Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/A4A3FAEAEDE811EFA5767A5DC4F9AE02.roa
File: A4A3FAEAEDE811EFA5767A5DC4F9AE02.roa (raw, json)
Hash identifier: yaZGjriYPeeUPnK6Lq62N5nqIchaZHkJFavQQjz/rGg=
Subject key identifier: DC:AF:5F:F5:98:AE:AD:5E:C5:23:C8:BA:34:1D:3D:43:B1:5E:67:0F
Certificate issuer: /CN=A91955C8/serialNumber=C6673D3648F43F4674F5F5EBFCBFA31BB964F64B
Certificate serial: 306A
Authority key identifier: C6:67:3D:36:48:F4:3F:46:74:F5:F5:EB:FC:BF:A3:1B:B9:64:F6:4B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/A4A3FAEAEDE811EFA5767A5DC4F9AE02.roa
Signing time: Tue 18 Feb 2025 11:09:42 +0000
ROA not before: Tue 18 Feb 2025 11:09:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6421
IP address blocks: 43.241.40.0/24 maxlen: 24
103.16.252.0/23 maxlen: 23
103.16.254.0/23 maxlen: 23
116.0.66.0/24 maxlen: 24
180.87.13.0/24 maxlen: 24
180.87.27.0/24 maxlen: 24
180.87.29.0/24 maxlen: 24
180.87.68.0/24 maxlen: 24
180.87.76.0/24 maxlen: 24
180.87.91.0/24 maxlen: 24
180.87.92.0/24 maxlen: 24
180.87.115.0/24 maxlen: 24
180.87.117.0/24 maxlen: 24
180.87.119.0/24 maxlen: 24
180.87.120.0/24 maxlen: 24
180.87.121.0/24 maxlen: 24
180.87.122.0/24 maxlen: 24
180.87.124.0/24 maxlen: 24
180.87.126.0/24 maxlen: 24
180.87.127.0/24 maxlen: 24
180.87.129.0/24 maxlen: 24
180.87.138.0/24 maxlen: 24
180.87.139.0/24 maxlen: 24
180.87.140.0/24 maxlen: 24
180.87.141.0/24 maxlen: 24
180.87.152.0/24 maxlen: 24
180.87.153.0/24 maxlen: 24
180.87.182.0/24 maxlen: 24
180.87.190.0/24 maxlen: 24
180.87.191.0/24 maxlen: 24
202.183.64.0/24 maxlen: 24
202.183.65.0/24 maxlen: 24
202.183.66.0/24 maxlen: 24
202.183.69.0/24 maxlen: 24
202.183.70.0/24 maxlen: 24
202.183.72.0/24 maxlen: 24
202.183.73.0/24 maxlen: 24
202.183.74.0/24 maxlen: 24
202.183.75.0/24 maxlen: 24
202.183.76.0/24 maxlen: 24
202.183.77.0/24 maxlen: 24
202.183.79.0/24 maxlen: 24
2405:2001::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.crl
rsync://rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 23 Apr 2025 15:29:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12394 (0x306a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91955C8, serialNumber=C6673D3648F43F4674F5F5EBFCBFA31BB964F64B
Validity
Not Before: Feb 18 11:09:41 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67b46a75-9ce8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:14:cb:2a:e3:20:31:0f:6c:9e:a5:1e:08:94:
5a:a6:61:02:4c:1d:15:dc:76:75:60:ef:77:60:a1:
c7:c5:3d:7d:96:3f:45:70:c9:f3:37:ad:20:74:50:
55:6e:0e:fa:cc:5a:85:5c:78:a8:eb:8b:11:13:a7:
25:38:81:d4:2e:b5:ad:c3:e9:65:ff:58:bf:9b:e9:
1d:76:05:6b:03:6d:de:da:da:24:6e:df:82:6a:4b:
63:f7:4b:a3:65:3b:51:fc:ef:61:cc:44:eb:f1:9c:
1c:b5:ef:81:cf:42:b8:16:6d:56:4f:65:d3:30:46:
55:d5:f5:44:c3:20:5e:79:32:ef:e8:08:06:87:8f:
29:82:1b:db:ee:80:25:ff:b8:31:41:cd:04:9e:3d:
c0:d8:e0:b8:25:99:8c:93:0e:42:bc:4e:8b:a8:6e:
8d:2d:34:65:dc:67:89:a2:bd:f2:4a:77:1b:fa:00:
d7:cd:a4:0b:fc:40:76:75:72:12:a9:a4:36:56:38:
4c:49:a4:e9:90:de:e5:30:53:7b:75:49:9e:af:4c:
e6:2a:9f:fe:ac:ba:0b:f4:cc:ec:26:7a:99:c1:10:
0c:01:65:b1:67:ed:7b:43:ea:9d:f4:08:11:2e:d7:
0d:76:91:09:8e:6e:88:83:90:dc:d3:3e:56:89:61:
1b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:AF:5F:F5:98:AE:AD:5E:C5:23:C8:BA:34:1D:3D:43:B1:5E:67:0F
X509v3 Authority Key Identifier:
keyid:C6:67:3D:36:48:F4:3F:46:74:F5:F5:EB:FC:BF:A3:1B:B9:64:F6:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xmc9Nkj0P0Z09fXr_L-jG7lk9ks.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91955C8/9CD3E8F6FF5811E2BB4B2E3F5911EA32/A4A3FAEAEDE811EFA5767A5DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.241.40.0/24
103.16.252.0/22
116.0.66.0/24
180.87.13.0/24
180.87.27.0/24
180.87.29.0/24
180.87.68.0/24
180.87.76.0/24
180.87.91.0-180.87.92.255
180.87.115.0/24
180.87.117.0/24
180.87.119.0-180.87.122.255
180.87.124.0/24
180.87.126.0/23
180.87.129.0/24
180.87.138.0-180.87.141.255
180.87.152.0/23
180.87.182.0/24
180.87.190.0/23
202.183.64.0-202.183.66.255
202.183.69.0-202.183.70.255
202.183.72.0-202.183.77.255
202.183.79.0/24
IPv6:
2405:2001::/48
Signature Algorithm: sha256WithRSAEncryption
78:7b:ac:d3:09:c1:63:db:a9:42:b7:37:9b:f5:e1:70:6c:33:
af:70:ed:a4:df:88:da:c8:2f:df:13:e6:4b:9d:53:36:c5:1b:
51:dd:c9:d8:5a:a9:2a:ad:03:91:d9:ea:b7:48:17:d2:c6:cf:
60:7c:c3:79:66:5b:b6:6b:58:76:51:32:a1:00:31:2e:07:84:
f7:c5:3d:ba:69:aa:88:f5:2f:5d:da:cf:07:8a:85:06:63:ff:
a5:67:1c:36:6d:69:df:a7:60:7e:e2:32:1c:1d:ca:e5:89:12:
af:5f:3e:41:7f:16:98:95:2f:f0:f3:a1:67:5e:f2:b0:cd:ac:
ec:cd:38:e6:49:9f:6d:2a:79:d8:5b:78:ac:19:58:df:d9:ee:
7c:bc:41:ce:41:60:5e:c9:6e:75:97:8d:c8:b4:e9:06:6b:fc:
3c:d1:55:0d:1d:83:99:50:21:17:7f:2a:53:35:bf:4a:d8:c4:
4a:1b:f6:b8:67:e1:91:de:05:29:02:cb:c3:60:53:70:31:12:
ed:e4:f6:8c:00:de:6e:2b:43:82:51:99:3f:69:af:16:d7:b9:
8f:d5:4c:2a:ab:bb:39:52:30:19:6a:65:7f:b5:6f:74:b2:a1:
8a:d2:8d:ec:67:ac:83:ca:af:c0:53:02:93:e7:30:f3:4e:72:
9e:79:58:52
-----BEGIN CERTIFICATE-----
MIIGOzCCBSOgAwIBAgICMGowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTU1QzgxMTAvBgNVBAUTKEM2NjczRDM2NDhGNDNGNDY3NEY1RjVFQkZDQkZBMzFC
Qjk2NEY2NEIwHhcNMjUwMjE4MTEwOTQxWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2I0NmE3NS05Y2U4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAshTLKuMgMQ9snqUeCJRapmECTB0V3HZ1YO93YKHHxT19lj9FcMnzN60gdFBV
bg76zFqFXHio64sRE6clOIHULrWtw+ll/1i/m+kddgVrA23e2tokbt+Caktj90uj
ZTtR/O9hzETr8Zwcte+Bz0K4Fm1WT2XTMEZV1fVEwyBeeTLv6AgGh48pghvb7oAl
/7gxQc0Enj3A2OC4JZmMkw5CvE6LqG6NLTRl3GeJor3ySncb+gDXzaQL/EB2dXIS
qaQ2VjhMSaTpkN7lMFN7dUmer0zmKp/+rLoL9MzsJnqZwRAMAWWxZ+17Q+qd9AgR
LtcNdpEJjm6Ig5Dc0z5WiWEb1QIDAQABo4IDXzCCA1swHQYDVR0OBBYEFNyvX/WY
rq1exSPIujQdPUOxXmcPMB8GA1UdIwQYMBaAFMZnPTZI9D9GdPX16/y/oxu5ZPZL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NTVDOC85Q0QzRThGNkZG
NTgxMUUyQkI0QjJFM0Y1OTExRUEzMi94bWM5TmtqMFAwWjA5ZlhyX0wtakc3bGs5
a3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3htYzlOa2owUDBaMDlmWHJfTC1qRzdsazlrcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTU1QzgvOUNEM0U4RjZGRjU4MTFFMkJCNEIyRTNGNTkxMUVBMzIvQTRBM0ZBRUFF
REU4MTFFRkE1NzY3QTVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgegGCCsGAQUFBwEHAQH/
BIHYMIHVMIHBBAIAATCBugMEACvxKAMEAmcQ/AMEAHQAQgMEALRXDQMEALRXGwME
ALRXHQMEALRXRAMEALRXTDAMAwQAtFdbAwQAtFdcAwQAtFdzAwQAtFd1MAwDBAC0
V3cDBAC0V3oDBAC0V3wDBAG0V34DBAC0V4EwDAMEAbRXigMEAbRXjAMEAbRXmAME
ALRXtgMEAbRXvjAMAwQGyrdAAwQAyrdCMAwDBADKt0UDBADKt0YwDAMEA8q3SAME
Acq3TAMEAMq3TzAPBAIAAjAJAwcAJAUgAQAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4
e6zTCcFj26lCtzeb9eFwbDOvcO2k34jayC/fE+ZLnVM2xRtR3cnYWqkqrQOR2eq3
SBfSxs9gfMN5Zlu2a1h2UTKhADEuB4T3xT26aaqI9S9d2s8HioUGY/+lZxw2bWnf
p2B+4jIcHcrliRKvXz5BfxaYlS/w86FnXvKwzazszTjmSZ9tKnnYW3isGVjf2e58
vEHOQWBeyW51l43ItOkGa/w80VUNHYOZUCEXfypTNb9K2MRKG/a4Z+GR3gUpAsvD
YFNwMRLt5PaMAN5uK0OCUZk/aa8W17mP1Uwqq7s5UjAZamV/tW90sqGK0o3sZ6yD
yq/AUwKT5zDzTnKeeVhS
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:30:46 2025 by rpki-client