Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
File: 7165DB28E2C911EF8A1C1514C4F9AE02.roa (raw, json)
Hash identifier: WlVHKhM+QwijE+SR8uQjozWScXJjKVRCH43Kmj5ogqo=
Subject key identifier: C1:4A:81:25:6A:A4:AB:0C:6C:08:9B:5B:C8:68:B4:E0:58:A1:8E:BE
Certificate issuer: /CN=A9148C7B/serialNumber=17577F1E92EB33B2CDE6E489C0B9A99A2E02FDA3
Certificate serial: 34D3
Authority key identifier: 17:57:7F:1E:92:EB:33:B2:CD:E6:E4:89:C0:B9:A9:9A:2E:02:FD:A3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
Signing time: Sun 09 Feb 2025 06:07:53 +0000
ROA not before: Sun 09 Feb 2025 06:07:53 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 138322
IP address blocks: 43.250.136.0/24 maxlen: 24
43.250.138.0/24 maxlen: 24
61.5.193.0/24 maxlen: 24
61.5.196.0/22 maxlen: 22
61.5.196.0/24 maxlen: 24
61.5.198.0/24 maxlen: 24
61.5.199.0/24 maxlen: 24
61.5.200.0/22 maxlen: 22
61.5.201.0/24 maxlen: 24
61.5.204.0/24 maxlen: 24
103.42.0.0/24 maxlen: 24
103.42.1.0/24 maxlen: 24
119.59.80.0/21 maxlen: 21
119.59.80.0/24 maxlen: 24
119.59.81.0/24 maxlen: 24
119.59.82.0/23 maxlen: 23
119.59.82.0/24 maxlen: 24
119.59.84.0/22 maxlen: 22
121.100.53.0/24 maxlen: 24
2400:e500::/48 maxlen: 48
2400:e500:2::/48 maxlen: 48
2400:e500:2f::/48 maxlen: 48
2400:e500:35::/48 maxlen: 48
2400:e500:36::/48 maxlen: 48
2400:e500:37::/48 maxlen: 48
2400:e500:38::/48 maxlen: 48
2400:e500:39::/48 maxlen: 48
2400:e500:3a::/48 maxlen: 48
2400:e500:3b::/48 maxlen: 48
2400:e500:3e::/48 maxlen: 48
2400:e500:90::/48 maxlen: 48
2400:e500:100::/40 maxlen: 40
2400:e501::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 14:44:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13523 (0x34d3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=17577F1E92EB33B2CDE6E489C0B9A99A2E02FDA3
Validity
Not Before: Feb 9 06:07:53 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67a84638-eaa8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:23:1d:71:d2:5d:9a:54:96:7d:a8:90:78:35:
a8:46:55:55:2e:55:8a:69:47:67:6a:96:a3:8f:50:
eb:96:6e:9f:57:a7:c0:87:67:85:aa:38:35:d8:6f:
14:3e:4c:7e:68:f3:99:0e:15:4b:71:5b:a9:86:47:
34:33:c0:9e:26:c8:07:ec:87:e4:59:dd:f1:f2:51:
4f:82:02:85:42:c1:ce:57:ea:dd:5c:0d:97:95:53:
e4:ed:c3:ca:c9:c8:00:cd:08:d6:a4:a8:b5:e3:06:
e8:da:84:43:b0:ac:71:84:8d:8a:5d:8f:38:d6:b0:
29:82:a3:f3:a0:1f:1d:81:ec:81:b6:d6:75:dc:8a:
29:eb:60:2c:80:11:d6:c9:ed:4f:f6:7a:aa:8a:c3:
13:70:66:16:bc:a7:52:c3:6c:b3:db:0b:bf:8f:68:
89:9f:48:e5:1d:ba:5b:c3:99:ab:aa:f0:cc:6f:7e:
17:f5:a2:6c:de:92:f1:9b:4c:1e:c0:ef:0f:f6:e0:
03:5a:45:63:c2:92:d2:3b:32:99:cf:62:09:f6:57:
2e:1f:86:f1:62:de:9d:49:5d:06:88:1c:76:30:fe:
c4:f1:fd:d2:3f:33:14:05:ba:7b:07:7f:7c:9a:0d:
37:6e:f3:5c:5b:2d:3e:66:80:24:86:cc:3f:84:f8:
e9:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:4A:81:25:6A:A4:AB:0C:6C:08:9B:5B:C8:68:B4:E0:58:A1:8E:BE
X509v3 Authority Key Identifier:
keyid:17:57:7F:1E:92:EB:33:B2:CD:E6:E4:89:C0:B9:A9:9A:2E:02:FD:A3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/F1d_HpLrM7LN5uSJwLmpmi4C_aM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/675208AE1D9311E2BCBDE5F608B02CD2/7165DB28E2C911EF8A1C1514C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.250.136.0/24
43.250.138.0/24
61.5.193.0/24
61.5.196.0-61.5.204.255
103.42.0.0/23
119.59.80.0/21
121.100.53.0/24
IPv6:
2400:e500::/48
2400:e500:2::/48
2400:e500:2f::/48
2400:e500:35::-2400:e500:3b:ffff:ffff:ffff:ffff:ffff
2400:e500:3e::/48
2400:e500:90::/48
2400:e500:100::/40
2400:e501::/32
Signature Algorithm: sha256WithRSAEncryption
1e:41:19:44:68:f8:37:f5:6a:6a:16:65:79:57:e7:67:e7:62:
bb:e5:12:a9:e2:60:bf:7d:5b:ee:5e:c9:da:71:c6:47:64:dd:
f1:19:54:73:2c:d5:47:db:15:ec:32:5f:4c:52:41:c7:95:03:
aa:c3:f2:ad:52:18:60:6d:85:52:03:83:33:90:1d:86:39:c0:
96:12:70:cf:21:a5:ed:4c:84:c5:55:a6:08:26:f5:1b:22:5e:
42:66:6d:81:57:e3:e3:3c:6e:5b:46:75:19:fc:87:26:b1:32:
cc:fc:60:4a:2e:c9:52:cb:70:ff:29:65:69:e0:a4:5a:93:71:
eb:5a:18:d9:05:5a:47:05:70:1f:3f:26:80:15:45:74:81:69:
65:bd:53:57:c6:0a:d9:d2:df:ba:80:63:92:2d:51:68:8a:4b:
85:7c:f3:5e:3d:ad:4c:a0:5c:23:64:ec:54:89:ac:dd:12:2e:
80:33:06:fe:01:6f:cc:0d:9c:d8:b8:76:68:be:ca:0f:9d:d0:
b7:a0:3e:f0:bb:5a:ef:8b:ee:76:b7:32:3c:88:9e:a9:b0:eb:
a6:09:1c:12:7b:ee:a5:d5:b4:d8:6d:c0:8b:1f:40:c6:b6:f9:
f8:38:2d:ab:26:0d:45:87:00:88:ae:fc:bf:b7:7a:d2:6b:6a:
27:bd:eb:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgICNNMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDE3NTc3RjFFOTJFQjMzQjJDREU2RTQ4OUMwQjlBOTlB
MkUwMkZEQTMwHhcNMjUwMjA5MDYwNzUzWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2E4NDYzOC1lYWE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7CMdcdJdmlSWfaiQeDWoRlVVLlWKaUdnapajj1Drlm6fV6fAh2eFqjg12G8U
Pkx+aPOZDhVLcVuphkc0M8CeJsgH7IfkWd3x8lFPggKFQsHOV+rdXA2XlVPk7cPK
ycgAzQjWpKi14wbo2oRDsKxxhI2KXY841rApgqPzoB8dgeyBttZ13Iop62AsgBHW
ye1P9nqqisMTcGYWvKdSw2yz2wu/j2iJn0jlHbpbw5mrqvDMb34X9aJs3pLxm0we
wO8P9uADWkVjwpLSOzKZz2IJ9lcuH4bxYt6dSV0GiBx2MP7E8f3SPzMUBbp7B398
mg03bvNcWy0+ZoAkhsw/hPjpvQIDAQABo4IDHDCCAxgwHQYDVR0OBBYEFMFKgSVq
pKsMbAibW8hotOBYoY6+MB8GA1UdIwQYMBaAFBdXfx6S6zOyzebkicC5qZouAv2j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi82NzUyMDhBRTFE
OTMxMUUyQkNCREU1RjYwOEIwMkNEMi9GMWRfSHBMck03TE41dVNKd0xtcG1pNENf
YU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0YxZF9IcExyTTdMTjV1U0p3TG1wbWk0Q19hTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNjc1MjA4QUUxRDkzMTFFMkJDQkRFNUY2MDhCMDJDRDIvNzE2NURCMjhF
MkM5MTFFRjhBMUMxNTE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaUGCCsGAQUFBwEHAQH/
BIGVMIGSMDgEAgABMDIDBAAr+ogDBAAr+ooDBAA9BcEwDAMEAj0FxAMEAD0FzAME
AWcqAAMEA3c7UAMEAHlkNTBWBAIAAjBQAwcAJADlAAAAAwcAJADlAAACAwcAJADl
AAAvMBIDBwAkAOUAADUDBwIkAOUAADgDBwAkAOUAAD4DBwAkAOUAAJADBgAkAOUA
AQMFACQA5QEwDQYJKoZIhvcNAQELBQADggEBAB5BGURo+Df1amoWZXlX52fnYrvl
EqniYL99W+5eydpxxkdk3fEZVHMs1UfbFewyX0xSQceVA6rD8q1SGGBthVIDgzOQ
HYY5wJYScM8hpe1MhMVVpggm9RsiXkJmbYFX4+M8bltGdRn8hyaxMsz8YEouyVLL
cP8pZWngpFqTcetaGNkFWkcFcB8/JoAVRXSBaWW9U1fGCtnS37qAY5ItUWiKS4V8
8149rUygXCNk7FSJrN0SLoAzBv4Bb8wNnNi4dmi+yg+d0LegPvC7Wu+L7na3MjyI
nqmw66YJHBJ77qXVtNhtwIsfQMa2+fg4LasmDUWHAIiu/L+3etJraie967g=
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:16:38 2025 by rpki-client