Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1FFFFA8608AB11F096EC666FC4F9AE02.roa
File: 1FFFFA8608AB11F096EC666FC4F9AE02.roa (raw, json)
Hash identifier: xV+TwB0nA02pLQINKJNZOM8IIMu5qdyRrNIAs462ndI=
Subject key identifier: 33:48:8E:94:F7:0F:86:C9:02:5B:32:B0:8B:F1:CC:B3:8A:ED:C9:53
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BC3C
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1FFFFA8608AB11F096EC666FC4F9AE02.roa
Signing time: Wed 28 May 2025 05:13:12 +0000
ROA not before: Wed 28 May 2025 05:13:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 133296
IP address blocks: 43.239.110.0/24 maxlen: 24
43.243.76.0/24 maxlen: 24
43.243.77.0/24 maxlen: 24
43.243.78.0/24 maxlen: 24
103.78.245.0/24 maxlen: 24
103.78.247.0/24 maxlen: 24
103.131.24.0/23 maxlen: 24
103.182.176.0/23 maxlen: 24
103.228.149.0/24 maxlen: 24
103.233.24.0/23 maxlen: 24
103.251.22.0/24 maxlen: 24
150.129.235.0/24 maxlen: 24
202.162.231.0/24 maxlen: 24
202.162.240.0/24 maxlen: 24
202.162.241.0/24 maxlen: 24
202.162.248.0/24 maxlen: 24
202.162.249.0/24 maxlen: 24
202.162.251.0/24 maxlen: 24
203.115.82.0/23 maxlen: 24
210.89.32.0/24 maxlen: 24
210.89.49.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 13 Jun 2025 15:19:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48188 (0xbc3c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 28 05:13:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68369b68-bf34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:0b:10:9a:92:f8:3c:bb:63:98:d6:c7:6c:c8:
43:43:74:a0:15:d3:d5:43:f1:50:42:a2:49:a5:a3:
f0:8d:b2:43:eb:a5:d8:64:e6:d0:ee:25:2f:78:57:
81:5f:73:88:b9:19:73:5c:cf:bc:40:f2:6f:0b:e6:
2c:fe:2b:69:1d:e4:94:78:2a:99:8d:2c:da:45:5d:
05:f3:6a:07:49:65:db:ac:3c:2c:5a:d1:ca:aa:db:
92:07:7d:d0:62:c7:3a:3b:f4:7e:5e:d6:c1:d3:55:
9b:9a:42:ce:10:12:59:fa:fa:01:75:0e:fe:59:03:
f2:62:74:b1:85:11:eb:d9:f8:fa:77:cb:be:82:b1:
db:55:e1:28:d5:64:63:16:04:d0:17:ba:96:7b:9c:
d2:96:ff:c5:15:a9:54:aa:55:b5:55:13:e5:85:48:
02:68:c2:8a:5e:11:d9:ea:48:6b:a7:93:be:05:68:
fe:76:d1:5b:81:22:f5:35:4f:f3:7a:c0:f0:13:91:
ee:f8:6a:c1:71:0a:ef:f8:c0:63:84:88:13:d5:5d:
b0:b8:a4:32:fa:9b:fe:96:ed:ca:5f:20:4d:65:0a:
4c:d2:2a:c2:44:b2:bb:eb:f3:19:5e:a8:1c:7c:e3:
4e:66:cb:6d:1b:74:35:b6:b4:39:b2:42:3f:64:fa:
19:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:48:8E:94:F7:0F:86:C9:02:5B:32:B0:8B:F1:CC:B3:8A:ED:C9:53
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1FFFFA8608AB11F096EC666FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.110.0/24
43.243.76.0-43.243.78.255
103.78.245.0/24
103.78.247.0/24
103.131.24.0/23
103.182.176.0/23
103.228.149.0/24
103.233.24.0/23
103.251.22.0/24
150.129.235.0/24
202.162.231.0/24
202.162.240.0/23
202.162.248.0/23
202.162.251.0/24
203.115.82.0/23
210.89.32.0/24
210.89.49.0/24
Signature Algorithm: sha256WithRSAEncryption
a8:d4:3b:05:99:64:fd:86:7e:49:3f:8b:af:fd:86:b3:15:9c:
38:92:9a:c9:19:00:6c:1f:94:cd:94:6e:26:0c:85:78:c9:b7:
46:f7:1b:ed:b2:fd:52:c6:43:d4:74:2d:2c:6c:95:cf:38:f7:
bf:9e:43:ba:19:cd:af:84:c9:7e:42:27:6b:8c:23:29:77:f4:
9c:e6:5a:11:30:80:01:b7:8f:08:50:14:65:2a:78:06:1e:ea:
bd:4e:b9:5a:5b:c1:4d:5b:02:c6:2e:8c:99:a3:33:d5:3a:16:
f6:6a:85:8f:3d:5b:a1:32:bb:55:e8:f9:a9:9a:4e:e2:f8:36:
13:95:2d:e4:64:3c:ec:70:08:3a:0f:7e:88:0d:f7:88:e7:ca:
05:af:f2:48:33:8e:6f:98:7a:46:e9:17:26:b2:4d:91:1b:88:
c2:9f:77:99:b0:5c:dd:05:71:7c:c2:84:9c:89:4d:1a:fb:a2:
b6:77:a7:9d:01:af:ad:ef:38:b0:8b:2a:d0:fa:71:1d:1e:2a:
91:5c:b5:5c:01:10:d9:0b:b7:ff:53:03:89:bb:f0:89:ff:f4:
be:fb:fa:a6:fe:bc:a9:1e:0c:17:a8:71:a5:aa:bc:b4:ac:65:
52:aa:18:62:00:80:b5:fc:25:1f:71:10:cb:b8:c6:db:8d:48:
1f:a7:11:04
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgIDALw8MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUyODA1MTMxMloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgzNjliNjgtYmYzNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJoLEJqS+Dy7Y5jWx2zIQ0N0oBXT1UPxUEKiSaWj8I2yQ+ul2GTm0O4lL3hX
gV9ziLkZc1zPvEDybwvmLP4raR3klHgqmY0s2kVdBfNqB0ll26w8LFrRyqrbkgd9
0GLHOjv0fl7WwdNVm5pCzhASWfr6AXUO/lkD8mJ0sYUR69n4+nfLvoKx21XhKNVk
YxYE0Be6lnuc0pb/xRWpVKpVtVUT5YVIAmjCil4R2epIa6eTvgVo/nbRW4Ei9TVP
83rA8BOR7vhqwXEK7/jAY4SIE9VdsLikMvqb/pbtyl8gTWUKTNIqwkSyu+vzGV6o
HHzjTmbLbRt0Nba0ObJCP2T6GQsCAwEAAaOCAv4wggL6MB0GA1UdDgQWBBQzSI6U
9w+GyQJbMrCL8cyziu3JUzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzFGRkZGQTg2
MDhBQjExRjA5NkVDNjY2RkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGHBggrBgEFBQcBBwEB
/wR4MHYwdAQCAAEwbgMEACvvbjAMAwQCK/NMAwQAK/NOAwQAZ071AwQAZ073AwQB
Z4MYAwQBZ7awAwQAZ+SVAwQBZ+kYAwQAZ/sWAwQAloHrAwQAyqLnAwQByqLwAwQB
yqL4AwQAyqL7AwQBy3NSAwQA0lkgAwQA0lkxMA0GCSqGSIb3DQEBCwUAA4IBAQCo
1DsFmWT9hn5JP4uv/YazFZw4kprJGQBsH5TNlG4mDIV4ybdG9xvtsv1SxkPUdC0s
bJXPOPe/nkO6Gc2vhMl+QidrjCMpd/Sc5loRMIABt48IUBRlKngGHuq9TrlaW8FN
WwLGLoyZozPVOhb2aoWPPVuhMrtV6Pmpmk7i+DYTlS3kZDzscAg6D36IDfeI58oF
r/JIM45vmHpG6Rcmsk2RG4jCn3eZsFzdBXF8woSciU0a+6K2d6edAa+t7ziwiyrQ
+nEdHiqRXLVcARDZC7f/UwOJu/CJ//S++/qm/rypHgwXqHGlqry0rGVSqhhiAIC1
/CUfcRDLuMbbjUgfpxEE
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:55:40 2025 by rpki-client