Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/4221CE240EC211EB9F6B1914C4F9AE02.roa
File: 4221CE240EC211EB9F6B1914C4F9AE02.roa (raw, json)
Hash identifier: fUhNa2zvGR6tljYmicsoP8kxi9R8oyVSsotkZ+dJbwI=
Subject key identifier: AB:08:03:9E:86:70:FE:5C:B6:DB:B2:64:F1:1E:68:8E:4B:93:AE:90
Certificate issuer: /CN=A9127523/serialNumber=8A681DD0C43731D0F4763A4DBDD5D4CC01FD64C2
Certificate serial: 2D7C
Authority key identifier: 8A:68:1D:D0:C4:37:31:D0:F4:76:3A:4D:BD:D5:D4:CC:01:FD:64:C2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/imgd0MQ3MdD0djpNvdXUzAH9ZMI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/4221CE240EC211EB9F6B1914C4F9AE02.roa
Signing time: Thu 24 Apr 2025 09:55:10 +0000
ROA not before: Thu 24 Apr 2025 09:55:10 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 58656
IP address blocks: 103.12.176.0/22 maxlen: 24
118.179.8.0/21 maxlen: 21
118.179.9.0/24 maxlen: 24
118.179.12.0/24 maxlen: 24
118.179.14.0/24 maxlen: 24
118.179.15.0/24 maxlen: 24
118.179.16.0/20 maxlen: 20
118.179.16.0/24 maxlen: 24
118.179.17.0/24 maxlen: 24
118.179.18.0/24 maxlen: 24
118.179.19.0/24 maxlen: 24
118.179.20.0/23 maxlen: 24
118.179.22.0/24 maxlen: 24
118.179.23.0/24 maxlen: 24
118.179.24.0/23 maxlen: 23
118.179.24.0/24 maxlen: 24
118.179.25.0/24 maxlen: 24
118.179.26.0/24 maxlen: 24
118.179.27.0/24 maxlen: 24
118.179.28.0/24 maxlen: 24
118.179.29.0/24 maxlen: 24
118.179.30.0/23 maxlen: 23
118.179.30.0/24 maxlen: 24
118.179.31.0/24 maxlen: 24
2404:d900::/32 maxlen: 32
2404:d900::/48 maxlen: 48
2404:d900:50::/48 maxlen: 48
2404:d900:51::/48 maxlen: 48
2404:d900:1000::/48 maxlen: 48
2404:d900:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/imgd0MQ3MdD0djpNvdXUzAH9ZMI.crl
rsync://rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/imgd0MQ3MdD0djpNvdXUzAH9ZMI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/imgd0MQ3MdD0djpNvdXUzAH9ZMI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 15:31:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11644 (0x2d7c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9127523, serialNumber=8A681DD0C43731D0F4763A4DBDD5D4CC01FD64C2
Validity
Not Before: Apr 24 09:55:10 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=680a0a7e-721d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:87:29:94:92:32:73:a1:77:76:6e:c1:47:b9:
94:18:c5:f7:79:46:f7:c5:10:08:98:6a:83:7f:57:
76:91:09:87:f7:95:ae:c2:a7:0e:22:eb:41:7b:01:
bd:d0:89:9e:14:cd:08:2f:a2:78:7a:33:f2:82:59:
c9:46:58:4c:69:8e:33:d5:0b:9c:d9:74:cb:d5:30:
a0:16:58:28:57:f4:29:46:fc:fe:06:98:67:c5:47:
7e:1c:02:4a:65:26:8c:84:6a:45:0c:96:7f:fb:05:
9f:2e:4e:35:93:c5:5f:e5:7e:9a:95:1c:ce:61:a6:
19:7a:d4:bb:50:5c:f6:5c:65:b3:93:40:0c:74:d3:
f6:a1:83:75:bc:e0:bf:42:a2:7d:f2:2e:38:b8:b9:
e1:ee:70:c2:73:e5:46:51:a5:8c:60:dd:3c:b1:7a:
72:fe:7c:01:4a:77:08:e1:fd:ab:88:14:f3:6d:5c:
da:c1:41:65:dc:27:94:14:b2:5f:b4:3d:ea:b6:64:
1f:85:a0:97:ed:46:a2:f7:7b:be:4e:d8:10:dc:cd:
66:dc:67:41:3c:26:89:7f:91:8f:cd:33:12:b0:38:
06:42:18:d2:c8:f8:e5:15:1c:cd:86:83:46:b6:15:
ae:7d:04:7d:56:c6:1d:5f:c8:5d:70:c9:35:83:a1:
6f:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:08:03:9E:86:70:FE:5C:B6:DB:B2:64:F1:1E:68:8E:4B:93:AE:90
X509v3 Authority Key Identifier:
keyid:8A:68:1D:D0:C4:37:31:D0:F4:76:3A:4D:BD:D5:D4:CC:01:FD:64:C2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/imgd0MQ3MdD0djpNvdXUzAH9ZMI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/imgd0MQ3MdD0djpNvdXUzAH9ZMI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9127523/12B997E89AE311E3A5A257A75911EA32/4221CE240EC211EB9F6B1914C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.12.176.0/22
118.179.8.0-118.179.31.255
IPv6:
2404:d900::/32
Signature Algorithm: sha256WithRSAEncryption
42:3c:9c:10:4e:ae:d0:49:11:69:ba:53:39:d9:a0:e0:7b:2d:
4b:0d:9e:55:48:95:c9:14:e9:c0:4b:7d:0d:48:f9:1b:4c:07:
6f:50:41:97:92:ce:88:22:ac:d8:3d:36:b1:37:55:29:ba:16:
ca:cb:40:5c:07:3c:f0:13:22:81:8a:a5:40:0a:3b:7a:4b:e8:
3b:77:76:d5:08:cc:d6:a0:56:11:4f:f6:15:a7:ae:25:94:f1:
c2:10:ce:e8:3e:e7:b0:80:14:a1:f9:8f:fa:1a:15:6f:74:96:
40:bf:53:81:1c:b0:8e:a0:0a:6d:2c:d3:29:d0:05:02:f8:2f:
56:5c:ae:56:2e:12:96:6b:da:b0:06:c5:fd:18:2a:2c:d4:58:
87:35:b0:ed:19:61:79:c9:3c:f6:98:8d:b7:20:be:47:d8:fd:
3d:c2:a2:b5:00:37:1d:0d:c4:92:74:72:91:3f:e9:70:23:18:
39:b0:d2:7c:3b:22:d3:9d:e1:9f:71:66:ab:65:40:e7:ad:56:
67:07:1a:f4:47:cc:bc:d1:cd:50:75:45:73:e0:b5:2e:3e:0a:
3b:52:39:bc:01:52:30:a8:00:47:aa:03:a6:40:d7:85:5f:c8:
33:b0:8b:d6:04:76:2c:83:8d:79:68:13:d6:5e:94:d5:28:d9:
11:b2:d3:b8
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICLXwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjc1MjMxMTAvBgNVBAUTKDhBNjgxREQwQzQzNzMxRDBGNDc2M0E0REJERDVENEND
MDFGRDY0QzIwHhcNMjUwNDI0MDk1NTEwWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODBhMGE3ZS03MjFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv4cplJIyc6F3dm7BR7mUGMX3eUb3xRAImGqDf1d2kQmH95WuwqcOIutBewG9
0ImeFM0IL6J4ejPyglnJRlhMaY4z1Quc2XTL1TCgFlgoV/QpRvz+BphnxUd+HAJK
ZSaMhGpFDJZ/+wWfLk41k8Vf5X6alRzOYaYZetS7UFz2XGWzk0AMdNP2oYN1vOC/
QqJ98i44uLnh7nDCc+VGUaWMYN08sXpy/nwBSncI4f2riBTzbVzawUFl3CeUFLJf
tD3qtmQfhaCX7Uai93u+TtgQ3M1m3GdBPCaJf5GPzTMSsDgGQhjSyPjlFRzNhoNG
thWufQR9VsYdX8hdcMk1g6FvMQIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFKsIA56G
cP5cttuyZPEeaI5Lk66QMB8GA1UdIwQYMBaAFIpoHdDENzHQ9HY6Tb3V1MwB/WTC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNzUyMy8xMkI5OTdFODlB
RTMxMUUzQTVBMjU3QTc1OTExRUEzMi9pbWdkME1RM01kRDBkanBOdmRYVXpBSDla
TUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ltZ2QwTVEzTWREMGRqcE52ZFhVekFIOVpNSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjc1MjMvMTJCOTk3RTg5QUUzMTFFM0E1QTI1N0E3NTkxMUVBMzIvNDIyMUNFMjQw
RUMyMTFFQjlGNkIxOTE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBoEAgABMBQDBAJnDLAwDAMEA3azCAMEBXazADANBAIAAjAHAwUAJATZADAN
BgkqhkiG9w0BAQsFAAOCAQEAQjycEE6u0EkRabpTOdmg4HstSw2eVUiVyRTpwEt9
DUj5G0wHb1BBl5LOiCKs2D02sTdVKboWystAXAc88BMigYqlQAo7ekvoO3d21QjM
1qBWEU/2FaeuJZTxwhDO6D7nsIAUofmP+hoVb3SWQL9TgRywjqAKbSzTKdAFAvgv
VlyuVi4SlmvasAbF/RgqLNRYhzWw7Rlheck89piNtyC+R9j9PcKitQA3HQ3EknRy
kT/pcCMYObDSfDsi053hn3Fmq2VA561WZwca9EfMvNHNUHVFc+C1Lj4KO1I5vAFS
MKgAR6oDpkDXhV/IM7CL1gR2LIONeWgT1l6U1SjZEbLTuA==
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:10:18 2025 by rpki-client