Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: ej1Z6/vJKdXFXCjwXb83ZJtZZrkbIfDZkFd1eoC4aOQ=
Subject key identifier: 1E:E9:A7:90:31:70:63:7C:A7:02:31:E6:C5:AF:D6:6D:DD:1C:92:77
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: F8
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Fri 16 May 2025 22:44:47 +0000
ROA not before: Fri 16 May 2025 22:44:47 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.97.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
2403:ad80:5000::/38 maxlen: 38
2403:ad80:8100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Jun 2025 05:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 248 (0xf8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777, serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: May 16 22:44:47 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=6827bfdf-9e5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:49:91:6f:42:db:90:62:ad:1a:85:15:0a:04:
93:d4:17:58:e9:ce:4b:ff:72:89:6b:36:db:49:2c:
d1:a6:d3:1c:88:cd:bf:08:33:5e:53:f9:17:7e:ee:
d6:bd:57:a2:e0:4d:aa:c2:07:a8:2a:66:fc:82:df:
19:89:43:85:37:b7:0f:bc:5e:74:40:32:57:f6:6a:
35:5c:54:2e:93:ca:30:08:27:57:49:05:c7:c1:3d:
c2:0f:bd:07:3d:ac:17:cd:d2:73:ea:52:b1:6c:d4:
2e:dd:8a:91:0d:fb:df:98:45:65:ac:24:98:00:30:
8f:70:69:ac:bd:3e:61:20:14:bd:50:33:7d:c9:e3:
b2:ee:71:64:cd:5d:8b:f6:78:02:5b:e6:d0:d6:be:
83:7d:07:93:ee:3f:cc:f1:ca:8a:b7:79:b4:f5:9c:
09:47:86:66:6d:c2:53:17:dd:fb:d4:d4:71:b2:ac:
f3:50:71:b6:53:85:8a:eb:60:50:63:df:ce:51:e6:
13:de:18:47:d5:4d:4d:60:f1:c2:e4:9b:b9:a3:41:
d2:f2:b7:8f:2f:8e:27:af:a7:ec:1d:d5:38:7b:77:
09:07:f0:06:db:ed:25:56:03:4b:af:da:f6:36:7c:
1f:14:b1:d7:ed:38:73:9f:c1:87:57:f0:28:9d:e6:
64:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:E9:A7:90:31:70:63:7C:A7:02:31:E6:C5:AF:D6:6D:DD:1C:92:77
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/23
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::-2403:ad80:53ff:ffff:ffff:ffff:ffff:ffff
2403:ad80:8100::/40
Signature Algorithm: sha256WithRSAEncryption
61:9b:00:66:92:d0:83:c8:00:91:d6:fa:4b:c1:49:52:31:dd:
da:28:88:7d:f6:64:d9:8c:79:21:9e:7b:8d:30:68:e0:49:eb:
f8:01:fd:3d:49:00:92:86:69:a4:b6:19:dd:fb:8b:16:98:94:
c6:39:65:0d:0d:c4:9d:9c:c8:3d:0e:1b:6d:cf:e7:e6:b0:73:
0d:53:ff:7f:57:3a:0b:54:9c:e4:0c:bb:04:a3:bc:dc:25:2a:
09:61:77:9e:63:f4:50:06:73:76:23:31:67:a2:b4:7d:97:b6:
3f:d9:4b:9e:58:d4:13:b8:1a:1a:b4:ae:26:28:7d:25:f1:c1:
90:3c:b3:e1:df:6f:f2:32:95:6e:38:ee:3e:af:62:d4:76:09:
5f:89:f7:21:52:c7:27:57:e0:e9:93:ad:4c:ae:ef:22:c9:02:
fc:d0:7a:20:b6:51:1f:d5:50:16:6b:88:81:81:30:42:9e:65:
3d:3f:e3:58:8a:08:38:d2:80:25:10:70:f5:f2:26:9a:e5:b3:
4d:75:23:44:67:e3:3e:d0:94:83:c6:64:2d:b1:0c:8e:08:89:
91:96:46:24:da:cd:29:c2:6e:7c:0d:55:0a:0a:15:0b:82:ab:
82:62:d9:7c:cb:0f:a5:35:a8:73:fb:05:56:96:6e:a3:0b:52:
42:48:55:d2
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICAPgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjUwNTE2MjI0NDQ3WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI3YmZkZi05ZTVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2UmRb0LbkGKtGoUVCgST1BdY6c5L/3KJazbbSSzRptMciM2/CDNeU/kXfu7W
vVei4E2qwgeoKmb8gt8ZiUOFN7cPvF50QDJX9mo1XFQuk8owCCdXSQXHwT3CD70H
PawXzdJz6lKxbNQu3YqRDfvfmEVlrCSYADCPcGmsvT5hIBS9UDN9yeOy7nFkzV2L
9ngCW+bQ1r6DfQeT7j/M8cqKt3m09ZwJR4ZmbcJTF9371NRxsqzzUHG2U4WK62BQ
Y9/OUeYT3hhH1U1NYPHC5Ju5o0HS8rePL44nr6fsHdU4e3cJB/AG2+0lVgNLr9r2
NnwfFLHX7Thzn8GHV/AoneZkhwIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFB7pp5Ax
cGN8pwIx5sWv1m3dHJJ3MB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMEoEAgABMEQDBAEteJwDBAAteJ8DBAItfaQDBABnONkDBABnONswDAME
AGfCKQMEAmfCKAMEAWfIYAMEAmfMrAMEAXqAYAMEAHqAYzBOBAIAAjBIAwcDJAOt
gABgAwcEJAOtgACAMBIDBwMkA62AAJgDBwMkA62AAKADBgIkA62APDAQAwYCJAOt
gEwDBgIkA62AUAMGACQDrYCBMA0GCSqGSIb3DQEBCwUAA4IBAQBhmwBmktCDyACR
1vpLwUlSMd3aKIh99mTZjHkhnnuNMGjgSev4Af09SQCShmmkthnd+4sWmJTGOWUN
DcSdnMg9Dhttz+fmsHMNU/9/VzoLVJzkDLsEo7zcJSoJYXeeY/RQBnN2IzFnorR9
l7Y/2UueWNQTuBoatK4mKH0l8cGQPLPh32/yMpVuOO4+r2LUdglfifchUscnV+Dp
k61Mru8iyQL80HogtlEf1VAWa4iBgTBCnmU9P+NYigg40oAlEHD18iaa5bNNdSNE
Z+M+0JSDxmQtsQyOCImRlkYk2s0pwm58DVUKChULgquCYtl8yw+lNahz+wVWlm6j
C1JCSFXS
-----END CERTIFICATE-----
Generated at Mon Jun 2 07:03:15 2025 by rpki-client