Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/4F3ABD0EE1BE11EFBB23912EC4F9AE02.roa
File: 4F3ABD0EE1BE11EFBB23912EC4F9AE02.roa (raw, json)
Hash identifier: dz/S8eDbHmndjXTOuJkGfGiQYc10aVqQzusp0F+1yvQ=
Subject key identifier: B9:FE:9A:AC:74:50:2D:4C:B3:E1:73:B5:34:BC:5D:52:06:E6:53:E5
Certificate issuer: /CN=A91E7290/serialNumber=8D5BAB370CA92E4F5FD789FC2273310F9AEA38F6
Certificate serial: 04F9
Authority key identifier: 8D:5B:AB:37:0C:A9:2E:4F:5F:D7:89:FC:22:73:31:0F:9A:EA:38:F6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jVurNwypLk9f14n8InMxD5rqOPY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/4F3ABD0EE1BE11EFBB23912EC4F9AE02.roa
Signing time: Tue 04 Feb 2025 23:42:25 +0000
ROA not before: Tue 04 Feb 2025 23:42:25 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 134504
IP address blocks: 103.43.168.0/22 maxlen: 22
103.43.168.0/24 maxlen: 24
103.43.169.0/24 maxlen: 24
103.43.170.0/24 maxlen: 24
103.43.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/jVurNwypLk9f14n8InMxD5rqOPY.crl
rsync://rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/jVurNwypLk9f14n8InMxD5rqOPY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jVurNwypLk9f14n8InMxD5rqOPY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 23:28:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1273 (0x4f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E7290, serialNumber=8D5BAB370CA92E4F5FD789FC2273310F9AEA38F6
Validity
Not Before: Feb 4 23:42:25 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67a2a5e1-55ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:06:c3:1b:56:99:0a:d3:1d:ca:28:66:28:d8:
ee:6f:19:b2:41:cc:7f:4d:7f:6a:72:09:63:cc:02:
8f:76:24:d0:57:e1:a7:f8:98:bb:10:ad:e7:01:7f:
ff:cb:3b:1c:ae:97:52:ff:a9:02:f1:75:a3:da:0d:
3f:8e:57:85:40:1c:35:32:fa:78:b3:e8:ad:db:2f:
20:ad:e3:54:8b:09:98:12:cd:52:10:c7:6b:55:12:
07:e8:aa:32:c2:e9:82:a6:21:2e:67:61:de:60:8e:
fa:20:52:92:4c:6a:31:1d:b6:4b:d7:92:a2:18:b5:
2d:b6:34:d1:5b:6b:c9:48:8b:b2:90:a0:8a:29:52:
60:1f:6c:5a:4b:60:39:30:13:27:62:89:ac:db:c5:
3c:79:14:dc:b4:e9:f2:54:c9:ca:c7:f8:70:be:54:
9b:e6:43:d5:bb:f8:c9:27:61:5e:e7:6a:11:c2:20:
df:ef:d4:96:ad:a2:6a:ac:36:8d:4f:1c:d8:38:91:
d4:d5:76:0c:a5:a2:b2:14:41:2c:89:75:d4:07:c3:
80:c1:f4:4c:e6:46:19:4c:30:24:8c:fa:67:a2:13:
ba:50:f3:8c:f3:40:e9:0c:40:16:ed:75:1e:1b:53:
46:dd:bb:0b:04:45:19:80:6e:27:8d:eb:3f:1c:e8:
2c:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:FE:9A:AC:74:50:2D:4C:B3:E1:73:B5:34:BC:5D:52:06:E6:53:E5
X509v3 Authority Key Identifier:
keyid:8D:5B:AB:37:0C:A9:2E:4F:5F:D7:89:FC:22:73:31:0F:9A:EA:38:F6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/jVurNwypLk9f14n8InMxD5rqOPY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jVurNwypLk9f14n8InMxD5rqOPY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E7290/F68141E00B0311ECA4460754C4F9AE02/4F3ABD0EE1BE11EFBB23912EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.43.168.0/22
Signature Algorithm: sha256WithRSAEncryption
c8:26:df:7e:2d:43:d8:ff:be:79:ce:73:ae:de:30:78:84:ec:
c4:94:c5:39:b4:d9:c1:86:ff:c2:39:0e:ec:5f:60:53:ce:82:
fb:11:e1:dc:78:e5:bc:a7:6f:8e:46:41:c3:60:27:f8:60:21:
96:f4:db:0a:f3:78:46:42:09:23:d1:77:d2:57:be:1a:37:5b:
12:cd:75:38:9b:ad:2e:94:9d:6a:b0:31:2f:52:fa:79:90:bb:
78:6b:f3:97:b5:9e:58:16:7c:84:d3:c3:29:8b:8d:a4:1f:9b:
98:ef:f1:63:c0:14:f8:a0:8b:43:f2:33:fb:3d:3d:37:a6:1a:
88:a7:aa:c0:0f:e6:5f:36:19:75:12:b2:5c:40:30:9c:c3:d1:
dd:56:71:d6:2a:1d:b0:2a:3a:b0:6b:0c:2a:f8:ba:5b:53:aa:
2a:95:ef:35:ac:36:9d:ae:80:4a:38:62:c0:d4:4c:ef:5f:b4:
aa:1c:30:d6:48:3a:56:3a:e1:bf:59:0d:eb:b8:43:7d:58:8e:
2b:04:f8:4c:0e:b3:6d:89:3f:fd:de:a4:5a:e7:57:fa:29:4f:
9b:f5:4d:67:4a:a5:d3:75:7d:45:24:0d:e5:1a:3e:82:30:b1:
b2:d4:99:74:b6:17:de:e2:bb:bc:73:0c:55:d4:c8:ff:c5:f7:
0a:ea:b4:c5
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBPkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTcyOTAxMTAvBgNVBAUTKDhENUJBQjM3MENBOTJFNEY1RkQ3ODlGQzIyNzMzMTBG
OUFFQTM4RjYwHhcNMjUwMjA0MjM0MjI1WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EyYTVlMS01NWFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0gbDG1aZCtMdyihmKNjubxmyQcx/TX9qcgljzAKPdiTQV+Gn+Ji7EK3nAX//
yzscrpdS/6kC8XWj2g0/jleFQBw1Mvp4s+it2y8greNUiwmYEs1SEMdrVRIH6Koy
wumCpiEuZ2HeYI76IFKSTGoxHbZL15KiGLUttjTRW2vJSIuykKCKKVJgH2xaS2A5
MBMnYoms28U8eRTctOnyVMnKx/hwvlSb5kPVu/jJJ2Fe52oRwiDf79SWraJqrDaN
TxzYOJHU1XYMpaKyFEEsiXXUB8OAwfRM5kYZTDAkjPpnohO6UPOM80DpDEAW7XUe
G1NG3bsLBEUZgG4njes/HOgsXQIDAQABo4IClTCCApEwHQYDVR0OBBYEFLn+mqx0
UC1Ms+FztTS8XVIG5lPlMB8GA1UdIwQYMBaAFI1bqzcMqS5PX9eJ/CJzMQ+a6jj2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNzI5MC9GNjgxNDFFMDBC
MDMxMUVDQTQ0NjA3NTRDNEY5QUUwMi9qVnVyTnd5cExrOWYxNG44SW5NeEQ1cnFP
UFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pWdXJOd3lwTGs5ZjE0bjhJbk14RDVycU9QWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTcyOTAvRjY4MTQxRTAwQjAzMTFFQ0E0NDYwNzU0QzRGOUFFMDIvNEYzQUJEMEVF
MUJFMTFFRkJCMjM5MTJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnK6gwDQYJKoZIhvcNAQELBQADggEBAMgm334tQ9j/vnnO
c67eMHiE7MSUxTm02cGG/8I5DuxfYFPOgvsR4dx45bynb45GQcNgJ/hgIZb02wrz
eEZCCSPRd9JXvho3WxLNdTibrS6UnWqwMS9S+nmQu3hr85e1nlgWfITTwymLjaQf
m5jv8WPAFPigi0PyM/s9PTemGoinqsAP5l82GXUSslxAMJzD0d1WcdYqHbAqOrBr
DCr4ultTqiqV7zWsNp2ugEo4YsDUTO9ftKocMNZIOlY64b9ZDeu4Q31YjisE+EwO
s22JP/3epFrnV/opT5v1TWdKpdN1fUUkDeUaPoIwsbLUmXS2F97iu7xzDFXUyP/F
9wrqtMU=
-----END CERTIFICATE-----
Generated at Fri Apr 25 20:18:33 2025 by rpki-client