Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
File: 24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa (raw, json)
Hash identifier: ecERzKe4aH7s8rjg9Kt6Wo+1pU9CBduLgX3EVStj1rs=
Subject key identifier: 80:BA:55:84:89:0A:DC:09:D9:9B:4A:E2:14:7E:4D:F3:A9:5A:30:D0
Certificate issuer: /CN=A9123E38/serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Certificate serial: 16C2
Authority key identifier: D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
Signing time: Wed 30 Apr 2025 16:55:39 +0000
ROA not before: Wed 30 Apr 2025 16:55:39 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 24337
IP address blocks: 103.228.252.0/24 maxlen: 24
103.228.253.0/24 maxlen: 24
103.228.254.0/24 maxlen: 24
103.228.255.0/24 maxlen: 24
139.5.156.0/22 maxlen: 22
139.5.156.0/24 maxlen: 24
139.5.157.0/24 maxlen: 24
139.5.158.0/24 maxlen: 24
139.5.159.0/24 maxlen: 24
141.164.96.0/20 maxlen: 20
141.164.96.0/24 maxlen: 24
141.164.97.0/24 maxlen: 24
141.164.98.0/24 maxlen: 24
141.164.99.0/24 maxlen: 24
141.164.103.0/24 maxlen: 24
141.164.104.0/24 maxlen: 24
141.164.105.0/24 maxlen: 24
141.164.107.0/24 maxlen: 24
141.164.108.0/24 maxlen: 24
141.164.109.0/24 maxlen: 24
141.164.110.0/24 maxlen: 24
141.164.111.0/24 maxlen: 24
202.123.176.0/21 maxlen: 21
202.123.176.0/24 maxlen: 24
202.123.177.0/24 maxlen: 24
202.123.178.0/24 maxlen: 24
202.123.179.0/24 maxlen: 24
202.123.180.0/24 maxlen: 24
202.123.181.0/24 maxlen: 24
202.123.182.0/24 maxlen: 24
202.123.183.0/24 maxlen: 24
2400:c180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 11 May 2025 16:37:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5826 (0x16c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123E38, serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Validity
Not Before: Apr 30 16:55:39 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=6812560b-2eeb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:c7:5d:cf:8e:8a:7b:38:85:7b:81:74:ce:b0:
bb:ee:59:8a:67:69:51:e0:56:89:60:f6:41:ea:e9:
08:0e:c9:4f:fe:91:59:38:4f:9f:c3:df:a7:cb:92:
06:42:c6:a4:e7:0c:e2:59:f7:5b:7d:6c:dc:bf:46:
83:d2:e1:26:9a:05:21:17:6d:1d:c7:bc:11:4c:27:
f2:ab:27:4d:b5:ac:7a:79:ec:78:c6:84:e0:58:82:
2c:ae:f9:13:5b:bc:14:c4:0c:eb:89:ac:73:44:2e:
2d:de:c5:32:4f:f7:fa:8c:7d:41:d4:bc:82:7f:b4:
a7:03:f3:de:9f:6f:c7:cd:a2:62:cf:2d:2b:cf:21:
bc:eb:6f:86:ba:08:e1:6c:b8:b9:ac:f3:60:07:7b:
c7:c6:ac:bf:27:4d:81:de:00:c3:a6:f6:88:02:5e:
dd:91:2a:19:22:3c:8d:66:85:54:27:81:e9:ca:44:
ae:da:b9:54:9d:d9:33:c4:0a:6e:c5:c1:92:4f:26:
12:97:6f:20:74:a1:47:f9:9f:5c:dc:95:38:a7:12:
6c:94:3a:ac:82:97:cb:f4:e2:a5:df:ac:66:8e:de:
71:13:97:e5:27:06:66:8b:27:00:9f:e5:d7:c1:8a:
ea:b0:e8:32:fe:7c:de:9f:79:ec:aa:99:bb:79:5c:
85:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:BA:55:84:89:0A:DC:09:D9:9B:4A:E2:14:7E:4D:F3:A9:5A:30:D0
X509v3 Authority Key Identifier:
keyid:D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.228.252.0/22
139.5.156.0/22
141.164.96.0/20
202.123.176.0/21
IPv6:
2400:c180::/32
Signature Algorithm: sha256WithRSAEncryption
b2:6e:83:66:b7:8e:48:43:30:5a:26:6b:9a:e4:a3:e9:36:90:
0f:55:8a:e9:af:b1:46:75:e5:bf:ff:ed:73:2d:87:f2:9f:cf:
ec:16:c1:56:c0:82:89:04:0f:f0:c6:67:c7:b8:c4:b6:dd:9d:
40:74:e3:7d:d3:39:db:d6:57:cc:a1:8e:16:40:0e:bf:c2:75:
df:b5:69:b1:da:84:6e:62:2c:60:48:f6:f6:91:fc:85:07:f7:
72:6d:ef:e8:6d:bd:b9:e7:73:ac:65:bd:2b:dc:43:de:b3:97:
5a:da:db:ce:68:ac:55:bb:35:5c:01:68:c0:73:a9:8b:6c:d4:
30:9a:b8:00:3c:85:a1:b3:1c:31:df:66:ae:cb:0e:77:fb:4f:
3d:91:69:e3:2e:15:25:b9:c5:1c:05:16:e0:69:cb:60:3b:13:
47:db:ff:d0:cc:f8:fc:8c:2a:32:ef:a9:13:d2:71:01:e2:f9:
d2:68:1f:f5:4a:fe:14:08:f3:48:13:b0:c7:3d:ca:9b:e6:b4:
03:db:c8:ae:f7:28:76:a6:1c:e2:f8:3f:13:d5:7a:14:b1:60:
5e:91:41:b2:83:80:2c:f6:9d:2d:d8:a7:da:05:1e:77:00:bf:
83:5e:10:cc:33:84:09:34:a5:a7:82:0e:e1:a2:2d:dd:76:45:
36:fa:5b:22
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICFsIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNFMzgxMTAvBgNVBAUTKEQ1NEJGMzk5QkUxQjY1OUIxMzIzMTRCODIxOTMzQTIw
QkEzOEI5NkEwHhcNMjUwNDMwMTY1NTM5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEyNTYwYi0yZWViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Mddz46KeziFe4F0zrC77lmKZ2lR4FaJYPZB6ukIDslP/pFZOE+fw9+ny5IG
Qsak5wziWfdbfWzcv0aD0uEmmgUhF20dx7wRTCfyqydNtax6eex4xoTgWIIsrvkT
W7wUxAzriaxzRC4t3sUyT/f6jH1B1LyCf7SnA/Pen2/HzaJizy0rzyG862+Gugjh
bLi5rPNgB3vHxqy/J02B3gDDpvaIAl7dkSoZIjyNZoVUJ4HpykSu2rlUndkzxApu
xcGSTyYSl28gdKFH+Z9c3JU4pxJslDqsgpfL9OKl36xmjt5xE5flJwZmiycAn+XX
wYrqsOgy/nzen3nsqpm7eVyF6wIDAQABo4ICtjCCArIwHQYDVR0OBBYEFIC6VYSJ
CtwJ2ZtK4hR+TfOpWjDQMB8GA1UdIwQYMBaAFNVL85m+G2WbEyMUuCGTOiC6OLlq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0UzOC9BMTA4N0QzNjAw
RUExMUU4QkM5M0IxNkJDNEY5QUUwMi8xVXZ6bWI0Ylpac1RJeFM0SVpNNklMbzR1
V28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFVdnptYjRiWlpzVEl4UzRJWk02SUxvNHVXby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNFMzgvQTEwODdEMzYwMEVBMTFFOEJDOTNCMTZCQzRGOUFFMDIvMjRDRkRBQkUw
MEVDMTFFOEFBQzRERDZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJn5PwDBAKLBZwDBASNpGADBAPKe7AwDQQCAAIwBwMFACQA
wYAwDQYJKoZIhvcNAQELBQADggEBALJug2a3jkhDMFoma5rko+k2kA9ViumvsUZ1
5b//7XMth/Kfz+wWwVbAgokED/DGZ8e4xLbdnUB0433TOdvWV8yhjhZADr/Cdd+1
abHahG5iLGBI9vaR/IUH93Jt7+htvbnnc6xlvSvcQ96zl1ra285orFW7NVwBaMBz
qYts1DCauAA8haGzHDHfZq7LDnf7Tz2RaeMuFSW5xRwFFuBpy2A7E0fb/9DM+PyM
KjLvqRPScQHi+dJoH/VK/hQI80gTsMc9ypvmtAPbyK73KHamHOL4PxPVehSxYF6R
QbKDgCz2nS3Yp9oFHncAv4NeEMwzhAk0paeCDuGiLd12RTb6WyI=
-----END CERTIFICATE-----
Generated at Mon May 5 11:49:27 2025 by rpki-client