Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
File: 33A6DBFAD31C11EFA728D52FC4F9AE02.roa (raw, json)
Hash identifier: +CoH9vvYQtHpPIw3bxnlYYwu+LY7MUnqgN15NGjmSak=
Subject key identifier: 80:A9:87:35:C3:B4:A0:A9:C0:24:AE:77:51:86:66:40:92:23:2B:DA
Certificate issuer: /CN=A916AC30/serialNumber=576790244CC29275C112356FF620F2620D7D615E
Certificate serial: B4
Authority key identifier: 57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
Signing time: Fri 13 Jun 2025 13:28:48 +0000
ROA not before: Fri 13 Jun 2025 13:28:48 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 59253
IP address blocks: 23.106.48.0/21 maxlen: 21
23.106.50.0/24 maxlen: 24
23.106.64.0/20 maxlen: 20
23.106.67.0/24 maxlen: 24
23.106.120.0/21 maxlen: 21
23.106.248.0/21 maxlen: 21
23.106.248.0/22 maxlen: 22
23.106.252.0/22 maxlen: 22
23.108.96.0/21 maxlen: 21
23.108.96.0/22 maxlen: 22
23.108.100.0/22 maxlen: 22
23.111.12.0/22 maxlen: 22
64.120.92.0/22 maxlen: 22
64.120.110.0/23 maxlen: 24
142.91.96.0/23 maxlen: 23
142.91.98.0/23 maxlen: 23
142.91.100.0/23 maxlen: 23
173.234.0.0/23 maxlen: 23
173.234.2.0/23 maxlen: 23
173.234.4.0/22 maxlen: 22
173.234.8.0/22 maxlen: 22
173.234.12.0/23 maxlen: 23
173.234.14.0/23 maxlen: 23
209.58.160.0/20 maxlen: 20
209.58.160.0/21 maxlen: 21
209.58.168.0/21 maxlen: 21
209.58.176.0/21 maxlen: 21
209.58.176.0/22 maxlen: 22
209.58.180.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl
rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 24 Jun 2025 05:36:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 180 (0xb4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916AC30, serialNumber=576790244CC29275C112356FF620F2620D7D615E
Validity
Not Before: Jun 13 13:28:48 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=684c2790-dce5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f5:89:58:18:b8:86:0a:d8:9f:2c:e2:9a:10:
02:58:a2:58:24:9d:f1:ef:f6:0c:79:77:12:f9:2c:
8b:a6:6c:d3:9a:0e:48:90:7b:68:fa:5b:c9:c0:3c:
26:7d:7b:88:0e:95:ad:06:40:f6:ee:62:9c:ee:7c:
14:90:9c:d7:a4:45:76:bc:f0:9c:e3:49:95:a9:68:
8f:4e:fb:1f:10:1d:57:8b:0b:4b:8e:d3:7e:dd:4e:
0c:25:a1:df:46:01:b3:84:ad:e5:f4:62:2e:31:ac:
01:16:dd:59:8c:53:4a:41:23:a5:1e:a5:68:f9:01:
b0:c8:a9:d4:15:69:5e:17:e1:26:8b:a2:86:73:6c:
6b:b1:6a:55:c8:e4:ff:6d:52:35:4a:4d:ae:e7:81:
c1:7b:39:5e:11:f4:96:de:28:eb:1a:d9:00:2c:fb:
1e:88:3b:47:d8:12:18:1f:3a:9c:d3:20:ae:51:5d:
8e:53:b3:c4:3d:22:3b:39:b0:10:b8:7e:b4:22:5e:
a8:0c:d9:5b:77:a2:b5:3f:b6:28:25:8a:97:86:a4:
b6:d0:71:e8:ca:35:df:70:2f:b6:09:2c:77:8b:85:
3e:f5:4a:d3:9d:a2:f9:b6:78:ec:f7:87:e6:12:eb:
f8:8c:f1:9e:70:97:6f:e2:18:42:6b:4c:f3:6b:41:
00:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:A9:87:35:C3:B4:A0:A9:C0:24:AE:77:51:86:66:40:92:23:2B:DA
X509v3 Authority Key Identifier:
keyid:57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
23.106.48.0/21
23.106.64.0/20
23.106.120.0/21
23.106.248.0/21
23.108.96.0/21
23.111.12.0/22
64.120.92.0/22
64.120.110.0/23
142.91.96.0-142.91.101.255
173.234.0.0/20
209.58.160.0-209.58.183.255
Signature Algorithm: sha256WithRSAEncryption
2b:6c:70:76:fc:ab:fc:35:2d:99:7d:b8:47:c7:5a:04:72:e2:
f4:88:ed:6f:88:6e:82:57:2b:3b:6e:3a:12:23:54:42:ed:9b:
a4:f3:a5:4e:10:3a:bb:b6:7d:3d:34:d2:3b:b0:3c:c9:48:63:
b9:86:46:5a:5a:76:a1:63:4a:95:06:61:c8:86:45:76:1b:db:
54:05:77:8d:cb:54:13:93:0a:26:a4:f2:26:e1:34:72:b3:51:
79:a2:b3:08:e0:01:19:70:78:b3:4e:88:23:98:34:3e:fd:0e:
23:5e:aa:9b:17:a1:ae:12:59:55:5c:49:0a:29:15:4d:ae:4f:
f5:17:91:cb:fc:c1:80:e3:dd:87:c1:0c:26:fa:c2:78:7a:0a:
b9:24:8b:30:d5:7a:ae:20:85:97:56:bd:14:6a:b1:d4:7a:0e:
60:9a:04:83:6f:36:49:40:d6:38:73:e6:41:22:40:1b:a3:49:
5c:df:88:20:a7:b9:19:36:ad:10:c9:83:8d:72:d4:51:da:f0:
4c:68:13:a7:1c:98:05:f8:86:2e:8d:a7:93:a1:96:a7:8f:cf:
f5:75:53:a6:ca:77:73:58:fd:b8:28:db:79:9e:28:33:54:1e:
ca:3b:99:c6:05:21:33:39:62:71:ab:42:38:dc:18:bb:61:ae:
e8:13:fd:0f
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICALQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkFDMzAxMTAvBgNVBAUTKDU3Njc5MDI0NENDMjkyNzVDMTEyMzU2RkY2MjBGMjYy
MEQ3RDYxNUUwHhcNMjUwNjEzMTMyODQ4WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODRjMjc5MC1kY2U1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs/WJWBi4hgrYnyzimhACWKJYJJ3x7/YMeXcS+SyLpmzTmg5IkHto+lvJwDwm
fXuIDpWtBkD27mKc7nwUkJzXpEV2vPCc40mVqWiPTvsfEB1XiwtLjtN+3U4MJaHf
RgGzhK3l9GIuMawBFt1ZjFNKQSOlHqVo+QGwyKnUFWleF+Emi6KGc2xrsWpVyOT/
bVI1Sk2u54HBezleEfSW3ijrGtkALPseiDtH2BIYHzqc0yCuUV2OU7PEPSI7ObAQ
uH60Il6oDNlbd6K1P7YoJYqXhqS20HHoyjXfcC+2CSx3i4U+9UrTnaL5tnjs94fm
Euv4jPGecJdv4hhCa0zza0EAnwIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFICphzXD
tKCpwCSud1GGZkCSIyvaMB8GA1UdIwQYMBaAFFdnkCRMwpJ1wRI1b/Yg8mINfWFe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QUMzMC82QkM0Q0RGRThD
NjIxMUVGOTk0NjQwODVDNEY5QUUwMi9WMmVRSkV6Q2tuWEJFalZ2OWlEeVlnMTlZ
VjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1YyZVFKRXpDa25YQkVqVnY5aUR5WWcxOVlWNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkFDMzAvNkJDNENERkU4QzYyMTFFRjk5NDY0MDg1QzRGOUFFMDIvMzNBNkRCRkFE
MzFDMTFFRkE3MjhENTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMFgEAgABMFIDBAMXajADBAQXakADBAMXangDBAMXavgDBAMXbGADBAIXbwwD
BAJAeFwDBAFAeG4wDAMEBY5bYAMEAY5bZAMEBK3qADAMAwQF0TqgAwQD0TqwMA0G
CSqGSIb3DQEBCwUAA4IBAQArbHB2/Kv8NS2ZfbhHx1oEcuL0iO1viG6CVys7bjoS
I1RC7Zuk86VOEDq7tn09NNI7sDzJSGO5hkZaWnahY0qVBmHIhkV2G9tUBXeNy1QT
kwompPIm4TRys1F5orMI4AEZcHizTogjmDQ+/Q4jXqqbF6GuEllVXEkKKRVNrk/1
F5HL/MGA492HwQwm+sJ4egq5JIsw1XquIIWXVr0UarHUeg5gmgSDbzZJQNY4c+ZB
IkAbo0lc34ggp7kZNq0QyYONctRR2vBMaBOnHJgF+IYujaeToZanj8/1dVOmyndz
WP24KNt5nigzVB7KO5nGBSEzOWJxq0I43Bi7Ya7oE/0P
-----END CERTIFICATE-----
Generated at Tue Jun 17 22:59:06 2025 by rpki-client