Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
File: 208652BA35F911EEB45F8B44C4F9AE02.roa (raw, json)
Hash identifier: U9cevaQb64/vV8AH9HQirRbkVBcH0enCs25PMnDjBWc=
Subject key identifier: 2E:BA:4B:6E:83:1B:E6:5F:74:C9:F5:60:72:92:71:F8:5C:0A:87:0D
Certificate issuer: /CN=A9148D53/serialNumber=FDBD4C0D34492F5CEAE4879E4762796E527007EB
Certificate serial: 01A3
Authority key identifier: FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
Signing time: Wed 05 Mar 2025 05:20:18 +0000
ROA not before: Wed 05 Mar 2025 05:20:18 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 43519
IP address blocks: 43.230.48.0/24 maxlen: 24
43.230.49.0/24 maxlen: 24
43.230.50.0/24 maxlen: 24
43.230.51.0/24 maxlen: 24
103.49.80.0/24 maxlen: 24
103.49.81.0/24 maxlen: 24
103.49.82.0/24 maxlen: 24
103.49.83.0/24 maxlen: 24
2401:fd80:101::/48 maxlen: 48
2401:fd80:102::/48 maxlen: 48
2401:fd80:103::/48 maxlen: 48
2401:fd80:104::/48 maxlen: 48
2401:fd80:105::/48 maxlen: 48
2401:fd80:106::/48 maxlen: 48
2401:fd80:107::/48 maxlen: 48
2401:fd80:108::/48 maxlen: 48
2401:fd80:1fd::/48 maxlen: 48
2401:fd80:200::/48 maxlen: 48
2401:fd80:2ff::/48 maxlen: 48
2401:fd80:400::/48 maxlen: 48
2401:fd80:401::/48 maxlen: 48
2401:fd80:402::/48 maxlen: 48
2401:fd80:403::/48 maxlen: 48
2401:fd80:404::/48 maxlen: 48
2401:fd80:405::/48 maxlen: 48
2401:fd80:406::/48 maxlen: 48
2401:fd80:407::/48 maxlen: 48
2401:fd80:408::/48 maxlen: 48
2401:fd80:409::/48 maxlen: 48
2401:fd80:4ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl
rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 12 Apr 2025 03:46:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 419 (0x1a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148D53
Validity
Not Before: Mar 5 05:20:18 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67c7df12-4648
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f7:f8:fe:78:7e:b2:4a:3c:50:06:6d:1d:03:
ad:e0:64:fb:b4:63:3e:a6:6f:a4:70:8d:bf:24:30:
32:5d:c3:2b:20:98:f3:5f:81:9d:62:6e:34:c9:0a:
d4:38:53:f1:c2:24:d6:0b:66:54:15:6e:a3:c9:b9:
82:75:21:52:71:35:6f:da:83:8e:1f:12:b6:c9:20:
65:8b:e8:b3:15:7f:3f:60:5d:3a:be:69:18:b6:dd:
53:81:f8:47:da:56:dd:04:22:71:e5:a0:a8:e8:ee:
9b:b2:8f:84:ec:33:1d:6a:21:ce:6c:09:a9:43:d3:
2b:8f:74:fc:16:f5:1b:7e:83:ab:ed:2a:9b:22:ca:
d7:30:14:64:84:8b:ea:1e:5e:b5:81:c5:1d:c7:f6:
d8:13:c2:0a:15:72:7a:97:89:e2:a6:19:9d:93:9b:
80:7a:ce:d6:f7:55:dd:55:0d:37:ba:41:a5:64:ab:
e2:7f:73:90:e5:14:07:a9:69:9d:19:c9:79:97:16:
2c:b8:4d:a5:6d:0a:ec:03:b5:97:34:f5:88:93:d5:
13:bf:d5:44:80:fd:8f:11:c6:78:b1:de:fc:21:ad:
1b:18:b5:6f:25:ea:be:8f:0b:bf:ef:88:85:ce:dc:
4a:45:7c:2f:dc:f8:c1:4e:2f:0f:10:d0:14:22:68:
d8:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:BA:4B:6E:83:1B:E6:5F:74:C9:F5:60:72:92:71:F8:5C:0A:87:0D
X509v3 Authority Key Identifier:
keyid:FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.230.48.0/22
103.49.80.0/22
IPv6:
2401:fd80:101::-2401:fd80:108:ffff:ffff:ffff:ffff:ffff
2401:fd80:1fd::/48
2401:fd80:200::/48
2401:fd80:2ff::/48
2401:fd80:400::-2401:fd80:409:ffff:ffff:ffff:ffff:ffff
2401:fd80:4ff::/48
Signature Algorithm: sha256WithRSAEncryption
3f:ea:54:7a:e8:48:62:b5:e7:f5:21:f3:e0:1f:79:97:cf:98:
f9:ae:1d:3b:9c:00:cf:32:0c:e1:9f:e9:71:2f:45:af:65:fe:
7b:5a:a3:cb:0f:80:83:31:97:a3:db:19:35:a6:f6:eb:22:93:
82:09:c6:e6:f7:34:31:fe:0b:c4:8d:e3:24:02:48:70:17:f7:
ae:85:b7:f5:86:28:ff:75:3c:2b:67:d4:70:6a:4b:fd:e5:57:
08:de:0f:c5:3e:74:01:4b:a3:62:43:49:ed:e3:08:9c:59:bf:
18:cb:5d:f8:6b:26:2b:51:68:34:14:f3:94:6c:b6:ac:ba:8d:
c9:b3:45:83:bc:37:44:2f:4b:5f:f4:2d:78:18:af:d5:58:74:
09:f8:99:82:02:34:18:c4:9c:01:87:b3:35:d1:70:c0:a7:f8:
05:9b:71:9b:6e:51:fb:82:4b:99:58:f5:8d:66:eb:de:43:10:
94:3a:6f:a7:d1:ec:e0:89:c3:8c:11:05:51:4a:57:93:59:7f:
be:e8:2c:e4:2a:90:e2:7d:60:9d:6c:4b:fe:1f:3a:2f:3d:71:
08:67:5b:e2:de:2b:7d:06:57:0f:38:8d:84:90:68:1b:75:17:
97:cb:77:23:99:08:46:fb:6d:3f:49:8b:e7:4c:88:ad:c9:87:
9d:15:c7:36
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgICAaMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhENTMxMTAvBgNVBAUTKEZEQkQ0QzBEMzQ0OTJGNUNFQUU0ODc5RTQ3NjI3OTZF
NTI3MDA3RUIwHhcNMjUwMzA1MDUyMDE4WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M3ZGYxMi00NjQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzff4/nh+sko8UAZtHQOt4GT7tGM+pm+kcI2/JDAyXcMrIJjzX4GdYm40yQrU
OFPxwiTWC2ZUFW6jybmCdSFScTVv2oOOHxK2ySBli+izFX8/YF06vmkYtt1TgfhH
2lbdBCJx5aCo6O6bso+E7DMdaiHObAmpQ9Mrj3T8FvUbfoOr7SqbIsrXMBRkhIvq
Hl61gcUdx/bYE8IKFXJ6l4niphmdk5uAes7W91XdVQ03ukGlZKvif3OQ5RQHqWmd
Gcl5lxYsuE2lbQrsA7WXNPWIk9UTv9VEgP2PEcZ4sd78Ia0bGLVvJeq+jwu/74iF
ztxKRXwv3PjBTi8PENAUImjY5QIDAQABo4IC7jCCAuowHQYDVR0OBBYEFC66S26D
G+ZfdMn1YHKScfhcCocNMB8GA1UdIwQYMBaAFP29TA00SS9c6uSHnkdieW5ScAfr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQ1My9ENTg2RjhGMDMw
NzExMUVFODU0NkEzMkZDNEY5QUUwMi9fYjFNRFRSSkwxenE1SWVlUjJKNWJsSndC
LXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19iMU1EVFJKTDF6cTVJZWVSMko1YmxKd0Itcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhENTMvRDU4NkY4RjAzMDcxMTFFRTg1NDZBMzJGQzRGOUFFMDIvMjA4NjUyQkEz
NUY5MTFFRUI0NUY4QjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwweAYIKwYBBQUHAQcBAf8E
aTBnMBIEAgABMAwDBAIr5jADBAJnMVAwUQQCAAIwSzASAwcAJAH9gAEBAwcAJAH9
gAEIAwcAJAH9gAH9AwcAJAH9gAIAAwcAJAH9gAL/MBEDBgIkAf2ABAMHASQB/YAE
CAMHACQB/YAE/zANBgkqhkiG9w0BAQsFAAOCAQEAP+pUeuhIYrXn9SHz4B95l8+Y
+a4dO5wAzzIM4Z/pcS9Fr2X+e1qjyw+AgzGXo9sZNab26yKTggnG5vc0Mf4LxI3j
JAJIcBf3roW39YYo/3U8K2fUcGpL/eVXCN4PxT50AUujYkNJ7eMInFm/GMtd+Gsm
K1FoNBTzlGy2rLqNybNFg7w3RC9LX/QteBiv1Vh0CfiZggI0GMScAYezNdFwwKf4
BZtxm25R+4JLmVj1jWbr3kMQlDpvp9Hs4InDjBEFUUpXk1l/vugs5CqQ4n1gnWxL
/h86Lz1xCGdb4t4rfQZXDziNhJBoG3UXl8t3I5kIRvttP0mL50yIrcmHnRXHNg==
-----END CERTIFICATE-----
Generated at Mon Apr 7 05:08:01 2025 by rpki-client