Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
File: EEFB07CCB8A311ED8F694046C4F9AE02.roa (raw, json)
Hash identifier: cgIrr8o9jTXMbYMAZf1J8wAI/DfnpUQHzKHIr7ZgI6c=
Subject key identifier: BD:BA:2D:E3:52:48:9F:A7:5B:65:BC:EA:2E:67:C6:40:EF:0A:95:85
Certificate issuer: /CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60
Certificate serial: 217B
Authority key identifier: 72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
Signing time: Tue 04 Mar 2025 16:33:15 +0000
ROA not before: Tue 04 Mar 2025 16:33:15 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 17551
IP address blocks: 14.192.56.0/22 maxlen: 22
14.192.56.0/23 maxlen: 23
14.192.58.0/23 maxlen: 23
103.15.148.0/22 maxlen: 22
103.29.172.0/24 maxlen: 24
103.29.173.0/24 maxlen: 24
103.53.117.0/24 maxlen: 24
103.53.118.0/24 maxlen: 24
103.53.119.0/24 maxlen: 24
103.227.64.0/23 maxlen: 23
103.232.252.0/22 maxlen: 22
110.232.240.0/21 maxlen: 21
117.53.128.0/20 maxlen: 20
125.214.80.0/21 maxlen: 21
202.47.120.0/22 maxlen: 22
203.22.132.0/24 maxlen: 24
203.27.231.0/24 maxlen: 24
203.30.68.0/24 maxlen: 24
203.83.4.0/22 maxlen: 22
203.147.96.0/21 maxlen: 21
2400:b880::/32 maxlen: 32
2407:5400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl
rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 15 Apr 2025 15:57:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8571 (0x217b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FDD4D
Validity
Not Before: Mar 4 16:33:15 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67c72b4a-13d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:8e:a0:f1:b4:50:10:be:e7:41:49:2d:7a:f7:
e0:7b:02:4f:5f:3c:35:10:f8:2b:eb:8e:48:f8:19:
b9:a5:c9:c2:d8:48:de:1f:04:35:0c:2e:70:6d:10:
cc:f7:5d:54:4d:2b:9e:cb:bb:15:9d:e3:0f:71:42:
18:72:43:ce:ff:20:f1:26:0d:54:30:f4:5f:19:2c:
25:6b:2c:f0:bc:98:1f:f6:3e:a7:83:55:f9:71:70:
01:60:08:2a:7b:03:f3:09:ee:07:a1:15:ad:7c:d3:
04:37:45:22:66:55:70:fa:13:97:9a:06:97:60:c2:
97:36:fe:b8:df:ad:36:8b:21:3f:93:2e:9c:b3:12:
e6:e3:46:7c:57:88:f9:3a:f1:e3:c8:57:1e:bb:28:
dd:ce:75:21:2b:61:ee:3d:3d:2b:63:67:c6:7b:77:
dd:30:e8:7f:36:a3:d7:54:62:90:3a:3f:27:b0:d9:
e1:f6:10:25:ed:a3:23:84:47:d2:28:c0:a0:f9:0d:
ab:19:f4:dc:98:84:e4:b6:59:9f:20:d9:ac:cb:59:
af:f8:4f:40:45:0a:7f:20:64:de:02:18:6f:4f:a3:
d1:00:5a:19:38:9e:5f:50:23:8d:19:7b:f9:e8:79:
aa:2f:76:b8:25:29:02:13:fd:7d:33:17:ea:be:9c:
7d:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:BA:2D:E3:52:48:9F:A7:5B:65:BC:EA:2E:67:C6:40:EF:0A:95:85
X509v3 Authority Key Identifier:
keyid:72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.56.0/22
103.15.148.0/22
103.29.172.0/23
103.53.117.0-103.53.119.255
103.227.64.0/23
103.232.252.0/22
110.232.240.0/21
117.53.128.0/20
125.214.80.0/21
202.47.120.0/22
203.22.132.0/24
203.27.231.0/24
203.30.68.0/24
203.83.4.0/22
203.147.96.0/21
IPv6:
2400:b880::/32
2407:5400::/32
Signature Algorithm: sha256WithRSAEncryption
ad:b8:01:e8:99:23:10:99:6e:ad:0f:cb:ae:ad:7f:9e:f7:02:
92:72:a2:39:86:41:5e:5f:82:64:e2:6e:ca:12:1b:86:08:08:
c9:df:44:e4:b1:31:0b:03:b3:3b:42:e7:7d:7f:e3:98:a4:ce:
60:55:19:4d:f1:82:b2:1f:ff:26:0e:c2:d1:b7:b5:65:32:4f:
d2:47:ff:06:89:95:89:ce:f7:70:57:0f:9c:e0:a0:5e:1d:87:
0e:d7:0a:83:9e:a6:e4:fc:c6:20:50:22:f9:30:4b:ed:cf:d4:
a1:f0:a9:13:a7:15:f2:d0:30:f2:ef:15:e2:fa:3c:65:12:bb:
9d:8a:04:32:90:b2:31:f2:76:70:1a:5d:49:4f:3d:1f:e2:76:
df:81:d0:9c:5a:1e:18:c1:f4:55:a8:b6:e7:af:fa:7b:3e:41:
13:be:29:af:8d:8d:f4:b8:2c:0b:57:c0:9e:8c:1d:78:5b:72:
a3:8d:bb:1a:14:02:2d:b0:7d:22:15:47:a0:3c:4d:6a:f5:c3:
74:48:87:4d:4f:58:94:14:7a:93:eb:c3:ba:4b:99:83:16:5d:
83:0c:3c:b4:40:94:95:94:24:b7:03:f4:3b:e6:8a:06:fa:ac:
4d:22:7a:f2:55:2d:69:27:d7:1f:5a:b3:72:8a:db:ea:ec:f6:
cd:69:41:a5
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgICIXswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkRENEQxMTAvBgNVBAUTKDcyQUZCQUVCQzlFQ0REQTJFRUQyRDQ5QjEzRTYwNDhF
QTNFNDFFNjAwHhcNMjUwMzA0MTYzMzE1WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M3MmI0YS0xM2Q2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4I6g8bRQEL7nQUktevfgewJPXzw1EPgr645I+Bm5pcnC2EjeHwQ1DC5wbRDM
911UTSuey7sVneMPcUIYckPO/yDxJg1UMPRfGSwlayzwvJgf9j6ng1X5cXABYAgq
ewPzCe4HoRWtfNMEN0UiZlVw+hOXmgaXYMKXNv643602iyE/ky6csxLm40Z8V4j5
OvHjyFceuyjdznUhK2HuPT0rY2fGe3fdMOh/NqPXVGKQOj8nsNnh9hAl7aMjhEfS
KMCg+Q2rGfTcmITktlmfINmsy1mv+E9ARQp/IGTeAhhvT6PRAFoZOJ5fUCONGXv5
6HmqL3a4JSkCE/19Mxfqvpx96wIDAQABo4IDCjCCAwYwHQYDVR0OBBYEFL26LeNS
SJ+nW2W86i5nxkDvCpWFMB8GA1UdIwQYMBaAFHKvuuvJ7N2i7tLUmxPmBI6j5B5g
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREQ0RC9CQUUxMDhDNEVB
NjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNhTHUwdFNiRS1ZRWpxUGtI
bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NxLTY2OG5zM2FMdTB0U2JFLVlFanFQa0htQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkRENEQvQkFFMTA4QzRFQTYwMTFFNTg4MTU3NzBDQzRGOUFFMDIvRUVGQjA3Q0NC
OEEzMTFFRDhGNjk0MDQ2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZMGCCsGAQUFBwEHAQH/
BIGDMIGAMGgEAgABMGIDBAIOwDgDBAJnD5QDBAFnHawwDAMEAGc1dQMEA2c1cAME
AWfjQAMEAmfo/AMEA27o8AMEBHU1gAMEA33WUAMEAsoveAMEAMsWhAMEAMsb5wME
AMseRAMEAstTBAMEA8uTYDAUBAIAAjAOAwUAJAC4gAMFACQHVAAwDQYJKoZIhvcN
AQELBQADggEBAK24AeiZIxCZbq0Py66tf573ApJyojmGQV5fgmTibsoSG4YICMnf
ROSxMQsDsztC531/45ikzmBVGU3xgrIf/yYOwtG3tWUyT9JH/waJlYnO93BXD5zg
oF4dhw7XCoOepuT8xiBQIvkwS+3P1KHwqROnFfLQMPLvFeL6PGUSu52KBDKQsjHy
dnAaXUlPPR/idt+B0JxaHhjB9FWotuev+ns+QRO+Ka+NjfS4LAtXwJ6MHXhbcqON
uxoUAi2wfSIVR6A8TWr1w3RIh01PWJQUepPrw7pLmYMWXYMMPLRAlJWUJLcD9Dvm
igb6rE0ievJVLWkn1x9as3KK2+rs9s1pQaU=
-----END CERTIFICATE-----
Generated at Thu Apr 10 10:44:12 2025 by rpki-client