Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
File: DD5934D2205011F0B603CD60C4F9AE02.roa (raw, json)
Hash identifier: +1Tcal/SkUcYi1Pkp8c7sDL6TxflgINtYeeLqonXN9Q=
Subject key identifier: 84:2B:E7:76:89:BB:0E:93:36:CC:52:E0:81:4A:75:EA:3C:77:32:90
Certificate issuer: /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial: 4AE5
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
Signing time: Tue 13 May 2025 10:36:04 +0000
ROA not before: Tue 13 May 2025 10:36:04 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 149147
IP address blocks: 103.37.60.0/23 maxlen: 24
103.78.4.0/23 maxlen: 23
103.166.176.0/23 maxlen: 23
103.168.36.0/23 maxlen: 23
103.186.24.0/23 maxlen: 23
103.213.8.0/23 maxlen: 23
103.213.12.0/23 maxlen: 23
103.213.216.0/23 maxlen: 23
103.248.230.0/23 maxlen: 23
113.192.18.0/23 maxlen: 23
163.227.116.0/23 maxlen: 23
2001:df4:cfc0::/48 maxlen: 48
2001:df5:6640::/48 maxlen: 48
2401:2160::/48 maxlen: 48
2401:3820::/48 maxlen: 48
2401:3e20::/48 maxlen: 48
2401:3e60::/48 maxlen: 48
2401:3ee0::/48 maxlen: 48
2401:5820::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Jun 2025 14:35:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19173 (0x4ae5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Validity
Not Before: May 13 10:36:04 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=68232094-0e3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4f:6d:03:2f:07:d0:10:2e:a3:8a:b4:9e:e2:
44:65:97:81:2f:02:84:bc:ce:d1:9d:81:96:2d:0f:
98:6e:f1:aa:5e:31:61:61:65:fd:4f:17:9b:45:af:
b2:e2:07:0f:40:74:3c:b4:79:db:dd:85:eb:89:8e:
6e:83:56:75:ef:82:03:cc:b7:84:da:fa:92:ec:6e:
87:fd:b0:f8:ae:b0:33:80:55:93:bc:8e:25:8b:78:
6b:bb:ee:09:56:40:97:4d:e6:2f:da:5d:28:1e:e1:
8c:2b:75:51:d1:3d:b1:b3:f4:99:56:6d:18:36:59:
3c:35:2d:ad:c4:9a:4e:76:22:99:6c:03:65:48:13:
c8:3c:67:f4:1f:4f:3c:b5:42:b8:e4:35:0d:1d:ed:
87:e4:b2:c7:e0:7f:9d:f1:a7:00:09:54:f7:bd:4f:
d8:d5:95:11:7c:7c:d1:ed:6e:37:ed:74:e4:b5:dd:
76:bb:c9:6b:b0:ee:81:68:15:43:bf:65:2b:26:bf:
93:31:73:ad:d1:89:5e:70:9c:28:e5:a0:51:4a:c8:
1c:13:3f:3b:06:e7:46:0d:3e:3e:6c:75:6b:73:89:
92:ed:c1:62:ed:f2:00:b7:92:4d:30:0f:cf:c4:44:
de:de:da:09:9d:1d:31:38:7a:fc:89:96:57:92:b9:
5f:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:2B:E7:76:89:BB:0E:93:36:CC:52:E0:81:4A:75:EA:3C:77:32:90
X509v3 Authority Key Identifier:
keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/DD5934D2205011F0B603CD60C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.37.60.0/23
103.78.4.0/23
103.166.176.0/23
103.168.36.0/23
103.186.24.0/23
103.213.8.0/23
103.213.12.0/23
103.213.216.0/23
103.248.230.0/23
113.192.18.0/23
163.227.116.0/23
IPv6:
2001:df4:cfc0::/48
2001:df5:6640::/48
2401:2160::/48
2401:3820::/48
2401:3e20::/48
2401:3e60::/48
2401:3ee0::/48
2401:5820::/48
Signature Algorithm: sha256WithRSAEncryption
91:ae:46:05:2b:3e:a8:21:20:4e:d9:23:a4:67:74:96:67:7d:
2a:77:e0:a3:14:ae:ad:6c:2e:d5:8a:4f:90:65:00:d9:5b:0b:
f7:94:71:be:dc:c1:a9:81:80:0b:40:eb:06:58:e3:fc:1b:51:
a1:8a:c1:15:1e:0c:fb:88:f2:48:c5:c4:3b:83:09:02:49:20:
19:e0:59:34:6c:60:c0:fe:d7:9a:c3:a6:5c:1c:ca:18:9d:d3:
9f:06:37:51:9d:e2:07:62:6b:4b:90:31:ff:1d:d6:db:53:8a:
e6:29:03:26:0a:e5:82:e3:82:c7:ae:1c:9b:f6:d2:2e:19:e8:
ea:3d:f1:6f:d1:fd:b5:24:ca:81:d9:ae:25:49:b4:6e:9f:4d:
c4:c0:01:9b:51:cd:ea:94:b3:cd:d2:22:e5:74:49:83:f7:55:
d8:8e:52:d8:3a:89:0d:57:b0:bb:ef:ca:58:83:91:f9:91:44:
f1:2b:9c:5b:fe:ee:5b:e5:73:55:a4:ac:4c:db:c5:c6:d6:e6:
b2:cb:d3:95:7c:8f:7b:1c:5c:65:c8:d6:47:51:77:a8:c7:36:
34:f0:82:a9:4a:71:01:f8:f0:80:9e:5b:b2:78:14:13:d0:64:
db:0d:27:0e:6d:36:81:42:03:dd:2f:cd:c7:50:2e:03:f9:2e:
d1:c3:d4:d4
-----BEGIN CERTIFICATE-----
MIIGADCCBOigAwIBAgICSuUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwNTEzMTAzNjA0WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODIzMjA5NC0wZTNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxE9tAy8H0BAuo4q0nuJEZZeBLwKEvM7RnYGWLQ+YbvGqXjFhYWX9TxebRa+y
4gcPQHQ8tHnb3YXriY5ug1Z174IDzLeE2vqS7G6H/bD4rrAzgFWTvI4li3hru+4J
VkCXTeYv2l0oHuGMK3VR0T2xs/SZVm0YNlk8NS2txJpOdiKZbANlSBPIPGf0H088
tUK45DUNHe2H5LLH4H+d8acACVT3vU/Y1ZURfHzR7W437XTktd12u8lrsO6BaBVD
v2UrJr+TMXOt0YlecJwo5aBRSsgcEz87BudGDT4+bHVrc4mS7cFi7fIAt5JNMA/P
xETe3toJnR0xOHr8iZZXkrlf9wIDAQABo4IDJDCCAyAwHQYDVR0OBBYEFIQr53aJ
uw6TNsxS4IFKdeo8dzKQMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvREQ1OTM0RDIy
MDUwMTFGMEI2MDNDRDYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga0GCCsGAQUFBwEHAQH/
BIGdMIGaMEgEAgABMEIDBAFnJTwDBAFnTgQDBAFnprADBAFnqCQDBAFnuhgDBAFn
1QgDBAFn1QwDBAFn1dgDBAFn+OYDBAFxwBIDBAGj43QwTgQCAAIwSAMHACABDfTP
wAMHACABDfVmQAMHACQBIWAAAAMHACQBOCAAAAMHACQBPiAAAAMHACQBPmAAAAMH
ACQBPuAAAAMHACQBWCAAADANBgkqhkiG9w0BAQsFAAOCAQEAka5GBSs+qCEgTtkj
pGd0lmd9KnfgoxSurWwu1YpPkGUA2VsL95RxvtzBqYGAC0DrBljj/BtRoYrBFR4M
+4jySMXEO4MJAkkgGeBZNGxgwP7XmsOmXBzKGJ3TnwY3UZ3iB2JrS5Ax/x3W21OK
5ikDJgrlguOCx64cm/bSLhno6j3xb9H9tSTKgdmuJUm0bp9NxMABm1HN6pSzzdIi
5XRJg/dV2I5S2DqJDVewu+/KWIOR+ZFE8SucW/7uW+VzVaSsTNvFxtbmssvTlXyP
exxcZcjWR1F3qMc2NPCCqUpxAfjwgJ5bsngUE9Bk2w0nDm02gUID3S/Nx1AuA/ku
0cPU1A==
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:48:17 2025 by rpki-client