Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
File: 90C8D27021C211E786829418C4F9AE02.roa (raw, json)
Hash identifier: SG/JJrCv6+bEqjSz1EdPiULof9NKJsxI6no6f7rqWm0=
Subject key identifier: B9:39:20:5C:B7:55:C5:34:50:4A:22:9C:F7:B7:C1:E0:B0:27:C1:70
Certificate issuer: /CN=A914A8CB/serialNumber=FF3278A3AD58B18A546E3FEDCD537840527767A8
Certificate serial: 1B1E
Authority key identifier: FF:32:78:A3:AD:58:B1:8A:54:6E:3F:ED:CD:53:78:40:52:77:67:A8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
Signing time: Sun 18 May 2025 16:46:13 +0000
ROA not before: Sun 18 May 2025 16:46:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 45766
IP address blocks: 45.127.48.0/22 maxlen: 22
45.127.48.0/22 maxlen: 24
45.127.48.0/23 maxlen: 23
45.127.48.0/24 maxlen: 24
45.127.49.0/24 maxlen: 24
45.127.50.0/23 maxlen: 23
45.127.50.0/24 maxlen: 24
45.127.51.0/24 maxlen: 24
103.40.226.0/23 maxlen: 23
103.40.226.0/23 maxlen: 24
103.40.226.0/24 maxlen: 24
103.40.227.0/24 maxlen: 24
103.51.2.0/23 maxlen: 23
103.51.2.0/23 maxlen: 24
103.51.2.0/24 maxlen: 24
103.51.3.0/24 maxlen: 24
113.21.228.0/22 maxlen: 22
113.21.228.0/22 maxlen: 24
113.21.228.0/23 maxlen: 23
113.21.228.0/24 maxlen: 24
113.21.229.0/24 maxlen: 24
113.21.230.0/23 maxlen: 23
113.21.230.0/24 maxlen: 24
113.21.231.0/24 maxlen: 24
2400:f940::/32 maxlen: 32
2400:f940::/32 maxlen: 34
2400:f940::/33 maxlen: 33
2400:f940::/34 maxlen: 34
2400:f940::/48 maxlen: 48
2400:f940:10::/48 maxlen: 48
2400:f940:11::/48 maxlen: 48
2400:f940:12::/48 maxlen: 48
2400:f940:4000::/34 maxlen: 34
2400:f940:8000::/33 maxlen: 33
2400:f940:8000::/34 maxlen: 34
2400:f940:c000::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.crl
rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 07 Jun 2025 16:16:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6942 (0x1b1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914A8CB, serialNumber=FF3278A3AD58B18A546E3FEDCD537840527767A8
Validity
Not Before: May 18 16:46:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=682a0ed5-4462
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:7c:f7:2e:6e:09:aa:28:1a:22:50:bc:5b:ec:
37:1e:e9:46:61:dd:f4:74:eb:c4:86:94:28:8e:37:
2e:08:ab:24:b1:cb:df:0d:fb:5e:4f:29:33:66:ef:
75:87:3c:19:dc:e3:b0:01:82:35:e8:2e:41:24:5f:
a4:6e:ea:77:cb:2b:fe:e3:fb:fa:83:79:51:98:d8:
52:4f:6e:f9:96:d6:3f:2a:36:3c:2b:ec:dd:67:92:
d1:76:7c:aa:ea:4d:2e:e8:77:ca:c9:e6:8a:76:0c:
a3:8d:47:5d:2d:aa:ea:0d:72:de:9b:1d:cf:b9:0e:
b1:bd:00:ee:ad:98:2c:cc:82:6e:6a:92:f6:da:e0:
2a:1b:0e:d4:47:11:5c:f4:0e:94:aa:a0:f1:af:f4:
4d:c1:09:d5:70:46:c5:91:e6:c9:04:b9:16:45:5e:
48:82:50:75:63:d9:25:fe:3e:e4:e7:c1:f1:e1:62:
47:b0:56:6a:4f:a4:c5:a6:83:ca:5b:81:8f:8a:cd:
12:58:46:55:76:9d:f9:24:67:bb:17:b1:22:fd:ce:
8b:ab:ce:61:23:47:34:df:c1:5c:b5:1f:d8:a0:18:
0a:bc:df:1c:d5:30:fe:25:d9:62:07:23:15:3e:5f:
ce:36:b2:56:59:20:13:0c:96:a8:fe:e1:8f:bb:e0:
74:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:39:20:5C:B7:55:C5:34:50:4A:22:9C:F7:B7:C1:E0:B0:27:C1:70
X509v3 Authority Key Identifier:
keyid:FF:32:78:A3:AD:58:B1:8A:54:6E:3F:ED:CD:53:78:40:52:77:67:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.127.48.0/22
103.40.226.0/23
103.51.2.0/23
113.21.228.0/22
IPv6:
2400:f940::/32
Signature Algorithm: sha256WithRSAEncryption
61:5c:df:57:39:2f:74:30:a0:ed:01:31:ea:6b:32:73:80:52:
2b:2f:1f:b1:34:ce:c9:ef:91:a5:ab:67:70:f2:19:66:f4:f8:
f4:36:f2:74:7e:d1:ef:3e:6a:0d:3a:8a:de:6f:6c:12:f7:5c:
c6:77:b2:ab:6a:7d:85:1b:ed:c2:b8:0b:31:98:12:44:50:94:
8d:74:89:11:11:41:71:92:17:31:a9:97:4e:e7:b9:87:17:9c:
b1:8b:8a:b7:89:86:ba:81:a9:58:fe:08:39:39:76:8b:47:cd:
48:84:3d:17:3d:55:5d:03:e1:e1:59:d3:7c:75:bc:b4:4b:5e:
22:af:fa:b2:92:34:75:f9:85:f2:14:a1:64:f6:22:0b:a4:66:
04:74:80:5d:21:22:77:ee:bc:4a:c3:b0:f2:c8:0f:e4:9d:77:
d0:c4:1f:de:60:55:05:6d:52:32:82:fd:73:58:f8:bf:16:01:
36:20:0a:2a:36:de:b8:fb:61:c6:35:9a:d9:8c:c0:5c:3c:42:
d6:35:82:49:44:de:61:cb:b6:3b:b0:6a:15:50:fb:4f:e2:44:
eb:a5:d8:48:51:4d:f9:5c:90:37:e7:e6:dd:e3:91:e2:dc:13:
8d:2f:2b:a1:02:5a:c7:74:c4:03:1f:e1:7a:40:74:e6:4d:29:
49:31:c5:bf
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICGx4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEE4Q0IxMTAvBgNVBAUTKEZGMzI3OEEzQUQ1OEIxOEE1NDZFM0ZFRENENTM3ODQw
NTI3NzY3QTgwHhcNMjUwNTE4MTY0NjEzWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJhMGVkNS00NDYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0nz3Lm4JqigaIlC8W+w3HulGYd30dOvEhpQojjcuCKskscvfDfteTykzZu91
hzwZ3OOwAYI16C5BJF+kbup3yyv+4/v6g3lRmNhST275ltY/KjY8K+zdZ5LRdnyq
6k0u6HfKyeaKdgyjjUddLarqDXLemx3PuQ6xvQDurZgszIJuapL22uAqGw7URxFc
9A6UqqDxr/RNwQnVcEbFkebJBLkWRV5IglB1Y9kl/j7k58Hx4WJHsFZqT6TFpoPK
W4GPis0SWEZVdp35JGe7F7Ei/c6Lq85hI0c038FctR/YoBgKvN8c1TD+JdliByMV
Pl/ONrJWWSATDJao/uGPu+B0ZwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFLk5IFy3
VcU0UEoinPe3weCwJ8FwMB8GA1UdIwQYMBaAFP8yeKOtWLGKVG4/7c1TeEBSd2eo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QThDQi9DOEIwRjRGMjIx
QzExMUU3OTU0RTg3MTdDNEY5QUUwMi9feko0bzYxWXNZcFVial90elZONFFGSjNa
NmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL196SjRvNjFZc1lwVWJqX3R6Vk40UUZKM1o2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEE4Q0IvQzhCMEY0RjIyMUMxMTFFNzk1NEU4NzE3QzRGOUFFMDIvOTBDOEQyNzAy
MUMyMTFFNzg2ODI5NDE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAItfzADBAFnKOIDBAFnMwIDBAJxFeQwDQQCAAIwBwMFACQA
+UAwDQYJKoZIhvcNAQELBQADggEBAGFc31c5L3QwoO0BMeprMnOAUisvH7E0zsnv
kaWrZ3DyGWb0+PQ28nR+0e8+ag06it5vbBL3XMZ3sqtqfYUb7cK4CzGYEkRQlI10
iRERQXGSFzGpl07nuYcXnLGLireJhrqBqVj+CDk5dotHzUiEPRc9VV0D4eFZ03x1
vLRLXiKv+rKSNHX5hfIUoWT2IgukZgR0gF0hInfuvErDsPLID+Sdd9DEH95gVQVt
UjKC/XNY+L8WATYgCio23rj7YcY1mtmMwFw8QtY1gklE3mHLtjuwahVQ+0/iROul
2EhRTflckDfn5t3jkeLcE40vK6ECWsd0xAMf4XpAdOZNKUkxxb8=
-----END CERTIFICATE-----
Generated at Mon Jun 2 07:14:16 2025 by rpki-client