Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BDE19C2E105C11F0AB9A592EC4F9AE02.roa
File: BDE19C2E105C11F0AB9A592EC4F9AE02.roa (raw, json)
Hash identifier: gXs33fkiCSxXyhUHfWr3kyVIpZ1IbuQde3sQe4+l3nE=
Subject key identifier: A8:90:9A:BA:0A:B5:26:80:7C:D2:5F:C4:A3:9B:E5:7C:F1:1C:DB:48
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: AD92
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BDE19C2E105C11F0AB9A592EC4F9AE02.roa
Signing time: Thu 03 Apr 2025 07:24:56 +0000
ROA not before: Thu 03 Apr 2025 07:24:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 132296
IP address blocks: 43.248.68.0/24 maxlen: 24
43.248.69.0/24 maxlen: 24
43.248.70.0/24 maxlen: 24
43.248.71.0/24 maxlen: 24
45.119.12.0/24 maxlen: 24
45.119.13.0/24 maxlen: 24
45.119.14.0/24 maxlen: 24
45.119.15.0/24 maxlen: 24
103.57.252.0/24 maxlen: 24
103.57.253.0/24 maxlen: 24
103.57.254.0/24 maxlen: 24
103.57.255.0/24 maxlen: 24
103.116.169.0/24 maxlen: 24
103.148.138.0/23 maxlen: 24
103.157.206.0/23 maxlen: 24
103.157.230.0/24 maxlen: 24
103.157.231.0/24 maxlen: 24
103.171.126.0/23 maxlen: 24
103.177.129.0/24 maxlen: 24
103.181.147.0/24 maxlen: 24
103.204.164.0/24 maxlen: 24
103.204.166.0/24 maxlen: 24
103.255.36.0/24 maxlen: 24
103.255.37.0/24 maxlen: 24
103.255.38.0/24 maxlen: 24
103.255.39.0/24 maxlen: 24
2402:5c80::/32 maxlen: 32
2407:6fc0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 15:26:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 44434 (0xad92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Apr 3 07:24:56 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67ee37c7-12f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:53:5d:63:0f:b9:fe:a7:45:aa:dc:19:28:67:
92:9f:d6:96:24:43:4a:b2:f6:62:f3:7a:81:1c:45:
14:5f:ba:4d:4b:31:11:2c:08:3d:2d:09:e0:06:dc:
d9:32:57:42:2a:d4:2f:25:da:60:dd:f8:1d:62:b8:
a8:c1:d2:e3:55:a9:e1:6c:ec:7f:6b:d7:db:4e:e6:
d6:52:ed:b0:98:61:db:6b:49:97:d8:db:f8:9a:b9:
d1:ca:46:2f:b2:86:58:cf:35:47:5f:58:11:fb:94:
66:b9:f2:d5:85:35:d4:98:d2:d6:3b:6a:88:a1:74:
ea:39:90:a1:66:20:a3:8d:ed:ea:ef:2a:84:d3:70:
1b:36:07:85:e2:a1:8d:b2:03:79:18:94:2f:e2:03:
d6:d2:a0:74:cd:af:16:ea:6d:72:f2:75:37:57:06:
46:0c:71:8d:dc:95:3f:18:72:48:7d:4c:ab:87:81:
10:ad:c9:a6:70:45:b7:a9:3c:bb:49:76:fa:5f:3c:
0c:e2:94:35:0d:fa:66:44:17:ae:81:41:65:32:97:
2a:19:0e:af:cb:a0:95:c5:35:66:15:ed:7d:14:34:
e9:13:1c:ba:be:36:7b:7c:c3:4f:c3:40:26:ac:0e:
08:54:73:50:8a:e3:cd:4d:95:46:49:a6:7f:ad:e7:
64:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:90:9A:BA:0A:B5:26:80:7C:D2:5F:C4:A3:9B:E5:7C:F1:1C:DB:48
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BDE19C2E105C11F0AB9A592EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.68.0/22
45.119.12.0/22
103.57.252.0/22
103.116.169.0/24
103.148.138.0/23
103.157.206.0/23
103.157.230.0/23
103.171.126.0/23
103.177.129.0/24
103.181.147.0/24
103.204.164.0/24
103.204.166.0/24
103.255.36.0/22
IPv6:
2402:5c80::/32
2407:6fc0::/32
Signature Algorithm: sha256WithRSAEncryption
43:4f:80:44:06:30:8a:23:0e:3f:ff:20:e9:f4:69:cd:db:78:
4e:3b:2c:72:6e:07:1d:15:20:35:fb:f5:20:1a:81:35:90:88:
02:bb:20:08:c9:8f:db:ee:d8:16:65:d8:5a:72:07:84:a2:25:
f0:2c:4c:98:74:9f:d7:38:49:d0:64:c2:07:3e:a9:26:fa:8c:
24:c5:68:4b:eb:1a:1f:ca:3c:b7:57:45:63:c8:16:70:ea:6b:
5e:1e:73:3b:c3:00:42:ac:81:05:b3:a1:02:4e:ae:52:2f:2d:
ca:33:f7:54:b5:de:25:a1:69:34:4c:71:4f:ad:e6:d5:79:1b:
6b:7a:3d:a7:43:96:b3:97:91:53:a9:c0:b0:11:ec:66:5d:14:
77:98:da:56:df:97:43:78:38:80:8f:3f:d8:03:d2:4c:11:ab:
f3:44:c1:b8:c6:b8:50:0c:bf:6b:6f:54:20:54:b4:0d:0d:71:
2c:7d:d6:2f:01:6f:11:19:c4:4c:38:ab:82:a5:f7:a8:7e:b8:
66:15:08:b9:47:4e:54:a9:1d:e9:d4:d8:3a:d6:4e:ff:cc:16:
e1:fe:c0:87:9a:66:3a:a2:44:03:14:d2:1e:fa:d6:54:b4:39:
11:85:db:51:67:d3:f0:e7:0f:ff:e5:00:5a:31:e6:4d:d9:c2:
77:32:24:6a
-----BEGIN CERTIFICATE-----
MIIF0DCCBLigAwIBAgIDAK2SMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDQwMzA3MjQ1NloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjdlZTM3YzctMTJmNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJTXWMPuf6nRarcGShnkp/WliRDSrL2YvN6gRxFFF+6TUsxESwIPS0J4Abc
2TJXQirULyXaYN34HWK4qMHS41Wp4Wzsf2vX207m1lLtsJhh22tJl9jb+Jq50cpG
L7KGWM81R19YEfuUZrny1YU11JjS1jtqiKF06jmQoWYgo43t6u8qhNNwGzYHheKh
jbIDeRiUL+ID1tKgdM2vFuptcvJ1N1cGRgxxjdyVPxhySH1Mq4eBEK3JpnBFt6k8
u0l2+l88DOKUNQ36ZkQXroFBZTKXKhkOr8uglcU1ZhXtfRQ06RMcur42e3zDT8NA
JqwOCFRzUIrjzU2VRkmmf63nZMUCAwEAAaOCAvMwggLvMB0GA1UdDgQWBBSokJq6
CrUmgHzSX8Sjm+V88RzbSDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0JERTE5QzJF
MTA1QzExRjBBQjlBNTkyRUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMH0GCCsGAQUFBwEHAQH/
BG4wbDBUBAIAATBOAwQCK/hEAwQCLXcMAwQCZzn8AwQAZ3SpAwQBZ5SKAwQBZ53O
AwQBZ53mAwQBZ6t+AwQAZ7GBAwQAZ7WTAwQAZ8ykAwQAZ8ymAwQCZ/8kMBQEAgAC
MA4DBQAkAlyAAwUAJAdvwDANBgkqhkiG9w0BAQsFAAOCAQEAQ0+ARAYwiiMOP/8g
6fRpzdt4Tjsscm4HHRUgNfv1IBqBNZCIArsgCMmP2+7YFmXYWnIHhKIl8CxMmHSf
1zhJ0GTCBz6pJvqMJMVoS+saH8o8t1dFY8gWcOprXh5zO8MAQqyBBbOhAk6uUi8t
yjP3VLXeJaFpNExxT63m1Xkba3o9p0OWs5eRU6nAsBHsZl0Ud5jaVt+XQ3g4gI8/
2APSTBGr80TBuMa4UAy/a29UIFS0DQ1xLH3WLwFvERnETDirgqX3qH64ZhUIuUdO
VKkd6dTYOtZO/8wW4f7Ah5pmOqJEAxTSHvrWVLQ5EYXbUWfT8OcP/+UAWjHmTdnC
dzIkag==
-----END CERTIFICATE-----
Generated at Sat Apr 5 10:39:06 2025 by rpki-client