Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/3BFE8CEC3F4911EAA91D9A7FC4F9AE02.roa
File: 3BFE8CEC3F4911EAA91D9A7FC4F9AE02.roa (raw, json)
Hash identifier: PAA4OxtlazOKwYLjk6aLytCy9NItnRL8j4f8o3mJBHg=
Subject key identifier: 70:53:80:D7:EF:4C:AA:6E:01:D5:CF:69:90:C9:85:D3:3F:15:DA:9C
Certificate issuer: /CN=A91A06F2/serialNumber=E74F464C408659ED2589DB664CE8EF6A6C600C47
Certificate serial: 0B17
Authority key identifier: E7:4F:46:4C:40:86:59:ED:25:89:DB:66:4C:E8:EF:6A:6C:60:0C:47
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/509GTECGWe0lidtmTOjvamxgDEc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/3BFE8CEC3F4911EAA91D9A7FC4F9AE02.roa
Signing time: Fri 18 Apr 2025 19:41:30 +0000
ROA not before: Fri 18 Apr 2025 19:41:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 135155
IP address blocks: 103.211.28.0/22 maxlen: 22
103.211.28.0/24 maxlen: 24
103.211.29.0/24 maxlen: 24
103.211.30.0/24 maxlen: 24
103.211.31.0/24 maxlen: 24
146.196.48.0/22 maxlen: 22
146.196.48.0/24 maxlen: 24
146.196.49.0/24 maxlen: 24
146.196.50.0/24 maxlen: 24
146.196.51.0/24 maxlen: 24
2407:5f80::/32 maxlen: 32
2407:5f80::/36 maxlen: 36
2407:5f80:1000::/36 maxlen: 36
2407:5f80:2000::/36 maxlen: 36
2407:5f80:3000::/36 maxlen: 36
2407:5f80:4000::/36 maxlen: 36
2407:5f80:5000::/36 maxlen: 36
2407:5f80:6000::/36 maxlen: 36
2407:5f80:7000::/36 maxlen: 36
2407:5f80:8000::/36 maxlen: 36
2407:5f80:9000::/36 maxlen: 36
2407:5f80:a000::/36 maxlen: 36
2407:5f80:b000::/36 maxlen: 36
2407:5f80:c000::/36 maxlen: 36
2407:5f80:d000::/36 maxlen: 36
2407:5f80:e000::/36 maxlen: 36
2407:5f80:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/509GTECGWe0lidtmTOjvamxgDEc.crl
rsync://rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/509GTECGWe0lidtmTOjvamxgDEc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/509GTECGWe0lidtmTOjvamxgDEc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 19:10:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2839 (0xb17)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A06F2, serialNumber=E74F464C408659ED2589DB664CE8EF6A6C600C47
Validity
Not Before: Apr 18 19:41:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6802aaea-8f6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:82:46:07:46:fa:a1:a9:57:93:fa:c9:e4:9a:
ab:7a:a3:7e:cd:b5:f2:8e:3a:18:b6:0f:4e:f3:a4:
25:8e:7c:18:a1:c1:18:25:1d:03:b8:a3:b0:d2:4f:
58:3b:e3:7b:0a:59:2e:ef:b1:62:ee:93:c1:18:d3:
11:9a:bb:0f:37:09:d2:a6:0c:d5:07:7d:66:b5:09:
51:ea:6d:a2:98:f1:71:d4:e9:7e:fd:3b:5b:4d:ed:
58:07:92:6f:78:34:60:f5:3d:92:4d:f3:d9:e2:6b:
49:78:02:96:9c:55:83:ce:bc:ad:1a:47:f6:c9:16:
06:d3:cd:04:72:fd:16:4a:53:81:31:12:a6:82:28:
e2:5a:ec:57:f3:f8:13:27:e2:bd:2c:f2:a6:50:62:
49:22:72:54:1c:8d:22:33:85:89:a6:a9:ee:80:81:
90:67:92:66:5a:f6:4d:0b:d0:1a:b3:23:2b:92:24:
86:30:40:ce:26:80:55:f5:73:6b:70:e3:8f:fb:42:
12:17:e8:92:33:88:5f:d1:d5:79:bb:e7:a3:ea:e9:
79:f7:f8:b8:50:93:d8:55:d7:77:6e:aa:d0:2d:a6:
e1:58:2f:a0:a0:d4:3a:1e:a3:c9:92:59:16:22:16:
87:32:34:c4:79:a4:db:94:82:d9:34:36:3f:df:d0:
19:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:53:80:D7:EF:4C:AA:6E:01:D5:CF:69:90:C9:85:D3:3F:15:DA:9C
X509v3 Authority Key Identifier:
keyid:E7:4F:46:4C:40:86:59:ED:25:89:DB:66:4C:E8:EF:6A:6C:60:0C:47
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/509GTECGWe0lidtmTOjvamxgDEc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/509GTECGWe0lidtmTOjvamxgDEc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A06F2/8B8C4DD23F4711EA8E5DA87CC4F9AE02/3BFE8CEC3F4911EAA91D9A7FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.211.28.0/22
146.196.48.0/22
IPv6:
2407:5f80::/32
Signature Algorithm: sha256WithRSAEncryption
09:d7:bf:aa:a3:a2:27:6e:28:10:40:1f:25:e8:4b:7a:1f:33:
ae:eb:f3:a2:7f:bf:3a:0c:08:80:3f:0f:69:d4:d3:2e:30:6a:
97:8d:63:ae:98:0f:3d:14:77:cc:d9:ae:13:66:99:1d:84:ff:
61:81:cc:e3:d5:e9:6d:33:29:2f:76:19:39:d6:1d:b4:8d:4e:
5f:c9:61:9e:d7:59:11:01:d3:f6:4a:6a:f9:ab:6d:51:84:28:
58:56:7e:15:f1:2d:f8:b4:31:37:0a:54:88:1d:56:34:4b:2f:
e6:0f:cf:3c:e2:06:a5:48:77:ea:16:8b:d8:ea:77:14:35:9a:
d9:28:84:a3:cc:d7:93:99:eb:d4:71:0e:8b:a3:68:60:f7:58:
f4:08:04:57:6b:55:f6:92:45:66:0a:ec:49:c6:27:56:6e:64:
79:7e:ea:bf:89:ce:1b:f0:3d:76:77:13:3a:88:d2:85:b9:ef:
6a:3c:00:c1:e1:c1:1e:75:de:4d:3e:9b:d3:32:f0:09:61:72:
0b:ed:6e:fb:af:1a:a9:f2:d9:82:62:19:52:93:32:40:92:98:
8d:54:0e:0e:96:f7:d0:7d:f0:ce:b8:1b:a4:3a:fe:7c:40:5d:
89:77:b0:a9:34:9e:66:0d:64:75:1e:d0:44:8d:45:4b:91:56:
92:35:07:49
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCxcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTA2RjIxMTAvBgNVBAUTKEU3NEY0NjRDNDA4NjU5RUQyNTg5REI2NjRDRThFRjZB
NkM2MDBDNDcwHhcNMjUwNDE4MTk0MTMwWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODAyYWFlYS04ZjZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3oJGB0b6oalXk/rJ5JqreqN+zbXyjjoYtg9O86QljnwYocEYJR0DuKOw0k9Y
O+N7Clku77Fi7pPBGNMRmrsPNwnSpgzVB31mtQlR6m2imPFx1Ol+/TtbTe1YB5Jv
eDRg9T2STfPZ4mtJeAKWnFWDzrytGkf2yRYG080Ecv0WSlOBMRKmgijiWuxX8/gT
J+K9LPKmUGJJInJUHI0iM4WJpqnugIGQZ5JmWvZNC9AasyMrkiSGMEDOJoBV9XNr
cOOP+0ISF+iSM4hf0dV5u+ej6ul59/i4UJPYVdd3bqrQLabhWC+goNQ6HqPJklkW
IhaHMjTEeaTblILZNDY/39AZ0wIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFHBTgNfv
TKpuAdXPaZDJhdM/FdqcMB8GA1UdIwQYMBaAFOdPRkxAhlntJYnbZkzo72psYAxH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDZGMi84QjhDNEREMjNG
NDcxMUVBOEU1REE4N0NDNEY5QUUwMi81MDlHVEVDR1dlMGxpZHRtVE9qdmFteGdE
RWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzUwOUdURUNHV2UwbGlkdG1UT2p2YW14Z0RFYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTA2RjIvOEI4QzRERDIzRjQ3MTFFQThFNURBODdDQzRGOUFFMDIvM0JGRThDRUMz
RjQ5MTFFQUE5MUQ5QTdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJn0xwDBAKSxDAwDQQCAAIwBwMFACQHX4AwDQYJKoZIhvcN
AQELBQADggEBAAnXv6qjoiduKBBAHyXoS3ofM67r86J/vzoMCIA/D2nU0y4wapeN
Y66YDz0Ud8zZrhNmmR2E/2GBzOPV6W0zKS92GTnWHbSNTl/JYZ7XWREB0/ZKavmr
bVGEKFhWfhXxLfi0MTcKVIgdVjRLL+YPzzziBqVId+oWi9jqdxQ1mtkohKPM15OZ
69RxDoujaGD3WPQIBFdrVfaSRWYK7EnGJ1ZuZHl+6r+JzhvwPXZ3EzqI0oW572o8
AMHhwR513k0+m9My8AlhcgvtbvuvGqny2YJiGVKTMkCSmI1UDg6W99B98M64G6Q6
/nxAXYl3sKk0nmYNZHUe0ESNRUuRVpI1B0k=
-----END CERTIFICATE-----
Generated at Sat Apr 26 05:46:06 2025 by rpki-client