Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
File: 01BB1B8E7C0411EFB0D29158C4F9AE02.roa (raw, json)
Hash identifier: KU0OYgNotYA3UtDO5hlxYlQJ813PAymWu54BIJPXlUQ=
Subject key identifier: 56:D1:E0:42:FE:7F:33:1A:57:70:C5:17:BD:99:24:FF:4F:D7:11:AE
Certificate issuer: /CN=A91D298D/serialNumber=FEF2C1C4EA0964477514C1AA946E6C41778D06BF
Certificate serial: 0831
Authority key identifier: FE:F2:C1:C4:EA:09:64:47:75:14:C1:AA:94:6E:6C:41:77:8D:06:BF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
Signing time: Thu 27 Feb 2025 13:16:43 +0000
ROA not before: Thu 27 Feb 2025 13:16:43 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 138423
IP address blocks: 111.119.175.0/24 maxlen: 24
115.42.72.0/21 maxlen: 24
121.91.56.0/23 maxlen: 24
121.91.60.0/23 maxlen: 24
121.91.62.0/23 maxlen: 24
144.48.0.0/22 maxlen: 24
223.123.0.0/24 maxlen: 24
223.123.32.0/24 maxlen: 24
223.123.33.0/24 maxlen: 24
223.123.34.0/24 maxlen: 24
223.123.35.0/24 maxlen: 24
223.123.36.0/24 maxlen: 24
223.123.37.0/24 maxlen: 24
223.123.38.0/24 maxlen: 24
223.123.39.0/24 maxlen: 24
223.123.40.0/24 maxlen: 24
223.123.41.0/24 maxlen: 24
223.123.42.0/24 maxlen: 24
223.123.43.0/24 maxlen: 24
223.123.44.0/24 maxlen: 24
223.123.45.0/24 maxlen: 24
223.123.46.0/24 maxlen: 24
223.123.47.0/24 maxlen: 24
223.123.100.0/23 maxlen: 24
223.123.102.0/23 maxlen: 24
223.123.122.0/23 maxlen: 24
223.123.124.0/23 maxlen: 24
223.123.126.0/23 maxlen: 24
2402:ad80:c0::/44 maxlen: 48
2402:ad80:d0::/44 maxlen: 48
2402:ad80:e0::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.crl
rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 21:16:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2097 (0x831)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D298D
Validity
Not Before: Feb 27 13:16:43 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67c065ba-4788
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:cf:a3:ec:57:29:0b:84:9f:d7:5b:ea:67:2c:
e1:b3:26:96:6b:b3:04:0f:c4:ec:2e:a5:c7:af:0f:
e2:81:31:e1:29:6a:db:27:fd:d8:a1:e9:b8:9d:f1:
ae:1c:41:0a:31:0f:ef:42:f1:37:45:ee:13:6b:eb:
dc:06:44:29:b2:03:f7:be:e3:a0:72:77:99:6d:9f:
1d:8f:8e:80:e1:ad:83:c8:cc:81:44:fd:31:30:33:
96:6f:9e:82:00:ef:d9:6a:68:34:50:7e:a8:45:c7:
fe:b4:fa:ea:23:f4:31:57:4a:42:1f:92:92:d0:d5:
9b:07:00:d4:2c:29:62:e8:27:04:c1:e7:d6:63:a5:
7d:3a:c9:49:44:e5:7e:c1:64:14:5e:27:37:13:57:
24:16:d4:80:b0:7a:14:32:68:bb:2d:8a:15:a8:6c:
64:12:f7:f8:81:93:6d:a1:b6:d2:30:44:47:b0:ce:
85:21:7c:f4:62:38:23:2c:66:ed:03:cf:35:c6:a7:
1b:9d:2e:01:e3:15:3c:c6:f0:b2:be:b9:fe:d6:d7:
0b:71:f0:aa:07:9b:35:f1:3a:56:4e:44:f3:ff:32:
df:c9:b9:2a:35:6c:bc:48:d1:af:38:7e:d2:56:7a:
bf:03:44:72:23:be:a7:fe:18:09:4d:0b:69:4f:33:
e6:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:D1:E0:42:FE:7F:33:1A:57:70:C5:17:BD:99:24:FF:4F:D7:11:AE
X509v3 Authority Key Identifier:
keyid:FE:F2:C1:C4:EA:09:64:47:75:14:C1:AA:94:6E:6C:41:77:8D:06:BF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
111.119.175.0/24
115.42.72.0/21
121.91.56.0/23
121.91.60.0/22
144.48.0.0/22
223.123.0.0/24
223.123.32.0/20
223.123.100.0/22
223.123.122.0-223.123.127.255
IPv6:
2402:ad80:c0::-2402:ad80:ef:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
47:7d:75:84:a5:8c:42:f1:a4:9c:25:6d:89:22:59:fa:44:f2:
0d:35:30:38:c1:9b:bc:b9:db:37:c1:84:45:40:be:72:0c:1d:
1b:6e:17:23:ce:23:b2:fc:1b:94:7f:77:9d:59:0b:25:71:72:
f6:72:34:1b:b6:be:79:a5:06:40:c9:a4:64:fb:87:2a:10:55:
6a:eb:78:7b:4e:5d:c6:d8:f2:a6:72:a1:42:d1:57:c0:21:a6:
e5:25:f0:36:83:d8:6b:45:d2:34:47:f0:70:35:e0:d7:94:e1:
9d:bf:30:d0:fa:db:fe:2a:37:77:82:ba:10:58:36:f7:70:28:
dd:e8:20:e9:6d:11:8e:e1:f3:a2:4e:e4:5a:2c:1f:a8:c5:dd:
b7:c4:9c:ba:b5:e1:2e:1a:c5:da:e5:3a:f3:5c:fe:00:f6:d0:
08:e0:8c:98:f4:d9:c8:c1:2e:d8:d1:76:da:3d:29:c5:2d:c0:
4e:e8:65:ae:d7:5d:20:8d:0b:0a:19:40:52:59:97:b3:15:a3:
2f:fb:22:61:06:c1:6f:e5:1a:d7:56:b1:7d:03:24:ca:7c:05:
e6:56:5c:a0:26:b2:f9:4d:0a:d7:31:85:71:48:e4:ff:d0:84:
ec:ff:94:c8:d5:26:69:4b:63:50:38:86:0c:cb:94:45:94:fd:
7f:09:a4:96
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgICCDEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDI5OEQxMTAvBgNVBAUTKEZFRjJDMUM0RUEwOTY0NDc3NTE0QzFBQTk0NkU2QzQx
Nzc4RDA2QkYwHhcNMjUwMjI3MTMxNjQzWhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MwNjViYS00Nzg4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA28+j7FcpC4Sf11vqZyzhsyaWa7MED8TsLqXHrw/igTHhKWrbJ/3Yoem4nfGu
HEEKMQ/vQvE3Re4Ta+vcBkQpsgP3vuOgcneZbZ8dj46A4a2DyMyBRP0xMDOWb56C
AO/Zamg0UH6oRcf+tPrqI/QxV0pCH5KS0NWbBwDULCli6CcEwefWY6V9OslJROV+
wWQUXic3E1ckFtSAsHoUMmi7LYoVqGxkEvf4gZNtobbSMERHsM6FIXz0YjgjLGbt
A881xqcbnS4B4xU8xvCyvrn+1tcLcfCqB5s18TpWTkTz/zLfybkqNWy8SNGvOH7S
Vnq/A0RyI76n/hgJTQtpTzPm3wIDAQABo4IC6TCCAuUwHQYDVR0OBBYEFFbR4EL+
fzMaV3DFF72ZJP9P1xGuMB8GA1UdIwQYMBaAFP7ywcTqCWRHdRTBqpRubEF3jQa/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMjk4RC8zMzdBNjQzMkYx
QTYxMUVBQjk1QzBFMkZDNEY5QUUwMi9fdkxCeE9vSlpFZDFGTUdxbEc1c1FYZU5C
cjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL192TEJ4T29KWkVkMUZNR3FsRzVzUVhlTkJyOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDI5OEQvMzM3QTY0MzJGMUE2MTFFQUI5NUMwRTJGQzRGOUFFMDIvMDFCQjFCOEU3
QzA0MTFFRkIwRDI5MTU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcwYIKwYBBQUHAQcBAf8E
ZDBiMEQEAgABMD4DBABvd68DBANzKkgDBAF5WzgDBAJ5WzwDBAKQMAADBADfewAD
BATfeyADBALfe2QwDAMEAd97egMEB997ADAaBAIAAjAUMBIDBwYkAq2AAMADBwQk
Aq2AAOAwDQYJKoZIhvcNAQELBQADggEBAEd9dYSljELxpJwlbYkiWfpE8g01MDjB
m7y52zfBhEVAvnIMHRtuFyPOI7L8G5R/d51ZCyVxcvZyNBu2vnmlBkDJpGT7hyoQ
VWrreHtOXcbY8qZyoULRV8AhpuUl8DaD2GtF0jRH8HA14NeU4Z2/MND62/4qN3eC
uhBYNvdwKN3oIOltEY7h86JO5FosH6jF3bfEnLq14S4axdrlOvNc/gD20AjgjJj0
2cjBLtjRdto9KcUtwE7oZa7XXSCNCwoZQFJZl7MVoy/7ImEGwW/lGtdWsX0DJMp8
BeZWXKAmsvlNCtcxhXFI5P/QhOz/lMjVJmlLY1A4hgzLlEWU/X8JpJY=
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:12:40 2025 by rpki-client