Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/5CB880EA0B9B11F09EBD312DC4F9AE02.roa
File: 5CB880EA0B9B11F09EBD312DC4F9AE02.roa (raw, json)
Hash identifier: Ec2NCnrqSRluhVLEClrhexd6/1RfxYvDUeGABixh+Cc=
Subject key identifier: B7:76:49:0A:97:D2:97:F5:9C:42:8D:4C:1D:D2:5F:B3:8E:D1:9A:9C
Certificate issuer: /CN=A91CEBCA/serialNumber=FE826EE9BC12DAAD3B197471B0413F1EB2082635
Certificate serial: 3485
Authority key identifier: FE:82:6E:E9:BC:12:DA:AD:3B:19:74:71:B0:41:3F:1E:B2:08:26:35
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/5CB880EA0B9B11F09EBD312DC4F9AE02.roa
Signing time: Fri 28 Mar 2025 06:10:35 +0000
ROA not before: Fri 28 Mar 2025 06:10:35 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 17666
IP address blocks: 43.246.164.0/24 maxlen: 24
43.246.166.0/24 maxlen: 24
43.246.167.0/24 maxlen: 24
111.67.32.0/24 maxlen: 24
111.67.33.0/24 maxlen: 24
111.67.34.0/24 maxlen: 24
111.67.35.0/24 maxlen: 24
111.67.38.0/24 maxlen: 24
111.67.39.0/24 maxlen: 24
111.67.42.0/24 maxlen: 24
111.67.43.0/24 maxlen: 24
111.67.44.0/24 maxlen: 24
111.67.45.0/24 maxlen: 24
111.67.46.0/24 maxlen: 24
111.67.47.0/24 maxlen: 24
202.9.96.0/22 maxlen: 22
202.9.100.0/24 maxlen: 24
202.9.101.0/24 maxlen: 24
202.9.102.0/24 maxlen: 24
202.9.103.0/24 maxlen: 24
202.9.104.0/23 maxlen: 24
202.9.106.0/24 maxlen: 24
202.9.107.0/24 maxlen: 24
202.87.96.0/22 maxlen: 22
202.87.96.0/24 maxlen: 24
202.87.97.0/24 maxlen: 24
202.87.98.0/24 maxlen: 24
202.87.99.0/24 maxlen: 24
202.87.104.0/24 maxlen: 24
202.87.105.0/24 maxlen: 24
202.87.106.0/24 maxlen: 24
202.87.107.0/24 maxlen: 24
202.87.108.0/24 maxlen: 24
202.87.109.0/24 maxlen: 24
202.87.110.0/24 maxlen: 24
202.87.111.0/24 maxlen: 24
202.87.112.0/24 maxlen: 24
202.87.113.0/24 maxlen: 24
202.87.114.0/24 maxlen: 24
202.87.115.0/24 maxlen: 24
202.87.116.0/24 maxlen: 24
202.87.117.0/24 maxlen: 24
202.87.118.0/24 maxlen: 24
202.87.119.0/24 maxlen: 24
202.87.120.0/24 maxlen: 24
202.87.121.0/24 maxlen: 24
202.87.122.0/24 maxlen: 24
202.87.123.0/24 maxlen: 24
202.87.124.0/24 maxlen: 24
202.87.125.0/24 maxlen: 24
202.87.126.0/24 maxlen: 24
202.87.127.0/24 maxlen: 24
2401:200::/32 maxlen: 32
2401:200::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.crl
rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 12 Apr 2025 07:53:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13445 (0x3485)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CEBCA
Validity
Not Before: Mar 28 06:10:35 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67e63d5b-5a5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:ef:24:52:0c:c6:47:82:47:92:21:c6:f6:44:
cf:aa:20:bf:7a:85:47:ad:2d:47:57:b4:f5:64:d6:
17:91:d7:89:ed:6b:08:15:7d:d8:3a:c7:eb:ab:07:
42:7b:48:3a:46:98:fe:65:d4:8e:6f:44:08:43:2b:
01:17:56:3a:90:fa:97:4b:55:08:a0:9c:9a:de:27:
c0:44:2c:2d:c7:b4:0b:1b:9e:82:63:32:bf:f0:4b:
de:89:7e:36:14:c2:1b:a8:90:38:cb:91:87:1b:9c:
bb:ae:67:12:9c:0a:ae:cf:49:2f:49:21:c9:48:be:
ae:70:3b:02:bb:b7:f3:46:cf:4f:00:51:4a:7f:74:
ff:90:70:50:d3:8a:7b:01:75:2f:e9:b0:83:dc:14:
86:10:30:60:b2:26:c4:9d:52:80:63:c5:8f:d1:0d:
94:1a:ab:86:9d:f6:3e:a3:ec:ef:d4:78:d9:25:7b:
5d:5c:3a:0a:5e:0e:2f:32:d0:d5:8b:02:0a:58:d5:
ee:6e:40:a2:b9:59:74:4d:e7:db:ae:23:2e:64:16:
02:59:f3:e9:b5:a9:77:04:a1:63:1d:be:2e:47:2f:
23:12:12:3a:2f:92:ab:80:bb:f3:e5:33:48:ea:83:
ea:fa:43:0c:3d:36:40:ec:d6:0d:29:94:82:68:9e:
ac:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:76:49:0A:97:D2:97:F5:9C:42:8D:4C:1D:D2:5F:B3:8E:D1:9A:9C
X509v3 Authority Key Identifier:
keyid:FE:82:6E:E9:BC:12:DA:AD:3B:19:74:71:B0:41:3F:1E:B2:08:26:35
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/5CB880EA0B9B11F09EBD312DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.246.164.0/24
43.246.166.0/23
111.67.32.0/22
111.67.38.0/23
111.67.42.0-111.67.47.255
202.9.96.0-202.9.107.255
202.87.96.0/22
202.87.104.0-202.87.127.255
IPv6:
2401:200::/32
Signature Algorithm: sha256WithRSAEncryption
59:1c:32:b8:ae:58:c5:6f:e3:6e:43:3f:95:04:34:55:2f:d9:
08:1d:ab:b0:6c:1a:13:ca:08:3c:d7:34:7d:9b:35:ce:ac:93:
44:3e:f1:e9:c1:33:52:1e:11:24:5c:3d:22:02:bf:e9:a0:af:
a9:78:62:04:0b:68:3f:db:ad:b5:14:e0:34:9e:7f:e6:70:f8:
a8:c5:05:3e:a5:92:db:3f:bc:c0:92:06:34:30:06:f9:7c:39:
ff:f1:b3:42:0d:5e:fe:84:6a:4d:37:78:49:d2:be:10:19:16:
1e:c4:75:69:cc:97:f0:36:c4:58:22:cf:56:b3:bf:00:7a:2d:
2a:16:2a:09:8c:99:48:5c:76:2a:19:8c:4f:41:0c:ce:c9:64:
a6:b6:09:3a:97:34:a4:36:01:8b:ca:da:31:e8:8d:9d:5f:c1:
00:54:85:2e:ce:a8:0d:fd:f6:3c:d0:33:ff:07:bb:bc:ac:ae:
9b:a9:91:93:26:08:e4:36:5e:49:40:59:c8:d6:42:9e:1f:f5:
1a:cc:10:05:65:7f:0a:b9:79:94:2b:47:74:48:6f:49:ec:f6:
c7:42:02:e3:01:ae:d0:fe:34:b3:e9:46:dc:5f:e3:30:25:48:
9b:fd:bd:03:73:53:ac:b5:c1:66:45:56:9c:8f:56:79:42:4e:
a5:17:48:5e
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgICNIUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0VCQ0ExMTAvBgNVBAUTKEZFODI2RUU5QkMxMkRBQUQzQjE5NzQ3MUIwNDEzRjFF
QjIwODI2MzUwHhcNMjUwMzI4MDYxMDM1WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2U2M2Q1Yi01YTViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwu8kUgzGR4JHkiHG9kTPqiC/eoVHrS1HV7T1ZNYXkdeJ7WsIFX3YOsfrqwdC
e0g6Rpj+ZdSOb0QIQysBF1Y6kPqXS1UIoJya3ifARCwtx7QLG56CYzK/8EveiX42
FMIbqJA4y5GHG5y7rmcSnAquz0kvSSHJSL6ucDsCu7fzRs9PAFFKf3T/kHBQ04p7
AXUv6bCD3BSGEDBgsibEnVKAY8WP0Q2UGquGnfY+o+zv1HjZJXtdXDoKXg4vMtDV
iwIKWNXubkCiuVl0TefbriMuZBYCWfPptal3BKFjHb4uRy8jEhI6L5KrgLvz5TNI
6oPq+kMMPTZA7NYNKZSCaJ6ssQIDAQABo4IC5jCCAuIwHQYDVR0OBBYEFLd2SQqX
0pf1nEKNTB3SX7OO0ZqcMB8GA1UdIwQYMBaAFP6Cbum8EtqtOxl0cbBBPx6yCCY1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRUJDQS9CNTg4QjRBNjFE
ODgxMUUyOENBRThGRTEwOEIwMkNEMi9fb0p1NmJ3UzJxMDdHWFJ4c0VFX0hySUlK
alUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19vSnU2YndTMnEwN0dYUnhzRUVfSHJJSUpqVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0VCQ0EvQjU4OEI0QTYxRDg4MTFFMjhDQUU4RkUxMDhCMDJDRDIvNUNCODgwRUEw
QjlCMTFGMDlFQkQzMTJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcAYIKwYBBQUHAQcBAf8E
YTBfME4EAgABMEgDBAAr9qQDBAEr9qYDBAJvQyADBAFvQyYwDAMEAW9DKgMEBG9D
IDAMAwQFyglgAwQCygloAwQCyldgMAwDBAPKV2gDBAfKVwAwDQQCAAIwBwMFACQB
AgAwDQYJKoZIhvcNAQELBQADggEBAFkcMriuWMVv425DP5UENFUv2Qgdq7BsGhPK
CDzXNH2bNc6sk0Q+8enBM1IeESRcPSICv+mgr6l4YgQLaD/brbUU4DSef+Zw+KjF
BT6lkts/vMCSBjQwBvl8Of/xs0INXv6Eak03eEnSvhAZFh7EdWnMl/A2xFgiz1az
vwB6LSoWKgmMmUhcdioZjE9BDM7JZKa2CTqXNKQ2AYvK2jHojZ1fwQBUhS7OqA39
9jzQM/8Hu7ysrpupkZMmCOQ2XklAWcjWQp4f9RrMEAVlfwq5eZQrR3RIb0ns9sdC
AuMBrtD+NLPpRtxf4zAlSJv9vQNzU6y1wWZFVpyPVnlCTqUXSF4=
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:29:14 2025 by rpki-client