Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/8DCB0F7C49D511F0A83B4647C4F9AE02.roa
File: 8DCB0F7C49D511F0A83B4647C4F9AE02.roa (raw, json)
Hash identifier: 2ixOas3a/OcP6SvwfmUiHsL6V0/J4HONxft59ydWpwY=
Subject key identifier: 58:13:C1:69:44:55:57:F5:10:36:08:76:63:77:73:EF:41:52:C1:C1
Certificate issuer: /CN=A911C362/serialNumber=EA83AF4A21CBC2071F56956E5DDD584C7638FA5B
Certificate serial: 0106
Authority key identifier: EA:83:AF:4A:21:CB:C2:07:1F:56:95:6E:5D:DD:58:4C:76:38:FA:5B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6oOvSiHLwgcfVpVuXd1YTHY4-ls.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/8DCB0F7C49D511F0A83B4647C4F9AE02.roa
Signing time: Sun 15 Jun 2025 10:44:22 +0000
ROA not before: Sun 15 Jun 2025 10:44:22 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 132335
IP address blocks: 43.230.200.0/24 maxlen: 24
43.230.201.0/24 maxlen: 24
43.230.202.0/24 maxlen: 24
45.64.104.0/24 maxlen: 24
45.64.105.0/24 maxlen: 24
45.64.106.0/24 maxlen: 24
45.113.225.0/24 maxlen: 24
45.120.136.0/22 maxlen: 22
45.120.136.0/24 maxlen: 24
45.120.137.0/24 maxlen: 24
45.120.138.0/24 maxlen: 24
45.120.139.0/24 maxlen: 24
103.12.211.0/24 maxlen: 24
103.13.112.0/24 maxlen: 24
103.13.113.0/24 maxlen: 24
103.13.114.0/24 maxlen: 24
103.13.115.0/24 maxlen: 24
103.26.204.0/22 maxlen: 24
103.250.184.0/23 maxlen: 24
103.250.186.0/24 maxlen: 24
157.119.40.0/24 maxlen: 24
2001:df2:1000::/48 maxlen: 48
2001:df2:1001::/48 maxlen: 48
2405:7140::/48 maxlen: 48
2405:7140:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/6oOvSiHLwgcfVpVuXd1YTHY4-ls.crl
rsync://rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/6oOvSiHLwgcfVpVuXd1YTHY4-ls.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6oOvSiHLwgcfVpVuXd1YTHY4-ls.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 28 Jun 2025 04:54:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 262 (0x106)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911C362, serialNumber=EA83AF4A21CBC2071F56956E5DDD584C7638FA5B
Validity
Not Before: Jun 15 10:44:22 2025 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=684ea405-571b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ab:b8:43:69:16:35:97:36:8c:5a:98:21:77:
19:df:44:07:1b:e9:44:50:be:bf:d0:a8:7a:c3:55:
d9:fd:0a:24:72:76:ea:d2:f0:15:de:88:5d:20:2f:
e2:f6:c2:1f:e4:6f:fa:9c:00:8c:a6:f0:f5:03:31:
df:e5:21:0d:2a:d2:ee:4c:e1:57:ff:4b:fa:af:8b:
44:b1:ca:b8:dc:22:00:12:01:60:a1:14:d8:5e:5c:
6e:f6:be:41:1a:94:8f:4e:97:a5:52:db:d0:24:4b:
3a:a1:bb:45:b2:dc:f6:07:5b:0d:ee:e6:8d:c7:48:
c7:92:ed:d5:92:f1:b7:21:c8:e0:a1:79:bf:f0:c2:
d3:35:2e:eb:09:e6:f3:d9:55:ee:09:f3:f1:7d:18:
cc:b2:cb:bd:09:97:3b:58:81:22:d9:ba:25:aa:a0:
78:e5:6c:33:9a:ec:55:bf:96:ee:90:ea:68:a5:d2:
91:20:e5:83:ea:fc:ea:c4:5f:59:4c:1a:b2:9a:dd:
69:b5:71:1d:f8:09:7e:2b:48:86:ce:52:49:01:91:
9d:09:be:53:af:1f:d2:91:7a:f8:b8:c3:e8:8e:20:
ec:e9:23:d7:50:21:3c:49:84:a4:b4:5c:5b:bb:07:
02:6a:0b:c9:22:7a:d8:c3:05:07:eb:7b:1b:79:56:
0d:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:13:C1:69:44:55:57:F5:10:36:08:76:63:77:73:EF:41:52:C1:C1
X509v3 Authority Key Identifier:
keyid:EA:83:AF:4A:21:CB:C2:07:1F:56:95:6E:5D:DD:58:4C:76:38:FA:5B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/6oOvSiHLwgcfVpVuXd1YTHY4-ls.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6oOvSiHLwgcfVpVuXd1YTHY4-ls.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C362/6A08F492257711EFBB0B8251C4F9AE02/8DCB0F7C49D511F0A83B4647C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.230.200.0-43.230.202.255
45.64.104.0-45.64.106.255
45.113.225.0/24
45.120.136.0/22
103.12.211.0/24
103.13.112.0/22
103.26.204.0/22
103.250.184.0-103.250.186.255
157.119.40.0/24
IPv6:
2001:df2:1000::/47
2405:7140::/47
Signature Algorithm: sha256WithRSAEncryption
39:dd:93:dc:25:f9:18:e4:17:c1:98:ad:aa:c0:2c:63:fd:76:
f9:a4:92:3c:40:90:f0:10:79:4b:b9:bf:f5:47:b7:2c:0f:b7:
7b:16:d5:92:0a:77:e3:2f:04:96:01:66:ac:57:01:13:e8:6f:
17:1e:d5:a8:5d:c7:f1:d5:a7:2d:a9:11:1d:4d:cd:03:29:17:
19:f3:93:87:e8:bf:16:4a:74:ba:ef:3b:c0:8b:a2:42:11:0b:
bb:dd:d4:4a:03:ea:6e:1c:c2:a3:d5:64:f7:d5:63:ca:89:dc:
d8:f7:fe:ee:51:2b:65:8a:87:4d:05:64:90:db:2a:27:48:c2:
d6:ad:60:97:75:64:9b:72:8e:68:a5:a2:9e:96:83:d5:c5:a4:
20:a6:a5:97:9f:99:c9:6a:77:ef:25:ae:e2:e7:2a:9c:04:f2:
17:21:f8:3f:a6:aa:2a:14:49:63:52:b7:ab:21:97:bc:25:a1:
34:5b:b9:9d:1e:43:b5:d8:57:06:b3:d4:0e:11:2b:7f:e4:e2:
d6:f4:98:72:f2:6b:80:3f:4f:f8:d8:0e:ab:6f:9f:1c:0d:3d:
79:a9:f2:13:6b:87:48:3b:50:8c:b5:31:41:18:d4:c2:d9:0f:
e4:04:fa:63:48:2d:70:5c:77:d5:94:92:65:57:48:98:74:a7:
de:bc:ff:97
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgICAQYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMzNjIxMTAvBgNVBAUTKEVBODNBRjRBMjFDQkMyMDcxRjU2OTU2RTVEREQ1ODRD
NzYzOEZBNUIwHhcNMjUwNjE1MTA0NDIyWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODRlYTQwNS01NzFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqqu4Q2kWNZc2jFqYIXcZ30QHG+lEUL6/0Kh6w1XZ/Qokcnbq0vAV3ohdIC/i
9sIf5G/6nACMpvD1AzHf5SENKtLuTOFX/0v6r4tEscq43CIAEgFgoRTYXlxu9r5B
GpSPTpelUtvQJEs6obtFstz2B1sN7uaNx0jHku3VkvG3IcjgoXm/8MLTNS7rCebz
2VXuCfPxfRjMssu9CZc7WIEi2bolqqB45WwzmuxVv5bukOpopdKRIOWD6vzqxF9Z
TBqymt1ptXEd+Al+K0iGzlJJAZGdCb5Trx/SkXr4uMPojiDs6SPXUCE8SYSktFxb
uwcCagvJInrYwwUH63sbeVYNZwIDAQABo4IC+DCCAvQwHQYDVR0OBBYEFFgTwWlE
VVf1EDYIdmN3c+9BUsHBMB8GA1UdIwQYMBaAFOqDr0ohy8IHH1aVbl3dWEx2OPpb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzM2Mi82QTA4RjQ5MjI1
NzcxMUVGQkIwQjgyNTFDNEY5QUUwMi82b092U2lITHdnY2ZWcFZ1WGQxWVRIWTQt
bHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZvT3ZTaUhMd2djZlZwVnVYZDFZVEhZNC1scy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMzNjIvNkEwOEY0OTIyNTc3MTFFRkJCMEI4MjUxQzRGOUFFMDIvOERDQjBGN0M0
OUQ1MTFGMEE4M0I0NjQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYEGCCsGAQUFBwEHAQH/
BHIwcDBUBAIAATBOMAwDBAMr5sgDBAAr5sowDAMEAy1AaAMEAC1AagMEAC1x4QME
Ai14iAMEAGcM0wMEAmcNcAMEAmcazDAMAwQDZ/q4AwQAZ/q6AwQAnXcoMBgEAgAC
MBIDBwEgAQ3yEAADBwEkBXFAAAAwDQYJKoZIhvcNAQELBQADggEBADndk9wl+Rjk
F8GYrarALGP9dvmkkjxAkPAQeUu5v/VHtywPt3sW1ZIKd+MvBJYBZqxXARPobxce
1ahdx/HVpy2pER1NzQMpFxnzk4fovxZKdLrvO8CLokIRC7vd1EoD6m4cwqPVZPfV
Y8qJ3Nj3/u5RK2WKh00FZJDbKidIwtatYJd1ZJtyjmilop6Wg9XFpCCmpZefmclq
d+8lruLnKpwE8hch+D+mqioUSWNSt6shl7wloTRbuZ0eQ7XYVwaz1A4RK3/k4tb0
mHLya4A/T/jYDqtvnxwNPXmp8hNrh0g7UIy1MUEY1MLZD+QE+mNILXBcd9WUkmVX
SJh0p968/5c=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:01:27 2025 by rpki-client