Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
File: 8B2EE9667A0911EE934F1262C4F9AE02.roa (raw, json)
Hash identifier: c58kYquiR7PhXwHG1m2k+88ex1+jC31dtd+q7AHBr2g=
Subject key identifier: 7E:44:D9:DB:5A:88:97:DC:E6:6B:BE:BD:4D:7F:39:F0:6D:C6:FA:72
Certificate issuer: /CN=A91743EF/serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Certificate serial: 1811
Authority key identifier: D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
Signing time: Fri 30 May 2025 16:47:57 +0000
ROA not before: Fri 30 May 2025 16:47:57 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 17747
IP address blocks: 103.199.224.0/24 maxlen: 24
103.199.225.0/24 maxlen: 24
103.199.226.0/24 maxlen: 24
103.199.227.0/24 maxlen: 24
150.107.8.0/23 maxlen: 24
202.142.80.0/24 maxlen: 24
202.142.82.0/24 maxlen: 24
202.142.84.0/24 maxlen: 24
202.142.88.0/24 maxlen: 24
202.142.94.0/24 maxlen: 24
202.142.108.0/23 maxlen: 23
202.142.109.0/24 maxlen: 24
202.142.111.0/24 maxlen: 24
202.142.116.0/24 maxlen: 24
202.142.117.0/24 maxlen: 24
202.142.121.0/24 maxlen: 24
202.142.122.0/24 maxlen: 24
203.81.240.0/24 maxlen: 24
203.81.241.0/24 maxlen: 24
203.81.242.0/24 maxlen: 24
203.81.243.0/24 maxlen: 24
2402:ea80::/32 maxlen: 32
2402:ea80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 07 Jun 2025 16:30:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6161 (0x1811)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91743EF, serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Validity
Not Before: May 30 16:47:57 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=6839e13c-c414
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:4d:40:2c:39:df:b3:5b:18:d1:56:9f:39:ec:
c2:0a:e2:26:91:5a:b3:06:ba:25:3f:45:ad:e8:bc:
49:88:15:f5:cb:00:a3:3a:ed:6c:8f:fa:a8:d1:6b:
d1:59:eb:e1:ee:b0:92:ba:ed:ea:71:c8:40:63:dd:
04:1a:59:a9:73:f4:08:d8:06:04:ae:4b:57:e5:de:
d9:92:f7:2d:f5:78:58:a2:4a:7a:32:d4:a1:69:4e:
10:c0:05:fa:69:23:7f:39:5b:21:f6:e2:28:fa:80:
e4:0c:25:e3:0c:96:f0:21:ca:ad:ea:74:01:07:67:
17:4e:e3:36:e2:93:3b:d5:25:40:15:89:16:30:cd:
18:7a:30:cb:47:70:49:56:51:96:12:b9:8e:35:41:
e7:f1:2d:ad:89:5d:a5:2e:94:d5:be:2a:83:ab:f7:
11:44:6d:63:43:1d:8b:3c:f2:a4:39:6f:b3:51:a7:
c7:05:11:88:19:91:9d:7d:17:0c:ab:85:6f:d1:e3:
27:41:68:b2:cb:b7:da:4e:37:f9:9c:30:3d:30:88:
fa:3d:0b:e9:0b:53:20:10:80:bd:e7:b9:c7:8d:3e:
c1:77:e3:e4:13:a7:61:d4:58:ac:58:27:5b:0a:9a:
5b:16:cd:cd:cc:5a:54:97:44:49:d3:d1:f5:44:5e:
50:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:44:D9:DB:5A:88:97:DC:E6:6B:BE:BD:4D:7F:39:F0:6D:C6:FA:72
X509v3 Authority Key Identifier:
keyid:D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.199.224.0/22
150.107.8.0/23
202.142.80.0/24
202.142.82.0/24
202.142.84.0/24
202.142.88.0/24
202.142.94.0/24
202.142.108.0/23
202.142.111.0/24
202.142.116.0/23
202.142.121.0-202.142.122.255
203.81.240.0/22
IPv6:
2402:ea80::/32
Signature Algorithm: sha256WithRSAEncryption
72:9e:73:d8:fd:4b:e3:66:40:d6:0e:6e:8b:d6:df:eb:0a:ec:
3c:01:a3:2c:13:7d:ca:fd:18:92:a1:d3:c5:fc:ea:f6:ab:07:
a4:e7:fb:63:6e:70:a8:d2:c4:0e:52:79:06:15:32:c6:8f:00:
ae:5c:a6:0b:b8:71:eb:2a:f5:46:cb:fa:a7:47:db:4d:c9:be:
a7:e1:c9:58:a8:5a:ce:82:3a:a1:01:49:9e:1b:00:e9:dc:f4:
02:bd:25:ae:fe:54:2c:2b:0c:50:90:d1:28:3a:fe:68:f9:0d:
7b:6e:14:e7:78:20:46:76:15:ba:98:7d:ad:cd:fe:01:f7:28:
6a:19:c8:86:b4:2a:e8:ce:20:41:7f:35:cd:2d:e8:1d:24:c5:
e8:95:1c:7a:17:35:60:cc:77:cc:83:2f:32:1c:c4:f1:e1:77:
1e:71:78:a9:41:76:bb:04:cf:7e:4a:8b:b7:f3:b3:94:6d:66:
9c:a7:16:af:c0:3f:58:00:f7:4c:c8:1c:f1:9f:ec:56:0a:a2:
e5:3e:67:12:f6:f7:1d:92:20:84:4b:2b:87:9c:7a:ff:f5:6a:
ba:ac:23:47:7d:01:f6:3f:b8:a4:d1:18:67:35:c6:77:2c:37:
ed:61:5e:03:b1:e8:74:79:8b:13:bf:0f:31:ec:d1:5c:fd:7e:
bf:53:37:75
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgICGBEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzQzRUYxMTAvBgNVBAUTKEQxRDY1QzhBNDMyNEUyODdGNkVBOTE1QjM5RjVEMzYw
MkQxRTM3QTYwHhcNMjUwNTMwMTY0NzU3WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODM5ZTEzYy1jNDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3U1ALDnfs1sY0VafOezCCuImkVqzBrolP0Wt6LxJiBX1ywCjOu1sj/qo0WvR
Wevh7rCSuu3qcchAY90EGlmpc/QI2AYErktX5d7Zkvct9XhYokp6MtShaU4QwAX6
aSN/OVsh9uIo+oDkDCXjDJbwIcqt6nQBB2cXTuM24pM71SVAFYkWMM0YejDLR3BJ
VlGWErmONUHn8S2tiV2lLpTVviqDq/cRRG1jQx2LPPKkOW+zUafHBRGIGZGdfRcM
q4Vv0eMnQWiyy7faTjf5nDA9MIj6PQvpC1MgEIC957nHjT7Bd+PkE6dh1FisWCdb
CppbFs3NzFpUl0RJ09H1RF5QjwIDAQABo4IC7jCCAuowHQYDVR0OBBYEFH5E2dta
iJfc5mu+vU1/OfBtxvpyMB8GA1UdIwQYMBaAFNHWXIpDJOKH9uqRWzn102AtHjem
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NDNFRi9FNkFCQjAxMEJB
NDAxMUU3QTA4RDI2NkZDNEY5QUUwMi8wZFpjaWtNazRvZjI2cEZiT2ZYVFlDMGVO
NlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBkWmNpa01rNG9mMjZwRmJPZlhUWUMwZU42WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzQzRUYvRTZBQkIwMTBCQTQwMTFFN0EwOEQyNjZGQzRGOUFFMDIvOEIyRUU5NjY3
QTA5MTFFRTkzNEYxMjYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwweAYIKwYBBQUHAQcBAf8E
aTBnMFYEAgABMFADBAJnx+ADBAGWawgDBADKjlADBADKjlIDBADKjlQDBADKjlgD
BADKjl4DBAHKjmwDBADKjm8DBAHKjnQwDAMEAMqOeQMEAMqOegMEAstR8DANBAIA
AjAHAwUAJALqgDANBgkqhkiG9w0BAQsFAAOCAQEAcp5z2P1L42ZA1g5ui9bf6wrs
PAGjLBN9yv0YkqHTxfzq9qsHpOf7Y25wqNLEDlJ5BhUyxo8ArlymC7hx6yr1Rsv6
p0fbTcm+p+HJWKhazoI6oQFJnhsA6dz0Ar0lrv5ULCsMUJDRKDr+aPkNe24U53gg
RnYVuph9rc3+AfcoahnIhrQq6M4gQX81zS3oHSTF6JUcehc1YMx3zIMvMhzE8eF3
HnF4qUF2uwTPfkqLt/OzlG1mnKcWr8A/WAD3TMgc8Z/sVgqi5T5nEvb3HZIghEsr
h5x6//VquqwjR30B9j+4pNEYZzXGdyw37WFeA7HodHmLE78PMezRXP1+v1M3dQ==
-----END CERTIFICATE-----
Generated at Mon Jun 2 05:20:04 2025 by rpki-client