3c:08:c9:1f:e6:86:28:90:
be:e0:2d:b6:f8:89:84:19:9d:7c:a1:49:40:d9:fd:13:7c:a1:
78:0d:fe:7d:1a:f5:b6:5c:b4:81:99:57:2e:6a:76:c5:7b:85:
93:35:99:67:5e:4a:4c:a5:03:7a:62:0a:b5:7f:8b:e2:8e:dd:
c8:76:5c:93:37:99:3e:88:ec:94:90:07:54:fb:88:7f:c0:bc:
d3:32:e3:e9:0c:3c:ba:14:89:4f:3e:fc:79:28:51:93:a7:5b:
14:fd:09:91:ba:50:c7:46:1f:1e:51:09:73:00:16:fa:d0:d2:
50:46:31:01:8b:bd:03:f1:31:e2:cb:49:ce:13:e6:ac:0a:85:
53:56:0b:dc
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICNHIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0I5Q0IxMTAvBgNVBAUTKDMzQTdBRUFGQTU1MjZEQ0RDNTZDRjA4NzZCQkQ0MTEz
M0UzRDI0NzkwHhcNMjUwMzMxMTQ0MDQyWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2VhYTk2OS1lNTBhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAveSLmJF1aSqUMyaRDtl84x+yYQinRXwtZuTxptxY9wpVWbz8iWp4ifqo1jX5
ZQGPktkUfhtZoKXcXCsjmeDCHCnN1KR7dIRVuzTOOFt669A8g62VWCkp4OJWwjvi
R7yd1QKOhdCWDtPOTQOmpSJLLMTH3XsMZIUBSxk7c3NX44wW9THYCMf6jBZVQ+dp
LZxxM0FKgjhOZVx04xlGhSvusI/lAgUHuWKR5NhNBTgH5FPmvHG53QJXCuIDOMvn
bX1Ka6xtCTJxEFKPBuCWFZs7epSyzcODdmWUWrGn9OQh2M8ZqeCgYkXo44tTpAgN
ToXJvUGdWzbxeJG2uoXn9Bj2VQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFJq8yLTl
XemqKVR0kZM2WLQuwc1yMB8GA1UdIwQYMBaAFDOnrq+lUm3NxWzwh2u9QRM+PSR5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QjlDQi82RjZFREM2MDFE
OEUxMUUyODg1Q0RGRUMwOEIwMkNEMi9NNmV1cjZWU2JjM0ZiUENIYTcxQkV6NDlK
SGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL002ZXVyNlZTYmMzRmJQQ0hhNzFCRXo0OUpIay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0I5Q0IvNkY2RURDNjAxRDhFMTFFMjg4NUNERkVDMDhCMDJDRDIvMDU0REM2ODBD
RTc0MTFFQUEzQTM5QTNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMCgEAgABMCIDBAPLacAwDAMEAMtpzwMEAstp2DAMAwQAy2ndAwQFy2nAMCEE
AgACMBsDBwAkAjeAAAADBwAkAjeAAAIDBwAkAjeAEAAwDQYJKoZIhvcNAQELBQAD
ggEBAAeuhsctkInMwaNMFQLBjeQKdsETNNZtKVuVl2/IyPOq5SOTcUwwNYR9PiBq
zFMlIBKkcf05sH6q0j+U93d7InXQBhJ6HgMbFc68rh8SW9POSiqTMkKx6AMExcNp
B0FgdNRek55U63rOxTd826i5f9F0Bi5r4BM8CMkf5oYokL7gLbb4iYQZnXyhSUDZ
/RN8oXgN/n0a9bZctIGZVy5qdsV7hZM1mWdeSkylA3piCrV/i+KO3ch2XJM3mT6I
7JSQB1T7iH/AvNMy4+kMPLoUiU8+/HkoUZOnWxT9CZG6UMdGHx5RCXMAFvrQ0lBG
MQGLvQPxMeLLSc4T5qwKhVNWC9w=
-----END CERTIFICATE-----
Generated at Mon Apr 7 11:17:01 2025 by rpki-client