Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/E491927E2A6611F0A02D3886C4F9AE02.roa
File: E491927E2A6611F0A02D3886C4F9AE02.roa (raw, json)
Hash identifier: bnU0lWXLvTPAG2YZoef+qJnOiCojra14Ch7Be7k5Edc=
Subject key identifier: 8D:01:BA:34:07:AA:A5:96:1D:84:44:78:1E:0A:D3:EE:7A:7F:9A:56
Certificate issuer: /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial: 4B87
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/E491927E2A6611F0A02D3886C4F9AE02.roa
Signing time: Tue 24 Jun 2025 02:00:50 +0000
ROA not before: Tue 24 Jun 2025 02:00:49 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 24088
IP address blocks: 14.0.16.0/20 maxlen: 24
103.19.220.0/22 maxlen: 24
103.71.104.0/23 maxlen: 24
103.88.112.0/22 maxlen: 24
103.88.116.0/22 maxlen: 24
103.130.208.0/22 maxlen: 24
103.235.212.0/22 maxlen: 24
103.238.68.0/22 maxlen: 24
103.238.72.0/22 maxlen: 24
103.244.136.0/22 maxlen: 24
116.118.56.0/22 maxlen: 24
202.60.104.0/21 maxlen: 24
202.93.156.0/22 maxlen: 24
203.128.240.0/21 maxlen: 24
203.209.180.0/22 maxlen: 24
2001:df4:acc0::/48 maxlen: 48
2001:df5:aac0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 29 Jul 2025 09:59:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19335 (0x4b87)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A560A, serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Validity
Not Before: Jun 24 02:00:49 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=685a06d1-9660
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f7:d1:92:6d:02:ac:fc:2f:e0:1c:6a:e1:f7:
bb:aa:98:5c:90:5d:df:40:13:27:c7:88:ba:c3:58:
60:b8:b4:34:14:6f:ad:75:c9:b1:b1:75:ba:b4:f7:
b3:53:23:46:84:a5:96:e5:33:a1:77:d6:f4:55:c4:
94:bc:a2:05:9b:cf:e6:04:1d:0b:6b:32:1b:c1:89:
73:22:b9:03:d6:85:da:cd:ae:19:3c:c4:9a:78:ef:
41:ea:94:43:51:24:dc:b5:55:96:ad:77:89:e0:ba:
27:d2:88:d8:a7:04:63:f3:3a:39:57:7c:98:19:df:
8b:a4:a5:2f:cf:e1:83:90:25:80:36:50:88:71:da:
21:03:7a:0a:40:5b:e7:b3:8e:5e:08:2d:9d:65:26:
36:58:07:35:72:b6:7a:cd:b5:a4:74:76:fc:c0:e2:
4c:9e:41:69:b6:f3:a4:ba:d1:c1:8f:4f:d9:c7:3f:
19:d6:8a:16:e3:96:b1:2e:80:cb:6d:8b:0f:a6:6d:
31:c7:81:a6:cb:b5:fa:a5:e6:6c:91:59:1c:ca:c0:
25:bb:3f:84:ef:f2:31:2c:3f:a7:db:82:4f:d1:c1:
3a:56:34:59:67:b7:b6:67:a9:c0:ac:c2:95:cc:18:
72:a5:32:f6:57:b9:4d:ae:d9:1e:d3:cd:76:28:95:
64:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:01:BA:34:07:AA:A5:96:1D:84:44:78:1E:0A:D3:EE:7A:7F:9A:56
X509v3 Authority Key Identifier:
keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/E491927E2A6611F0A02D3886C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.0.16.0/20
103.19.220.0/22
103.71.104.0/23
103.88.112.0/21
103.130.208.0/22
103.235.212.0/22
103.238.68.0-103.238.75.255
103.244.136.0/22
116.118.56.0/22
202.60.104.0/21
202.93.156.0/22
203.128.240.0/21
203.209.180.0/22
IPv6:
2001:df4:acc0::/48
2001:df5:aac0::/48
Signature Algorithm: sha256WithRSAEncryption
aa:9c:27:d7:e4:19:1d:46:5b:0b:63:27:06:3e:0e:b3:36:f9:
30:e2:bb:7a:ec:6f:96:f0:c5:e0:c5:5d:10:97:2c:b7:ea:b8:
c2:47:0b:52:e5:ff:42:18:f9:44:88:7d:67:ff:25:d1:f0:9c:
be:9b:be:f3:79:f2:3e:c4:ec:e6:97:35:e1:42:d8:85:51:83:
70:29:64:ff:35:6c:78:b4:a8:d1:9b:0f:3c:4e:85:76:5c:dd:
08:ff:15:aa:32:f1:36:76:53:32:f6:87:e7:c9:10:72:fa:83:
14:9b:3e:21:bf:eb:52:ef:fd:b4:9a:43:39:a6:ea:0c:8e:35:
83:f1:74:3b:87:b6:b7:0c:27:e3:d4:b8:fd:2f:98:b6:06:2a:
c7:ef:7f:41:55:dc:5f:39:c6:6d:70:f5:0a:ff:75:52:8c:7c:
aa:00:d1:19:5c:4b:ff:6d:64:01:92:9e:7f:46:f7:a1:62:7b:
4c:e3:49:e7:5d:9e:2e:ef:c5:18:7b:5b:2c:29:39:88:1f:0a:
00:13:6d:ba:ca:a6:89:9d:36:77:2d:2d:16:f9:e6:df:85:90:
7a:09:24:8e:ab:25:7a:e2:a6:2e:f3:0e:14:06:2b:23:22:e8:
8d:01:92:f4:a0:da:06:54:8c:2e:80:3a:2b:c2:4c:9f:43:a2:
7f:d4:92:45
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgICS4cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwNjI0MDIwMDQ5WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODVhMDZkMS05NjYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw/fRkm0CrPwv4Bxq4fe7qphckF3fQBMnx4i6w1hguLQ0FG+tdcmxsXW6tPez
UyNGhKWW5TOhd9b0VcSUvKIFm8/mBB0LazIbwYlzIrkD1oXaza4ZPMSaeO9B6pRD
USTctVWWrXeJ4Lon0ojYpwRj8zo5V3yYGd+LpKUvz+GDkCWANlCIcdohA3oKQFvn
s45eCC2dZSY2WAc1crZ6zbWkdHb8wOJMnkFptvOkutHBj0/Zxz8Z1ooW45axLoDL
bYsPpm0xx4Gmy7X6peZskVkcysAluz+E7/IxLD+n24JP0cE6VjRZZ7e2Z6nArMKV
zBhypTL2V7lNrtke0812KJVkTwIDAQABo4IDADCCAvwwHQYDVR0OBBYEFI0BujQH
qqWWHYREeB4K0+56f5pWMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvRTQ5MTkyN0Uy
QTY2MTFGMEEwMkQzODg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYkGCCsGAQUFBwEHAQH/
BHoweDBcBAIAATBWAwQEDgAQAwQCZxPcAwQBZ0doAwQDZ1hwAwQCZ4LQAwQCZ+vU
MAwDBAJn7kQDBAJn7kgDBAJn9IgDBAJ0djgDBAPKPGgDBALKXZwDBAPLgPADBALL
0bQwGAQCAAIwEgMHACABDfSswAMHACABDfWqwDANBgkqhkiG9w0BAQsFAAOCAQEA
qpwn1+QZHUZbC2MnBj4Oszb5MOK7euxvlvDF4MVdEJcst+q4wkcLUuX/Qhj5RIh9
Z/8l0fCcvpu+83nyPsTs5pc14ULYhVGDcClk/zVseLSo0ZsPPE6FdlzdCP8VqjLx
NnZTMvaH58kQcvqDFJs+Ib/rUu/9tJpDOabqDI41g/F0O4e2twwn49S4/S+YtgYq
x+9/QVXcXznGbXD1Cv91Uox8qgDRGVxL/21kAZKef0b3oWJ7TONJ512eLu/FGHtb
LCk5iB8KABNtusqmiZ02dy0tFvnm34WQegkkjqsleuKmLvMOFAYrIyLojQGS9KDa
BlSMLoA6K8JMn0Oif9SSRQ==
-----END CERTIFICATE-----
Generated at Tue Jul 22 12:02:28 2025 by rpki-client