Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
File: 8B2EE9667A0911EE934F1262C4F9AE02.roa (raw, json)
Hash identifier: 9kSGBDbvCLlzspfA0Gzs2ktHLSvcGxJ7fb3N5eg2SV4=
Subject key identifier: D9:36:63:AE:00:F2:D0:39:B7:D3:DE:BA:51:30:01:8D:30:3A:A0:DF
Certificate issuer: /CN=A91743EF/serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Certificate serial: 17FE
Authority key identifier: D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
Signing time: Mon 28 Apr 2025 16:55:07 +0000
ROA not before: Mon 28 Apr 2025 16:55:07 +0000
ROA not after: Thu 28 Aug 2025 00:00:00 +0000
asID: 17747
IP address blocks: 103.199.224.0/24 maxlen: 24
103.199.225.0/24 maxlen: 24
103.199.226.0/24 maxlen: 24
103.199.227.0/24 maxlen: 24
150.107.8.0/23 maxlen: 24
202.142.80.0/24 maxlen: 24
202.142.82.0/24 maxlen: 24
202.142.84.0/24 maxlen: 24
202.142.88.0/24 maxlen: 24
202.142.94.0/24 maxlen: 24
202.142.108.0/23 maxlen: 23
202.142.109.0/24 maxlen: 24
202.142.111.0/24 maxlen: 24
202.142.116.0/24 maxlen: 24
202.142.117.0/24 maxlen: 24
202.142.121.0/24 maxlen: 24
202.142.122.0/24 maxlen: 24
203.81.240.0/24 maxlen: 24
203.81.241.0/24 maxlen: 24
203.81.242.0/24 maxlen: 24
203.81.243.0/24 maxlen: 24
2402:ea80::/32 maxlen: 32
2402:ea80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 05 May 2025 16:55:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6142 (0x17fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91743EF, serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Validity
Not Before: Apr 28 16:55:07 2025 GMT
Not After : Aug 28 00:00:00 2025 GMT
Subject: CN=680fb2ea-e4e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:62:cc:3e:a8:95:b1:07:bc:59:7d:39:db:cc:
ec:75:53:a0:60:0b:d9:27:c8:f6:00:73:3a:61:dc:
c9:85:15:dd:5e:17:79:16:e3:3c:f2:a3:63:c2:30:
b8:52:70:5f:cc:81:98:a7:8f:1d:f7:64:8e:0a:8a:
59:1e:28:fc:52:d4:f2:90:6a:ef:20:d6:24:6f:cc:
73:01:1a:05:a9:ed:5d:33:0b:b1:21:79:d7:d5:81:
24:cb:03:eb:79:ec:fa:2d:09:2d:d5:da:41:aa:84:
36:39:66:59:f0:a9:a0:18:30:a9:1d:ff:73:37:02:
93:d6:cd:a4:34:c4:0e:35:76:66:de:3f:c8:02:69:
34:0c:be:ca:4d:12:d1:ef:c2:f8:ac:9f:f6:b2:ce:
3c:a6:27:bc:c2:1e:42:dd:cf:1d:03:92:4b:41:90:
5b:9c:6f:8b:d7:9a:92:2f:da:49:75:4b:cc:df:2b:
25:d2:09:1d:ff:d0:d0:c2:f3:b1:0b:12:31:4c:04:
6f:be:62:d4:4f:b3:49:4a:2d:0f:e1:52:13:c8:b5:
f7:49:52:93:37:0a:11:57:a2:2a:32:1e:96:45:2c:
02:3a:7a:32:4b:d4:49:27:79:90:69:f9:ee:f3:e6:
48:3e:79:39:97:f6:de:66:4f:12:0a:e0:e6:65:d9:
86:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:36:63:AE:00:F2:D0:39:B7:D3:DE:BA:51:30:01:8D:30:3A:A0:DF
X509v3 Authority Key Identifier:
keyid:D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.199.224.0/22
150.107.8.0/23
202.142.80.0/24
202.142.82.0/24
202.142.84.0/24
202.142.88.0/24
202.142.94.0/24
202.142.108.0/23
202.142.111.0/24
202.142.116.0/23
202.142.121.0-202.142.122.255
203.81.240.0/22
IPv6:
2402:ea80::/32
Signature Algorithm: sha256WithRSAEncryption
45:1b:ce:75:8b:3e:88:0b:06:0d:9c:ca:d1:5b:b4:7e:a5:2b:
a4:4e:c8:c0:54:6c:74:ce:c8:0f:5f:1a:fd:97:2d:b2:a7:73:
a9:7e:83:1c:b6:13:77:b1:7a:29:f3:a5:32:97:65:5f:53:68:
41:c7:c4:1b:d2:e4:1c:f5:ac:d8:2c:12:f7:52:ef:2b:a9:47:
64:5a:71:5d:59:21:55:1e:69:d6:c2:d2:b3:65:56:79:06:6e:
fb:d5:4e:1e:59:3f:69:98:ba:62:36:5f:49:a6:da:8f:72:0a:
2a:14:2c:ac:4f:fe:74:55:9a:98:59:b7:d6:3e:f9:86:25:32:
3f:28:98:97:ee:91:f7:63:4e:17:d4:33:d4:75:ae:9c:71:00:
35:74:fa:13:8b:16:39:12:1c:ca:46:13:6b:35:78:2a:cd:78:
44:63:ff:10:68:2d:87:28:b9:4f:be:87:07:62:f2:47:79:a6:
ba:37:eb:f2:4a:8b:6c:41:47:5e:48:9e:a8:82:06:f5:96:a4:
53:46:45:df:59:17:95:b0:fa:0d:09:fa:f4:b7:5c:ff:e6:e2:
dc:61:83:b4:03:e9:08:b1:e8:48:16:82:d3:45:6e:08:b4:1a:
57:8f:56:4e:8e:de:30:c5:0b:3d:88:a4:06:dd:53:a4:8c:50:
ec:4f:f6:5a
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgICF/4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzQzRUYxMTAvBgNVBAUTKEQxRDY1QzhBNDMyNEUyODdGNkVBOTE1QjM5RjVEMzYw
MkQxRTM3QTYwHhcNMjUwNDI4MTY1NTA3WhcNMjUwODI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODBmYjJlYS1lNGU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyGLMPqiVsQe8WX0528zsdVOgYAvZJ8j2AHM6YdzJhRXdXhd5FuM88qNjwjC4
UnBfzIGYp48d92SOCopZHij8UtTykGrvINYkb8xzARoFqe1dMwuxIXnX1YEkywPr
eez6LQkt1dpBqoQ2OWZZ8KmgGDCpHf9zNwKT1s2kNMQONXZm3j/IAmk0DL7KTRLR
78L4rJ/2ss48pie8wh5C3c8dA5JLQZBbnG+L15qSL9pJdUvM3ysl0gkd/9DQwvOx
CxIxTARvvmLUT7NJSi0P4VITyLX3SVKTNwoRV6IqMh6WRSwCOnoyS9RJJ3mQafnu
8+ZIPnk5l/beZk8SCuDmZdmGewIDAQABo4IC7jCCAuowHQYDVR0OBBYEFNk2Y64A
8tA5t9PeulEwAY0wOqDfMB8GA1UdIwQYMBaAFNHWXIpDJOKH9uqRWzn102AtHjem
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NDNFRi9FNkFCQjAxMEJB
NDAxMUU3QTA4RDI2NkZDNEY5QUUwMi8wZFpjaWtNazRvZjI2cEZiT2ZYVFlDMGVO
NlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBkWmNpa01rNG9mMjZwRmJPZlhUWUMwZU42WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzQzRUYvRTZBQkIwMTBCQTQwMTFFN0EwOEQyNjZGQzRGOUFFMDIvOEIyRUU5NjY3
QTA5MTFFRTkzNEYxMjYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwweAYIKwYBBQUHAQcBAf8E
aTBnMFYEAgABMFADBAJnx+ADBAGWawgDBADKjlADBADKjlIDBADKjlQDBADKjlgD
BADKjl4DBAHKjmwDBADKjm8DBAHKjnQwDAMEAMqOeQMEAMqOegMEAstR8DANBAIA
AjAHAwUAJALqgDANBgkqhkiG9w0BAQsFAAOCAQEARRvOdYs+iAsGDZzK0Vu0fqUr
pE7IwFRsdM7ID18a/ZctsqdzqX6DHLYTd7F6KfOlMpdlX1NoQcfEG9LkHPWs2CwS
91LvK6lHZFpxXVkhVR5p1sLSs2VWeQZu+9VOHlk/aZi6YjZfSabaj3IKKhQsrE/+
dFWamFm31j75hiUyPyiYl+6R92NOF9Qz1HWunHEANXT6E4sWORIcykYTazV4Ks14
RGP/EGgthyi5T76HB2LyR3mmujfr8kqLbEFHXkieqIIG9ZakU0ZF31kXlbD6DQn6
9Ldc/+bi3GGDtAPpCLHoSBaC00VuCLQaV49WTo7eMMULPYikBt1TpIxQ7E/2Wg==
-----END CERTIFICATE-----
Generated at Mon Apr 28 20:10:42 2025 by rpki-client on console.sobornost.net