Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/7D58FFA4085511EFA3E44E39C4F9AE02.roa
File: 7D58FFA4085511EFA3E44E39C4F9AE02.roa (raw, json)
Hash identifier: aiFrMbTQ8pa6qGrU9w8Y+h6k5VVyo8+mDWmigq+L7zE=
Subject key identifier: 44:8E:84:6B:2D:6A:CC:52:96:98:84:42:1B:CF:24:DB:8E:3E:4C:44
Certificate issuer: /CN=A91A46B0/serialNumber=FF682DF8D44864B341D9CB7B6C0659BFFAACC9C7
Certificate serial: 05F2
Authority key identifier: FF:68:2D:F8:D4:48:64:B3:41:D9:CB:7B:6C:06:59:BF:FA:AC:C9:C7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_2gt-NRIZLNB2ct7bAZZv_qsycc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/7D58FFA4085511EFA3E44E39C4F9AE02.roa
Signing time: Tue 04 Mar 2025 18:21:53 +0000
ROA not before: Tue 04 Mar 2025 18:21:53 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 58955
IP address blocks: 43.239.251.0/24 maxlen: 24
43.249.35.0/24 maxlen: 24
45.64.184.0/24 maxlen: 24
45.64.185.0/24 maxlen: 24
45.64.186.0/24 maxlen: 24
45.64.187.0/24 maxlen: 24
103.27.200.0/24 maxlen: 24
103.27.201.0/24 maxlen: 24
103.27.202.0/24 maxlen: 24
103.27.203.0/24 maxlen: 24
103.70.5.0/24 maxlen: 24
103.70.7.0/24 maxlen: 24
103.86.48.0/24 maxlen: 24
103.86.49.0/24 maxlen: 24
103.86.50.0/24 maxlen: 24
103.86.51.0/24 maxlen: 24
103.132.0.0/24 maxlen: 24
103.132.1.0/24 maxlen: 24
103.132.2.0/24 maxlen: 24
103.132.3.0/24 maxlen: 24
103.230.120.0/24 maxlen: 24
103.230.121.0/24 maxlen: 24
103.230.122.0/24 maxlen: 24
103.230.123.0/24 maxlen: 24
103.234.236.0/22 maxlen: 22
103.234.236.0/24 maxlen: 24
103.234.237.0/24 maxlen: 24
103.234.238.0/24 maxlen: 24
103.234.239.0/24 maxlen: 24
103.245.165.0/24 maxlen: 24
103.245.166.0/24 maxlen: 24
103.249.212.0/24 maxlen: 24
103.249.213.0/24 maxlen: 24
103.249.214.0/24 maxlen: 24
103.249.215.0/24 maxlen: 24
116.204.180.0/24 maxlen: 24
116.204.181.0/24 maxlen: 24
116.204.182.0/24 maxlen: 24
116.204.183.0/24 maxlen: 24
2407:7900:1000::/40 maxlen: 40
2407:7900:2000::/40 maxlen: 40
2407:7900:9999::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/_2gt-NRIZLNB2ct7bAZZv_qsycc.crl
rsync://rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/_2gt-NRIZLNB2ct7bAZZv_qsycc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_2gt-NRIZLNB2ct7bAZZv_qsycc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 23:16:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1522 (0x5f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A46B0
Validity
Not Before: Mar 4 18:21:53 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=67c744c1-350e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:02:12:2a:c5:b8:93:d8:34:87:63:a6:d3:51:
ea:c0:8e:4c:6c:61:0d:4e:ce:e5:51:1a:c7:44:0c:
3a:eb:7a:36:a7:74:d1:3c:c3:f0:0f:69:0f:96:29:
4a:10:53:03:e9:c9:54:e1:a7:15:61:9f:47:1e:c8:
86:77:af:75:9d:c0:25:6b:82:13:ed:a3:9c:85:23:
97:97:1e:be:87:56:4a:9f:fb:f0:8d:3c:36:84:39:
65:5f:0d:ac:4a:5d:36:44:09:64:95:d5:20:2b:49:
7d:96:92:d8:f4:66:55:f9:fe:b7:18:2e:89:08:a6:
2e:6c:ca:8e:a9:b3:4b:73:b4:85:f2:2b:76:d2:19:
e0:76:21:88:74:14:d1:5d:19:ae:fc:ba:5e:9b:77:
40:22:d5:b0:02:72:cb:90:be:7d:58:e1:46:b8:68:
5b:96:81:a2:39:59:70:69:ef:52:e3:b9:17:32:2a:
28:1a:24:ba:cf:f0:38:11:ab:c9:2d:14:f7:05:52:
37:c2:60:75:4f:75:59:d2:e6:b6:c8:40:44:c9:37:
db:1f:90:67:48:25:5a:9c:f6:a8:ba:8a:95:0e:0f:
ce:af:a2:61:f1:10:7d:87:b9:99:c2:f7:9e:c1:33:
0e:71:4e:c0:c9:2f:a5:10:22:24:7e:30:e0:93:52:
d4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:8E:84:6B:2D:6A:CC:52:96:98:84:42:1B:CF:24:DB:8E:3E:4C:44
X509v3 Authority Key Identifier:
keyid:FF:68:2D:F8:D4:48:64:B3:41:D9:CB:7B:6C:06:59:BF:FA:AC:C9:C7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/_2gt-NRIZLNB2ct7bAZZv_qsycc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_2gt-NRIZLNB2ct7bAZZv_qsycc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A46B0/32E9873CBFC811EBB9E4EB6EC4F9AE02/7D58FFA4085511EFA3E44E39C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.251.0/24
43.249.35.0/24
45.64.184.0/22
103.27.200.0/22
103.70.5.0/24
103.70.7.0/24
103.86.48.0/22
103.132.0.0/22
103.230.120.0/22
103.234.236.0/22
103.245.165.0-103.245.166.255
103.249.212.0/22
116.204.180.0/22
IPv6:
2407:7900:1000::/40
2407:7900:2000::/40
2407:7900:9999::/48
Signature Algorithm: sha256WithRSAEncryption
2b:7d:ef:a6:dd:c5:10:c8:d6:6b:ca:f3:e5:ae:3d:7e:c0:71:
6e:00:4b:a5:fd:0e:22:ce:6b:2b:f9:b8:b9:38:1c:34:79:c1:
58:6e:bd:d8:1f:35:8f:8c:9b:29:84:7e:1c:c2:28:d7:ba:a3:
ce:2f:7a:f9:b8:13:1c:1e:20:e1:99:0f:f0:33:72:e5:9a:db:
bb:c8:9d:81:fb:66:97:e1:26:21:58:dc:b8:9b:45:14:05:ed:
e4:23:0b:5f:93:4e:2b:73:e0:1d:07:76:7b:06:fb:80:c2:70:
4f:68:3e:f2:b5:5c:6f:f8:f8:58:5e:61:c3:2b:f2:78:19:61:
f9:1c:00:91:b1:86:75:98:96:0c:6e:33:20:ff:60:e7:6a:59:
24:19:c4:95:9c:7f:e7:3a:a4:3c:64:97:91:8b:6c:68:1f:e8:
01:c4:31:f4:26:8c:80:46:0f:9e:38:c9:27:53:f2:23:c1:1d:
b3:db:95:ea:b7:3c:85:19:2e:2e:82:56:43:a3:51:c3:b5:08:
fc:9d:49:21:34:87:80:fc:77:cb:35:ad:04:e5:0b:ff:99:d3:
d0:27:8a:d5:d2:3a:aa:cd:8e:16:49:94:90:6a:80:b1:63:bf:
08:ab:f5:34:8d:85:d3:4a:31:0c:2b:31:2d:64:1c:82:77:4a:
98:4f:11:bf
-----BEGIN CERTIFICATE-----
MIIF5DCCBMygAwIBAgICBfIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTQ2QjAxMTAvBgNVBAUTKEZGNjgyREY4RDQ0ODY0QjM0MUQ5Q0I3QjZDMDY1OUJG
RkFBQ0M5QzcwHhcNMjUwMzA0MTgyMTUzWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M3NDRjMS0zNTBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApgISKsW4k9g0h2Om01HqwI5MbGENTs7lURrHRAw663o2p3TRPMPwD2kPlilK
EFMD6clU4acVYZ9HHsiGd691ncAla4IT7aOchSOXlx6+h1ZKn/vwjTw2hDllXw2s
Sl02RAlkldUgK0l9lpLY9GZV+f63GC6JCKYubMqOqbNLc7SF8it20hngdiGIdBTR
XRmu/Lpem3dAItWwAnLLkL59WOFGuGhbloGiOVlwae9S47kXMiooGiS6z/A4EavJ
LRT3BVI3wmB1T3VZ0ua2yEBEyTfbH5BnSCVanPaouoqVDg/Or6Jh8RB9h7mZwvee
wTMOcU7AyS+lECIkfjDgk1LUQQIDAQABo4IDCDCCAwQwHQYDVR0OBBYEFESOhGst
asxSlpiEQhvPJNuOPkxEMB8GA1UdIwQYMBaAFP9oLfjUSGSzQdnLe2wGWb/6rMnH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNDZCMC8zMkU5ODczQ0JG
QzgxMUVCQjlFNEVCNkVDNEY5QUUwMi9fMmd0LU5SSVpMTkIyY3Q3YkFaWnZfcXN5
Y2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL18yZ3QtTlJJWkxOQjJjdDdiQVpadl9xc3ljYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTQ2QjAvMzJFOTg3M0NCRkM4MTFFQkI5RTRFQjZFQzRGOUFFMDIvN0Q1OEZGQTQw
ODU1MTFFRkEzRTQ0RTM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZEGCCsGAQUFBwEHAQH/
BIGBMH8wXAQCAAEwVgMEACvv+wMEACv5IwMEAi1AuAMEAmcbyAMEAGdGBQMEAGdG
BwMEAmdWMAMEAmeEAAMEAmfmeAMEAmfq7DAMAwQAZ/WlAwQAZ/WmAwQCZ/nUAwQC
dMy0MB8EAgACMBkDBgAkB3kAEAMGACQHeQAgAwcAJAd5AJmZMA0GCSqGSIb3DQEB
CwUAA4IBAQArfe+m3cUQyNZryvPlrj1+wHFuAEul/Q4izmsr+bi5OBw0ecFYbr3Y
HzWPjJsphH4cwijXuqPOL3r5uBMcHiDhmQ/wM3Llmtu7yJ2B+2aX4SYhWNy4m0UU
Be3kIwtfk04rc+AdB3Z7BvuAwnBPaD7ytVxv+PhYXmHDK/J4GWH5HACRsYZ1mJYM
bjMg/2DnalkkGcSVnH/nOqQ8ZJeRi2xoH+gBxDH0JoyARg+eOMknU/IjwR2z25Xq
tzyFGS4uglZDo1HDtQj8nUkhNIeA/HfLNa0E5Qv/mdPQJ4rV0jqqzY4WSZSQaoCx
Y78Iq/U0jYXTSjEMKzEtZByCd0qYTxG/
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:39:29 2025 by rpki-client