Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
File: 11A28878915611EE83F61C41C4F9AE02.roa (raw, json)
Hash identifier: wRjDxSYF9ME/+w7UeeO+MKXvgDC5w3qNX+JKTSzXhtw=
Subject key identifier: 40:63:70:12:B7:EF:35:40:2E:28:DB:84:68:7C:9E:3A:8B:DB:75:1D
Certificate issuer: /CN=A911D9B2/serialNumber=91295BBB75BFAAEB9531B39B36EC7521DDE30D63
Certificate serial: 0121
Authority key identifier: 91:29:5B:BB:75:BF:AA:EB:95:31:B3:9B:36:EC:75:21:DD:E3:0D:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
Signing time: Sat 15 Mar 2025 14:06:59 +0000
ROA not before: Sat 15 Mar 2025 14:06:59 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 931
IP address blocks: 103.96.80.0/24 maxlen: 24
103.96.81.0/24 maxlen: 24
103.96.82.0/24 maxlen: 24
103.96.83.0/24 maxlen: 24
103.131.130.0/24 maxlen: 24
103.131.131.0/24 maxlen: 24
103.141.235.0/24 maxlen: 24
103.142.167.0/24 maxlen: 24
103.144.51.0/24 maxlen: 24
103.199.98.0/24 maxlen: 24
103.199.99.0/24 maxlen: 24
2401:3a60:1000::/36 maxlen: 36
2401:3a60:1100::/40 maxlen: 40
2401:3a60:1200::/40 maxlen: 40
2401:3a60:1300::/40 maxlen: 40
2401:3a60:1400::/40 maxlen: 40
2401:3a60:1500::/40 maxlen: 40
2401:3a60:15ff::/112 maxlen: 112
2401:3a60:1600::/40 maxlen: 40
2401:3a60:1600::/112 maxlen: 112
2401:3a60:3100::/40 maxlen: 40
2401:3a60:3200::/40 maxlen: 40
2401:3a60:3300::/40 maxlen: 40
2401:3a60:3400::/40 maxlen: 40
2401:3a60:5000::/40 maxlen: 40
2401:3a60:5100::/40 maxlen: 40
2401:3a60:5200::/40 maxlen: 40
2401:3a60:5300::/40 maxlen: 40
2401:3a60:7100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.crl
rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 02 May 2025 04:06:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 289 (0x121)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911D9B2, serialNumber=91295BBB75BFAAEB9531B39B36EC7521DDE30D63
Validity
Not Before: Mar 15 14:06:59 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67d58982-e235
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:60:36:13:c7:4b:17:7c:66:05:06:fe:6c:77:
ca:50:72:d3:a3:8c:c7:60:27:1a:de:32:e7:5b:31:
24:c8:4c:53:d8:59:36:50:b0:30:ab:7c:f0:2c:a7:
b7:7d:c4:fb:49:05:d4:96:03:db:53:ac:8f:56:80:
30:d7:eb:9c:66:b4:96:90:f7:8e:fa:90:20:10:d7:
c5:d8:8a:0e:f2:b1:31:af:01:d0:ee:e6:b7:4f:b2:
f4:40:0a:96:4f:04:8f:1d:eb:01:df:82:e0:1c:57:
47:3f:b6:57:22:00:b9:09:fc:39:25:05:be:2a:fb:
68:7e:93:7b:8e:1e:01:75:ff:d7:7a:cd:0f:36:b6:
b8:7d:37:5c:3c:a3:b6:24:6b:f1:69:5c:cf:49:d1:
3b:9b:8c:7c:b3:89:68:b9:4a:58:88:25:70:e4:42:
7d:71:6d:f0:3c:14:5f:4d:84:4b:17:e7:6c:fa:ef:
f4:a4:09:5c:ce:c0:54:e2:f4:74:48:f6:d5:97:10:
0a:61:9c:a9:cc:b5:45:8d:77:ef:f5:f3:55:f7:74:
d8:a6:97:0d:70:db:e8:04:54:3b:1a:a4:1c:ac:f1:
7a:6a:1c:8f:35:09:69:ac:f8:bc:70:3f:90:36:0a:
43:ce:59:ef:55:7b:7c:dd:c1:05:6a:f4:8f:9b:7c:
a2:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:63:70:12:B7:EF:35:40:2E:28:DB:84:68:7C:9E:3A:8B:DB:75:1D
X509v3 Authority Key Identifier:
keyid:91:29:5B:BB:75:BF:AA:EB:95:31:B3:9B:36:EC:75:21:DD:E3:0D:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.96.80.0/22
103.131.130.0/23
103.141.235.0/24
103.142.167.0/24
103.144.51.0/24
103.199.98.0/23
IPv6:
2401:3a60:1000::/36
2401:3a60:3100::-2401:3a60:34ff:ffff:ffff:ffff:ffff:ffff
2401:3a60:5000::/38
2401:3a60:7100::/40
Signature Algorithm: sha256WithRSAEncryption
6f:48:17:3d:42:7e:7b:18:28:3e:98:ed:47:1a:59:81:cf:3d:
41:0c:a6:ba:14:dc:46:aa:41:46:8b:a5:fe:86:32:0f:cd:fc:
70:2a:fc:07:91:7f:ec:47:98:34:93:98:19:bb:98:4a:ef:7b:
ba:44:81:c0:85:e9:dc:50:0a:95:ec:fa:f3:de:57:8d:f0:df:
8f:11:b1:a7:78:d4:e1:20:51:55:10:1a:ae:66:b5:36:a9:14:
f0:8f:8c:69:57:e6:7a:cc:98:41:fb:6a:ff:04:48:7e:95:6c:
cb:d7:cf:b7:79:27:8a:f5:9c:53:4e:53:17:11:61:b9:04:cd:
c5:7d:ff:5f:31:b4:19:5a:9e:17:5a:29:ec:40:87:a0:cf:2d:
d6:79:12:df:d7:b5:c1:be:bf:25:34:0e:fb:1e:0d:43:09:51:
2e:c3:92:1b:8d:f7:84:80:88:43:70:cf:78:e5:b9:5f:40:9f:
20:a0:88:e4:8c:4c:3b:41:2f:fa:88:3e:28:f6:a9:60:47:94:
fd:56:3e:51:e8:48:37:fd:4d:6f:3a:39:0b:a5:cd:47:54:9e:
15:11:6b:78:94:62:28:de:d2:01:c9:a6:52:af:6b:2e:33:9d:
4f:ea:3c:af:6d:04:3c:cc:15:c4:4d:10:56:b4:7a:27:c3:32:
88:ba:85:70
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICASEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQ5QjIxMTAvBgNVBAUTKDkxMjk1QkJCNzVCRkFBRUI5NTMxQjM5QjM2RUM3NTIx
RERFMzBENjMwHhcNMjUwMzE1MTQwNjU5WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2Q1ODk4Mi1lMjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArmA2E8dLF3xmBQb+bHfKUHLTo4zHYCca3jLnWzEkyExT2Fk2ULAwq3zwLKe3
fcT7SQXUlgPbU6yPVoAw1+ucZrSWkPeO+pAgENfF2IoO8rExrwHQ7ua3T7L0QAqW
TwSPHesB34LgHFdHP7ZXIgC5Cfw5JQW+KvtofpN7jh4Bdf/Xes0PNra4fTdcPKO2
JGvxaVzPSdE7m4x8s4louUpYiCVw5EJ9cW3wPBRfTYRLF+ds+u/0pAlczsBU4vR0
SPbVlxAKYZypzLVFjXfv9fNV93TYppcNcNvoBFQ7GqQcrPF6ahyPNQlprPi8cD+Q
NgpDzlnvVXt83cEFavSPm3yiWwIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFEBjcBK3
7zVALijbhGh8njqL23UdMB8GA1UdIwQYMBaAFJEpW7t1v6rrlTGzmzbsdSHd4w1j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDlCMi8wQTZGM0I0Mjkx
NTUxMUVFQTRDMEY2NjhDNEY5QUUwMi9rU2xidTNXX3F1dVZNYk9iTnV4MUlkM2pE
V00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tTbGJ1M1dfcXV1Vk1iT2JOdXgxSWQzakRXTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQ5QjIvMEE2RjNCNDI5MTU1MTFFRUE0QzBGNjY4QzRGOUFFMDIvMTFBMjg4Nzg5
MTU2MTFFRTgzRjYxQzQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMCoEAgABMCQDBAJnYFADBAFng4IDBABnjesDBABnjqcDBABnkDMDBAFnx2Iw
MAQCAAIwKgMGBCQBOmAQMBADBgAkATpgMQMGACQBOmA0AwYCJAE6YFADBgAkATpg
cTANBgkqhkiG9w0BAQsFAAOCAQEAb0gXPUJ+exgoPpjtRxpZgc89QQymuhTcRqpB
Roul/oYyD838cCr8B5F/7EeYNJOYGbuYSu97ukSBwIXp3FAKlez6895XjfDfjxGx
p3jU4SBRVRAarma1NqkU8I+MaVfmesyYQftq/wRIfpVsy9fPt3knivWcU05TFxFh
uQTNxX3/XzG0GVqeF1op7ECHoM8t1nkS39e1wb6/JTQO+x4NQwlRLsOSG433hICI
Q3DPeOW5X0CfIKCI5IxMO0Ev+og+KPapYEeU/VY+UehIN/1Nbzo5C6XNR1SeFRFr
eJRiKN7SAcmmUq9rLjOdT+o8r20EPMwVxE0QVrR6J8MyiLqFcA==
-----END CERTIFICATE-----
Generated at Sat Apr 26 07:48:33 2025 by rpki-client