Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/97AAC8FE86A011EB8BEAC92BC4F9AE02.roa
File: 97AAC8FE86A011EB8BEAC92BC4F9AE02.roa (raw, json)
Hash identifier: j8JrS+AqnkCckpa8gG946yMRu94Md+3E6AE+h/Sfwzw=
Subject key identifier: 0A:17:5B:3D:E2:65:0C:14:92:37:49:8B:11:BF:E8:92:FF:3C:F5:EB
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 188C
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/97AAC8FE86A011EB8BEAC92BC4F9AE02.roa
Signing time: Tue 18 Feb 2025 17:35:19 +0000
ROA not before: Tue 18 Feb 2025 17:35:19 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 137199
IP address blocks: 49.255.8.0/24 maxlen: 24
203.13.35.0/24 maxlen: 24
203.13.174.0/24 maxlen: 24
203.18.106.0/24 maxlen: 24
203.20.104.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 19 Apr 2025 16:52:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6284 (0x188c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D, serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Feb 18 17:35:19 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67b4c4d6-2d37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:59:74:b7:80:e6:ec:2b:e2:8f:b3:bf:57:04:
f4:0c:37:a9:ef:b3:b0:57:a7:18:e8:f6:37:f0:4d:
0c:f3:5f:31:6d:69:ba:85:4b:68:f2:6f:6a:7f:7b:
60:c4:14:7a:74:87:d8:29:d1:82:65:43:66:c0:b1:
62:30:52:10:82:8e:07:ad:46:6b:b0:ae:8c:8e:80:
c8:57:e3:89:c2:87:ea:8e:aa:6a:d0:61:0c:a1:62:
0a:8b:28:f0:9d:76:53:24:1f:72:dd:b8:f5:c1:c2:
58:a6:2d:f0:8b:62:f4:c3:84:5d:18:27:73:0e:32:
15:c6:3f:d9:41:a4:64:92:1e:87:ca:a4:bb:ea:48:
13:04:45:42:90:61:e6:f3:e9:70:f1:d2:3c:d3:8e:
0c:8c:c3:5f:57:b2:20:b2:ff:3e:fc:3d:58:89:c8:
7f:7b:f5:84:c8:05:14:30:95:60:0a:50:2a:ef:bd:
94:ce:a9:d9:79:b1:dd:61:d7:ea:20:32:a0:7f:88:
fc:6f:73:16:3b:06:aa:02:e6:39:a6:cf:e3:bc:ee:
62:0f:e0:4c:6d:d3:89:98:da:bb:98:28:44:4e:1f:
4e:27:10:91:29:65:00:bb:0c:5c:29:2e:35:d4:4a:
af:92:f3:92:1a:67:8c:37:64:7c:f5:df:3d:3f:45:
6f:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:17:5B:3D:E2:65:0C:14:92:37:49:8B:11:BF:E8:92:FF:3C:F5:EB
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/97AAC8FE86A011EB8BEAC92BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
49.255.8.0/24
203.13.35.0/24
203.13.174.0/24
203.18.106.0/24
203.20.104.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:78:12:23:7e:3a:d5:54:f9:1b:54:1f:20:47:17:b0:9a:61:
92:18:db:32:91:47:96:f6:7b:c0:84:6d:1f:70:35:22:b7:5b:
a3:2d:b9:81:dd:55:fb:25:21:0e:87:5c:af:34:96:77:91:39:
ed:17:d0:d4:5c:97:93:08:ce:a2:8e:5d:f9:c2:3e:ba:1b:0b:
a2:79:dc:44:7e:23:35:35:0b:50:a7:f3:80:25:b6:68:e2:25:
e1:80:20:87:16:1b:c1:11:b6:89:5b:7e:de:33:f4:56:0c:b1:
60:e4:f4:7f:db:96:29:46:97:37:70:e1:03:5f:06:56:69:32:
19:95:86:02:df:36:1b:78:86:f1:b6:2d:d2:5f:82:74:08:84:
70:d4:63:fe:40:43:6b:c8:fb:77:ff:9c:c8:dc:f0:b7:76:49:
92:ca:f8:e6:a5:2b:ef:61:9e:19:0a:9b:08:29:1b:bd:4e:27:
77:66:eb:cb:48:47:28:78:99:3b:e9:d9:28:f4:a3:16:64:86:
15:91:0c:6d:09:18:b5:7d:77:8e:5b:7c:9a:f0:9d:ee:42:c9:
f1:2f:f4:49:a5:ca:56:9d:c1:c4:80:76:a7:06:d7:fa:da:66:
08:72:18:c9:40:6c:1c:57:2f:55:99:e7:71:7f:fa:86:73:b6:
f6:d4:64:24
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICGIwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjUwMjE4MTczNTE5WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2I0YzRkNi0yZDM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAn1l0t4Dm7Cvij7O/VwT0DDep77OwV6cY6PY38E0M818xbWm6hUto8m9qf3tg
xBR6dIfYKdGCZUNmwLFiMFIQgo4HrUZrsK6MjoDIV+OJwofqjqpq0GEMoWIKiyjw
nXZTJB9y3bj1wcJYpi3wi2L0w4RdGCdzDjIVxj/ZQaRkkh6HyqS76kgTBEVCkGHm
8+lw8dI8044MjMNfV7Igsv8+/D1Yich/e/WEyAUUMJVgClAq772UzqnZebHdYdfq
IDKgf4j8b3MWOwaqAuY5ps/jvO5iD+BMbdOJmNq7mChETh9OJxCRKWUAuwxcKS41
1EqvkvOSGmeMN2R89d89P0VvFQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFAoXWz3i
ZQwUkjdJixG/6JL/PPXrMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvOTdBQUM4RkU4
NkEwMTFFQjhCRUFDOTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAAx/wgDBADLDSMDBADLDa4DBADLEmoDBADLFGgwDQYJKoZI
hvcNAQELBQADggEBAJ54EiN+OtVU+RtUHyBHF7CaYZIY2zKRR5b2e8CEbR9wNSK3
W6MtuYHdVfslIQ6HXK80lneROe0X0NRcl5MIzqKOXfnCProbC6J53ER+IzU1C1Cn
84AltmjiJeGAIIcWG8ERtolbft4z9FYMsWDk9H/blilGlzdw4QNfBlZpMhmVhgLf
Nht4hvG2LdJfgnQIhHDUY/5AQ2vI+3f/nMjc8Ld2SZLK+OalK+9hnhkKmwgpG71O
J3dm68tIRyh4mTvp2Sj0oxZkhhWRDG0JGLV9d45bfJrwne5CyfEv9EmlyladwcSA
dqcG1/raZghyGMlAbBxXL1WZ53F/+oZztvbUZCQ=
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:47:03 2025 by rpki-client