Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EB52ED057DE11F0B19CEA1FC4F9AE02.roa
File: 1EB52ED057DE11F0B19CEA1FC4F9AE02.roa (raw, json)
Hash identifier: RjKc2wnXNFWm3zt5vLYgPkki52FqdzaPCzthO5FR28M=
Subject key identifier: F3:C7:2F:76:33:A7:B9:FD:F5:52:9A:BC:6A:94:57:0E:89:0E:B8:C3
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: C01A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EB52ED057DE11F0B19CEA1FC4F9AE02.roa
Signing time: Fri 11 Jul 2025 09:20:44 +0000
ROA not before: Fri 11 Jul 2025 09:20:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 132296
IP address blocks: 43.248.68.0/24 maxlen: 24
43.248.69.0/24 maxlen: 24
43.248.70.0/24 maxlen: 24
43.248.71.0/24 maxlen: 24
45.119.12.0/24 maxlen: 24
45.119.13.0/24 maxlen: 24
45.119.14.0/24 maxlen: 24
45.119.15.0/24 maxlen: 24
103.57.252.0/24 maxlen: 24
103.57.253.0/24 maxlen: 24
103.57.254.0/24 maxlen: 24
103.57.255.0/24 maxlen: 24
103.116.169.0/24 maxlen: 24
103.147.174.0/23 maxlen: 24
103.148.138.0/23 maxlen: 24
103.157.206.0/23 maxlen: 24
103.157.230.0/23 maxlen: 24
103.171.126.0/23 maxlen: 24
103.174.26.0/23 maxlen: 24
103.177.58.0/23 maxlen: 24
103.177.128.0/24 maxlen: 24
103.177.129.0/24 maxlen: 24
103.181.147.0/24 maxlen: 24
103.255.36.0/24 maxlen: 24
103.255.37.0/24 maxlen: 24
103.255.38.0/24 maxlen: 24
103.255.39.0/24 maxlen: 24
2402:5c80::/32 maxlen: 32
2407:6fc0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 26 Jul 2025 11:48:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 49178 (0xc01a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jul 11 09:20:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6870d76b-1833
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:d7:d1:17:45:bb:f4:9a:1d:a0:02:dd:3e:01:
89:9a:91:a1:22:58:0a:c6:19:3a:88:35:57:14:53:
dc:80:5d:68:d5:9f:c3:de:86:7a:7a:70:a1:36:ef:
b7:54:8b:0d:af:e4:bc:bd:a2:0d:36:67:aa:70:4b:
79:9c:be:c7:55:6d:19:6b:bc:6c:8b:49:40:31:a6:
9b:01:27:ac:2e:2a:56:8e:be:5a:80:59:21:25:05:
f3:2e:02:6a:dd:df:d9:47:ec:ba:26:c4:73:c7:c1:
a9:2b:f3:bc:a0:aa:b3:cc:20:e4:34:a7:fc:73:ac:
ae:19:33:85:cc:9e:2c:27:ce:14:12:2b:14:0b:da:
82:ba:cc:d7:49:06:63:5e:67:c5:9a:38:5c:f5:89:
d5:8d:c6:fe:55:e3:01:d4:e7:bc:2b:82:f0:96:a8:
72:d0:33:35:10:b1:d8:13:6d:69:a6:8e:23:9c:97:
e1:b7:06:00:00:bd:e6:78:e1:78:cf:ab:f6:4a:f4:
3a:8a:c7:6f:cf:6b:dc:98:bd:00:54:f4:07:64:39:
26:c8:8b:c6:84:ce:ae:33:79:40:49:5f:85:39:07:
83:16:38:13:d9:60:9a:03:2b:fc:3c:ac:93:07:f8:
64:0a:7a:26:33:c2:3d:1a:9a:d1:52:d1:00:67:42:
43:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:C7:2F:76:33:A7:B9:FD:F5:52:9A:BC:6A:94:57:0E:89:0E:B8:C3
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EB52ED057DE11F0B19CEA1FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.68.0/22
45.119.12.0/22
103.57.252.0/22
103.116.169.0/24
103.147.174.0/23
103.148.138.0/23
103.157.206.0/23
103.157.230.0/23
103.171.126.0/23
103.174.26.0/23
103.177.58.0/23
103.177.128.0/23
103.181.147.0/24
103.255.36.0/22
IPv6:
2402:5c80::/32
2407:6fc0::/32
Signature Algorithm: sha256WithRSAEncryption
2b:27:c6:ac:2c:47:0c:3c:be:0c:6d:1c:47:e6:72:5e:3b:af:
61:73:73:ab:18:93:f8:81:73:79:8d:e1:77:44:d8:59:f5:f8:
f7:d8:13:6f:95:ac:33:97:e3:25:cd:cb:ce:76:ad:db:fd:d4:
9f:41:46:78:b7:95:40:e6:77:a9:ee:b2:47:b1:73:a3:76:bb:
7e:1c:9a:28:04:35:5b:f6:77:7e:d4:82:7e:28:7e:0b:30:dc:
42:ee:a4:43:9c:ea:38:9d:a1:7b:78:1e:f0:cb:75:df:76:e3:
30:ef:2f:d0:4f:46:14:a3:ea:f3:c5:34:6c:7c:e4:16:9a:5c:
db:9d:27:c0:ed:67:50:61:ee:0a:ce:9d:77:fb:9f:0d:d5:8f:
40:4b:cf:4b:3b:c2:5d:dd:2c:43:ea:79:3c:91:40:af:d0:27:
ba:03:81:c9:29:de:59:ab:c6:5e:b8:28:65:13:67:fe:59:64:
67:6a:78:0c:f3:03:c7:f2:18:79:7d:ce:72:c5:29:62:e6:21:
10:82:ed:3e:30:a7:44:9a:34:fc:fe:2a:8d:3d:77:69:2f:69:
af:4f:16:7b:1a:66:6e:eb:6e:20:77:7d:12:ac:d1:62:e1:d5:
85:b3:ad:2b:16:a9:4b:07:6a:b7:3d:89:4c:ba:13:a3:4a:bd:
06:9d:2d:ae
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgIDAMAaMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDcxMTA5MjA0NFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjg3MGQ3NmItMTgzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3X0RdFu/SaHaAC3T4BiZqRoSJYCsYZOog1VxRT3IBdaNWfw96GenpwoTbv
t1SLDa/kvL2iDTZnqnBLeZy+x1VtGWu8bItJQDGmmwEnrC4qVo6+WoBZISUF8y4C
at3f2UfsuibEc8fBqSvzvKCqs8wg5DSn/HOsrhkzhcyeLCfOFBIrFAvagrrM10kG
Y15nxZo4XPWJ1Y3G/lXjAdTnvCuC8JaoctAzNRCx2BNtaaaOI5yX4bcGAAC95njh
eM+r9kr0OorHb89r3Ji9AFT0B2Q5JsiLxoTOrjN5QElfhTkHgxY4E9lgmgMr/Dys
kwf4ZAp6JjPCPRqa0VLRAGdCQ+cCAwEAAaOCAvowggL2MB0GA1UdDgQWBBTzxy92
M6e5/fVSmrxqlFcOiQ64wzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzFFQjUyRUQw
NTdERTExRjBCMTlDRUExRkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGDBggrBgEFBQcBBwEB
/wR0MHIwWgQCAAEwVAMEAiv4RAMEAi13DAMEAmc5/AMEAGd0qQMEAWeTrgMEAWeU
igMEAWedzgMEAWed5gMEAWerfgMEAWeuGgMEAWexOgMEAWexgAMEAGe1kwMEAmf/
JDAUBAIAAjAOAwUAJAJcgAMFACQHb8AwDQYJKoZIhvcNAQELBQADggEBACsnxqws
Rww8vgxtHEfmcl47r2Fzc6sYk/iBc3mN4XdE2Fn1+PfYE2+VrDOX4yXNy852rdv9
1J9BRni3lUDmd6nuskexc6N2u34cmigENVv2d37Ugn4ofgsw3ELupEOc6jidoXt4
HvDLdd924zDvL9BPRhSj6vPFNGx85BaaXNudJ8DtZ1Bh7grOnXf7nw3Vj0BLz0s7
wl3dLEPqeTyRQK/QJ7oDgckp3lmrxl64KGUTZ/5ZZGdqeAzzA8fyGHl9znLFKWLm
IRCC7T4wp0SaNPz+Ko09d2kvaa9PFnsaZm7rbiB3fRKs0WLh1YWzrSsWqUsHarc9
iUy6E6NKvQadLa4=
-----END CERTIFICATE-----
Generated at Sun Jul 20 13:44:36 2025 by rpki-client