Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
File: B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa (raw, json)
Hash identifier: kmT51UeYfwldQaeBqmjE4hyTmZuSt7H0mxT17oVrkW8=
Subject key identifier: BF:D7:51:C8:D4:5F:69:A9:3F:DE:90:9B:91:4C:CE:21:C1:74:60:8E
Certificate issuer: /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial: 0665
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
Signing time: Fri 30 May 2025 23:33:38 +0000
ROA not before: Fri 30 May 2025 23:33:38 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 137872
IP address blocks: 43.252.52.0/22 maxlen: 24
58.82.192.0/19 maxlen: 24
58.82.224.0/19 maxlen: 24
103.15.84.0/22 maxlen: 24
123.136.0.0/20 maxlen: 24
161.81.0.0/16 maxlen: 24
182.239.64.0/21 maxlen: 24
182.239.96.0/21 maxlen: 24
203.142.96.0/24 maxlen: 24
203.142.100.0/22 maxlen: 24
203.142.104.0/21 maxlen: 24
203.142.112.0/21 maxlen: 24
203.142.120.0/22 maxlen: 24
203.142.124.0/23 maxlen: 24
203.142.126.0/24 maxlen: 24
223.122.0.0/18 maxlen: 24
223.122.64.0/18 maxlen: 24
223.122.128.0/17 maxlen: 24
223.123.128.0/18 maxlen: 24
2401:3000:a000::/36 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Jun 2025 23:12:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1637 (0x665)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9132B4D, serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Validity
Not Before: May 30 23:33:38 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=683a4052-72c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:53:09:9b:79:a6:55:e2:4c:8d:a2:a6:77:f6:
c0:d1:36:59:09:93:fd:ee:64:99:f8:88:c1:5d:e9:
cb:ff:4c:81:55:cb:81:53:dc:47:fa:d8:bb:80:c2:
fd:2b:e9:33:94:81:a1:3a:c2:c9:90:37:5e:bf:25:
2b:73:ea:be:4a:ed:13:38:e2:b5:e1:9d:53:95:7b:
ad:0b:98:1c:7b:4c:41:d6:ae:a7:6e:58:e8:82:40:
d9:fa:39:f0:56:0d:ea:42:e3:11:b9:7c:5a:8e:8f:
02:e5:03:3b:1c:0a:3d:08:6a:c0:8d:60:49:ae:08:
0a:fb:6c:ac:e3:b5:2e:7c:67:3b:ea:e4:b6:dd:33:
46:71:9c:ca:8e:01:b3:e1:8f:f0:7a:2f:9e:e0:d8:
59:bc:64:29:d1:aa:71:78:7c:a7:c2:9f:14:fb:bc:
04:ad:62:e8:b8:95:2d:8d:8e:34:34:92:52:61:ef:
58:ba:39:26:57:f3:f2:61:24:56:1d:82:9c:4a:75:
1b:4e:c7:29:57:1d:65:e5:41:05:27:51:a9:2f:39:
f9:85:94:5e:e8:6b:9a:37:12:03:19:f1:12:32:1d:
64:7c:a5:d8:43:f4:24:0a:93:fa:57:f4:60:9a:20:
f3:b3:07:ed:ba:9e:5c:f1:aa:0f:41:48:26:2c:de:
aa:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:D7:51:C8:D4:5F:69:A9:3F:DE:90:9B:91:4C:CE:21:C1:74:60:8E
X509v3 Authority Key Identifier:
keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.52.0/22
58.82.192.0/18
103.15.84.0/22
123.136.0.0/20
161.81.0.0/16
182.239.64.0/21
182.239.96.0/21
203.142.96.0/24
203.142.100.0-203.142.126.255
223.122.0.0/16
223.123.128.0/18
IPv6:
2401:3000:a000::/36
Signature Algorithm: sha256WithRSAEncryption
8e:ef:2d:e9:08:31:36:2c:de:45:6c:2f:b7:f6:56:db:8b:19:
e5:61:83:56:45:de:a1:33:88:f1:97:4a:5b:7e:d1:e6:93:e9:
41:9c:72:f4:d2:4b:f0:a4:e4:8c:20:a9:64:e7:34:17:c0:2a:
90:dc:70:9b:f1:3d:df:2d:a0:22:e6:87:3d:44:c2:5d:88:f1:
27:08:9e:2e:7c:98:df:4f:79:9f:fc:2c:a7:af:10:02:9f:d4:
c9:48:ac:dd:5d:e6:7e:89:04:19:d6:fe:df:30:0e:16:0e:52:
fc:c4:4a:2b:4c:20:8a:77:4e:8f:24:b6:6a:29:27:aa:4c:3f:
22:64:a6:08:c3:7c:08:1b:4a:d9:50:77:17:a4:67:56:86:a3:
d8:b5:9c:67:4f:3a:16:39:f8:97:8e:8e:d0:fd:a7:18:36:58:
34:72:8a:6e:8d:43:4a:a9:cf:cb:9b:ec:7a:66:32:68:eb:e7:
48:d7:58:f0:50:53:5c:a7:3f:c0:c3:ac:48:7f:5f:95:32:33:
37:b5:6b:7e:6b:0d:36:fa:d1:b4:48:1c:78:ac:7c:1a:0c:bd:
90:1b:01:ed:b8:91:ca:34:8d:1b:7b:18:ab:fe:5d:be:1c:51:
5d:c2:b7:bf:a1:c4:86:48:3c:ec:b2:f8:ee:6d:bf:98:4e:45:
fa:b4:ac:6e
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgICBmUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjUwNTMwMjMzMzM4WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNhNDA1Mi03MmM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6FMJm3mmVeJMjaKmd/bA0TZZCZP97mSZ+IjBXenL/0yBVcuBU9xH+ti7gML9
K+kzlIGhOsLJkDdevyUrc+q+Su0TOOK14Z1TlXutC5gce0xB1q6nbljogkDZ+jnw
Vg3qQuMRuXxajo8C5QM7HAo9CGrAjWBJrggK+2ys47UufGc76uS23TNGcZzKjgGz
4Y/wei+e4NhZvGQp0apxeHynwp8U+7wErWLouJUtjY40NJJSYe9YujkmV/PyYSRW
HYKcSnUbTscpVx1l5UEFJ1GpLzn5hZRe6GuaNxIDGfESMh1kfKXYQ/QkCpP6V/Rg
miDzswftup5c8aoPQUgmLN6qhQIDAQABo4IC5zCCAuMwHQYDVR0OBBYEFL/XUcjU
X2mpP96Qm5FMziHBdGCOMB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvQjNFNERDRjhC
RTRDMTFFRUIxMzI3QTU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcQYIKwYBBQUHAQcBAf8E
YjBgME4EAgABMEgDBAIr/DQDBAY6UsADBAJnD1QDBAR7iAADAwChUQMEA7bvQAME
A7bvYAMEAMuOYDAMAwQCy45kAwQAy45+AwMA33oDBAbfe4AwDgQCAAIwCAMGBCQB
MACgMA0GCSqGSIb3DQEBCwUAA4IBAQCO7y3pCDE2LN5FbC+39lbbixnlYYNWRd6h
M4jxl0pbftHmk+lBnHL00kvwpOSMIKlk5zQXwCqQ3HCb8T3fLaAi5oc9RMJdiPEn
CJ4ufJjfT3mf/CynrxACn9TJSKzdXeZ+iQQZ1v7fMA4WDlL8xEorTCCKd06PJLZq
KSeqTD8iZKYIw3wIG0rZUHcXpGdWhqPYtZxnTzoWOfiXjo7Q/acYNlg0copujUNK
qc/Lm+x6ZjJo6+dI11jwUFNcpz/Aw6xIf1+VMjM3tWt+aw02+tG0SBx4rHwaDL2Q
GwHtuJHKNI0bexir/l2+HFFdwre/ocSGSDzssvjubb+YTkX6tKxu
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:45:08 2025 by rpki-client