Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
File: C7DDC774650E11EFAECF9A74C4F9AE02.roa (raw, json)
Hash identifier: C6P+cI5K8F01/Nh5/xAfVzkyrCt9E++VV68GkxK2zus=
Subject key identifier: 90:EF:B3:97:CE:DB:1F:3C:F3:49:10:87:45:E5:60:5F:95:0B:92:85
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A69E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
Signing time: Wed 19 Feb 2025 06:56:01 +0000
ROA not before: Wed 19 Feb 2025 06:56:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133275
IP address blocks: 43.228.220.0/22 maxlen: 24
43.248.236.0/22 maxlen: 24
43.249.52.0/22 maxlen: 24
45.115.4.0/22 maxlen: 24
45.119.136.0/22 maxlen: 24
45.119.140.0/22 maxlen: 24
45.125.60.0/22 maxlen: 24
103.13.104.0/22 maxlen: 24
103.36.124.0/22 maxlen: 24
103.46.192.0/23 maxlen: 24
103.46.194.0/23 maxlen: 24
103.47.168.0/22 maxlen: 24
103.47.236.0/22 maxlen: 24
103.59.192.0/22 maxlen: 24
103.59.196.0/22 maxlen: 24
103.73.92.0/22 maxlen: 24
103.86.40.0/22 maxlen: 24
103.95.120.0/22 maxlen: 24
103.124.12.0/22 maxlen: 24
103.173.201.0/24 maxlen: 24
103.176.162.0/23 maxlen: 24
103.193.196.0/22 maxlen: 24
103.196.52.0/22 maxlen: 24
103.197.116.0/22 maxlen: 24
103.206.248.0/22 maxlen: 24
103.208.200.0/22 maxlen: 24
103.215.248.0/22 maxlen: 24
103.216.88.0/22 maxlen: 24
103.243.4.0/24 maxlen: 24
103.248.116.0/22 maxlen: 24
116.204.188.0/22 maxlen: 24
137.59.240.0/22 maxlen: 24
157.119.124.0/22 maxlen: 24
157.119.216.0/24 maxlen: 24
157.119.217.0/24 maxlen: 24
157.119.218.0/24 maxlen: 24
157.119.219.0/24 maxlen: 24
175.111.132.0/22 maxlen: 24
210.16.80.0/22 maxlen: 24
220.158.160.0/22 maxlen: 24
2404:4340::/32 maxlen: 32
2404:4340::/33 maxlen: 33
2404:4340::/48 maxlen: 48
2404:4340:1::/48 maxlen: 48
2404:4340:2::/48 maxlen: 48
2404:4340:3::/48 maxlen: 48
2404:4340:4::/48 maxlen: 48
2404:4340:5::/48 maxlen: 48
2404:4340:6::/48 maxlen: 48
2404:4340:7::/48 maxlen: 48
2404:4340:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 15:26:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42654 (0xa69e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Feb 19 06:56:01 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67b58081-1ca1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:5f:64:33:96:2f:bb:9c:f4:7c:cb:4a:05:3f:
b7:a2:52:6a:b9:b1:4b:28:b1:0f:97:fe:ab:bc:b9:
7d:20:c1:e1:df:99:7e:e5:f8:32:27:b5:3c:19:44:
f6:4e:70:6a:e8:c2:5f:77:8e:63:f2:a0:85:ff:27:
eb:85:f1:d9:93:b8:dd:a3:72:9b:c2:a4:97:8c:a0:
98:60:76:a5:e6:6d:64:08:72:38:e0:e8:8a:fa:5b:
80:51:f4:0c:21:3d:61:48:67:8a:72:d9:cf:87:c4:
b4:7c:75:d2:8b:f0:95:c4:2d:ef:49:bd:21:2a:ed:
b7:bb:69:90:77:05:1a:5d:66:28:ae:27:ca:66:fc:
20:21:90:66:cc:db:d9:f8:65:3a:de:79:1f:a7:47:
b1:2e:83:20:69:07:9f:a2:22:45:aa:7e:5b:68:f2:
12:b5:4f:f6:15:b5:ee:90:2f:44:8a:03:9d:78:55:
7c:f5:19:3e:ee:0f:6c:f3:42:6f:3f:f7:72:73:9e:
99:be:0e:1b:fc:87:73:b7:ba:df:8a:1e:78:d3:87:
12:a3:5c:17:96:ce:00:83:a4:40:9c:41:0b:07:cf:
29:fe:e3:db:a2:18:64:d5:f5:3d:bf:59:ea:fb:1e:
b3:be:5b:30:4d:72:b3:b6:f9:9c:5a:f7:6c:80:60:
86:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:EF:B3:97:CE:DB:1F:3C:F3:49:10:87:45:E5:60:5F:95:0B:92:85
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/C7DDC774650E11EFAECF9A74C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.220.0/22
43.248.236.0/22
43.249.52.0/22
45.115.4.0/22
45.119.136.0/21
45.125.60.0/22
103.13.104.0/22
103.36.124.0/22
103.46.192.0/22
103.47.168.0/22
103.47.236.0/22
103.59.192.0/21
103.73.92.0/22
103.86.40.0/22
103.95.120.0/22
103.124.12.0/22
103.173.201.0/24
103.176.162.0/23
103.193.196.0/22
103.196.52.0/22
103.197.116.0/22
103.206.248.0/22
103.208.200.0/22
103.215.248.0/22
103.216.88.0/22
103.243.4.0/24
103.248.116.0/22
116.204.188.0/22
137.59.240.0/22
157.119.124.0/22
157.119.216.0/22
175.111.132.0/22
210.16.80.0/22
220.158.160.0/22
IPv6:
2404:4340::/32
Signature Algorithm: sha256WithRSAEncryption
8a:34:fe:22:1e:06:7a:f4:99:84:71:25:00:bb:3e:de:49:93:
29:91:62:86:4a:de:ff:ff:9c:57:55:2d:62:27:7a:74:fa:c8:
81:ed:64:80:54:fd:bd:18:13:d3:9b:33:4e:71:f7:bd:1b:d2:
00:f6:4c:80:cf:12:5c:60:1e:81:aa:3d:ec:0d:15:eb:0d:ce:
c7:f0:49:27:89:0b:44:9e:da:fd:43:e3:cb:32:46:a3:4f:ef:
ab:53:42:5d:5d:60:2e:75:b8:13:ea:52:fe:f3:af:65:82:7a:
36:36:51:02:1d:c8:ef:c6:52:ae:a3:3f:96:30:86:f0:67:06:
0d:ef:c8:e7:29:85:f7:cc:1e:7a:7b:2e:93:49:fd:3f:47:76:
04:c3:68:19:f3:51:2d:d4:5f:43:81:0b:15:12:92:fe:3d:3a:
65:e2:b2:26:90:04:64:fc:58:20:62:23:54:ce:65:96:21:b4:
d7:d3:3b:02:bb:12:5a:be:b8:a5:3e:9b:40:c6:3d:32:4b:d8:
c5:fe:b3:6a:64:fc:1d:96:ce:5a:0a:f1:09:19:6a:09:4a:de:
11:36:c5:47:17:98:42:93:65:09:0c:a3:9b:74:08:cc:62:6c:
53:e0:45:7c:a4:fb:ea:f0:84:f0:40:05:e3:6a:d0:4c:b0:cb:
6c:db:03:e2
-----BEGIN CERTIFICATE-----
MIIGTDCCBTSgAwIBAgIDAKaeMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDIxOTA2NTYwMVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjdiNTgwODEtMWNhMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJZfZDOWL7uc9HzLSgU/t6JSarmxSyixD5f+q7y5fSDB4d+ZfuX4Mie1PBlE
9k5waujCX3eOY/Kghf8n64Xx2ZO43aNym8Kkl4ygmGB2peZtZAhyOODoivpbgFH0
DCE9YUhninLZz4fEtHx10ovwlcQt70m9ISrtt7tpkHcFGl1mKK4nymb8ICGQZszb
2fhlOt55H6dHsS6DIGkHn6IiRap+W2jyErVP9hW17pAvRIoDnXhVfPUZPu4PbPNC
bz/3cnOemb4OG/yHc7e634oeeNOHEqNcF5bOAIOkQJxBCwfPKf7j26IYZNX1Pb9Z
6vses75bME1ys7b5nFr3bIBghvkCAwEAAaOCA28wggNrMB0GA1UdDgQWBBSQ77OX
ztsfPPNJEIdF5WBflQuShTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0M3RERDNzc0
NjUwRTExRUZBRUNGOUE3NEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIH4BggrBgEFBQcBBwEB
/wSB6DCB5TCB0wQCAAEwgcwDBAIr5NwDBAIr+OwDBAIr+TQDBAItcwQDBAMtd4gD
BAItfTwDBAJnDWgDBAJnJHwDBAJnLsADBAJnL6gDBAJnL+wDBANnO8ADBAJnSVwD
BAJnVigDBAJnX3gDBAJnfAwDBABnrckDBAFnsKIDBAJnwcQDBAJnxDQDBAJnxXQD
BAJnzvgDBAJn0MgDBAJn1/gDBAJn2FgDBABn8wQDBAJn+HQDBAJ0zLwDBAKJO/AD
BAKdd3wDBAKdd9gDBAKvb4QDBALSEFADBALcnqAwDQQCAAIwBwMFACQEQ0AwDQYJ
KoZIhvcNAQELBQADggEBAIo0/iIeBnr0mYRxJQC7Pt5JkymRYoZK3v//nFdVLWIn
enT6yIHtZIBU/b0YE9ObM05x970b0gD2TIDPElxgHoGqPewNFesNzsfwSSeJC0Se
2v1D48syRqNP76tTQl1dYC51uBPqUv7zr2WCejY2UQIdyO/GUq6jP5YwhvBnBg3v
yOcphffMHnp7LpNJ/T9HdgTDaBnzUS3UX0OBCxUSkv49OmXisiaQBGT8WCBiI1TO
ZZYhtNfTOwK7Elq+uKU+m0DGPTJL2MX+s2pk/B2WzloK8QkZaglK3hE2xUcXmEKT
ZQkMo5t0CMxibFPgRXyk++rwhPBABeNq0Eywy2zbA+I=
-----END CERTIFICATE-----
Generated at Fri Apr 4 20:22:40 2025 by rpki-client