Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/314E917C651E11E8A8903D42C4F9AE02.roa
File: 314E917C651E11E8A8903D42C4F9AE02.roa (raw, json)
Hash identifier: PelwRr9hgP7dCYd5KU90WVUNYfa/KyN0aFEd88yUz4U=
Subject key identifier: EC:96:EE:7C:81:AE:83:44:B4:D8:9C:D4:A5:49:66:EE:9A:CC:60:DC
Certificate issuer: /CN=A91A8219/serialNumber=6553C3C2180B97E2EB37CB71F6A1CEAA7B95CA47
Certificate serial: 16E5
Authority key identifier: 65:53:C3:C2:18:0B:97:E2:EB:37:CB:71:F6:A1:CE:AA:7B:95:CA:47
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZVPDwhgLl-LrN8tx9qHOqnuVykc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/314E917C651E11E8A8903D42C4F9AE02.roa
Signing time: Tue 18 Mar 2025 17:05:07 +0000
ROA not before: Tue 18 Mar 2025 17:05:07 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 38883
IP address blocks: 103.29.200.0/22 maxlen: 24
115.146.64.0/20 maxlen: 20
115.146.64.0/24 maxlen: 24
115.146.65.0/24 maxlen: 24
115.146.66.0/24 maxlen: 24
115.146.67.0/24 maxlen: 24
115.146.68.0/24 maxlen: 24
115.146.69.0/24 maxlen: 24
115.146.70.0/24 maxlen: 24
115.146.71.0/24 maxlen: 24
115.146.72.0/24 maxlen: 24
115.146.73.0/24 maxlen: 24
115.146.74.0/24 maxlen: 24
115.146.75.0/24 maxlen: 24
115.146.76.0/24 maxlen: 24
115.146.78.0/24 maxlen: 24
115.146.79.0/24 maxlen: 24
119.63.216.0/21 maxlen: 21
119.63.216.0/24 maxlen: 24
119.63.217.0/24 maxlen: 24
119.63.218.0/24 maxlen: 24
119.63.219.0/24 maxlen: 24
119.63.220.0/24 maxlen: 24
119.63.221.0/24 maxlen: 24
119.63.222.0/24 maxlen: 24
119.63.223.0/24 maxlen: 24
2402:7400::/32 maxlen: 32
2402:7400::/36 maxlen: 36
2402:7400:2000::/36 maxlen: 36
2402:7400:5000::/36 maxlen: 36
2402:7400:6000::/36 maxlen: 36
2402:7400:7000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/ZVPDwhgLl-LrN8tx9qHOqnuVykc.crl
rsync://rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/ZVPDwhgLl-LrN8tx9qHOqnuVykc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZVPDwhgLl-LrN8tx9qHOqnuVykc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 29 Apr 2025 16:41:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5861 (0x16e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A8219, serialNumber=6553C3C2180B97E2EB37CB71F6A1CEAA7B95CA47
Validity
Not Before: Mar 18 17:05:07 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67d9a7c3-88c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:57:79:00:09:29:6a:51:d3:2f:10:66:f4:3d:
d3:48:46:65:10:15:b5:f2:bf:a1:0f:a5:34:43:98:
b1:a4:df:02:aa:41:55:c4:a0:27:c2:5f:47:fc:21:
1c:39:18:69:49:40:1b:4d:f1:94:00:7a:4f:f1:d8:
00:09:f7:38:f9:fe:7f:c5:ee:d4:29:be:af:3c:03:
98:d4:a4:00:cb:78:b4:34:fa:32:4f:75:f1:af:04:
70:f3:26:61:45:0a:1e:78:f0:80:82:4c:86:56:7c:
b8:f2:5b:5d:d2:89:c0:1b:6a:de:aa:33:24:71:8d:
5d:d3:57:d9:f2:f3:4d:db:2a:42:bd:db:64:19:66:
8a:db:a4:d4:77:7a:43:7d:62:fc:f4:d5:23:f1:00:
e5:b7:23:81:c7:ce:b5:5d:52:89:af:f5:79:16:28:
67:8b:a4:3c:9d:97:c6:f8:19:8d:eb:61:1c:bd:79:
2f:76:c9:48:5e:c8:57:74:70:ea:f6:60:f5:f7:66:
52:75:7a:2c:f6:6a:cf:bb:87:98:59:31:34:35:3c:
e1:fc:49:f6:69:a2:f9:34:95:20:90:22:2d:24:8a:
7f:bd:70:ce:4f:5d:94:b4:f1:45:1e:b2:b2:70:65:
92:46:61:f8:4d:76:e9:3a:c5:84:f3:78:2e:36:e8:
63:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:96:EE:7C:81:AE:83:44:B4:D8:9C:D4:A5:49:66:EE:9A:CC:60:DC
X509v3 Authority Key Identifier:
keyid:65:53:C3:C2:18:0B:97:E2:EB:37:CB:71:F6:A1:CE:AA:7B:95:CA:47
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/ZVPDwhgLl-LrN8tx9qHOqnuVykc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZVPDwhgLl-LrN8tx9qHOqnuVykc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A8219/EC0A70F8EA8011E78B42A432C4F9AE02/314E917C651E11E8A8903D42C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.29.200.0/22
115.146.64.0/20
119.63.216.0/21
IPv6:
2402:7400::/32
Signature Algorithm: sha256WithRSAEncryption
8a:03:33:dc:4d:64:7b:26:aa:81:6d:4b:47:7a:76:40:e5:75:
28:45:7d:0d:cf:a3:17:f0:1a:90:04:33:f7:34:88:dc:70:08:
f9:19:35:1e:16:ca:01:a6:cd:0f:9d:db:15:cc:65:08:9d:14:
18:4d:d5:1d:e5:cb:d6:5d:7a:e8:aa:8a:27:d4:68:50:7e:cf:
77:44:bb:84:f3:3f:13:31:e2:8a:e9:08:4d:ba:9c:b4:4d:16:
9f:e9:5d:21:b2:78:cf:0e:de:04:24:9d:3c:6b:19:63:a5:92:
c5:41:63:b1:ea:70:90:e8:86:d8:91:83:93:52:b7:64:a3:bc:
55:20:48:ab:1f:e1:fe:3d:61:bd:14:79:d2:67:4a:a3:52:72:
2a:f1:32:f7:b0:2c:e0:b7:6e:bb:94:21:fa:14:ea:6c:0a:4d:
18:4a:62:63:a9:89:4c:3d:50:82:58:06:ba:36:f3:98:e5:3c:
3d:45:e4:c3:f9:a2:e9:0f:d5:7d:54:af:75:c2:f1:39:ea:44:
36:96:7f:ee:d3:e9:85:38:37:61:1a:89:2e:c5:f6:b6:16:44:
25:27:bb:9e:78:ea:0b:aa:33:31:31:14:42:98:61:1e:84:48:
9e:7c:d1:fc:b7:f9:24:7f:de:85:d1:c5:73:8e:ac:e7:8f:e5:
3c:36:83:7f
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICFuUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTgyMTkxMTAvBgNVBAUTKDY1NTNDM0MyMTgwQjk3RTJFQjM3Q0I3MUY2QTFDRUFB
N0I5NUNBNDcwHhcNMjUwMzE4MTcwNTA3WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2Q5YTdjMy04OGM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmld5AAkpalHTLxBm9D3TSEZlEBW18r+hD6U0Q5ixpN8CqkFVxKAnwl9H/CEc
ORhpSUAbTfGUAHpP8dgACfc4+f5/xe7UKb6vPAOY1KQAy3i0NPoyT3XxrwRw8yZh
RQoeePCAgkyGVny48ltd0onAG2reqjMkcY1d01fZ8vNN2ypCvdtkGWaK26TUd3pD
fWL89NUj8QDltyOBx861XVKJr/V5Fihni6Q8nZfG+BmN62EcvXkvdslIXshXdHDq
9mD192ZSdXos9mrPu4eYWTE0NTzh/En2aaL5NJUgkCItJIp/vXDOT12UtPFFHrKy
cGWSRmH4TXbpOsWE83guNuhjeQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFOyW7nyB
roNEtNic1KVJZu6azGDcMB8GA1UdIwQYMBaAFGVTw8IYC5fi6zfLcfahzqp7lcpH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBODIxOS9FQzBBNzBGOEVB
ODAxMUU3OEI0MkE0MzJDNEY5QUUwMi9aVlBEd2hnTGwtTHJOOHR4OXFIT3FudVZ5
a2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pWUER3aGdMbC1Mck44dHg5cUhPcW51VnlrYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTgyMTkvRUMwQTcwRjhFQTgwMTFFNzhCNDJBNDMyQzRGOUFFMDIvMzE0RTkxN0M2
NTFFMTFFOEE4OTAzRDQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJnHcgDBARzkkADBAN3P9gwDQQCAAIwBwMFACQCdAAwDQYJ
KoZIhvcNAQELBQADggEBAIoDM9xNZHsmqoFtS0d6dkDldShFfQ3PoxfwGpAEM/c0
iNxwCPkZNR4WygGmzQ+d2xXMZQidFBhN1R3ly9ZdeuiqiifUaFB+z3dEu4TzPxMx
4orpCE26nLRNFp/pXSGyeM8O3gQknTxrGWOlksVBY7HqcJDohtiRg5NSt2SjvFUg
SKsf4f49Yb0UedJnSqNScirxMvewLOC3bruUIfoU6mwKTRhKYmOpiUw9UIJYBro2
85jlPD1F5MP5oukP1X1Ur3XC8TnqRDaWf+7T6YU4N2EaiS7F9rYWRCUnu5546guq
MzExFEKYYR6ESJ580fy3+SR/3oXRxXOOrOeP5Tw2g38=
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:14:10 2025 by rpki-client