Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
File: 7E0AB01C782C11EBB0B71971C4F9AE02.roa (raw, json)
Hash identifier: k3Hyvnta3NTSihzOI6GhNOzxp4Li4ZxAgK0C//8NE4o=
Subject key identifier: EE:8E:C0:69:C2:1C:AD:83:CE:02:8C:CF:C0:10:85:0F:3D:8E:77:23
Certificate issuer: /CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Certificate serial: 06C3
Authority key identifier: 05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
Signing time: Fri 16 May 2025 22:09:54 +0000
ROA not before: Fri 16 May 2025 22:09:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56201
IP address blocks: 169.148.132.0/24 maxlen: 24
169.148.133.0/24 maxlen: 24
169.148.134.0/23 maxlen: 23
169.148.134.0/24 maxlen: 24
169.148.135.0/24 maxlen: 24
169.148.136.0/23 maxlen: 23
169.148.136.0/24 maxlen: 24
169.148.137.0/24 maxlen: 24
169.148.138.0/23 maxlen: 24
169.148.140.0/23 maxlen: 24
169.148.142.0/23 maxlen: 23
169.148.142.0/24 maxlen: 24
169.148.143.0/24 maxlen: 24
169.148.144.0/23 maxlen: 23
169.148.144.0/24 maxlen: 24
169.148.145.0/24 maxlen: 24
169.148.146.0/23 maxlen: 23
169.148.148.0/23 maxlen: 23
169.148.148.0/24 maxlen: 24
169.148.149.0/24 maxlen: 24
169.148.150.0/24 maxlen: 24
169.148.172.0/23 maxlen: 24
169.148.174.0/23 maxlen: 24
169.148.176.0/23 maxlen: 24
169.148.180.0/24 maxlen: 24
199.67.76.0/23 maxlen: 23
199.67.76.0/24 maxlen: 24
199.67.77.0/24 maxlen: 24
199.67.78.0/23 maxlen: 23
199.67.78.0/24 maxlen: 24
199.67.79.0/24 maxlen: 24
199.67.94.0/23 maxlen: 23
199.67.94.0/24 maxlen: 24
199.67.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 27 Jun 2025 21:26:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1731 (0x6c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FF74B, serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Validity
Not Before: May 16 22:09:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6827b7b2-06e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:fe:c1:7b:a5:89:5d:4b:ac:d7:bd:be:4e:80:
d4:f6:de:83:bb:a1:e3:b1:2b:7e:ae:05:ee:88:3d:
61:cb:ba:14:de:29:8c:b2:50:2a:94:8d:41:4f:25:
52:ee:af:aa:35:b1:ef:12:2e:19:3a:cd:77:8f:c8:
e3:3b:d3:df:c0:8e:83:07:0c:58:58:87:c8:ae:80:
31:8a:c7:d0:f2:03:52:f8:9f:66:4a:d3:38:1c:20:
28:26:e1:d9:56:2f:20:0d:ae:b3:f3:ba:79:c6:78:
20:db:a8:31:19:59:4d:df:f9:0d:fe:a7:5b:16:8a:
c9:3c:ff:01:5a:b9:a0:71:4a:2a:f9:ef:5e:33:4d:
c2:fe:b1:da:ce:4c:e9:16:80:7a:44:c9:52:a4:a9:
e7:5f:a2:1e:2f:56:76:a7:64:df:8c:d7:ad:35:3e:
c0:bd:b4:30:b5:26:60:de:72:13:b0:39:4c:57:69:
5c:0b:51:db:21:ff:e3:a0:5e:7b:42:32:2a:8f:b6:
b5:8b:f8:35:1e:c9:a6:fe:dd:58:9f:81:29:81:d4:
a3:65:cf:47:d2:a8:2e:64:ae:6c:10:71:50:cb:d8:
40:94:db:dd:2b:72:57:8b:07:ae:65:e8:e3:57:31:
a9:11:8f:2c:5f:99:85:87:af:ad:25:ab:29:1b:ed:
4f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:8E:C0:69:C2:1C:AD:83:CE:02:8C:CF:C0:10:85:0F:3D:8E:77:23
X509v3 Authority Key Identifier:
keyid:05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
169.148.132.0-169.148.150.255
169.148.172.0-169.148.177.255
169.148.180.0/24
199.67.76.0/22
199.67.94.0/23
Signature Algorithm: sha256WithRSAEncryption
a6:e3:77:56:4d:88:85:cb:11:5e:b9:d3:0c:31:17:21:37:bf:
9e:bd:65:a0:8b:22:2c:9b:d1:60:9d:bc:aa:80:0a:19:c0:1f:
ea:ac:7b:cb:46:c2:d3:f9:14:75:d6:06:b4:3f:32:72:d2:1b:
ce:39:fc:79:ea:f3:32:bb:7c:35:f0:64:c6:a3:7d:47:97:77:
6c:58:87:26:8a:c2:f5:11:03:e9:e0:e0:a7:0a:7c:8a:56:86:
e0:e1:2f:7e:df:fe:c1:e6:08:92:b7:ad:6f:b8:46:43:6d:f5:
b8:0c:53:26:a1:b5:c5:b4:a5:0a:89:ee:d1:73:0f:6d:c9:97:
a9:da:fc:8b:ac:98:53:ae:29:dd:92:f9:f7:f4:0b:fe:62:dd:
fa:61:e1:b0:14:ac:39:1c:32:6e:c2:24:10:50:90:e7:2a:d5:
18:a8:00:dd:5b:e3:5b:9b:b4:21:3f:74:34:19:c8:b2:3c:e0:
90:b4:02:e2:1d:a6:f2:cc:c0:03:50:f9:a7:22:63:06:41:e1:
56:33:87:6f:19:99:88:d1:43:3a:b8:74:67:8e:cd:ea:1b:7b:
9e:61:a6:68:1a:cf:a6:32:0d:dc:e5:14:b5:76:5c:3e:ab:2b:
ee:5f:4a:c1:66:32:e0:cb:12:cb:e3:57:23:64:29:85:6d:9f:
1b:9d:0b:e6
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICBsMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY3NEIxMTAvBgNVBAUTKDA1OUU2RjAzQUU3Njc2QTlEMEYwOUQ1RjZDQkRCOTA4
NjE4NTVBNTcwHhcNMjUwNTE2MjIwOTU0WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI3YjdiMi0wNmU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyv7Be6WJXUus172+ToDU9t6Du6HjsSt+rgXuiD1hy7oU3imMslAqlI1BTyVS
7q+qNbHvEi4ZOs13j8jjO9PfwI6DBwxYWIfIroAxisfQ8gNS+J9mStM4HCAoJuHZ
Vi8gDa6z87p5xngg26gxGVlN3/kN/qdbForJPP8BWrmgcUoq+e9eM03C/rHazkzp
FoB6RMlSpKnnX6IeL1Z2p2TfjNetNT7AvbQwtSZg3nITsDlMV2lcC1HbIf/joF57
QjIqj7a1i/g1Hsmm/t1Yn4EpgdSjZc9H0qguZK5sEHFQy9hAlNvdK3JXiweuZejj
VzGpEY8sX5mFh6+tJaspG+1PgQIDAQABo4ICvTCCArkwHQYDVR0OBBYEFO6OwGnC
HK2DzgKMz8AQhQ89jncjMB8GA1UdIwQYMBaAFAWebwOudnap0PCdX2y9uQhhhVpX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjc0Qi82MUEzMzg0QTc4
MkMxMUVCQUMwNEY2NzJDNEY5QUUwMi9CWjV2QTY1MmRxblE4SjFmYkwyNUNHR0ZX
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0JaNXZBNjUyZHFuUThKMWZiTDI1Q0dHRldsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY3NEIvNjFBMzM4NEE3ODJDMTFFQkFDMDRGNjcyQzRGOUFFMDIvN0UwQUIwMUM3
ODJDMTFFQkIwQjcxOTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4wDAMEAqmUhAMEAKmUljAMAwQCqZSsAwQBqZSwAwQAqZS0AwQC
x0NMAwQBx0NeMA0GCSqGSIb3DQEBCwUAA4IBAQCm43dWTYiFyxFeudMMMRchN7+e
vWWgiyIsm9FgnbyqgAoZwB/qrHvLRsLT+RR11ga0PzJy0hvOOfx56vMyu3w18GTG
o31Hl3dsWIcmisL1EQPp4OCnCnyKVobg4S9+3/7B5giSt61vuEZDbfW4DFMmobXF
tKUKie7Rcw9tyZep2vyLrJhTrindkvn39Av+Yt36YeGwFKw5HDJuwiQQUJDnKtUY
qADdW+Nbm7QhP3Q0GciyPOCQtALiHabyzMADUPmnImMGQeFWM4dvGZmI0UM6uHRn
js3qG3ueYaZoGs+mMg3c5RS1dlw+qyvuX0rBZjLgyxLL41cjZCmFbZ8bnQvm
-----END CERTIFICATE-----
Generated at Sat Jun 21 01:29:59 2025 by rpki-client