Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/EA00D8B2197411F090941872C4F9AE02.roa
File: EA00D8B2197411F090941872C4F9AE02.roa (raw, json)
Hash identifier: aKXnvq5z44EupKKofY7R4ZRvXJ2wyMO/sPnwxlnhhWY=
Subject key identifier: 9F:A8:B8:81:7B:B0:4D:73:29:44:90:05:03:A0:C8:EB:5B:E0:97:FD
Certificate issuer: /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial: 076A
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/EA00D8B2197411F090941872C4F9AE02.roa
Signing time: Mon 14 Apr 2025 21:10:38 +0000
ROA not before: Mon 14 Apr 2025 21:10:38 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 9790
IP address blocks: 60.234.0.0/16 maxlen: 20
101.98.0.0/16 maxlen: 20
101.100.128.0/19 maxlen: 24
103.224.128.0/22 maxlen: 24
103.237.40.0/22 maxlen: 24
110.44.16.0/22 maxlen: 24
118.148.64.0/20 maxlen: 24
118.148.80.0/20 maxlen: 24
118.148.96.0/20 maxlen: 24
118.148.112.0/20 maxlen: 24
118.149.64.0/20 maxlen: 24
118.149.80.0/20 maxlen: 24
118.149.96.0/20 maxlen: 24
118.149.112.0/20 maxlen: 24
119.224.0.0/18 maxlen: 22
119.224.64.0/19 maxlen: 22
119.224.128.0/20 maxlen: 20
121.98.0.0/15 maxlen: 20
202.50.170.0/24 maxlen: 24
202.53.176.0/20 maxlen: 20
202.89.128.0/19 maxlen: 20
202.180.64.0/18 maxlen: 20
202.189.160.0/20 maxlen: 20
202.191.32.0/20 maxlen: 20
203.184.0.0/18 maxlen: 20
2400:4800::/32 maxlen: 32
2402:6000::/32 maxlen: 32
2402:8200::/32 maxlen: 32
2404:4400::/28 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 22:21:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1898 (0x76a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91406AA, serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Validity
Not Before: Apr 14 21:10:38 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=67fd79ce-a3e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:da:8e:e4:99:76:2d:ae:cf:0a:15:d8:f7:c2:
8d:6e:a8:50:16:c7:08:fa:f6:f4:0f:ff:38:92:bb:
91:8d:9d:dc:c0:05:bf:67:18:04:c9:77:3e:d7:c0:
dc:a2:30:40:36:fb:be:02:c2:6d:42:ca:a3:95:19:
62:11:3c:94:78:ec:10:cb:a7:bc:1e:90:c8:5d:75:
56:7c:40:e5:a3:d5:77:e0:3b:69:24:81:2a:a2:17:
19:5a:8e:da:ec:98:9b:15:1c:d4:85:b0:13:d3:59:
c3:22:02:70:7b:b8:6d:86:89:39:cd:f0:d3:ea:10:
fa:b4:89:31:43:d1:8f:dc:84:00:d0:6f:04:c1:0d:
4f:e3:f8:37:39:0c:6d:92:9a:32:2b:4f:9f:39:e2:
29:18:16:e5:43:8c:46:a1:c0:1f:87:ec:41:e6:c7:
17:00:e1:51:95:4f:be:70:01:10:18:ac:67:f3:d0:
05:e5:36:94:d0:30:78:58:9c:fa:4b:c3:dd:f2:48:
57:b7:1f:a1:3f:98:70:93:f2:40:83:d6:4b:c9:98:
36:02:1e:6b:1c:d7:c5:26:94:76:3a:90:98:cc:66:
39:29:72:43:07:9d:3d:9b:8a:71:be:74:9b:c1:4e:
eb:47:6f:bf:ec:47:a5:5a:1d:1f:dc:dc:90:1c:1a:
32:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:A8:B8:81:7B:B0:4D:73:29:44:90:05:03:A0:C8:EB:5B:E0:97:FD
X509v3 Authority Key Identifier:
keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/EA00D8B2197411F090941872C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
60.234.0.0/16
101.98.0.0/16
101.100.128.0/19
103.224.128.0/22
103.237.40.0/22
110.44.16.0/22
118.148.64.0/18
118.149.64.0/18
119.224.0.0-119.224.95.255
119.224.128.0/20
121.98.0.0/15
202.50.170.0/24
202.53.176.0/20
202.89.128.0/19
202.180.64.0/18
202.189.160.0/20
202.191.32.0/20
203.184.0.0/18
IPv6:
2400:4800::/32
2402:6000::/32
2402:8200::/32
2404:4400::/28
Signature Algorithm: sha256WithRSAEncryption
ab:bb:cb:39:af:0f:09:f2:bb:e7:f2:90:72:f6:bd:57:30:bb:
84:8f:b3:6b:35:9f:51:38:93:ae:e3:7c:13:cb:57:22:e2:3c:
98:ab:4f:4f:7e:5a:46:2d:e7:f1:88:df:ea:43:2d:c1:ac:83:
44:a6:bd:7d:36:b9:b7:d4:2b:f2:a0:2a:3e:2f:34:34:91:44:
d5:c8:c7:67:bf:88:83:31:4a:24:cb:6f:c8:48:5b:57:3b:8a:
f6:c3:be:27:b9:06:d2:d5:8e:df:fc:e9:00:d0:d3:15:34:be:
d2:94:dc:aa:7d:47:4a:31:af:83:3c:f4:d6:2a:e2:87:84:ad:
ee:f0:a4:06:22:39:0a:9f:ec:6a:e9:09:24:73:e7:8b:1d:7a:
db:83:59:26:2f:7a:e3:b5:2d:a5:bf:ad:9d:d6:76:40:ab:db:
16:7a:f0:02:83:26:03:9a:ee:82:7f:70:46:be:8d:44:f9:c8:
a0:26:48:98:0b:fd:67:2a:5f:be:68:26:0d:ef:b9:70:ab:1f:
50:03:54:b6:24:09:a5:44:46:bf:1c:17:a5:2e:fb:03:e7:28:
4a:08:3c:5e:cd:fe:e5:a4:b3:86:7d:ea:a2:35:7a:88:97:4e:
69:af:2a:bf:a9:7a:b4:49:bd:4b:f8:26:fe:08:3f:3f:09:67:
7a:d8:0e:d8
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICB2owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjUwNDE0MjExMDM4WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2ZkNzljZS1hM2UzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8dqO5Jl2La7PChXY98KNbqhQFscI+vb0D/84kruRjZ3cwAW/ZxgEyXc+18Dc
ojBANvu+AsJtQsqjlRliETyUeOwQy6e8HpDIXXVWfEDlo9V34DtpJIEqohcZWo7a
7JibFRzUhbAT01nDIgJwe7hthok5zfDT6hD6tIkxQ9GP3IQA0G8EwQ1P4/g3OQxt
kpoyK0+fOeIpGBblQ4xGocAfh+xB5scXAOFRlU++cAEQGKxn89AF5TaU0DB4WJz6
S8Pd8khXtx+hP5hwk/JAg9ZLyZg2Ah5rHNfFJpR2OpCYzGY5KXJDB509m4pxvnSb
wU7rR2+/7EelWh0f3NyQHBoynQIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFJ+ouIF7
sE1zKUSQBQOgyOtb4Jf9MB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvRUEwMEQ4QjIx
OTc0MTFGMDkwOTQxODcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMHYEAgABMHADAwA86gMDAGViAwQFZWSAAwQCZ+CAAwQCZ+0oAwQCbiwQ
AwQGdpRAAwQGdpVAMAsDAwV34AMEBXfgQAMEBHfggAMDAXliAwQAyjKqAwQEyjWw
AwQFylmAAwQGyrRAAwQEyr2gAwQEyr8gAwQGy7gAMCIEAgACMBwDBQAkAEgAAwUA
JAJgAAMFACQCggADBQQkBEQAMA0GCSqGSIb3DQEBCwUAA4IBAQCru8s5rw8J8rvn
8pBy9r1XMLuEj7NrNZ9ROJOu43wTy1ci4jyYq09PflpGLefxiN/qQy3BrINEpr19
Nrm31CvyoCo+LzQ0kUTVyMdnv4iDMUoky2/ISFtXO4r2w74nuQbS1Y7f/OkA0NMV
NL7SlNyqfUdKMa+DPPTWKuKHhK3u8KQGIjkKn+xq6Qkkc+eLHXrbg1kmL3rjtS2l
v62d1nZAq9sWevACgyYDmu6Cf3BGvo1E+cigJkiYC/1nKl++aCYN77lwqx9QA1S2
JAmlREa/HBelLvsD5yhKCDxezf7lpLOGfeqiNXqIl05pryq/qXq0Sb1L+Cb+CD8/
CWd62A7Y
-----END CERTIFICATE-----
Generated at Sat Apr 26 07:52:43 2025 by rpki-client