Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
File: A508D320BBC711ED8DF23C40C4F9AE02.roa (raw, json)
Hash identifier: gmdIOgts2gqY1ppnefV+yq0uoAlH32RZLcAhOdl6QRA=
Subject key identifier: E1:0C:33:F2:7F:E5:16:1F:24:AB:67:8C:6F:EE:9F:E4:09:3A:0C:29
Certificate issuer: /CN=A91A57F8/serialNumber=9F64FE50992537FB0B40E52F9CFAC310CA271918
Certificate serial: 01D8
Authority key identifier: 9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
Signing time: Wed 28 May 2025 04:37:45 +0000
ROA not before: Wed 28 May 2025 04:37:45 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 136000
IP address blocks: 103.117.166.0/23 maxlen: 23
103.117.228.0/22 maxlen: 22
103.134.20.0/22 maxlen: 22
103.196.240.0/22 maxlen: 22
103.209.12.0/22 maxlen: 22
118.91.179.0/24 maxlen: 24
118.91.188.0/24 maxlen: 24
202.14.177.0/24 maxlen: 24
202.62.240.0/22 maxlen: 22
202.73.30.0/23 maxlen: 23
203.14.201.0/24 maxlen: 24
203.18.242.0/23 maxlen: 23
203.23.53.0/24 maxlen: 24
203.24.148.0/23 maxlen: 23
203.28.160.0/24 maxlen: 24
203.29.91.0/24 maxlen: 24
203.32.98.0/23 maxlen: 23
203.33.103.0/24 maxlen: 24
203.55.150.0/24 maxlen: 24
203.56.119.0/24 maxlen: 24
203.57.252.0/24 maxlen: 24
203.168.216.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 10 Jun 2025 03:02:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 472 (0x1d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A57F8, serialNumber=9F64FE50992537FB0B40E52F9CFAC310CA271918
Validity
Not Before: May 28 04:37:45 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=68369319-d485
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d5:21:ae:f8:00:e1:38:13:d3:c5:f3:90:8a:
33:04:f1:b0:6f:63:3b:99:ff:31:a6:f2:6c:27:81:
30:43:68:ca:78:0b:72:fa:2b:a4:5a:b2:b1:83:63:
9f:0e:56:19:2e:3e:0d:fe:82:03:58:b2:1e:ec:57:
5a:20:d9:86:48:15:bb:08:cd:29:28:c6:d8:75:73:
50:71:9f:09:89:b0:c9:26:4a:66:00:be:b5:e8:1d:
5d:b7:9d:4b:5a:ca:ed:51:f9:91:8a:a9:17:41:81:
b9:6e:e9:44:16:7a:4d:21:ab:d3:e8:bc:10:d1:86:
ed:44:32:a9:98:52:db:13:b9:cb:b1:da:0e:16:64:
6b:09:56:ee:c2:81:c9:43:a1:3a:d4:ec:e0:23:68:
a1:73:49:90:41:42:05:83:83:0e:68:bb:9f:b9:65:
3f:84:b1:f7:bb:d1:b4:21:1d:09:5d:35:1d:36:c3:
76:cf:fc:cb:c4:bb:4f:96:05:6c:d6:ba:a4:02:17:
a2:da:26:0a:0e:2d:fe:ca:91:58:73:c9:54:4d:94:
9e:3b:79:a2:4e:3b:97:1b:ca:fa:f1:2a:25:af:6e:
35:89:20:d7:a9:01:47:50:d2:d7:9a:1b:be:71:47:
e5:ce:52:19:90:6d:f5:14:02:49:6b:ff:9a:46:ab:
a6:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:0C:33:F2:7F:E5:16:1F:24:AB:67:8C:6F:EE:9F:E4:09:3A:0C:29
X509v3 Authority Key Identifier:
keyid:9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.117.166.0/23
103.117.228.0/22
103.134.20.0/22
103.196.240.0/22
103.209.12.0/22
118.91.179.0/24
118.91.188.0/24
202.14.177.0/24
202.62.240.0/22
202.73.30.0/23
203.14.201.0/24
203.18.242.0/23
203.23.53.0/24
203.24.148.0/23
203.28.160.0/24
203.29.91.0/24
203.32.98.0/23
203.33.103.0/24
203.55.150.0/24
203.56.119.0/24
203.57.252.0/24
203.168.216.0/22
Signature Algorithm: sha256WithRSAEncryption
75:cf:f4:c3:29:aa:10:2b:da:6b:71:1b:e3:05:48:30:2b:0f:
63:9e:c6:f1:12:4b:80:4e:6c:4f:ed:af:55:e1:70:f2:fb:ac:
69:99:65:98:ce:9f:ee:30:b0:84:76:03:13:cc:33:62:2e:96:
8a:27:a3:fa:c1:55:08:94:a4:f6:0d:3c:4b:43:ac:50:23:4f:
9d:33:e5:13:ce:8d:3b:25:1c:f4:b5:5e:f1:2d:7e:38:d1:35:
28:16:a2:e4:0e:04:fc:ed:28:37:b9:30:e5:af:80:20:6f:b2:
8a:be:4c:66:24:66:1a:1b:fa:33:83:23:cf:19:5a:d1:45:15:
52:ad:94:4f:e8:85:16:e9:20:75:c5:33:f6:fb:d5:e4:97:8a:
57:24:87:77:97:a5:34:d0:ea:37:e0:a1:72:0a:75:0f:17:73:
6a:2f:24:3a:12:7c:55:ab:80:2a:bf:22:fd:ad:29:22:4e:6a:
3a:01:31:26:0f:e8:75:b8:91:70:4d:76:c2:12:4d:59:d0:3f:
9e:2e:bf:92:0a:1e:bf:33:a8:dc:6a:5b:61:0b:36:aa:13:8f:
1b:c4:88:36:cb:01:85:f8:ae:55:e3:92:e1:82:6d:52:11:5c:
fc:6e:6e:e4:0a:90:64:0a:b5:38:7b:a6:f2:56:57:d7:84:c4:
6a:bb:e3:6a
-----BEGIN CERTIFICATE-----
MIIF9DCCBNygAwIBAgICAdgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU3RjgxMTAvBgNVBAUTKDlGNjRGRTUwOTkyNTM3RkIwQjQwRTUyRjlDRkFDMzEw
Q0EyNzE5MTgwHhcNMjUwNTI4MDQzNzQ1WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODM2OTMxOS1kNDg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4tUhrvgA4TgT08XzkIozBPGwb2M7mf8xpvJsJ4EwQ2jKeAty+iukWrKxg2Of
DlYZLj4N/oIDWLIe7FdaINmGSBW7CM0pKMbYdXNQcZ8JibDJJkpmAL616B1dt51L
WsrtUfmRiqkXQYG5bulEFnpNIavT6LwQ0YbtRDKpmFLbE7nLsdoOFmRrCVbuwoHJ
Q6E61OzgI2ihc0mQQUIFg4MOaLufuWU/hLH3u9G0IR0JXTUdNsN2z/zLxLtPlgVs
1rqkAhei2iYKDi3+ypFYc8lUTZSeO3miTjuXG8r68Solr241iSDXqQFHUNLXmhu+
cUflzlIZkG31FAJJa/+aRqumIQIDAQABo4IDGDCCAxQwHQYDVR0OBBYEFOEMM/J/
5RYfJKtnjG/un+QJOgwpMB8GA1UdIwQYMBaAFJ9k/lCZJTf7C0DlL5z6wxDKJxkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTdGOC8zNDUwOTQwMEI5
NzUxMUVEODA0MERFMjJDNEY5QUUwMi9uMlQtVUprbE5fc0xRT1V2blByREVNb25H
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL24yVC1VSmtsTl9zTFFPVXZuUHJERU1vbkdSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU3RjgvMzQ1MDk0MDBCOTc1MTFFRDgwNDBERTIyQzRGOUFFMDIvQTUwOEQzMjBC
QkM3MTFFRDhERjIzQzQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaEGCCsGAQUFBwEHAQH/
BIGRMIGOMIGLBAIAATCBhAMEAWd1pgMEAmd15AMEAmeGFAMEAmfE8AMEAmfRDAME
AHZbswMEAHZbvAMEAMoOsQMEAso+8AMEAcpJHgMEAMsOyQMEAcsS8gMEAMsXNQME
AcsYlAMEAMscoAMEAMsdWwMEAcsgYgMEAMshZwMEAMs3lgMEAMs4dwMEAMs5/AME
Asuo2DANBgkqhkiG9w0BAQsFAAOCAQEAdc/0wymqECvaa3Eb4wVIMCsPY57G8RJL
gE5sT+2vVeFw8vusaZllmM6f7jCwhHYDE8wzYi6Wiiej+sFVCJSk9g08S0OsUCNP
nTPlE86NOyUc9LVe8S1+ONE1KBai5A4E/O0oN7kw5a+AIG+yir5MZiRmGhv6M4Mj
zxla0UUVUq2UT+iFFukgdcUz9vvV5JeKVySHd5elNNDqN+Chcgp1Dxdzai8kOhJ8
VauAKr8i/a0pIk5qOgExJg/odbiRcE12whJNWdA/ni6/kgoevzOo3GpbYQs2qhOP
G8SINssBhfiuVeOS4YJtUhFc/G5u5AqQZAq1OHum8lZX14TEarvjag==
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:58:12 2025 by rpki-client