Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
File: A508D320BBC711ED8DF23C40C4F9AE02.roa (raw, json)
Hash identifier: +L1qHY5R3sGaecxS0ZsJwCFSa4qv+kQF5VrxKLTYgCU=
Subject key identifier: 8F:E6:37:6A:EA:A9:02:73:B1:F6:FC:B8:C5:51:E0:73:4C:05:48:48
Certificate issuer: /CN=A91A57F8/serialNumber=9F64FE50992537FB0B40E52F9CFAC310CA271918
Certificate serial: 01B6
Authority key identifier: 9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
Signing time: Sat 29 Mar 2025 03:28:52 +0000
ROA not before: Sat 29 Mar 2025 03:28:52 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 136000
IP address blocks: 103.117.166.0/23 maxlen: 23
103.117.228.0/22 maxlen: 22
103.134.20.0/22 maxlen: 22
103.196.240.0/22 maxlen: 22
103.209.12.0/22 maxlen: 22
118.91.179.0/24 maxlen: 24
118.91.188.0/24 maxlen: 24
202.14.177.0/24 maxlen: 24
202.62.240.0/22 maxlen: 22
202.73.30.0/23 maxlen: 23
203.14.201.0/24 maxlen: 24
203.18.242.0/23 maxlen: 23
203.23.53.0/24 maxlen: 24
203.24.148.0/23 maxlen: 23
203.28.160.0/24 maxlen: 24
203.29.91.0/24 maxlen: 24
203.32.98.0/23 maxlen: 23
203.33.103.0/24 maxlen: 24
203.55.150.0/24 maxlen: 24
203.56.119.0/24 maxlen: 24
203.57.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 12 Apr 2025 03:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 438 (0x1b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A57F8
Validity
Not Before: Mar 29 03:28:52 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67e768f3-a1b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:85:d3:66:ff:bf:c7:9e:61:49:f1:1b:32:37:
62:f0:82:1c:36:91:ee:7d:a8:81:95:a7:a4:d7:46:
a5:37:51:d8:a2:fc:41:74:89:f3:dc:0b:7b:8f:ec:
98:6e:75:3c:9f:c7:82:c5:63:d7:db:71:f3:d3:ea:
78:cd:19:15:e1:d4:ce:e3:dd:ba:de:51:ac:8f:01:
a3:11:69:32:bf:38:42:91:4d:22:06:e4:9e:f1:38:
85:00:b2:d6:79:3f:db:d5:68:c8:2f:97:b2:4d:b1:
91:9d:55:1b:3d:6a:22:64:89:38:7c:c4:a2:83:b2:
cd:ba:fb:bc:b4:a2:9a:d4:c1:1e:7c:a1:71:22:f0:
73:7b:8c:04:bb:12:08:fd:21:ea:e7:67:ad:f7:74:
b5:aa:cc:e6:7e:c2:cc:e2:31:08:63:a4:42:91:eb:
f4:cc:3c:06:71:b0:99:ea:2d:02:4f:c9:c3:a7:ab:
8d:87:50:6d:f5:64:0f:89:36:d6:bd:87:b3:91:af:
c3:1b:52:ff:c5:2b:af:2c:33:40:b0:43:2d:96:8e:
9d:60:45:82:e7:eb:55:d2:4b:ea:08:01:7b:c8:3d:
19:a7:35:68:65:5d:f4:e2:9b:52:73:26:df:9c:a4:
f6:08:aa:fb:8a:94:5b:4f:dd:d7:c1:68:53:e7:5b:
d8:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:E6:37:6A:EA:A9:02:73:B1:F6:FC:B8:C5:51:E0:73:4C:05:48:48
X509v3 Authority Key Identifier:
keyid:9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.117.166.0/23
103.117.228.0/22
103.134.20.0/22
103.196.240.0/22
103.209.12.0/22
118.91.179.0/24
118.91.188.0/24
202.14.177.0/24
202.62.240.0/22
202.73.30.0/23
203.14.201.0/24
203.18.242.0/23
203.23.53.0/24
203.24.148.0/23
203.28.160.0/24
203.29.91.0/24
203.32.98.0/23
203.33.103.0/24
203.55.150.0/24
203.56.119.0/24
203.57.252.0/24
Signature Algorithm: sha256WithRSAEncryption
97:5a:5e:1f:2e:5b:c5:aa:7a:6f:ee:5b:70:81:33:26:59:0e:
72:97:f7:46:15:e7:f9:87:75:d6:c3:c2:0a:b0:29:37:27:38:
67:68:04:91:4e:c5:9f:d2:ff:8a:c6:54:14:82:a4:15:d7:33:
21:57:1c:ea:8b:44:86:8b:bc:de:24:cc:fa:0a:27:d5:eb:e2:
50:ab:c2:2c:c1:4f:1d:28:af:b4:b2:25:52:bb:ed:8c:18:b1:
b5:6b:35:3e:73:78:33:fe:1b:35:44:60:96:db:88:d5:32:b8:
d7:a7:c6:da:b5:2f:20:be:99:3a:73:d8:f4:d1:05:6a:74:28:
d9:5b:96:3e:34:02:c7:15:d9:d7:2d:dd:7d:be:24:b7:1c:03:
ee:44:80:f2:d8:5a:b4:1a:e3:22:a0:07:11:d3:86:1e:53:cd:
11:39:9c:7e:37:4c:96:6f:fe:64:4f:a4:38:d2:0a:6b:ba:e0:
2f:c7:20:ee:2b:33:b0:68:51:cf:65:5b:8c:d2:a2:fd:b2:82:
23:2b:89:dc:59:b8:bd:5b:a4:f5:57:27:9a:df:9c:4d:49:5c:
6a:f6:3c:ea:2b:09:c1:1f:89:42:d5:0f:26:eb:2c:65:05:2b:
9e:d0:d6:42:f0:b1:39:41:1a:50:28:15:c5:f5:86:7b:19:9f:
ec:53:a5:c3
-----BEGIN CERTIFICATE-----
MIIF7TCCBNWgAwIBAgICAbYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU3RjgxMTAvBgNVBAUTKDlGNjRGRTUwOTkyNTM3RkIwQjQwRTUyRjlDRkFDMzEw
Q0EyNzE5MTgwHhcNMjUwMzI5MDMyODUyWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2U3NjhmMy1hMWI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApoXTZv+/x55hSfEbMjdi8IIcNpHufaiBlaek10alN1HYovxBdInz3At7j+yY
bnU8n8eCxWPX23Hz0+p4zRkV4dTO49263lGsjwGjEWkyvzhCkU0iBuSe8TiFALLW
eT/b1WjIL5eyTbGRnVUbPWoiZIk4fMSig7LNuvu8tKKa1MEefKFxIvBze4wEuxII
/SHq52et93S1qszmfsLM4jEIY6RCkev0zDwGcbCZ6i0CT8nDp6uNh1Bt9WQPiTbW
vYezka/DG1L/xSuvLDNAsEMtlo6dYEWC5+tV0kvqCAF7yD0ZpzVoZV304ptScybf
nKT2CKr7ipRbT93XwWhT51vYTQIDAQABo4IDETCCAw0wHQYDVR0OBBYEFI/mN2rq
qQJzsfb8uMVR4HNMBUhIMB8GA1UdIwQYMBaAFJ9k/lCZJTf7C0DlL5z6wxDKJxkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTdGOC8zNDUwOTQwMEI5
NzUxMUVEODA0MERFMjJDNEY5QUUwMi9uMlQtVUprbE5fc0xRT1V2blByREVNb25H
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL24yVC1VSmtsTl9zTFFPVXZuUHJERU1vbkdSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU3RjgvMzQ1MDk0MDBCOTc1MTFFRDgwNDBERTIyQzRGOUFFMDIvQTUwOEQzMjBC
QkM3MTFFRDhERjIzQzQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZoGCCsGAQUFBwEHAQH/
BIGKMIGHMIGEBAIAATB+AwQBZ3WmAwQCZ3XkAwQCZ4YUAwQCZ8TwAwQCZ9EMAwQA
dluzAwQAdlu8AwQAyg6xAwQCyj7wAwQBykkeAwQAyw7JAwQByxLyAwQAyxc1AwQB
yxiUAwQAyxygAwQAyx1bAwQByyBiAwQAyyFnAwQAyzeWAwQAyzh3AwQAyzn8MA0G
CSqGSIb3DQEBCwUAA4IBAQCXWl4fLlvFqnpv7ltwgTMmWQ5yl/dGFef5h3XWw8IK
sCk3JzhnaASRTsWf0v+KxlQUgqQV1zMhVxzqi0SGi7zeJMz6CifV6+JQq8IswU8d
KK+0siVSu+2MGLG1azU+c3gz/hs1RGCW24jVMrjXp8batS8gvpk6c9j00QVqdCjZ
W5Y+NALHFdnXLd19viS3HAPuRIDy2Fq0GuMioAcR04YeU80ROZx+N0yWb/5kT6Q4
0gpruuAvxyDuKzOwaFHPZVuM0qL9soIjK4ncWbi9W6T1Vyea35xNSVxq9jzqKwnB
H4lC1Q8m6yxlBSue0NZC8LE5QRpQKBXF9YZ7GZ/sU6XD
-----END CERTIFICATE-----
Generated at Mon Apr 7 01:24:45 2025 by rpki-client