Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/CE997E2EEA9B11EFA6A3D730C4F9AE02.roa
File: CE997E2EEA9B11EFA6A3D730C4F9AE02.roa (raw, json)
Hash identifier: VolwKpEJWJBlqKk99OR1qJy/U7XETmml2nDAOAOLcPs=
Subject key identifier: 56:A0:19:5C:43:26:89:84:B4:47:3A:D0:EA:82:6D:AC:66:A4:FE:C2
Certificate issuer: /CN=A91B5D7E/serialNumber=4CAE3AEFB1AC8ABDDB99BCCEE4FA5A916D157B34
Certificate serial: 35D5
Authority key identifier: 4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/CE997E2EEA9B11EFA6A3D730C4F9AE02.roa
Signing time: Mon 17 Feb 2025 08:26:14 +0000
ROA not before: Mon 17 Feb 2025 08:26:14 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 23750
IP address blocks: 103.207.84.0/24 maxlen: 24
103.207.86.0/24 maxlen: 24
103.207.87.0/24 maxlen: 24
116.90.106.0/24 maxlen: 24
116.90.107.0/24 maxlen: 24
116.90.108.0/24 maxlen: 24
116.90.109.0/24 maxlen: 24
116.90.110.0/24 maxlen: 24
116.90.111.0/24 maxlen: 24
116.90.120.0/24 maxlen: 24
116.90.123.0/24 maxlen: 24
116.90.124.0/24 maxlen: 24
116.90.125.0/24 maxlen: 24
116.90.126.0/24 maxlen: 24
116.90.127.0/24 maxlen: 24
121.46.64.0/24 maxlen: 24
121.46.65.0/24 maxlen: 24
121.46.66.0/24 maxlen: 24
121.46.67.0/24 maxlen: 24
202.69.32.0/24 maxlen: 24
202.69.33.0/24 maxlen: 24
202.69.34.0/24 maxlen: 24
202.69.35.0/24 maxlen: 24
202.69.36.0/24 maxlen: 24
202.69.37.0/24 maxlen: 24
202.69.38.0/24 maxlen: 24
202.69.39.0/24 maxlen: 24
202.69.40.0/24 maxlen: 24
202.69.41.0/24 maxlen: 24
202.69.42.0/24 maxlen: 24
202.69.43.0/24 maxlen: 24
202.69.44.0/24 maxlen: 24
202.69.45.0/24 maxlen: 24
202.69.46.0/24 maxlen: 24
202.69.47.0/24 maxlen: 24
202.69.48.0/24 maxlen: 24
202.69.49.0/24 maxlen: 24
202.69.50.0/24 maxlen: 24
202.69.51.0/24 maxlen: 24
202.69.52.0/24 maxlen: 24
202.69.53.0/24 maxlen: 24
202.69.54.0/24 maxlen: 24
202.69.55.0/24 maxlen: 24
202.69.56.0/24 maxlen: 24
202.69.57.0/24 maxlen: 24
202.69.58.0/24 maxlen: 24
202.69.59.0/24 maxlen: 24
202.69.60.0/24 maxlen: 24
202.69.61.0/24 maxlen: 24
202.69.62.0/24 maxlen: 24
202.69.63.0/24 maxlen: 24
202.142.144.0/24 maxlen: 24
202.142.145.0/24 maxlen: 24
202.142.146.0/24 maxlen: 24
202.142.147.0/24 maxlen: 24
202.142.148.0/24 maxlen: 24
202.142.149.0/24 maxlen: 24
202.142.150.0/24 maxlen: 24
202.142.152.0/24 maxlen: 24
202.142.153.0/24 maxlen: 24
202.142.154.0/24 maxlen: 24
202.142.156.0/24 maxlen: 24
202.142.157.0/24 maxlen: 24
202.142.158.0/24 maxlen: 24
202.142.159.0/24 maxlen: 24
2406:ac00:1::/48 maxlen: 48
2406:ac00:2::/48 maxlen: 48
2406:ac00:203::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/TK4677Gsir3bmbzO5PpakW0VezQ.crl
rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/TK4677Gsir3bmbzO5PpakW0VezQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 25 Feb 2025 14:31:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13781 (0x35d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B5D7E
Validity
Not Before: Feb 17 08:26:14 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67b2f2a6-01c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:33:29:cf:53:a5:72:f1:e7:a5:24:be:18:ac:
58:44:20:83:7b:47:8f:b3:8e:85:06:ad:03:99:fd:
4e:7a:b2:46:50:60:f8:80:4e:31:16:16:20:8e:81:
91:67:6f:ff:3f:d1:5b:9c:c0:2d:56:14:da:e8:83:
67:76:bc:9d:68:40:29:c5:4c:41:67:a8:38:ae:8b:
c7:ac:7c:ea:11:bb:87:58:79:81:30:1b:ca:4b:64:
31:c4:63:98:80:ea:37:29:b0:1c:2f:88:72:e0:73:
e8:df:38:79:f2:7f:5f:94:5d:ab:ef:8c:14:8d:ad:
9a:76:a4:fe:12:d3:7d:e2:6d:ef:b1:ad:60:ae:ea:
c9:4a:3b:b5:e0:66:b8:7c:6c:c2:6e:30:0d:41:44:
e8:14:0f:7a:31:97:eb:29:97:c2:c9:af:11:cb:f3:
b6:c6:11:8a:65:17:87:5a:92:c6:ad:1d:06:b7:60:
9f:49:c0:e7:b9:20:50:e5:36:53:6d:4e:52:c0:d0:
a7:c5:54:99:ca:95:cb:8e:71:19:ba:ec:e1:84:ad:
66:5c:84:e8:b8:7c:8c:a7:cc:37:5a:29:df:b4:e6:
09:0a:9b:36:e6:65:ac:cb:07:fa:c9:3a:61:63:ba:
d4:b4:72:92:d5:ac:73:f8:73:25:26:22:88:13:a9:
f4:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:A0:19:5C:43:26:89:84:B4:47:3A:D0:EA:82:6D:AC:66:A4:FE:C2
X509v3 Authority Key Identifier:
keyid:4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/TK4677Gsir3bmbzO5PpakW0VezQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/CE997E2EEA9B11EFA6A3D730C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.207.84.0/24
103.207.86.0/23
116.90.106.0-116.90.111.255
116.90.120.0/24
116.90.123.0-116.90.127.255
121.46.64.0/22
202.69.32.0/19
202.142.144.0-202.142.150.255
202.142.152.0-202.142.154.255
202.142.156.0/22
IPv6:
2406:ac00:1::-2406:ac00:2:ffff:ffff:ffff:ffff:ffff
2406:ac00:203::/48
Signature Algorithm: sha256WithRSAEncryption
b1:56:37:9c:ef:9a:83:f5:a3:bd:00:e8:27:a5:67:5c:e1:28:
44:08:59:0f:a8:0e:02:38:0e:dd:6b:b8:a1:57:7b:b3:9c:73:
14:c8:7c:6c:53:13:80:86:44:17:e8:ef:62:7a:ba:47:a2:74:
57:39:ff:63:af:d2:03:96:b5:21:32:68:e6:17:7d:78:d1:e4:
c6:24:14:26:75:f2:b4:e9:dc:5d:a0:fd:ad:35:15:06:d5:4c:
6c:a8:60:61:0f:bb:4c:4c:27:63:6d:e4:ee:f7:58:42:9b:6f:
d5:d0:00:a5:3f:a9:ca:b7:ba:70:50:10:f5:7e:2b:4e:b8:bd:
8a:5c:34:8f:6c:ef:df:1a:eb:31:80:0c:1e:57:a4:b1:34:6c:
53:18:73:b9:6b:4a:09:fa:68:a3:54:5d:12:54:fe:72:20:72:
78:3c:8b:61:bd:bf:91:02:dd:2f:58:85:90:05:3e:4a:7d:70:
e2:33:3e:b0:29:7e:9e:61:ff:aa:bb:d7:22:42:c5:98:6a:a9:
91:9f:f1:ba:a0:03:1a:90:c5:b2:e1:45:7c:f1:87:d2:4e:63:
48:e0:35:e8:d2:16:1d:53:52:53:8c:86:c4:34:b5:0c:a4:29:
98:74:3e:f6:6d:0e:5e:d0:ee:4e:d8:e5:5d:6f:40:ce:53:90:
a2:a4:60:ec
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgICNdUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjVEN0UxMTAvBgNVBAUTKDRDQUUzQUVGQjFBQzhBQkREQjk5QkNDRUU0RkE1QTkx
NkQxNTdCMzQwHhcNMjUwMjE3MDgyNjE0WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2IyZjJhNi0wMWM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0zMpz1OlcvHnpSS+GKxYRCCDe0ePs46FBq0Dmf1OerJGUGD4gE4xFhYgjoGR
Z2//P9FbnMAtVhTa6INndrydaEApxUxBZ6g4rovHrHzqEbuHWHmBMBvKS2QxxGOY
gOo3KbAcL4hy4HPo3zh58n9flF2r74wUja2adqT+EtN94m3vsa1grurJSju14Ga4
fGzCbjANQUToFA96MZfrKZfCya8Ry/O2xhGKZReHWpLGrR0Gt2CfScDnuSBQ5TZT
bU5SwNCnxVSZypXLjnEZuuzhhK1mXITouHyMp8w3WinftOYJCps25mWsywf6yTph
Y7rUtHKS1axz+HMlJiKIE6n0RwIDAQABo4IDEzCCAw8wHQYDVR0OBBYEFFagGVxD
JomEtEc60OqCbaxmpP7CMB8GA1UdIwQYMBaAFEyuOu+xrIq925m8zuT6WpFtFXs0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNUQ3RS9FQ0E2ODIzNDFE
ODcxMUUyOTgzMjJERTAwOEIwMkNEMi9USzQ2NzdHc2lyM2JtYnpPNVBwYWtXMFZl
elEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RLNDY3N0dzaXIzYm1iek81UHBha1cwVmV6US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjVEN0UvRUNBNjgyMzQxRDg3MTFFMjk4MzIyREUwMDhCMDJDRDIvQ0U5OTdFMkVF
QTlCMTFFRkE2QTNENzMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZwGCCsGAQUFBwEHAQH/
BIGMMIGJMGIEAgABMFwDBABnz1QDBAFnz1YwDAMEAXRaagMEBHRaYAMEAHRaeDAM
AwQAdFp7AwQHdFoAAwQCeS5AAwQFykUgMAwDBATKjpADBADKjpYwDAMEA8qOmAME
AMqOmgMEAsqOnDAjBAIAAjAdMBIDBwAkBqwAAAEDBwAkBqwAAAIDBwAkBqwAAgMw
DQYJKoZIhvcNAQELBQADggEBALFWN5zvmoP1o70A6CelZ1zhKEQIWQ+oDgI4Dt1r
uKFXe7OccxTIfGxTE4CGRBfo72J6ukeidFc5/2Ov0gOWtSEyaOYXfXjR5MYkFCZ1
8rTp3F2g/a01FQbVTGyoYGEPu0xMJ2Nt5O73WEKbb9XQAKU/qcq3unBQEPV+K064
vYpcNI9s798a6zGADB5XpLE0bFMYc7lrSgn6aKNUXRJU/nIgcng8i2G9v5EC3S9Y
hZAFPkp9cOIzPrApfp5h/6q71yJCxZhqqZGf8bqgAxqQxbLhRXzxh9JOY0jgNejS
Fh1TUlOMhsQ0tQykKZh0PvZtDl7Q7k7Y5V1vQM5TkKKkYOw=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:24:48 2025 by rpki-client