Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/324F926C3BAC11F09BF98E0EC4F9AE02.roa
File: 324F926C3BAC11F09BF98E0EC4F9AE02.roa (raw, json)
Hash identifier: YExyYVpoKuPS92PXIw6lfaHg+kVwZ7w7jJoYEWTy6x0=
Subject key identifier: 8F:4F:91:EE:EE:43:DA:6A:D9:77:CB:06:38:56:E4:05:C8:3A:E8:CC
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 0777
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/324F926C3BAC11F09BF98E0EC4F9AE02.roa
Signing time: Wed 28 May 2025 10:12:01 +0000
ROA not before: Wed 28 May 2025 10:12:01 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 17762
IP address blocks: 27.107.0.0/16 maxlen: 16
27.107.0.0/20 maxlen: 24
27.107.16.0/21 maxlen: 24
27.107.24.0/21 maxlen: 24
27.107.32.0/20 maxlen: 24
27.107.48.0/20 maxlen: 24
27.107.64.0/20 maxlen: 24
27.107.80.0/20 maxlen: 24
27.107.144.0/20 maxlen: 24
27.107.160.0/20 maxlen: 24
27.107.176.0/20 maxlen: 24
27.107.192.0/23 maxlen: 24
27.107.194.0/23 maxlen: 24
27.107.196.0/23 maxlen: 24
27.107.198.0/23 maxlen: 24
27.107.203.0/24 maxlen: 24
27.107.204.0/24 maxlen: 24
27.107.205.0/24 maxlen: 24
27.107.206.0/24 maxlen: 24
27.107.208.0/20 maxlen: 24
49.201.24.0/21 maxlen: 24
49.249.192.0/19 maxlen: 24
103.8.36.0/22 maxlen: 24
115.160.208.0/20 maxlen: 24
182.156.6.0/23 maxlen: 24
182.156.20.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Jun 2025 23:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1911 (0x777)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: May 28 10:12:01 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=6836e171-8bc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6d:21:ca:19:1d:fa:3a:84:08:cb:5c:a6:4e:
af:8a:28:23:fe:a0:f0:16:69:a6:c4:51:da:f2:ca:
75:9f:41:7a:56:86:8e:3f:5e:23:7d:ff:f6:57:41:
88:73:97:d6:42:86:da:b9:8a:41:1d:16:ef:e0:16:
50:36:32:72:d3:a2:98:c2:b1:a4:7f:17:bf:cb:5e:
ce:58:88:66:be:d0:ea:ee:fa:56:04:7a:ef:a9:dc:
7b:1d:e5:28:29:a3:68:f1:92:45:77:e6:5a:0b:5d:
06:0d:f6:5f:db:30:4f:65:fd:15:8e:1a:e5:67:d4:
35:52:12:13:bc:65:d6:6c:54:7e:0b:56:f7:6c:1a:
3d:aa:1b:41:4b:a3:f3:0e:c5:26:1d:e9:e8:f1:7d:
a5:5e:7c:b7:76:45:f9:cf:5c:d8:51:ff:70:4d:e4:
24:a2:78:e6:a5:69:2c:48:55:b5:f8:53:05:d4:73:
78:9c:19:2d:ca:ea:0d:7a:de:36:ab:37:f0:ea:ff:
bb:39:c5:85:e8:fc:d4:f2:40:80:24:fd:d7:5c:fa:
a1:e0:79:da:c2:9f:76:83:ac:79:bb:c2:13:5a:ee:
fc:2d:6d:f2:b4:b6:be:9c:f8:98:89:9d:c5:2a:df:
ae:0a:42:aa:d8:fd:3c:69:d7:36:f7:0b:8c:2f:64:
3f:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:4F:91:EE:EE:43:DA:6A:D9:77:CB:06:38:56:E4:05:C8:3A:E8:CC
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/324F926C3BAC11F09BF98E0EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.107.0.0/16
49.201.24.0/21
49.249.192.0/19
103.8.36.0/22
115.160.208.0/20
182.156.6.0/23
182.156.20.0/23
Signature Algorithm: sha256WithRSAEncryption
1b:98:a6:e0:33:e0:f5:49:09:ef:33:1b:ef:fd:54:c9:cb:d7:
68:20:08:7f:8f:02:bb:04:6a:08:ed:d6:db:fd:01:3b:22:03:
c5:5e:d4:58:2b:53:69:7b:d3:1b:18:4c:d8:94:e4:66:59:be:
3a:cf:6f:c8:0f:38:e0:2e:30:b9:9f:d5:67:66:47:8d:ac:31:
67:8e:17:4c:3f:63:de:06:08:ce:28:d7:21:6d:1d:26:8a:90:
c0:eb:6f:dd:e7:e2:2c:d4:74:85:c8:c0:0b:70:3e:d1:72:c2:
c2:eb:a8:88:08:1a:86:bc:a2:6b:af:0c:98:15:88:a8:38:51:
fc:b5:a2:f9:48:71:5b:19:f7:fd:f8:7a:2a:e8:89:00:11:3f:
e0:8c:d6:43:95:40:69:24:7d:60:20:ec:6c:4d:2d:0f:89:f3:
cf:9a:cf:c4:2b:8c:75:16:16:84:07:f7:ab:6a:57:71:49:00:
f4:83:e5:54:50:b3:3f:cd:fb:92:4d:fa:8c:17:cc:2a:3b:f3:
f7:4d:6b:03:37:d6:ac:29:75:c8:f5:59:97:7c:38:86:b6:ba:
8c:e0:37:25:62:a5:1c:23:c4:57:86:fc:94:df:97:e7:7c:d6:
f3:7f:fc:8c:51:2e:71:fd:f8:88:77:2c:58:11:b2:f8:56:f4:
5b:3f:bd:e5
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgICB3cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUwNTI4MTAxMjAxWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODM2ZTE3MS04YmMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu20hyhkd+jqECMtcpk6viigj/qDwFmmmxFHa8sp1n0F6VoaOP14jff/2V0GI
c5fWQobauYpBHRbv4BZQNjJy06KYwrGkfxe/y17OWIhmvtDq7vpWBHrvqdx7HeUo
KaNo8ZJFd+ZaC10GDfZf2zBPZf0VjhrlZ9Q1UhITvGXWbFR+C1b3bBo9qhtBS6Pz
DsUmHeno8X2lXny3dkX5z1zYUf9wTeQkonjmpWksSFW1+FMF1HN4nBktyuoNet42
qzfw6v+7OcWF6PzU8kCAJP3XXPqh4Hnawp92g6x5u8ITWu78LW3ytLa+nPiYiZ3F
Kt+uCkKq2P08adc29wuML2Q/dwIDAQABo4ICuDCCArQwHQYDVR0OBBYEFI9Pke7u
Q9pq2XfLBjhW5AXIOujMMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvMzI0RjkyNkMz
QkFDMTFGMDlCRjk4RTBFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQgYIKwYBBQUHAQcBAf8E
MzAxMC8EAgABMCkDAwAbawMEAzHJGAMEBTH5wAMEAmcIJAMEBHOg0AMEAbacBgME
AbacFDANBgkqhkiG9w0BAQsFAAOCAQEAG5im4DPg9UkJ7zMb7/1UycvXaCAIf48C
uwRqCO3W2/0BOyIDxV7UWCtTaXvTGxhM2JTkZlm+Os9vyA844C4wuZ/VZ2ZHjawx
Z44XTD9j3gYIzijXIW0dJoqQwOtv3efiLNR0hcjAC3A+0XLCwuuoiAgahryia68M
mBWIqDhR/LWi+UhxWxn3/fh6KuiJABE/4IzWQ5VAaSR9YCDsbE0tD4nzz5rPxCuM
dRYWhAf3q2pXcUkA9IPlVFCzP837kk36jBfMKjvz901rAzfWrCl1yPVZl3w4hra6
jOA3JWKlHCPEV4b8lN+X53zW83/8jFEucf34iHcsWBGy+Fb0Wz+95Q==
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:18:57 2025 by rpki-client