Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
File: CD1E94321A7D11F09A63C576C4F9AE02.roa (raw, json)
Hash identifier: 4f1stCzy9qSXuQpOPoCgGurdRcl75dXwj8oNPKJisIk=
Subject key identifier: A3:EA:F7:19:3B:F3:58:D3:7E:E6:E0:F1:9E:49:D0:12:69:DE:BB:16
Certificate issuer: /CN=A91450A4/serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Certificate serial: 07EC
Authority key identifier: 3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
Signing time: Wed 16 Apr 2025 04:55:22 +0000
ROA not before: Wed 16 Apr 2025 04:55:22 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 55766
IP address blocks: 43.243.238.0/23 maxlen: 24
43.252.96.0/22 maxlen: 24
103.22.184.0/22 maxlen: 24
103.24.242.0/23 maxlen: 24
103.27.152.0/22 maxlen: 24
103.224.210.0/24 maxlen: 24
115.165.172.0/24 maxlen: 24
118.107.144.0/24 maxlen: 24
118.107.151.0/24 maxlen: 24
175.184.192.0/24 maxlen: 24
175.184.194.0/24 maxlen: 24
175.184.198.0/24 maxlen: 24
175.184.218.0/24 maxlen: 24
175.184.219.0/24 maxlen: 24
175.184.220.0/24 maxlen: 24
202.146.6.0/23 maxlen: 24
203.148.94.0/23 maxlen: 24
223.29.240.0/22 maxlen: 24
2400:f280::/32 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 21:13:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2028 (0x7ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91450A4, serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Validity
Not Before: Apr 16 04:55:22 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67ff383a-5639
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:70:c6:18:aa:e9:8a:0c:92:a9:1d:6f:a4:29:
9a:fc:f3:99:5c:85:a1:ff:fe:63:5a:b8:0c:0d:6a:
06:39:b1:0c:e7:1a:ef:28:90:9a:d7:b3:e5:87:c2:
6b:b2:f7:83:e0:4b:ca:0a:89:70:8d:18:f3:c7:79:
28:4a:64:09:e2:70:a0:6b:0f:10:23:9b:6d:e2:10:
48:3d:e2:ee:44:76:e0:51:2a:e9:c5:95:ce:f8:52:
05:63:ae:38:96:da:15:87:55:6d:f7:3a:49:84:f0:
b6:e6:b3:0a:bc:16:2a:52:d3:31:95:13:11:54:77:
da:42:be:67:84:b4:8f:14:98:15:e6:85:a4:f0:05:
0b:f8:3a:64:5a:47:9c:93:c9:da:c5:71:9e:5c:91:
ab:6f:71:65:df:5c:e4:9c:ed:45:d4:1e:7b:81:a7:
ce:65:fb:9c:f1:fc:5d:f8:f0:76:2f:61:e7:2b:6f:
b5:dd:a7:18:bb:ab:7b:9a:ca:8c:dc:79:58:fe:11:
8b:2b:d0:02:20:0e:d3:61:2c:e0:02:a0:0b:d8:30:
2b:e6:dd:ca:dd:bf:a0:45:e6:d2:23:25:80:bc:b8:
c1:e4:fc:3b:25:b6:cc:1d:e7:b0:2c:55:cb:9b:85:
60:70:43:c0:d4:e3:f5:ab:ec:fa:be:c6:62:af:fd:
fe:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:EA:F7:19:3B:F3:58:D3:7E:E6:E0:F1:9E:49:D0:12:69:DE:BB:16
X509v3 Authority Key Identifier:
keyid:3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.238.0/23
43.252.96.0/22
103.22.184.0/22
103.24.242.0/23
103.27.152.0/22
103.224.210.0/24
115.165.172.0/24
118.107.144.0/24
118.107.151.0/24
175.184.192.0/24
175.184.194.0/24
175.184.198.0/24
175.184.218.0-175.184.220.255
202.146.6.0/23
203.148.94.0/23
223.29.240.0/22
IPv6:
2400:f280::/32
Signature Algorithm: sha256WithRSAEncryption
76:cc:ee:c9:8f:7f:9f:ba:a6:6a:56:50:00:08:d2:e6:64:77:
d1:1f:5e:ee:d4:c9:56:fb:23:25:48:fc:ff:f7:c1:5a:c9:57:
14:11:50:12:02:4b:2b:07:24:89:da:65:ad:4a:f9:03:e5:6c:
17:1a:06:42:5b:15:c9:40:14:66:11:eb:e8:a0:20:98:d5:e7:
a0:61:12:f2:ba:dc:ea:45:0c:10:8a:cb:6b:09:ac:bb:73:11:
8a:66:01:67:8b:cd:99:67:aa:e8:cd:7b:6a:0c:b7:cb:51:53:
30:53:dd:14:07:ae:4e:66:42:fc:d1:62:3e:8c:e7:1d:66:57:
10:f8:2d:11:fa:05:70:a4:24:a4:a6:3f:7f:f4:91:37:1e:a4:
cb:85:dd:1a:55:56:56:14:e9:5a:99:ba:ac:68:7a:bc:54:f5:
65:b0:09:c7:94:69:f4:81:7b:bb:4e:0a:98:8b:d0:fb:76:f0:
ac:07:37:04:2d:4b:32:9f:7d:ba:83:80:5e:ef:87:06:80:47:
cc:ee:79:6d:c3:0d:af:d2:a7:57:de:cb:52:8c:24:28:fe:0f:
d9:ca:45:3e:2b:ea:ce:08:1d:0d:6f:f8:76:12:04:18:0f:c3:
ca:2f:17:c7:63:11:df:b4:f5:6b:c7:06:2d:b6:01:05:8b:51:
40:9f:48:b6
-----BEGIN CERTIFICATE-----
MIIF5DCCBMygAwIBAgICB+wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUwQTQxMTAvBgNVBAUTKDNEMUQ2QTMzMkFFQTRFQzUwMjAzN0EwOTA5RjRDQzE5
RDQyREIxOTgwHhcNMjUwNDE2MDQ1NTIyWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2ZmMzgzYS01NjM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo3DGGKrpigySqR1vpCma/POZXIWh//5jWrgMDWoGObEM5xrvKJCa17Plh8Jr
sveD4EvKColwjRjzx3koSmQJ4nCgaw8QI5tt4hBIPeLuRHbgUSrpxZXO+FIFY644
ltoVh1Vt9zpJhPC25rMKvBYqUtMxlRMRVHfaQr5nhLSPFJgV5oWk8AUL+DpkWkec
k8naxXGeXJGrb3Fl31zknO1F1B57gafOZfuc8fxd+PB2L2HnK2+13acYu6t7msqM
3HlY/hGLK9ACIA7TYSzgAqAL2DAr5t3K3b+gRebSIyWAvLjB5Pw7JbbMHeewLFXL
m4VgcEPA1OP1q+z6vsZir/3+/QIDAQABo4IDCDCCAwQwHQYDVR0OBBYEFKPq9xk7
81jTfubg8Z5J0BJp3rsWMB8GA1UdIwQYMBaAFD0dajMq6k7FAgN6CQn0zBnULbGY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTBBNC9ERDQ3MzY5ODBD
MzYxMUVCQTRFNDlFMjFDNEY5QUUwMi9QUjFxTXlycVRzVUNBM29KQ2ZUTUdkUXRz
WmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BSMXFNeXJxVHNVQ0Ezb0pDZlRNR2RRdHNaZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUwQTQvREQ0NzM2OTgwQzM2MTFFQkE0RTQ5RTIxQzRGOUFFMDIvQ0QxRTk0MzIx
QTdEMTFGMDlBNjNDNTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZEGCCsGAQUFBwEHAQH/
BIGBMH8wbgQCAAEwaAMEASvz7gMEAiv8YAMEAmcWuAMEAWcY8gMEAmcbmAMEAGfg
0gMEAHOlrAMEAHZrkAMEAHZrlwMEAK+4wAMEAK+4wgMEAK+4xjAMAwQBr7jaAwQA
r7jcAwQBypIGAwQBy5ReAwQC3x3wMA0EAgACMAcDBQAkAPKAMA0GCSqGSIb3DQEB
CwUAA4IBAQB2zO7Jj3+fuqZqVlAACNLmZHfRH17u1MlW+yMlSPz/98FayVcUEVAS
AksrBySJ2mWtSvkD5WwXGgZCWxXJQBRmEevooCCY1eegYRLyutzqRQwQistrCay7
cxGKZgFni82ZZ6rozXtqDLfLUVMwU90UB65OZkL80WI+jOcdZlcQ+C0R+gVwpCSk
pj9/9JE3HqTLhd0aVVZWFOlambqsaHq8VPVlsAnHlGn0gXu7TgqYi9D7dvCsBzcE
LUsyn326g4Be74cGgEfM7nltww2v0qdX3stSjCQo/g/ZykU+K+rOCB0Nb/h2EgQY
D8PKLxfHYxHftPVrxwYttgEFi1FAn0i2
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:15:56 2025 by rpki-client