Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/3C30815CABB611ED8370AB5DC4F9AE02.roa
File: 3C30815CABB611ED8370AB5DC4F9AE02.roa (raw, json)
Hash identifier: kHXccAVrXA3rHG0wp4ClswxygQcMM7lWiad+D8RkAEQ=
Subject key identifier: 81:45:C8:4F:81:6A:5D:5C:14:B3:20:9D:1F:63:4B:FD:6C:4F:C0:7A
Certificate issuer: /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial: 074A
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/3C30815CABB611ED8370AB5DC4F9AE02.roa
Signing time: Mon 24 Feb 2025 23:49:36 +0000
ROA not before: Mon 24 Feb 2025 23:49:36 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 140220
IP address blocks: 60.234.7.0/24 maxlen: 24
60.234.8.0/24 maxlen: 24
60.234.10.0/24 maxlen: 24
60.234.11.0/24 maxlen: 24
60.234.12.0/24 maxlen: 24
60.234.13.0/24 maxlen: 24
60.234.14.0/24 maxlen: 24
60.234.15.0/24 maxlen: 24
60.234.31.0/24 maxlen: 24
60.234.32.0/24 maxlen: 24
60.234.33.0/24 maxlen: 24
60.234.39.0/24 maxlen: 24
60.234.40.0/23 maxlen: 24
60.234.46.0/24 maxlen: 24
60.234.50.0/24 maxlen: 24
60.234.51.0/24 maxlen: 24
60.234.52.0/24 maxlen: 24
60.234.53.0/24 maxlen: 24
60.234.63.0/24 maxlen: 24
60.234.68.0/24 maxlen: 24
60.234.72.0/24 maxlen: 24
60.234.75.0/24 maxlen: 24
60.234.82.0/23 maxlen: 24
60.234.84.0/22 maxlen: 24
60.234.88.0/24 maxlen: 24
60.234.89.0/24 maxlen: 24
60.234.90.0/23 maxlen: 24
60.234.92.0/23 maxlen: 24
60.234.94.0/24 maxlen: 24
60.234.95.0/24 maxlen: 24
60.234.96.0/24 maxlen: 24
60.234.98.0/24 maxlen: 24
60.234.99.0/24 maxlen: 24
60.234.108.0/24 maxlen: 24
60.234.109.0/24 maxlen: 24
60.234.110.0/24 maxlen: 24
60.234.111.0/24 maxlen: 24
60.234.112.0/24 maxlen: 24
60.234.113.0/24 maxlen: 24
60.234.114.0/24 maxlen: 24
60.234.115.0/24 maxlen: 24
60.234.116.0/23 maxlen: 24
60.234.118.0/24 maxlen: 24
60.234.119.0/24 maxlen: 24
60.234.124.0/24 maxlen: 24
60.234.125.0/24 maxlen: 24
60.234.126.0/24 maxlen: 24
60.234.127.0/24 maxlen: 24
60.234.128.0/24 maxlen: 24
60.234.129.0/24 maxlen: 24
60.234.130.0/24 maxlen: 24
60.234.131.0/24 maxlen: 24
60.234.132.0/24 maxlen: 24
60.234.133.0/24 maxlen: 24
60.234.134.0/24 maxlen: 24
60.234.135.0/24 maxlen: 24
60.234.136.0/24 maxlen: 24
60.234.137.0/24 maxlen: 24
60.234.138.0/24 maxlen: 24
60.234.139.0/24 maxlen: 24
60.234.140.0/24 maxlen: 24
60.234.141.0/24 maxlen: 24
60.234.142.0/24 maxlen: 24
60.234.143.0/24 maxlen: 24
60.234.144.0/23 maxlen: 24
60.234.146.0/23 maxlen: 24
60.234.148.0/24 maxlen: 24
60.234.149.0/24 maxlen: 24
60.234.150.0/23 maxlen: 24
60.234.152.0/21 maxlen: 24
60.234.160.0/24 maxlen: 24
60.234.161.0/24 maxlen: 24
60.234.162.0/23 maxlen: 24
60.234.164.0/24 maxlen: 24
60.234.165.0/24 maxlen: 24
60.234.166.0/24 maxlen: 24
60.234.167.0/24 maxlen: 24
60.234.168.0/24 maxlen: 24
60.234.169.0/24 maxlen: 24
60.234.170.0/24 maxlen: 24
60.234.171.0/24 maxlen: 24
60.234.172.0/24 maxlen: 24
60.234.173.0/24 maxlen: 24
60.234.174.0/24 maxlen: 24
60.234.175.0/24 maxlen: 24
60.234.176.0/24 maxlen: 24
60.234.178.0/24 maxlen: 24
60.234.181.0/24 maxlen: 24
60.234.182.0/23 maxlen: 24
60.234.184.0/23 maxlen: 24
60.234.186.0/24 maxlen: 24
60.234.187.0/24 maxlen: 24
60.234.188.0/24 maxlen: 24
60.234.189.0/24 maxlen: 24
60.234.190.0/24 maxlen: 24
60.234.191.0/24 maxlen: 24
60.234.192.0/24 maxlen: 24
60.234.193.0/24 maxlen: 24
60.234.194.0/23 maxlen: 24
60.234.196.0/23 maxlen: 24
60.234.198.0/23 maxlen: 24
60.234.201.0/24 maxlen: 24
60.234.202.0/23 maxlen: 24
60.234.204.0/24 maxlen: 24
60.234.206.0/24 maxlen: 24
60.234.207.0/24 maxlen: 24
60.234.208.0/20 maxlen: 24
60.234.224.0/19 maxlen: 24
202.127.8.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 22:43:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1866 (0x74a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91406AA
Validity
Not Before: Feb 24 23:49:36 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=67bd0590-42cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:9d:1a:06:97:ef:45:c6:d6:3b:2b:0a:ec:35:
6e:3f:1d:9f:ca:65:3e:49:96:04:4f:82:2b:78:f5:
db:f5:a2:3a:26:d6:83:56:bf:d6:4f:47:2a:38:0d:
c6:47:3e:d2:db:d7:d0:7f:da:3a:a0:49:b3:de:6e:
6a:72:d3:03:35:72:99:ae:f3:0b:56:f7:48:3f:34:
42:3c:51:03:94:88:05:22:87:67:bf:0b:06:0d:d7:
83:c8:4a:44:31:36:fb:77:73:e0:d3:2d:a7:d5:fb:
63:2e:6c:42:f0:e4:0c:9f:99:9d:ae:c4:8c:3f:94:
e3:19:86:4e:c6:9e:b0:f6:5e:ea:b2:83:49:8b:10:
3e:51:e7:fe:42:ac:aa:5d:b7:45:e2:21:bb:48:a9:
31:78:7b:f8:a9:fe:87:02:e4:11:af:ad:58:27:d3:
d8:81:c8:12:2c:c6:c2:2b:49:b3:72:e6:fa:89:f3:
2d:29:0e:f3:f5:81:4f:71:e7:2e:37:9e:06:81:76:
72:e4:58:84:bd:ef:66:f5:17:a2:01:f0:1a:72:38:
09:df:ff:cd:76:32:32:59:da:14:e6:42:b1:54:ba:
f5:26:56:91:31:ff:be:be:6c:67:b0:da:4c:52:bd:
80:d0:46:e0:81:c1:f8:07:9b:cf:4f:5e:83:08:34:
b0:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:45:C8:4F:81:6A:5D:5C:14:B3:20:9D:1F:63:4B:FD:6C:4F:C0:7A
X509v3 Authority Key Identifier:
keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/3C30815CABB611ED8370AB5DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
60.234.7.0-60.234.8.255
60.234.10.0-60.234.15.255
60.234.31.0-60.234.33.255
60.234.39.0-60.234.41.255
60.234.46.0/24
60.234.50.0-60.234.53.255
60.234.63.0/24
60.234.68.0/24
60.234.72.0/24
60.234.75.0/24
60.234.82.0-60.234.96.255
60.234.98.0/23
60.234.108.0-60.234.119.255
60.234.124.0-60.234.176.255
60.234.178.0/24
60.234.181.0-60.234.199.255
60.234.201.0-60.234.204.255
60.234.206.0-60.234.255.255
202.127.8.0/22
Signature Algorithm: sha256WithRSAEncryption
c5:2a:20:3f:07:df:85:34:b8:c1:d7:fd:0c:24:9d:0e:e4:8c:
ec:cf:cc:c8:18:f2:f8:99:e3:b2:42:01:01:51:52:61:9e:8c:
67:b0:64:1e:30:3b:6c:0d:ee:fb:9c:ed:c0:e9:98:fe:3a:56:
e2:6a:bc:f4:bd:38:88:dd:07:1a:30:83:cb:48:0b:b5:16:10:
68:29:04:9d:ef:1e:1e:79:70:10:af:b1:c3:f9:8e:94:9c:04:
56:81:d8:7d:44:94:c7:c0:30:81:c4:ad:58:9c:c3:9d:e4:86:
1e:e7:57:d4:4f:e3:a6:13:ad:eb:da:59:aa:49:35:73:5b:a5:
90:81:32:97:88:d0:fb:28:cb:98:5e:70:ee:5f:f3:db:25:b2:
7d:bf:07:73:b7:da:8e:c6:66:93:49:0d:8f:5e:ce:1a:6f:31:
1c:88:fd:a1:60:18:e8:f1:33:71:52:83:d8:f0:3b:40:d8:11:
09:fe:f7:2b:4a:fa:53:d6:43:1d:c0:a7:2c:10:cc:6c:25:e1:
3b:21:e5:f4:29:08:74:04:c8:f7:34:58:c9:c5:bf:d1:0a:88:
da:c0:29:74:ee:bd:40:fb:e2:47:f5:f0:ca:4f:32:01:6d:75:
35:d1:44:25:6e:31:20:97:5f:10:92:bf:2d:bf:13:7c:07:e7:
15:45:cc:11
-----BEGIN CERTIFICATE-----
MIIGOTCCBSGgAwIBAgICB0owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjUwMjI0MjM0OTM2WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2JkMDU5MC00MmNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2p0aBpfvRcbWOysK7DVuPx2fymU+SZYET4IrePXb9aI6JtaDVr/WT0cqOA3G
Rz7S29fQf9o6oEmz3m5qctMDNXKZrvMLVvdIPzRCPFEDlIgFIodnvwsGDdeDyEpE
MTb7d3Pg0y2n1ftjLmxC8OQMn5mdrsSMP5TjGYZOxp6w9l7qsoNJixA+Uef+Qqyq
XbdF4iG7SKkxeHv4qf6HAuQRr61YJ9PYgcgSLMbCK0mzcub6ifMtKQ7z9YFPcecu
N54GgXZy5FiEve9m9ReiAfAacjgJ3//NdjIyWdoU5kKxVLr1JlaRMf++vmxnsNpM
Ur2A0EbggcH4B5vPT16DCDSwEQIDAQABo4IDXTCCA1kwHQYDVR0OBBYEFIFFyE+B
al1cFLMgnR9jS/1sT8B6MB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvM0MzMDgxNUNB
QkI2MTFFRDgzNzBBQjVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgeYGCCsGAQUFBwEHAQH/
BIHWMIHTMIHQBAIAATCByTAMAwQAPOoHAwQAPOoIMAwDBAE86goDBAQ86gAwDAME
ADzqHwMEATzqIDAMAwQAPOonAwQBPOooAwQAPOouMAwDBAE86jIDBAE86jQDBAA8
6j8DBAA86kQDBAA86kgDBAA86kswDAMEATzqUgMEADzqYAMEATzqYjAMAwQCPOps
AwQDPOpwMAwDBAI86nwDBAA86rADBAA86rIwDAMEADzqtQMEAzzqwDAMAwQAPOrJ
AwQAPOrMMAsDBAE86s4DAwA86gMEAsp/CDANBgkqhkiG9w0BAQsFAAOCAQEAxSog
PwffhTS4wdf9DCSdDuSM7M/MyBjy+JnjskIBAVFSYZ6MZ7BkHjA7bA3u+5ztwOmY
/jpW4mq89L04iN0HGjCDy0gLtRYQaCkEne8eHnlwEK+xw/mOlJwEVoHYfUSUx8Aw
gcStWJzDneSGHudX1E/jphOt69pZqkk1c1ulkIEyl4jQ+yjLmF5w7l/z2yWyfb8H
c7fajsZmk0kNj17OGm8xHIj9oWAY6PEzcVKD2PA7QNgRCf73K0r6U9ZDHcCnLBDM
bCXhOyHl9CkIdATI9zRYycW/0QqI2sApdO69QPviR/Xwyk8yAW11NdFEJW4xIJdf
EJK/Lb8TfAfnFUXMEQ==
-----END CERTIFICATE-----
Generated at Sun Apr 6 02:45:04 2025 by rpki-client