Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: aHVJTpWDHGU0Bcrlo4rBrarOkBF9q7lS/3bS8x602qo=
Subject key identifier: 7E:C3:04:46:45:50:C2:BC:3C:DA:7D:E9:D6:28:03:72:BF:E9:29:F1
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: EB
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Fri 25 Apr 2025 15:22:14 +0000
ROA not before: Fri 25 Apr 2025 15:22:14 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
2403:ad80:5000::/38 maxlen: 38
2403:ad80:8100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 02 May 2025 15:44:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 235 (0xeb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777, serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: Apr 25 15:22:14 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=680ba8a6-7537
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:18:46:d0:98:63:19:12:87:ee:ff:b4:72:7e:
9d:38:d8:7c:e8:9d:8e:2e:03:0c:67:02:0d:8d:a7:
f5:e3:b1:5a:85:71:c1:33:ed:38:42:b1:c5:5e:d5:
ec:c0:79:3d:50:a7:b1:31:65:2b:e2:6d:af:92:8c:
67:cc:3a:d9:ae:20:7c:d2:1a:2f:46:25:ad:b3:9c:
91:dc:8f:19:ce:73:ff:a0:60:9b:a2:1f:5f:84:a9:
7c:88:43:1a:c5:ef:57:6f:e5:e6:29:bc:49:97:5f:
1c:85:e6:fb:5a:58:ad:5f:6c:67:db:3a:1a:ad:7b:
de:a3:e7:6d:9e:11:99:4b:6d:d5:e6:e8:4b:a8:50:
e2:ea:af:bd:12:93:fb:46:1b:67:5c:44:42:d6:a7:
94:d7:9f:d1:39:ef:f6:6f:95:17:23:13:f3:5a:1c:
ed:51:21:92:39:00:36:8f:2c:b8:ca:b0:bf:5e:62:
02:62:c7:38:4d:07:73:df:bb:4e:08:65:5c:9d:2e:
5f:87:4b:58:9c:4e:da:0c:f3:e3:93:d0:a6:9c:a3:
0d:e1:29:87:12:2a:5b:3f:be:ba:ab:42:4f:31:ff:
e9:67:df:01:df:9f:88:93:6c:14:26:58:cd:7d:1e:
b2:73:30:8a:3d:6e:dc:13:97:a2:3c:f8:bd:b0:b3:
b1:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:C3:04:46:45:50:C2:BC:3C:DA:7D:E9:D6:28:03:72:BF:E9:29:F1
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/24
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::-2403:ad80:53ff:ffff:ffff:ffff:ffff:ffff
2403:ad80:8100::/40
Signature Algorithm: sha256WithRSAEncryption
54:80:50:25:94:80:b2:de:24:2f:3f:9d:a8:fb:0c:75:8b:b1:
86:aa:da:ae:29:ec:89:87:37:65:4a:59:fd:1d:6e:37:6c:e3:
51:2f:3d:05:41:1d:65:15:fe:cb:85:d6:71:93:e8:4e:1b:e8:
b9:2d:d9:a5:ac:ff:a1:bc:6c:d1:3a:6a:51:58:86:0e:16:2c:
47:8d:38:ea:22:26:ab:d4:2c:98:b3:8a:c7:17:06:7b:ae:3e:
b7:ff:56:d2:d3:65:97:56:05:c2:94:c7:3e:f0:2a:b5:c9:08:
1a:c2:9a:1b:02:17:15:eb:9f:cd:01:02:ea:27:cf:2e:cb:e5:
88:e5:5b:b9:83:27:f5:f3:e3:80:38:a9:54:82:72:34:eb:c4:
bb:75:6e:62:56:42:90:f0:81:18:98:f7:f9:f6:98:53:04:c9:
18:55:a8:39:4d:0d:50:b5:04:b2:6a:97:33:c4:0b:77:15:67:
21:55:7e:8b:90:b7:6c:13:a9:b7:ae:59:a3:38:70:47:fa:74:
18:fd:bb:74:f1:cc:cd:8b:68:e3:3f:66:a5:22:06:59:39:bc:
38:c7:bb:93:1d:34:af:7c:4a:39:99:f8:97:78:f0:12:7d:e3:
7d:02:83:d4:7f:7b:bb:55:2c:57:27:3c:3b:95:68:e2:b5:aa:
c6:3e:13:b5
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICAOswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjUwNDI1MTUyMjE0WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODBiYThhNi03NTM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoRhG0JhjGRKH7v+0cn6dONh86J2OLgMMZwINjaf147FahXHBM+04QrHFXtXs
wHk9UKexMWUr4m2vkoxnzDrZriB80hovRiWts5yR3I8ZznP/oGCboh9fhKl8iEMa
xe9Xb+XmKbxJl18cheb7WlitX2xn2zoarXveo+dtnhGZS23V5uhLqFDi6q+9EpP7
RhtnXERC1qeU15/ROe/2b5UXIxPzWhztUSGSOQA2jyy4yrC/XmICYsc4TQdz37tO
CGVcnS5fh0tYnE7aDPPjk9CmnKMN4SmHEipbP766q0JPMf/pZ98B35+Ik2wUJljN
fR6yczCKPW7cE5eiPPi9sLOxVwIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFH7DBEZF
UMK8PNp96dYoA3K/6SnxMB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMEoEAgABMEQDBAEteJwDBAAteJ8DBAItfaQDBABnONkDBABnONswDAME
AGfCKQMEAmfCKAMEAWfIYAMEAmfMrAMEAHqAYAMEAHqAYzBOBAIAAjBIAwcDJAOt
gABgAwcEJAOtgACAMBIDBwMkA62AAJgDBwMkA62AAKADBgIkA62APDAQAwYCJAOt
gEwDBgIkA62AUAMGACQDrYCBMA0GCSqGSIb3DQEBCwUAA4IBAQBUgFAllICy3iQv
P52o+wx1i7GGqtquKeyJhzdlSln9HW43bONRLz0FQR1lFf7LhdZxk+hOG+i5Ldml
rP+hvGzROmpRWIYOFixHjTjqIiar1CyYs4rHFwZ7rj63/1bS02WXVgXClMc+8Cq1
yQgawpobAhcV65/NAQLqJ88uy+WI5Vu5gyf18+OAOKlUgnI068S7dW5iVkKQ8IEY
mPf59phTBMkYVag5TQ1QtQSyapczxAt3FWchVX6LkLdsE6m3rlmjOHBH+nQY/bt0
8czNi2jjP2alIgZZObw4x7uTHTSvfEo5mfiXePASfeN9AoPUf3u7VSxXJzw7lWji
tarGPhO1
-----END CERTIFICATE-----
Generated at Sat Apr 26 17:04:27 2025 by rpki-client