Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
File: 3003C4BA7C7711EEB9E0BE15C4F9AE02.roa (raw, json)
Hash identifier: FX6/INAAxmVV6MV0dP0BtJ9vR4DsIyY73KLXsHsumSU=
Subject key identifier: E0:93:6F:87:9F:65:34:70:90:B1:17:76:DA:0C:E3:FE:88:A0:9A:1B
Certificate issuer: /CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Certificate serial: 05BF
Authority key identifier: C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
Signing time: Wed 21 May 2025 11:55:37 +0000
ROA not before: Wed 21 May 2025 11:55:37 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 13150
IP address blocks: 103.203.220.0/24 maxlen: 24
103.203.221.0/24 maxlen: 24
103.203.222.0/24 maxlen: 24
103.203.223.0/24 maxlen: 24
123.253.152.0/24 maxlen: 24
123.253.153.0/24 maxlen: 24
123.253.154.0/24 maxlen: 24
123.253.155.0/24 maxlen: 24
150.195.208.0/24 maxlen: 24
150.195.209.0/24 maxlen: 24
150.195.210.0/24 maxlen: 24
150.195.211.0/24 maxlen: 24
150.195.212.0/24 maxlen: 24
150.195.214.0/24 maxlen: 24
150.195.217.0/24 maxlen: 24
150.195.218.0/24 maxlen: 24
150.195.219.0/24 maxlen: 24
150.195.220.0/24 maxlen: 24
150.195.221.0/24 maxlen: 24
150.195.222.0/24 maxlen: 24
150.195.223.0/24 maxlen: 24
202.75.242.0/24 maxlen: 24
202.75.243.0/24 maxlen: 24
202.75.244.0/24 maxlen: 24
202.75.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Jun 2025 23:27:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1471 (0x5bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4D3D, serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Validity
Not Before: May 21 11:55:37 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=682dbf38-1002
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3c:9b:c2:cf:0b:f6:38:d0:9a:fc:53:8f:b9:
45:f0:5d:32:3a:75:b5:3d:fe:8c:23:c4:57:70:bb:
41:2f:21:3d:50:d0:ea:bf:21:85:34:dc:f8:9d:6f:
4a:d1:22:83:21:c9:d2:b2:18:f6:22:04:42:14:a3:
83:a2:b8:2f:21:5d:62:5d:1e:8a:cc:a0:84:3d:c8:
02:05:c6:3b:1f:c3:e0:0c:ba:8f:a3:82:cd:2b:b8:
75:f7:68:a2:7e:ce:2d:b0:42:09:b9:6a:17:9d:47:
25:0d:8d:d3:57:35:7c:44:81:7c:1d:95:cb:08:e6:
e2:a8:ab:bc:a2:f3:ec:e9:80:58:d6:50:ee:0b:1b:
e4:e0:fa:44:3a:67:83:63:8b:5b:9f:3c:0c:23:b2:
a4:bd:f4:a4:03:30:2c:3d:a1:35:e7:5c:91:2b:e3:
e4:35:ed:12:ce:f8:04:ff:cd:56:2a:cc:f0:17:2e:
69:d8:c2:20:6e:01:fa:5b:77:31:db:df:3b:63:0b:
f3:bd:4c:54:a3:72:d3:ae:bb:5a:82:fb:dd:7a:02:
a9:6c:cc:d2:43:43:b6:90:d1:a6:42:cd:82:23:bc:
a8:6f:d6:f8:ec:c6:9e:c5:f7:38:cf:00:3f:f2:20:
35:21:3d:91:aa:ac:2f:44:3e:5b:b1:4a:1c:04:15:
1e:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:93:6F:87:9F:65:34:70:90:B1:17:76:DA:0C:E3:FE:88:A0:9A:1B
X509v3 Authority Key Identifier:
keyid:C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.203.220.0/22
123.253.152.0/22
150.195.208.0-150.195.212.255
150.195.214.0/24
150.195.217.0-150.195.223.255
202.75.242.0-202.75.244.255
202.75.247.0/24
Signature Algorithm: sha256WithRSAEncryption
23:50:2b:ca:fb:98:f8:45:70:82:80:00:fc:35:68:b8:f5:c0:
43:21:02:5d:22:9b:75:63:a4:bd:91:d8:1d:7a:8d:c7:7e:c4:
10:ee:3f:2b:f5:62:f1:52:11:c0:63:97:56:21:f0:77:90:82:
2c:0b:c3:25:fa:d8:af:91:94:12:a1:8f:56:1c:f4:5a:1f:cd:
fe:73:ab:80:27:e7:ec:c5:05:5b:26:03:f5:d9:d5:ec:39:7a:
de:e8:f7:35:7a:d4:4a:04:c9:ca:7c:07:95:2c:bd:72:76:84:
4b:25:de:30:70:c1:ba:5f:fd:a2:73:dc:65:c0:17:02:da:d2:
c2:1b:94:af:69:67:d4:11:90:e8:55:ce:d1:7e:7b:f4:f6:86:
86:f9:86:8f:bc:b0:5e:74:4a:38:d4:4d:2c:6a:54:03:4f:e2:
5b:40:23:8a:37:5a:a5:a7:96:e4:49:dc:30:9b:e6:ee:e3:d6:
00:fd:4c:13:66:9c:3f:42:05:22:0a:8b:1b:9e:5f:f0:b6:50:
d5:e4:d8:46:35:c3:82:13:db:6a:77:e3:b1:92:ac:8c:a8:83:
8f:6f:98:4a:99:0b:18:ca:52:81:05:54:f4:34:a6:10:2b:e3:
d2:cf:52:4f:70:94:79:13:fd:42:e3:7e:52:b5:d7:c7:fc:ba:
43:39:07:b6
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICBb8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTREM0QxMTAvBgNVBAUTKEM4MDcwRkQwNjFBODUxRkY4QUVERTBERTBDMzYwN0VF
Qjk4RkY3MDEwHhcNMjUwNTIxMTE1NTM3WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJkYmYzOC0xMDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzTybws8L9jjQmvxTj7lF8F0yOnW1Pf6MI8RXcLtBLyE9UNDqvyGFNNz4nW9K
0SKDIcnSshj2IgRCFKODorgvIV1iXR6KzKCEPcgCBcY7H8PgDLqPo4LNK7h192ii
fs4tsEIJuWoXnUclDY3TVzV8RIF8HZXLCObiqKu8ovPs6YBY1lDuCxvk4PpEOmeD
Y4tbnzwMI7KkvfSkAzAsPaE151yRK+PkNe0SzvgE/81WKszwFy5p2MIgbgH6W3cx
2987YwvzvUxUo3LTrrtagvvdegKpbMzSQ0O2kNGmQs2CI7yob9b47Maexfc4zwA/
8iA1IT2RqqwvRD5bsUocBBUeXwIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFOCTb4ef
ZTRwkLEXdtoM4/6IoJobMB8GA1UdIwQYMBaAFMgHD9BhqFH/iu3g3gw2B+65j/cB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEQzRC9CMDIwMkQzMkQ4
QjkxMUVCQUJDMUY0ODVDNEY5QUUwMi95QWNQMEdHb1VmLUs3ZURlRERZSDdybVA5
d0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lBY1AwR0dvVWYtSzdlRGVERFlIN3JtUDl3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTREM0QvQjAyMDJEMzJEOEI5MTFFQkFCQzFGNDg1QzRGOUFFMDIvMzAwM0M0QkE3
Qzc3MTFFRUI5RTBCRTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgABMEIDBAJny9wDBAJ7/ZgwDAMEBJbD0AMEAJbD1AMEAJbD1jAMAwQA
lsPZAwQFlsPAMAwDBAHKS/IDBADKS/QDBADKS/cwDQYJKoZIhvcNAQELBQADggEB
ACNQK8r7mPhFcIKAAPw1aLj1wEMhAl0im3VjpL2R2B16jcd+xBDuPyv1YvFSEcBj
l1Yh8HeQgiwLwyX62K+RlBKhj1Yc9Fofzf5zq4An5+zFBVsmA/XZ1ew5et7o9zV6
1EoEycp8B5UsvXJ2hEsl3jBwwbpf/aJz3GXAFwLa0sIblK9pZ9QRkOhVztF+e/T2
hob5ho+8sF50SjjUTSxqVANP4ltAI4o3WqWnluRJ3DCb5u7j1gD9TBNmnD9CBSIK
ixueX/C2UNXk2EY1w4IT22p347GSrIyog49vmEqZCxjKUoEFVPQ0phAr49LPUk9w
lHkT/ULjflK118f8ukM5B7Y=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:02:25 2025 by rpki-client