Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
File: F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa (raw, json)
Hash identifier: 0UB6vf7tsJ4/eqdU0xPwdgNnTiXM+SW0/ez8sQsDOEw=
Subject key identifier: 13:0C:5C:2C:9E:8A:36:DF:E8:13:55:D1:18:2C:5B:61:BF:07:16:43
Certificate issuer: /CN=A9194C0D/serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
Certificate serial: 0150
Authority key identifier: 63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
Signing time: Mon 31 Mar 2025 01:02:48 +0000
ROA not before: Mon 31 Mar 2025 01:02:48 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 134090
IP address blocks: 45.249.116.0/22 maxlen: 24
103.51.112.0/22 maxlen: 24
103.85.36.0/22 maxlen: 24
103.95.112.0/22 maxlen: 24
103.106.88.0/22 maxlen: 24
113.29.240.0/22 maxlen: 23
123.253.188.0/22 maxlen: 24
124.158.96.0/22 maxlen: 23
175.111.176.0/22 maxlen: 23
202.128.112.0/20 maxlen: 20
202.128.112.0/21 maxlen: 24
202.128.120.0/21 maxlen: 24
202.179.128.0/22 maxlen: 24
2400:a840::/31 maxlen: 34
2400:a842::/31 maxlen: 34
2400:a844::/30 maxlen: 30
2400:a844::/31 maxlen: 34
2400:a846::/31 maxlen: 34
2400:a848::/31 maxlen: 34
2400:a84a::/31 maxlen: 34
2400:a84c::/31 maxlen: 34
2400:a84e::/31 maxlen: 34
2402:2c80::/32 maxlen: 34
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.crl
rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 02 May 2025 03:40:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 336 (0x150)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9194C0D, serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
Validity
Not Before: Mar 31 01:02:48 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67e9e9b8-16c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:89:9f:65:2a:1b:89:15:7f:c2:40:30:9d:54:
d7:14:f4:aa:04:a1:72:ad:a6:82:cb:d1:73:2c:22:
30:f6:a5:7e:a2:aa:30:49:2d:7d:50:03:b7:52:ec:
01:ef:a8:95:35:a7:ee:93:4f:f8:5e:43:c9:28:89:
e1:e5:67:c1:af:e4:ae:8b:7b:83:c0:4d:73:e1:dd:
41:fb:3f:ab:d6:c5:04:ed:b7:15:7b:3c:fc:b2:a2:
b4:dc:9b:eb:70:44:99:f9:ce:b5:35:3a:4e:c9:be:
46:25:f3:dd:4a:02:d7:3d:f6:4f:52:e9:ce:09:07:
e3:9b:ec:82:b7:e2:b1:f5:ff:0f:ff:96:f6:92:6a:
17:84:07:69:ab:cd:6f:b9:60:d1:dc:e9:3d:ac:3e:
78:7e:ce:e5:54:47:91:7d:96:7c:b7:d2:26:c4:5c:
c7:a2:5e:a2:6c:3c:a1:da:2c:e1:df:31:66:0f:63:
eb:bf:06:b0:ea:8f:07:a7:e1:ca:14:bd:b7:fe:c5:
1b:96:54:15:42:8b:72:11:43:d0:cd:c0:34:0a:f4:
84:53:61:26:ab:4a:b0:eb:7a:fa:28:f4:07:0c:a7:
7c:0a:0d:69:60:aa:1e:88:b2:32:5f:56:10:3c:c3:
14:67:39:53:c5:52:05:4e:84:87:b2:2d:50:35:49:
d8:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:0C:5C:2C:9E:8A:36:DF:E8:13:55:D1:18:2C:5B:61:BF:07:16:43
X509v3 Authority Key Identifier:
keyid:63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/F6FAEC5CCB0411EEAB05F93CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.249.116.0/22
103.51.112.0/22
103.85.36.0/22
103.95.112.0/22
103.106.88.0/22
113.29.240.0/22
123.253.188.0/22
124.158.96.0/22
175.111.176.0/22
202.128.112.0/20
202.179.128.0/22
IPv6:
2400:a840::/28
2402:2c80::/32
Signature Algorithm: sha256WithRSAEncryption
07:30:de:24:99:69:60:8e:e3:6b:65:ff:74:cd:ec:86:41:cc:
17:20:49:ab:53:c6:d7:88:f6:d5:1f:4b:24:eb:38:dd:5e:dd:
d7:1d:d9:ac:37:97:12:67:bd:c0:74:8e:34:a6:f5:28:bb:4f:
7b:10:96:df:5b:35:76:d5:cd:88:8c:4c:52:ba:18:14:03:23:
53:ca:b5:67:1a:60:97:a8:d6:28:c4:28:b6:f6:87:05:b5:4c:
2a:47:cf:2b:2e:bc:1a:06:fb:7e:88:52:67:ce:90:3d:4b:1c:
24:ae:9e:1e:6c:6e:69:be:20:1d:c9:f8:10:9f:92:20:a3:ed:
6a:a5:29:23:3a:5c:6c:a1:e7:7f:17:98:1b:12:f6:61:18:d6:
4d:8f:f3:81:0a:c7:29:16:b8:ff:b7:73:f0:bf:6d:2c:1d:a7:
25:73:74:5f:ca:ac:65:d3:57:d0:c7:b3:4a:20:44:43:71:a4:
c9:0d:62:ce:88:1e:e2:96:03:75:d9:aa:0a:c8:b1:d7:16:f1:
54:02:21:2f:50:0c:d9:96:87:d5:0f:8e:4d:f9:25:fc:01:58:
7f:d4:d6:15:ff:74:de:09:d2:ab:db:01:3b:9a:ee:9d:4d:f8:
9f:de:9f:d7:b6:54:ce:a0:0f:c4:fd:e9:c6:15:3f:21:45:65:
95:91:7b:99
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgICAVAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTRDMEQxMTAvBgNVBAUTKDYzNEUyOEIxMDAyRTU1NkU4RUIxNEY5NTNFQUQ2M0I2
RDY3NzU4MDkwHhcNMjUwMzMxMDEwMjQ4WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2U5ZTliOC0xNmM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs4mfZSobiRV/wkAwnVTXFPSqBKFyraaCy9FzLCIw9qV+oqowSS19UAO3UuwB
76iVNafuk0/4XkPJKInh5WfBr+Sui3uDwE1z4d1B+z+r1sUE7bcVezz8sqK03Jvr
cESZ+c61NTpOyb5GJfPdSgLXPfZPUunOCQfjm+yCt+Kx9f8P/5b2kmoXhAdpq81v
uWDR3Ok9rD54fs7lVEeRfZZ8t9ImxFzHol6ibDyh2izh3zFmD2Prvwaw6o8Hp+HK
FL23/sUbllQVQotyEUPQzcA0CvSEU2Emq0qw63r6KPQHDKd8Cg1pYKoeiLIyX1YQ
PMMUZzlTxVIFToSHsi1QNUnYHQIDAQABo4IC5zCCAuMwHQYDVR0OBBYEFBMMXCye
ijbf6BNV0RgsW2G/BxZDMB8GA1UdIwQYMBaAFGNOKLEALlVujrFPlT6tY7bWd1gJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NEMwRC9BRDI1ODg5MDU3
NTQxMUVFOTQwQ0Q5NTRDNEY5QUUwMi9ZMDRvc1FBdVZXNk9zVS1WUHExanR0WjNX
QWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1kwNG9zUUF1Vlc2T3NVLVZQcTFqdHRaM1dBay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTRDMEQvQUQyNTg4OTA1NzU0MTFFRTk0MENEOTU0QzRGOUFFMDIvRjZGQUVDNUND
QjA0MTFFRUFCMDVGOTNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcQYIKwYBBQUHAQcBAf8E
YjBgMEgEAgABMEIDBAIt+XQDBAJnM3ADBAJnVSQDBAJnX3ADBAJnalgDBAJxHfAD
BAJ7/bwDBAJ8nmADBAKvb7ADBATKgHADBALKs4AwFAQCAAIwDgMFBCQAqEADBQAk
AiyAMA0GCSqGSIb3DQEBCwUAA4IBAQAHMN4kmWlgjuNrZf90zeyGQcwXIEmrU8bX
iPbVH0sk6zjdXt3XHdmsN5cSZ73AdI40pvUou097EJbfWzV21c2IjExSuhgUAyNT
yrVnGmCXqNYoxCi29ocFtUwqR88rLrwaBvt+iFJnzpA9Sxwkrp4ebG5pviAdyfgQ
n5Igo+1qpSkjOlxsoed/F5gbEvZhGNZNj/OBCscpFrj/t3Pwv20sHaclc3Rfyqxl
01fQx7NKIERDcaTJDWLOiB7ilgN12aoKyLHXFvFUAiEvUAzZlofVD45N+SX8AVh/
1NYV/3TeCdKr2wE7mu6dTfif3p/XtlTOoA/E/enGFT8hRWWVkXuZ
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:04:10 2025 by rpki-client