Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
File: DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa (raw, json)
Hash identifier: 3IhKk2ns73ug1cPcItokkvNYGQWI9rs7b4nF6YtsTSc=
Subject key identifier: AC:40:D2:4D:F7:8A:D9:AE:7A:AB:7D:38:55:4D:15:D3:E4:BB:C1:6F
Certificate issuer: /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Certificate serial: 3529
Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
Signing time: Thu 10 Apr 2025 15:20:52 +0000
ROA not before: Thu 10 Apr 2025 15:20:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 23838
IP address blocks: 43.255.160.0/22 maxlen: 22
43.255.160.0/24 maxlen: 24
43.255.161.0/24 maxlen: 24
43.255.162.0/24 maxlen: 24
43.255.163.0/24 maxlen: 24
103.8.252.0/22 maxlen: 23
116.90.135.0/24 maxlen: 24
120.136.48.0/20 maxlen: 20
120.136.48.0/21 maxlen: 21
120.136.49.0/24 maxlen: 24
120.136.53.0/24 maxlen: 24
120.136.56.0/21 maxlen: 21
120.136.56.0/24 maxlen: 24
120.136.58.0/24 maxlen: 24
2401:f000:6::/48 maxlen: 48
2401:f000:8::/48 maxlen: 48
2401:f000:16::/48 maxlen: 48
2401:f000:18::/48 maxlen: 48
2402:1c00::/32 maxlen: 32
2402:1c00::/32 maxlen: 48
2402:1c00:4000::/36 maxlen: 36
2402:1c00:8000::/36 maxlen: 36
2402:1c00:9000::/37 maxlen: 37
2402:1c00:c000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 03 May 2025 14:50:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13609 (0x3529)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE978, serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Validity
Not Before: Apr 10 15:20:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67f7e1d4-078f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:87:5d:b4:d8:3c:bc:cb:92:62:32:5e:fd:81:
3d:64:fe:e3:c1:98:e4:36:15:a7:c2:75:15:7b:21:
98:14:7c:7c:5b:91:e0:6e:77:b3:f3:d5:03:07:bf:
a2:dc:99:89:6d:4c:90:60:03:bf:c2:79:95:42:98:
76:ea:f2:08:1f:d3:d9:dc:8a:fe:36:48:91:64:ae:
61:de:db:64:f3:f4:b4:77:4d:8d:c6:44:90:ff:c6:
47:df:5b:8e:38:50:52:9c:0d:04:bf:df:3e:98:b0:
ec:ae:f9:a6:47:8c:18:95:53:94:a9:e0:ea:a5:37:
9e:00:bd:11:7f:e2:8b:d3:2c:80:31:dd:b4:04:d8:
a3:b6:27:63:aa:a9:9d:90:54:8e:4b:5b:30:9f:3f:
75:9b:f7:ce:18:f7:65:00:67:32:cc:98:21:d0:8d:
78:ef:e8:2a:99:6b:ef:1c:a2:85:48:a2:59:73:88:
b2:9f:cd:ec:96:7e:74:4d:fd:42:51:d0:92:16:59:
91:30:35:16:73:f5:c2:74:7b:91:ba:09:b0:75:89:
a1:e4:3b:ea:e3:0e:db:38:16:ac:29:8b:37:4b:61:
55:10:ce:02:d1:58:e4:b5:28:5d:25:79:60:31:cc:
a3:2b:7b:7e:e0:8b:74:0f:ef:b1:72:e3:a2:02:a4:
e2:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:40:D2:4D:F7:8A:D9:AE:7A:AB:7D:38:55:4D:15:D3:E4:BB:C1:6F
X509v3 Authority Key Identifier:
keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.255.160.0/22
103.8.252.0/22
116.90.135.0/24
120.136.48.0/20
IPv6:
2401:f000:6::/48
2401:f000:8::/48
2401:f000:16::/48
2401:f000:18::/48
2402:1c00::/32
Signature Algorithm: sha256WithRSAEncryption
37:c5:26:f7:94:d0:44:89:f3:60:f9:f0:78:4b:94:3f:e7:99:
26:cc:bc:40:5a:f2:02:bc:3f:98:ec:86:64:9a:41:fa:a0:30:
ba:c1:c7:fc:30:ca:69:cb:db:c6:1c:e5:8e:85:df:af:7f:93:
88:84:f7:69:e3:8e:16:0c:8e:21:52:4e:79:7b:09:29:8e:10:
75:aa:d2:26:e2:ae:86:c4:54:0b:18:05:1c:33:18:d0:b1:4b:
f6:17:15:a6:6f:72:c0:3d:c3:9b:3e:2b:c7:f5:80:df:83:7f:
76:3f:4d:0a:39:55:37:b4:d5:e2:82:26:5e:45:36:66:82:b8:
0f:42:2f:d6:07:81:89:12:2a:aa:3a:51:6a:18:a1:bb:48:0d:
b2:75:73:55:94:5f:a1:25:e4:f8:c7:a4:3f:23:23:17:61:c3:
cf:ee:b7:b7:38:0d:d5:57:5b:4f:77:81:02:2c:dd:cc:be:6e:
d1:1b:c4:18:eb:36:bd:e7:e8:69:fa:93:fb:d0:e3:e3:4a:c7:
e8:dc:d5:8a:4b:d5:f4:ae:f5:68:3c:3a:84:45:47:cb:60:35:
2b:df:7c:84:5c:f5:8e:f6:6c:2f:2e:36:12:e4:e0:8b:f8:cb:
c5:e1:5d:dc:c1:39:8d:32:40:92:b5:1d:86:32:f8:42:8e:91:
54:26:e9:5c
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICNSkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE
RjgzOTZFQkUwHhcNMjUwNDEwMTUyMDUyWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2Y3ZTFkNC0wNzhmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoYddtNg8vMuSYjJe/YE9ZP7jwZjkNhWnwnUVeyGYFHx8W5Hgbnez89UDB7+i
3JmJbUyQYAO/wnmVQph26vIIH9PZ3Ir+NkiRZK5h3ttk8/S0d02NxkSQ/8ZH31uO
OFBSnA0Ev98+mLDsrvmmR4wYlVOUqeDqpTeeAL0Rf+KL0yyAMd20BNijtidjqqmd
kFSOS1swnz91m/fOGPdlAGcyzJgh0I147+gqmWvvHKKFSKJZc4iyn83sln50Tf1C
UdCSFlmRMDUWc/XCdHuRugmwdYmh5Dvq4w7bOBasKYs3S2FVEM4C0VjktShdJXlg
McyjK3t+4It0D++xcuOiAqTiwQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFKxA0k33
itmueqt9OFVNFdPku8FvMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE
OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi
cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvRERGNEIwRDJG
MDhDMTFFRUI3MEExRjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMB4EAgABMBgDBAIr/6ADBAJnCPwDBAB0WocDBAR4iDAwMQQCAAIwKwMHACQB
8AAABgMHACQB8AAACAMHACQB8AAAFgMHACQB8AAAGAMFACQCHAAwDQYJKoZIhvcN
AQELBQADggEBADfFJveU0ESJ82D58HhLlD/nmSbMvEBa8gK8P5jshmSaQfqgMLrB
x/wwymnL28Yc5Y6F369/k4iE92njjhYMjiFSTnl7CSmOEHWq0ibirobEVAsYBRwz
GNCxS/YXFaZvcsA9w5s+K8f1gN+Df3Y/TQo5VTe01eKCJl5FNmaCuA9CL9YHgYkS
Kqo6UWoYobtIDbJ1c1WUX6El5PjHpD8jIxdhw8/ut7c4DdVXW093gQIs3cy+btEb
xBjrNr3n6Gn6k/vQ4+NKx+jc1YpL1fSu9Wg8OoRFR8tgNSvffIRc9Y72bC8uNhLk
4Iv4y8XhXdzBOY0yQJK1HYYy+EKOkVQm6Vw=
-----END CERTIFICATE-----
Generated at Sat Apr 26 16:35:21 2025 by rpki-client