Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/43BD42D8C6FA11EEB1BFF11FC4F9AE02.roa
File: 43BD42D8C6FA11EEB1BFF11FC4F9AE02.roa (raw, json)
Hash identifier: +Z1Ldyuz4HB0yeC9kiN8GX7/0TnuMGaHDVLqOr783Qw=
Subject key identifier: 12:67:29:4D:80:52:A1:80:58:29:EE:AB:50:40:9C:4A:48:1A:7E:EC
Certificate issuer: /CN=A91A4B9D/serialNumber=EF68BDBC072CAB455B6DA3160EDF8FB6C488DD15
Certificate serial: 33F9
Authority key identifier: EF:68:BD:BC:07:2C:AB:45:5B:6D:A3:16:0E:DF:8F:B6:C4:88:DD:15
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72i9vAcsq0VbbaMWDt-PtsSI3RU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/43BD42D8C6FA11EEB1BFF11FC4F9AE02.roa
Signing time: Thu 20 Jun 2024 15:20:57 +0000
ROA not before: Thu 20 Jun 2024 15:20:57 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 133159
IP address blocks: 45.124.52.0/22 maxlen: 22
103.1.184.0/22 maxlen: 22
103.16.128.0/22 maxlen: 22
103.17.56.0/24 maxlen: 24
103.17.57.0/24 maxlen: 24
103.100.36.0/22 maxlen: 23
110.232.112.0/22 maxlen: 22
112.213.32.0/21 maxlen: 21
119.42.52.0/23 maxlen: 23
119.42.54.0/23 maxlen: 23
150.107.72.0/22 maxlen: 22
150.107.75.0/24 maxlen: 24
175.45.180.0/22 maxlen: 23
175.45.182.0/23 maxlen: 24
203.18.30.0/24 maxlen: 24
203.29.240.0/22 maxlen: 22
203.57.50.0/23 maxlen: 23
203.57.114.0/23 maxlen: 23
2404:9400::/48 maxlen: 48
2404:9400:1::/48 maxlen: 48
2404:9400:2::/48 maxlen: 48
2404:9400:3::/48 maxlen: 48
2404:9400:4::/48 maxlen: 48
2404:9400:5::/48 maxlen: 48
2404:9400:e::/48 maxlen: 48
2404:9400:f::/48 maxlen: 48
2404:9400:1000::/36 maxlen: 36
2404:9400:2000::/36 maxlen: 36
2404:9400:3000::/36 maxlen: 36
2404:9400:4000::/36 maxlen: 36
2404:9400:5000::/36 maxlen: 36
2404:9400:e000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/72i9vAcsq0VbbaMWDt-PtsSI3RU.crl
rsync://rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/72i9vAcsq0VbbaMWDt-PtsSI3RU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72i9vAcsq0VbbaMWDt-PtsSI3RU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 19 Mar 2025 14:59:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13305 (0x33f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4B9D
Validity
Not Before: Jun 20 15:20:57 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=667448d8-9504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:12:bc:b0:62:9b:d6:6c:32:66:6c:8c:3b:b1:
22:5e:47:00:13:f5:db:29:5b:87:43:de:30:cb:54:
b1:c4:01:fe:a0:28:78:3e:25:00:6f:c2:52:2b:14:
04:b7:89:6d:d7:b1:b4:d3:dc:b7:9c:f0:52:a9:00:
52:48:32:6e:76:5f:11:c1:d8:48:9c:dc:b2:99:11:
9c:53:29:aa:fa:c2:cd:cc:04:71:95:b4:4c:72:6f:
66:3a:47:c6:68:a4:84:12:73:8b:b3:69:9e:a9:96:
58:97:15:a5:90:86:ab:8f:bc:d5:92:56:35:c3:b9:
8e:f5:3b:73:33:09:cb:aa:26:15:27:16:85:d1:78:
78:2e:99:76:96:1e:b4:ff:19:5a:4a:4f:a6:85:74:
f3:db:b3:f0:bd:a4:9b:19:82:d2:19:b7:5e:fd:ca:
44:e1:f9:28:a8:2c:2b:fe:d0:e4:17:f7:7f:04:b1:
00:d2:01:9b:5d:51:41:18:49:9a:96:66:f1:cb:2a:
c8:b6:d9:ad:2c:20:76:72:43:d5:e5:66:bb:10:d6:
81:30:e6:fa:3f:9a:7a:ad:98:1f:a9:fd:cc:40:47:
8b:2b:70:ab:98:4e:a5:4e:f1:a6:c7:94:9d:38:49:
ce:38:29:e8:4e:76:60:ed:3b:5f:5d:f9:6c:2b:08:
2f:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:67:29:4D:80:52:A1:80:58:29:EE:AB:50:40:9C:4A:48:1A:7E:EC
X509v3 Authority Key Identifier:
keyid:EF:68:BD:BC:07:2C:AB:45:5B:6D:A3:16:0E:DF:8F:B6:C4:88:DD:15
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/72i9vAcsq0VbbaMWDt-PtsSI3RU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72i9vAcsq0VbbaMWDt-PtsSI3RU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4B9D/95AD03881D9E11E2880E868E08B02CD2/43BD42D8C6FA11EEB1BFF11FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.124.52.0/22
103.1.184.0/22
103.16.128.0/22
103.17.56.0/23
103.100.36.0/22
110.232.112.0/22
112.213.32.0/21
119.42.52.0/22
150.107.72.0/22
175.45.180.0/22
203.18.30.0/24
203.29.240.0/22
203.57.50.0/23
203.57.114.0/23
IPv6:
2404:9400::-2404:9400:5:ffff:ffff:ffff:ffff:ffff
2404:9400:e::/47
2404:9400:1000::-2404:9400:5fff:ffff:ffff:ffff:ffff:ffff
2404:9400:e000::/36
Signature Algorithm: sha256WithRSAEncryption
06:73:12:ac:fe:d8:2c:56:b0:90:53:0d:d2:d4:de:f7:2b:d4:
7b:79:0a:27:d3:05:29:c4:a5:6b:5a:ae:0d:c8:a9:0b:00:76:
9b:58:d9:58:02:9a:f8:64:32:e5:91:09:d0:20:c4:53:c5:0b:
19:c3:60:90:b5:71:9a:2d:91:fa:4d:c5:ab:e4:cb:f7:93:05:
0f:d5:8c:6c:86:e8:69:1b:c8:59:06:c9:7f:f7:ed:ab:63:36:
51:b4:64:6d:23:7d:31:dd:a9:64:20:6c:c7:74:f1:ea:9e:7e:
2c:70:48:00:24:37:0c:9b:20:6b:e4:7a:d6:d7:c0:90:8c:cd:
7b:4e:c1:0d:5f:23:8e:84:57:d8:49:30:f6:31:f3:b2:32:b0:
05:c9:35:db:72:c2:26:44:8c:bd:12:14:8b:b2:75:ab:f6:71:
df:cf:44:c8:08:bb:77:42:c1:40:9e:d0:aa:73:5b:67:4f:2d:
03:5e:a3:ce:d9:32:e2:c0:31:33:5b:6b:85:87:d2:20:9d:e1:
27:b5:a0:28:b3:79:e5:84:45:6c:eb:35:4a:31:d4:78:56:51:
80:cb:15:d3:34:9f:c9:b0:b3:1b:02:c9:98:60:38:e1:ab:c8:
b3:96:e5:23:b9:86:6b:b9:19:f4:d2:f4:b6:74:eb:ea:c6:65:
75:61:69:30
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgICM/kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTRCOUQxMTAvBgNVBAUTKEVGNjhCREJDMDcyQ0FCNDU1QjZEQTMxNjBFREY4RkI2
QzQ4OEREMTUwHhcNMjQwNjIwMTUyMDU3WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njc0NDhkOC05NTA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtxK8sGKb1mwyZmyMO7EiXkcAE/XbKVuHQ94wy1SxxAH+oCh4PiUAb8JSKxQE
t4lt17G009y3nPBSqQBSSDJudl8RwdhInNyymRGcUymq+sLNzARxlbRMcm9mOkfG
aKSEEnOLs2meqZZYlxWlkIarj7zVklY1w7mO9TtzMwnLqiYVJxaF0Xh4Lpl2lh60
/xlaSk+mhXTz27PwvaSbGYLSGbde/cpE4fkoqCwr/tDkF/d/BLEA0gGbXVFBGEma
lmbxyyrIttmtLCB2ckPV5Wa7ENaBMOb6P5p6rZgfqf3MQEeLK3CrmE6lTvGmx5Sd
OEnOOCnoTnZg7TtfXflsKwgvoQIDAQABo4IDIjCCAx4wHQYDVR0OBBYEFBJnKU2A
UqGAWCnuq1BAnEpIGn7sMB8GA1UdIwQYMBaAFO9ovbwHLKtFW22jFg7fj7bEiN0V
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNEI5RC85NUFEMDM4ODFE
OUUxMUUyODgwRTg2OEUwOEIwMkNEMi83Mmk5dkFjc3EwVmJiYU1XRHQtUHRzU0kz
UlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzcyaTl2QWNzcTBWYmJhTVdEdC1QdHNTSTNSVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTRCOUQvOTVBRDAzODgxRDlFMTFFMjg4MEU4NjhFMDhCMDJDRDIvNDNCRDQyRDhD
NkZBMTFFRUIxQkZGMTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgasGCCsGAQUFBwEHAQH/
BIGbMIGYMFoEAgABMFQDBAItfDQDBAJnAbgDBAJnEIADBAFnETgDBAJnZCQDBAJu
6HADBANw1SADBAJ3KjQDBAKWa0gDBAKvLbQDBADLEh4DBALLHfADBAHLOTIDBAHL
OXIwOgQCAAIwNDAPAwQCJASUAwcBJASUAAAEAwcBJASUAAAOMBADBgQkBJQAEAMG
BSQElABAAwYEJASUAOAwDQYJKoZIhvcNAQELBQADggEBAAZzEqz+2CxWsJBTDdLU
3vcr1Ht5CifTBSnEpWtarg3IqQsAdptY2VgCmvhkMuWRCdAgxFPFCxnDYJC1cZot
kfpNxavky/eTBQ/VjGyG6GkbyFkGyX/37atjNlG0ZG0jfTHdqWQgbMd08eqefixw
SAAkNwybIGvketbXwJCMzXtOwQ1fI46EV9hJMPYx87IysAXJNdtywiZEjL0SFIuy
dav2cd/PRMgIu3dCwUCe0KpzW2dPLQNeo87ZMuLAMTNba4WH0iCd4Se1oCizeeWE
RWzrNUox1HhWUYDLFdM0n8mwsxsCyZhgOOGryLOW5SO5hmu5GfTS9LZ06+rGZXVh
aTA=
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:49:25 2025 by rpki-client