Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/39574A98960D11ECAAC81D60C4F9AE02.roa
File: 39574A98960D11ECAAC81D60C4F9AE02.roa (raw, json)
Hash identifier: QyHX2tVKdXvBrNBfn6kDQfZOmLtDJUfGgQzAxEofZ58=
Subject key identifier: 3C:62:01:F7:9B:D8:35:6D:AB:52:E0:1A:C1:AB:34:6A:66:E1:CB:03
Certificate issuer: /CN=A91E504E/serialNumber=A3F272752EC5D9E129E4DFCA080B88D39B794944
Certificate serial: 03DF
Authority key identifier: A3:F2:72:75:2E:C5:D9:E1:29:E4:DF:CA:08:0B:88:D3:9B:79:49:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o_JydS7F2eEp5N_KCAuI05t5SUQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/39574A98960D11ECAAC81D60C4F9AE02.roa
Signing time: Fri 01 Aug 2025 02:07:39 +0000
ROA not before: Fri 01 Aug 2025 02:07:39 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 133199
IP address blocks: 43.240.28.0/22 maxlen: 22
43.240.28.0/24 maxlen: 24
43.240.29.0/24 maxlen: 24
43.240.30.0/24 maxlen: 24
43.240.31.0/24 maxlen: 24
43.242.32.0/22 maxlen: 22
43.242.32.0/24 maxlen: 24
43.242.33.0/24 maxlen: 24
43.242.34.0/24 maxlen: 24
43.242.35.0/24 maxlen: 24
45.119.96.0/24 maxlen: 24
45.119.97.0/24 maxlen: 24
45.119.98.0/24 maxlen: 24
45.119.99.0/24 maxlen: 24
103.59.144.0/24 maxlen: 24
103.59.145.0/24 maxlen: 24
103.59.146.0/24 maxlen: 24
103.59.147.0/24 maxlen: 24
103.249.108.0/24 maxlen: 24
103.249.109.0/24 maxlen: 24
103.249.110.0/24 maxlen: 24
103.249.111.0/24 maxlen: 24
103.254.148.0/24 maxlen: 24
103.254.149.0/24 maxlen: 24
103.254.150.0/24 maxlen: 24
103.254.151.0/24 maxlen: 24
2404:da80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/o_JydS7F2eEp5N_KCAuI05t5SUQ.crl
rsync://rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/o_JydS7F2eEp5N_KCAuI05t5SUQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o_JydS7F2eEp5N_KCAuI05t5SUQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 18 Aug 2025 00:47:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 991 (0x3df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E504E, serialNumber=A3F272752EC5D9E129E4DFCA080B88D39B794944
Validity
Not Before: Aug 1 02:07:39 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=688c216b-3393
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:dd:20:04:f6:f4:d4:ac:4f:06:cd:48:36:f5:
2b:64:ff:fc:ca:4f:e4:57:f2:12:f5:03:89:d8:57:
12:17:37:12:69:68:ca:a9:e7:e8:21:17:be:f3:c2:
62:dc:64:41:8f:f2:ce:d8:24:01:13:8d:d4:57:65:
6e:de:09:2e:64:84:78:f9:ce:7c:11:26:e4:ad:9e:
3f:4e:56:7e:91:64:15:fa:1d:3d:1e:06:8f:8d:ce:
87:b6:fe:8e:6d:48:9e:e8:46:11:d3:f1:9b:03:1d:
49:03:ee:f4:17:f4:2b:ae:63:11:16:9f:b2:b5:5d:
5c:8a:50:06:e8:a6:69:b4:f9:d9:3c:08:70:29:0c:
3a:d9:3a:fe:f4:ae:fe:15:5f:75:07:57:f1:f7:f1:
38:1c:aa:bb:7c:9f:38:58:ec:1c:e4:9a:63:11:78:
03:5e:33:1c:d9:a9:70:ce:0c:13:f0:30:b6:a6:27:
13:c5:cf:3b:3a:20:d8:ec:b8:d5:d6:24:c4:70:8b:
52:d0:f1:8c:90:c7:22:48:e9:bd:ae:35:be:b0:a4:
2b:95:74:7a:3c:80:a2:17:fa:78:d1:26:b2:d0:c0:
5b:9c:92:38:7f:eb:5a:1e:81:a0:10:bd:c2:61:c1:
67:37:d7:30:eb:d3:1e:ff:7a:0a:f1:6e:78:5e:2b:
86:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:62:01:F7:9B:D8:35:6D:AB:52:E0:1A:C1:AB:34:6A:66:E1:CB:03
X509v3 Authority Key Identifier:
keyid:A3:F2:72:75:2E:C5:D9:E1:29:E4:DF:CA:08:0B:88:D3:9B:79:49:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/o_JydS7F2eEp5N_KCAuI05t5SUQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o_JydS7F2eEp5N_KCAuI05t5SUQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E504E/59094990960811ECA04A0086C4F9AE02/39574A98960D11ECAAC81D60C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.240.28.0/22
43.242.32.0/22
45.119.96.0/22
103.59.144.0/22
103.249.108.0/22
103.254.148.0/22
IPv6:
2404:da80::/32
Signature Algorithm: sha256WithRSAEncryption
ac:c1:3e:f0:f9:f0:fc:ae:5c:ef:b8:2a:08:29:6a:e1:36:69:
bc:e1:67:ea:5a:cc:66:99:cf:dc:5e:d4:82:c8:69:62:d1:3c:
34:52:ca:2d:1b:ba:3e:66:68:f1:fa:37:ea:3f:6b:ea:34:4b:
ed:10:fd:80:26:b4:7c:10:90:89:54:c4:2c:58:69:72:58:a4:
fc:b4:6c:f3:57:ac:35:80:0c:77:7a:0c:2a:cc:38:ce:41:18:
ef:2f:05:fa:a9:bc:97:f0:0c:ee:03:88:7a:74:47:86:1d:a1:
dc:ec:61:35:c2:8a:26:7f:01:24:0c:b0:49:b4:94:ae:be:36:
ed:44:a1:df:f8:7f:4c:70:3d:d3:4e:73:2e:91:fc:17:59:14:
c0:e4:26:79:cc:a9:c5:8d:ff:b7:3b:74:80:2f:79:ff:27:dc:
31:11:ef:cf:c5:f4:4b:ee:5d:aa:d6:e6:5a:a6:ab:0b:7d:9c:
cc:3f:a7:eb:49:2d:4b:35:9d:0b:75:56:a8:a1:22:ac:93:03:
ea:69:d6:12:3f:33:bd:6f:aa:54:96:69:cd:ff:10:2d:7c:df:
11:41:99:75:e1:0e:cd:71:47:d6:05:c6:d2:60:5d:39:5d:de:
71:6d:c9:a9:7a:88:85:fd:3b:de:60:5c:e5:51:45:58:24:03:
65:04:66:f5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICA98wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTUwNEUxMTAvBgNVBAUTKEEzRjI3Mjc1MkVDNUQ5RTEyOUU0REZDQTA4MEI4OEQz
OUI3OTQ5NDQwHhcNMjUwODAxMDIwNzM5WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhjMjE2Yi0zMzkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7N0gBPb01KxPBs1INvUrZP/8yk/kV/IS9QOJ2FcSFzcSaWjKqefoIRe+88Ji
3GRBj/LO2CQBE43UV2Vu3gkuZIR4+c58ESbkrZ4/TlZ+kWQV+h09HgaPjc6Htv6O
bUie6EYR0/GbAx1JA+70F/QrrmMRFp+ytV1cilAG6KZptPnZPAhwKQw62Tr+9K7+
FV91B1fx9/E4HKq7fJ84WOwc5JpjEXgDXjMc2alwzgwT8DC2picTxc87OiDY7LjV
1iTEcItS0PGMkMciSOm9rjW+sKQrlXR6PICiF/p40Say0MBbnJI4f+taHoGgEL3C
YcFnN9cw69Me/3oK8W54XiuG5wIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFDxiAfeb
2DVtq1LgGsGrNGpm4csDMB8GA1UdIwQYMBaAFKPycnUuxdnhKeTfyggLiNObeUlE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNTA0RS81OTA5NDk5MDk2
MDgxMUVDQTA0QTAwODZDNEY5QUUwMi9vX0p5ZFM3RjJlRXA1Tl9LQ0F1STA1dDVT
VVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29fSnlkUzdGMmVFcDVOX0tDQXVJMDV0NVNVUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTUwNEUvNTkwOTQ5OTA5NjA4MTFFQ0EwNEEwMDg2QzRGOUFFMDIvMzk1NzRBOTg5
NjBEMTFFQ0FBQzgxRDYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAIr8BwDBAIr8iADBAItd2ADBAJnO5ADBAJn+WwDBAJn/pQw
DQQCAAIwBwMFACQE2oAwDQYJKoZIhvcNAQELBQADggEBAKzBPvD58PyuXO+4Kggp
auE2abzhZ+pazGaZz9xe1ILIaWLRPDRSyi0buj5maPH6N+o/a+o0S+0Q/YAmtHwQ
kIlUxCxYaXJYpPy0bPNXrDWADHd6DCrMOM5BGO8vBfqpvJfwDO4DiHp0R4Ydodzs
YTXCiiZ/ASQMsEm0lK6+Nu1Eod/4f0xwPdNOcy6R/BdZFMDkJnnMqcWN/7c7dIAv
ef8n3DER78/F9EvuXarW5lqmqwt9nMw/p+tJLUs1nQt1VqihIqyTA+pp1hI/M71v
qlSWac3/EC183xFBmXXhDs1xR9YFxtJgXTld3nFtyal6iIX9O95gXOVRRVgkA2UE
ZvU=
-----END CERTIFICATE-----
Generated at Tue Aug 12 22:50:08 2025 by rpki-client