Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
File: 801B5CA0D49711EFBF7D3414C4F9AE02.roa (raw, json)
Hash identifier: OeaX4Y36BcWO+hpCFTJVXRa1o/dq7PQS00iGf5uCP9s=
Subject key identifier: 87:15:F6:6D:6D:4A:76:18:3F:A7:D8:B7:67:05:1C:35:B5:C6:41:99
Certificate issuer: /CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Certificate serial: 11FE
Authority key identifier: F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
Signing time: Fri 17 Jan 2025 05:55:13 +0000
ROA not before: Fri 17 Jan 2025 05:55:13 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 7600
IP address blocks: 14.102.136.0/21 maxlen: 24
43.247.116.0/22 maxlen: 24
103.237.160.0/22 maxlen: 22
103.237.160.0/22 maxlen: 24
103.237.160.0/24 maxlen: 24
115.42.0.0/20 maxlen: 24
115.42.16.0/20 maxlen: 24
122.129.221.0/24 maxlen: 24
122.129.222.0/24 maxlen: 24
123.136.32.0/19 maxlen: 19
203.18.23.0/24 maxlen: 24
203.25.185.0/24 maxlen: 24
203.57.0.0/23 maxlen: 23
210.56.80.0/20 maxlen: 20
210.56.80.0/21 maxlen: 24
210.56.88.0/21 maxlen: 21
210.56.88.0/24 maxlen: 24
210.56.90.0/24 maxlen: 24
210.56.90.192/26 maxlen: 26
210.56.91.0/24 maxlen: 24
210.56.95.0/24 maxlen: 24
2404:9600::/32 maxlen: 32
2404:9600:300::/40 maxlen: 40
2404:9601::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 17:14:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4606 (0x11fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B268A
Validity
Not Before: Jan 17 05:55:13 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=6789f0c0-ecec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:63:c1:9d:2c:14:b2:ae:7f:28:29:11:19:e6:
8f:2e:75:3d:79:9d:90:9b:0a:31:e7:c2:8f:53:17:
c6:25:1b:30:cc:87:3f:b6:be:27:c1:c8:86:3f:a6:
f5:f8:64:45:cd:fe:fc:54:fa:bf:a3:a3:b1:e2:54:
10:ea:04:7f:75:7c:88:8d:df:74:43:58:32:e2:ef:
c5:c7:3b:5a:f7:d8:6f:36:61:64:f3:bd:da:50:0c:
f0:84:eb:ad:a6:77:e7:9d:76:43:f3:ec:1e:31:ab:
c3:bc:c6:ce:41:05:a5:d0:5c:be:35:c4:c4:b5:e6:
6e:c3:6f:13:6b:ac:22:f8:bb:92:89:7b:da:e0:37:
0c:e6:2c:bc:d3:a3:c8:8a:f6:d3:a1:1c:1e:83:a6:
99:7a:e8:eb:69:fc:85:34:98:43:93:89:be:7f:cb:
24:33:33:51:85:c9:99:5f:6a:53:a1:53:57:eb:e8:
ac:1e:82:76:72:2b:37:5b:f5:e2:26:1f:d1:bb:a6:
fd:e4:b9:01:5e:c9:01:6c:f9:93:91:ce:0a:8a:95:
74:aa:c4:7e:d2:76:87:11:f9:75:36:57:3d:4f:3f:
84:c1:1e:f8:0f:bd:05:e3:f0:c3:40:8e:2f:be:c7:
13:da:c4:68:92:4a:32:cc:3a:7d:48:29:f2:60:bf:
4b:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:15:F6:6D:6D:4A:76:18:3F:A7:D8:B7:67:05:1C:35:B5:C6:41:99
X509v3 Authority Key Identifier:
keyid:F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.136.0/21
43.247.116.0/22
103.237.160.0/22
115.42.0.0/19
122.129.221.0-122.129.222.255
123.136.32.0/19
203.18.23.0/24
203.25.185.0/24
203.57.0.0/23
210.56.80.0/20
IPv6:
2404:9600::/31
Signature Algorithm: sha256WithRSAEncryption
69:ad:78:3c:cf:48:1e:b5:ac:b1:ff:3b:54:72:5b:16:37:e0:
ad:59:8f:87:bb:2c:97:3a:ea:95:76:aa:e1:e5:4f:b1:8e:fb:
dd:ed:5e:fd:e9:5b:f7:fe:c2:0c:fe:5e:16:49:7e:32:24:ab:
9d:04:d6:fa:c3:b1:0a:be:c3:96:17:5d:08:d1:f4:58:38:2d:
ca:36:ca:41:f3:07:65:85:9b:19:19:bd:d2:c9:08:61:0c:18:
db:c0:b5:74:28:64:cf:f7:84:f4:8b:5e:62:0e:d3:6f:10:22:
8a:06:8d:f9:16:64:86:02:cb:81:82:68:c3:55:85:cf:28:68:
73:3c:c4:b7:86:6b:f7:5a:f6:dc:73:63:82:4b:7e:58:4a:2e:
5e:18:b4:49:6a:7d:bb:fd:8d:5a:28:cf:d4:04:44:6c:cb:03:
c7:a6:87:6e:24:37:82:69:cd:d8:f4:9e:ec:de:de:df:0a:8d:
65:dc:ab:06:26:cd:c9:02:be:27:4e:97:0c:fd:65:74:19:0f:
c2:d8:38:00:86:66:7e:d9:fc:67:f3:08:99:19:62:ff:68:94:
0d:18:1a:46:1c:c7:86:09:a5:6f:45:5c:30:58:46:73:3a:00:
c0:12:51:ab:9e:59:c8:9f:99:36:90:64:4d:6f:98:23:b4:73:
87:9f:d5:b7
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICEf4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI2OEExMTAvBgNVBAUTKEY4RUVDRTdEM0MwQ0Y1OTIyRUEzRDgwMzU1MzYzODgy
M0ZBRUVBMDgwHhcNMjUwMTE3MDU1NTEzWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzg5ZjBjMC1lY2VjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvmPBnSwUsq5/KCkRGeaPLnU9eZ2Qmwox58KPUxfGJRswzIc/tr4nwciGP6b1
+GRFzf78VPq/o6Ox4lQQ6gR/dXyIjd90Q1gy4u/Fxzta99hvNmFk873aUAzwhOut
pnfnnXZD8+weMavDvMbOQQWl0Fy+NcTEteZuw28Ta6wi+LuSiXva4DcM5iy806PI
ivbToRweg6aZeujrafyFNJhDk4m+f8skMzNRhcmZX2pToVNX6+isHoJ2cis3W/Xi
Jh/Ru6b95LkBXskBbPmTkc4KipV0qsR+0naHEfl1Nlc9Tz+EwR74D70F4/DDQI4v
vscT2sRokkoyzDp9SCnyYL9LnQIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFIcV9m1t
SnYYP6fYt2cFHDW1xkGZMB8GA1UdIwQYMBaAFPjuzn08DPWSLqPYA1U2OII/ruoI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjY4QS84NEZCNEM5Q0RE
QTExMUU4QTJFNzhBNjlDNEY5QUUwMi8tTzdPZlR3TTlaSXVvOWdEVlRZNGdqLXU2
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1PN09mVHdNOVpJdW85Z0RWVFk0Z2otdTZnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI2OEEvODRGQjRDOUNEREExMTFFOEEyRTc4QTY5QzRGOUFFMDIvODAxQjVDQTBE
NDk3MTFFRkJGN0QzNDE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDBAMOZogDBAIr93QDBAJn7aADBAVzKgAwDAMEAHqB3QMEAHqB
3gMEBXuIIAMEAMsSFwMEAMsZuQMEAcs5AAMEBNI4UDANBAIAAjAHAwUBJASWADAN
BgkqhkiG9w0BAQsFAAOCAQEAaa14PM9IHrWssf87VHJbFjfgrVmPh7sslzrqlXaq
4eVPsY773e1e/elb9/7CDP5eFkl+MiSrnQTW+sOxCr7DlhddCNH0WDgtyjbKQfMH
ZYWbGRm90skIYQwY28C1dChkz/eE9IteYg7TbxAiigaN+RZkhgLLgYJow1WFzyho
czzEt4Zr91r23HNjgkt+WEouXhi0SWp9u/2NWijP1AREbMsDx6aHbiQ3gmnN2PSe
7N7e3wqNZdyrBibNyQK+J06XDP1ldBkPwtg4AIZmftn8Z/MImRli/2iUDRgaRhzH
hgmlb0VcMFhGczoAwBJRq55ZyJ+ZNpBkTW+YI7Rzh5/Vtw==
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:58:16 2025 by rpki-client