Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/CEF8E22E711711EDB49CE11AC4F9AE02.roa
File: CEF8E22E711711EDB49CE11AC4F9AE02.roa (raw, json)
Hash identifier: MXG2UaX3e+u+Jgkl2hW9VaZ5bWI3Hg2FUtWl1xPKFxI=
Subject key identifier: 02:05:88:4D:62:4D:BA:EA:3C:DA:00:8C:E1:68:6D:A5:F3:5A:B4:85
Certificate issuer: /CN=A91F277D/serialNumber=BBC103561AFD7A93036D1C72DD4C0A7C2A4E29CE
Certificate serial: 0665
Authority key identifier: BB:C1:03:56:1A:FD:7A:93:03:6D:1C:72:DD:4C:0A:7C:2A:4E:29:CE
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/u8EDVhr9epMDbRxy3UwKfCpOKc4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/CEF8E22E711711EDB49CE11AC4F9AE02.roa
Signing time: Fri 06 Jun 2025 04:35:17 +0000
ROA not before: Fri 06 Jun 2025 04:35:17 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 135348
IP address blocks: 139.163.0.0/17 maxlen: 17
139.163.30.0/24 maxlen: 24
139.163.128.0/23 maxlen: 23
139.163.130.0/24 maxlen: 24
139.163.131.0/24 maxlen: 24
139.163.132.0/22 maxlen: 22
139.163.132.0/24 maxlen: 24
139.163.136.0/23 maxlen: 23
139.163.138.0/24 maxlen: 24
139.163.139.0/24 maxlen: 24
139.163.140.0/22 maxlen: 22
139.163.144.0/20 maxlen: 20
139.163.160.0/19 maxlen: 19
139.163.192.0/19 maxlen: 19
139.163.224.0/20 maxlen: 20
139.163.240.0/22 maxlen: 22
139.163.244.0/23 maxlen: 23
139.163.246.0/24 maxlen: 24
139.163.247.0/24 maxlen: 24
139.163.248.0/21 maxlen: 21
139.163.250.0/24 maxlen: 24
168.134.0.0/17 maxlen: 17
168.134.128.0/21 maxlen: 21
168.134.136.0/24 maxlen: 24
168.134.137.0/24 maxlen: 24
168.134.138.0/24 maxlen: 24
168.134.139.0/24 maxlen: 24
168.134.140.0/22 maxlen: 22
168.134.144.0/20 maxlen: 20
168.134.160.0/19 maxlen: 19
168.134.192.0/18 maxlen: 18
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/u8EDVhr9epMDbRxy3UwKfCpOKc4.crl
rsync://rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/u8EDVhr9epMDbRxy3UwKfCpOKc4.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/u8EDVhr9epMDbRxy3UwKfCpOKc4.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 25 Jun 2025 22:04:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1637 (0x665)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F277D, serialNumber=BBC103561AFD7A93036D1C72DD4C0A7C2A4E29CE
Validity
Not Before: Jun 6 04:35:17 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=68427005-5748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:c3:a2:53:f3:78:59:49:0c:36:77:14:1f:ab:
c4:34:4b:ad:ef:53:e0:99:bd:1c:80:5e:36:37:f1:
0d:ee:fe:80:8f:01:60:e0:40:5a:2e:28:0f:0e:e4:
b7:42:46:79:fc:3e:8d:f2:80:d5:6b:d8:b0:b4:52:
2b:db:a1:db:25:06:67:e9:18:b5:4e:b5:2c:40:92:
c5:c0:d1:26:76:57:67:ad:5f:dd:a3:b7:47:cb:8b:
09:6e:09:a1:76:72:c4:4a:e8:06:a7:be:18:b0:0f:
ba:9f:5b:c9:8c:19:a9:ed:3e:64:f0:ae:b5:ef:f0:
67:88:75:83:48:19:df:51:b0:a7:1d:03:1b:15:80:
4d:8c:cd:1c:9b:59:e4:76:58:33:6d:2e:45:70:4b:
ac:e3:87:ed:5a:9f:47:80:8a:6a:34:10:20:b8:73:
bd:9c:6f:86:bf:c1:1e:e2:6a:f2:30:32:fa:83:a9:
00:72:a2:cb:d3:28:6f:88:c9:a6:2a:62:d3:14:65:
f2:b2:c2:c7:6b:fe:c1:c0:33:22:13:e1:35:c9:6e:
6f:f6:a9:bd:44:7f:e1:ac:f1:e9:b5:25:90:61:d3:
92:0c:b5:a7:0d:9d:e1:6a:c9:e9:14:fd:dd:58:ac:
4c:fa:88:7b:48:9c:77:3c:52:78:ed:80:af:d2:67:
c7:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:05:88:4D:62:4D:BA:EA:3C:DA:00:8C:E1:68:6D:A5:F3:5A:B4:85
X509v3 Authority Key Identifier:
keyid:BB:C1:03:56:1A:FD:7A:93:03:6D:1C:72:DD:4C:0A:7C:2A:4E:29:CE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/u8EDVhr9epMDbRxy3UwKfCpOKc4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/u8EDVhr9epMDbRxy3UwKfCpOKc4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F277D/78A1D08E8D6B11EB9840E05FC4F9AE02/CEF8E22E711711EDB49CE11AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
139.163.0.0/16
168.134.0.0/16
Signature Algorithm: sha256WithRSAEncryption
c5:9c:6c:b5:80:08:a5:6f:91:07:1f:0b:18:25:64:97:09:16:
08:ac:b9:a9:45:40:23:59:71:ea:55:1e:3b:f6:39:53:02:15:
44:e3:e7:8a:1e:e5:db:35:1a:44:99:ea:69:5d:8d:45:c9:30:
a7:f8:bf:dc:df:3a:62:9e:3a:2b:ab:f4:8f:14:eb:84:de:6b:
d5:f7:81:fa:41:f3:a4:e1:f1:cb:1d:7c:87:8f:54:1d:b1:66:
5c:eb:2d:98:ba:14:5e:e5:a7:e5:ec:fa:c9:d9:34:cd:7a:2c:
ec:bd:91:77:09:89:5d:db:23:19:ee:1f:2c:7e:be:17:48:2a:
92:e3:69:b6:24:54:e6:38:19:a4:c0:87:b6:64:eb:c8:6f:8a:
bc:66:21:ba:ab:05:5d:7b:3c:52:34:cf:c3:b4:07:19:8a:82:
01:7a:60:66:10:70:42:4d:3c:6b:69:7f:1d:d1:c7:af:c9:6f:
87:9c:c5:6f:20:93:82:da:57:eb:0c:06:59:cf:d2:ed:1a:aa:
81:b8:97:ce:7c:a9:64:1d:c7:8f:de:47:c7:79:9e:86:85:f5:
f7:0f:e2:8f:16:5b:79:9d:01:e3:58:2e:d3:a7:dd:73:6c:78:
70:5b:23:40:f1:fa:54:1d:39:83:3e:21:ad:27:b1:50:55:7c:
d9:21:ce:f8
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgICBmUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjI3N0QxMTAvBgNVBAUTKEJCQzEwMzU2MUFGRDdBOTMwMzZEMUM3MkRENEMwQTdD
MkE0RTI5Q0UwHhcNMjUwNjA2MDQzNTE3WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQyNzAwNS01NzQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3sOiU/N4WUkMNncUH6vENEut71Pgmb0cgF42N/EN7v6AjwFg4EBaLigPDuS3
QkZ5/D6N8oDVa9iwtFIr26HbJQZn6Ri1TrUsQJLFwNEmdldnrV/do7dHy4sJbgmh
dnLESugGp74YsA+6n1vJjBmp7T5k8K617/BniHWDSBnfUbCnHQMbFYBNjM0cm1nk
dlgzbS5FcEus44ftWp9HgIpqNBAguHO9nG+Gv8Ee4mryMDL6g6kAcqLL0yhviMmm
KmLTFGXyssLHa/7BwDMiE+E1yW5v9qm9RH/hrPHptSWQYdOSDLWnDZ3hasnpFP3d
WKxM+oh7SJx3PFJ47YCv0mfH6QIDAQABo4ICmTCCApUwHQYDVR0OBBYEFAIFiE1i
TbrqPNoAjOFobaXzWrSFMB8GA1UdIwQYMBaAFLvBA1Ya/XqTA20cct1MCnwqTinO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMjc3RC83OEExRDA4RThE
NkIxMUVCOTg0MEUwNUZDNEY5QUUwMi91OEVEVmhyOWVwTURiUnh5M1V3S2ZDcE9L
YzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3U4RURWaHI5ZXBNRGJSeHkzVXdLZkNwT0tjNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjI3N0QvNzhBMUQwOEU4RDZCMTFFQjk4NDBFMDVGQzRGOUFFMDIvQ0VGOEUyMkU3
MTE3MTFFREI0OUNFMTFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIwYIKwYBBQUHAQcBAf8E
FDASMBAEAgABMAoDAwCLowMDAKiGMA0GCSqGSIb3DQEBCwUAA4IBAQDFnGy1gAil
b5EHHwsYJWSXCRYIrLmpRUAjWXHqVR479jlTAhVE4+eKHuXbNRpEmeppXY1FyTCn
+L/c3zpinjorq/SPFOuE3mvV94H6QfOk4fHLHXyHj1QdsWZc6y2YuhRe5afl7PrJ
2TTNeizsvZF3CYld2yMZ7h8sfr4XSCqS42m2JFTmOBmkwIe2ZOvIb4q8ZiG6qwVd
ezxSNM/DtAcZioIBemBmEHBCTTxraX8d0cevyW+HnMVvIJOC2lfrDAZZz9LtGqqB
uJfOfKlkHceP3kfHeZ6GhfX3D+KPFlt5nQHjWC7Tp91zbHhwWyNA8fpUHTmDPiGt
J7FQVXzZIc74
-----END CERTIFICATE-----
Generated at Thu Jun 19 19:05:21 2025 by rpki-client