Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
File: 82BB885E4B9811EB85F74960C4F9AE02.roa (raw, json)
Hash identifier: ZpHbYhB9ExSCJ+11c8ap/OdAIsKxszdOCjimKJQDTek=
Subject key identifier: E2:E3:69:61:1D:BF:D5:F0:A8:66:98:C5:5D:86:0D:B4:D0:66:A2:64
Certificate issuer: /CN=A91AB20B/serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Certificate serial: 07CC
Authority key identifier: 5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
Signing time: Fri 18 Apr 2025 10:15:35 +0000
ROA not before: Fri 18 Apr 2025 10:15:35 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 38193
IP address blocks: 103.86.38.0/24 maxlen: 24
103.92.20.0/22 maxlen: 24
110.93.192.0/18 maxlen: 23
110.93.192.0/24 maxlen: 24
110.93.194.0/23 maxlen: 24
110.93.196.0/22 maxlen: 24
110.93.200.0/21 maxlen: 24
110.93.208.0/21 maxlen: 24
110.93.216.0/22 maxlen: 24
110.93.220.0/23 maxlen: 24
110.93.222.0/24 maxlen: 24
110.93.224.0/23 maxlen: 24
110.93.229.0/24 maxlen: 24
110.93.231.0/24 maxlen: 24
110.93.232.0/22 maxlen: 24
110.93.238.0/23 maxlen: 24
110.93.241.0/24 maxlen: 24
110.93.242.0/23 maxlen: 24
110.93.248.0/21 maxlen: 24
117.20.16.0/20 maxlen: 23
117.20.16.0/21 maxlen: 24
117.20.24.0/22 maxlen: 24
117.20.28.0/24 maxlen: 24
117.20.30.0/23 maxlen: 24
119.63.128.0/20 maxlen: 23
119.63.128.0/21 maxlen: 24
119.63.136.0/23 maxlen: 24
119.63.140.0/22 maxlen: 24
221.132.112.0/21 maxlen: 23
221.132.112.0/22 maxlen: 24
221.132.116.0/23 maxlen: 24
221.132.118.0/24 maxlen: 24
2404:d400::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 21:17:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1996 (0x7cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB20B, serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Validity
Not Before: Apr 18 10:15:35 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=68022646-c2c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:47:b9:6c:82:5a:2a:f3:6f:a0:f4:a0:b9:64:
12:d0:f8:33:bc:44:34:ec:9c:7b:85:11:07:b2:26:
8f:5c:a4:6d:e5:79:81:07:68:75:04:dd:c6:80:e7:
6f:6f:4f:5d:ee:ac:c0:b9:03:21:b9:80:81:4a:d5:
d4:83:fe:5a:39:95:e4:81:8c:ea:e8:f8:ef:d8:b6:
29:f7:2e:56:67:c5:45:aa:29:47:f0:da:61:0a:b9:
e7:df:e0:cc:71:68:46:e2:31:2d:91:a4:96:25:b4:
8b:84:80:03:15:a4:86:a4:a7:6a:b1:5c:38:a4:e5:
c4:ac:2f:5b:04:a4:7d:0f:55:bb:a7:b9:55:27:e9:
4e:42:d5:22:be:01:93:73:d0:57:5e:19:72:20:e7:
35:a6:01:89:be:39:8c:de:c8:43:72:bc:c6:70:32:
9c:0d:6c:6d:4e:fe:58:85:c0:96:7e:69:7e:04:18:
8f:f2:0d:c7:48:6a:ab:08:b4:7f:47:37:09:39:7b:
32:7d:d1:d5:b1:fe:9d:87:40:dc:ca:78:1d:5e:82:
7d:50:ee:10:ad:6a:aa:fd:e5:bf:b8:4b:63:bd:56:
ae:59:a6:61:5f:4d:9c:67:3d:3d:0f:95:fe:33:dc:
2b:db:9d:10:43:3e:cf:27:d9:89:9c:04:0f:aa:b7:
84:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:E3:69:61:1D:BF:D5:F0:A8:66:98:C5:5D:86:0D:B4:D0:66:A2:64
X509v3 Authority Key Identifier:
keyid:5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.86.38.0/24
103.92.20.0/22
110.93.192.0/18
117.20.16.0/20
119.63.128.0/20
221.132.112.0/21
IPv6:
2404:d400::/32
Signature Algorithm: sha256WithRSAEncryption
49:d2:71:2d:b7:61:df:1c:1b:dc:f7:ea:1e:ae:8f:d8:64:94:
58:86:d7:6d:3b:53:48:2e:1c:d3:39:eb:45:b5:2e:cd:dd:9f:
3c:31:85:97:83:59:c4:c5:dc:fb:88:e0:83:f6:b5:4c:31:b4:
63:2e:19:75:1a:3f:1a:29:00:1c:10:c0:43:91:20:ee:49:b0:
a0:32:53:0d:19:99:05:2c:2e:05:54:bc:12:22:30:3d:c2:dd:
5e:40:ac:11:7e:82:20:d4:d6:32:b4:5b:7d:4b:80:8f:8b:7d:
f4:fc:5b:3a:fe:9d:7f:88:35:60:5b:a3:09:71:cb:79:dc:b6:
5a:6f:13:2b:56:ad:fd:15:43:f3:05:3c:00:41:94:e6:0f:9c:
ac:16:21:0a:dd:2c:77:a5:6f:46:32:5a:fe:61:4e:85:63:ff:
1d:63:6e:db:c0:84:7f:c1:17:11:f5:e8:1d:af:fa:bf:e5:e6:
1c:88:15:8a:a1:0e:9b:6e:80:20:af:dd:c7:7c:0e:be:27:ed:
bb:99:60:4e:9f:96:64:9c:5b:15:ac:b8:b2:bb:76:44:85:ef:
e5:00:2a:a7:71:61:40:1a:54:3b:35:06:5e:84:14:a4:7f:e7:
c5:11:87:ea:57:9b:45:ed:83:44:21:ad:83:17:34:fa:de:a6:
dd:ef:f9:34
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICB8wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUIyMEIxMTAvBgNVBAUTKDVFQzFBNkFENzZBM0FCRkRDMUUxMzI5RUIyNjM3QzAx
ODY0QjQ4MDgwHhcNMjUwNDE4MTAxNTM1WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODAyMjY0Ni1jMmMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv0e5bIJaKvNvoPSguWQS0PgzvEQ07Jx7hREHsiaPXKRt5XmBB2h1BN3GgOdv
b09d7qzAuQMhuYCBStXUg/5aOZXkgYzq6Pjv2LYp9y5WZ8VFqilH8NphCrnn3+DM
cWhG4jEtkaSWJbSLhIADFaSGpKdqsVw4pOXErC9bBKR9D1W7p7lVJ+lOQtUivgGT
c9BXXhlyIOc1pgGJvjmM3shDcrzGcDKcDWxtTv5YhcCWfml+BBiP8g3HSGqrCLR/
RzcJOXsyfdHVsf6dh0DcyngdXoJ9UO4QrWqq/eW/uEtjvVauWaZhX02cZz09D5X+
M9wr250QQz7PJ9mJnAQPqreEmQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFOLjaWEd
v9XwqGaYxV2GDbTQZqJkMB8GA1UdIwQYMBaAFF7Bpq12o6v9weEynrJjfAGGS0gI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjIwQi9CQTcxQjY0ODEy
MDMxMUVCQkFBMTk0MTRDNEY5QUUwMi9Yc0dtclhhanFfM0I0VEtlc21OOEFZWkxT
QWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hzR21yWGFqcV8zQjRUS2VzbU44QVlaTFNBZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUIyMEIvQkE3MUI2NDgxMjAzMTFFQkJBQTE5NDE0QzRGOUFFMDIvODJCQjg4NUU0
Qjk4MTFFQjg1Rjc0OTYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBABnViYDBAJnXBQDBAZuXcADBAR1FBADBAR3P4ADBAPdhHAw
DQQCAAIwBwMFACQE1AAwDQYJKoZIhvcNAQELBQADggEBAEnScS23Yd8cG9z36h6u
j9hklFiG1207U0guHNM560W1Ls3dnzwxhZeDWcTF3PuI4IP2tUwxtGMuGXUaPxop
ABwQwEORIO5JsKAyUw0ZmQUsLgVUvBIiMD3C3V5ArBF+giDU1jK0W31LgI+LffT8
Wzr+nX+INWBbowlxy3nctlpvEytWrf0VQ/MFPABBlOYPnKwWIQrdLHelb0YyWv5h
ToVj/x1jbtvAhH/BFxH16B2v+r/l5hyIFYqhDptugCCv3cd8Dr4n7buZYE6flmSc
WxWsuLK7dkSF7+UAKqdxYUAaVDs1Bl6EFKR/58URh+pXm0Xtg0QhrYMXNPrept3v
+TQ=
-----END CERTIFICATE-----
Generated at Sat Apr 26 09:29:58 2025 by rpki-client