Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
File: AB20F8C0DD3311EF8B8A711FC4F9AE02.roa (raw, json)
Hash identifier: 1n8TN0elhXHHBL8i9K1T+oGXrUVuH0sd4JxY2m2xOlU=
Subject key identifier: 83:08:81:18:0B:AB:7F:93:AB:50:DA:32:A9:BB:D2:D1:58:AF:D5:11
Certificate issuer: /CN=A9148C7B/serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Certificate serial: 083E
Authority key identifier: 7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
Signing time: Tue 28 Jan 2025 04:52:25 +0000
ROA not before: Tue 28 Jan 2025 04:52:25 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 38742
IP address blocks: 23.88.194.0/24 maxlen: 24
23.88.195.0/24 maxlen: 24
23.88.196.0/24 maxlen: 24
23.88.197.0/24 maxlen: 24
23.88.198.0/24 maxlen: 24
23.88.199.0/24 maxlen: 24
23.88.200.0/24 maxlen: 24
23.88.201.0/24 maxlen: 24
23.88.202.0/24 maxlen: 24
23.88.203.0/24 maxlen: 24
23.88.204.0/24 maxlen: 24
23.88.205.0/24 maxlen: 24
23.88.206.0/24 maxlen: 24
23.88.207.0/24 maxlen: 24
23.88.208.0/24 maxlen: 24
23.88.209.0/24 maxlen: 24
23.88.210.0/24 maxlen: 24
23.88.211.0/24 maxlen: 24
23.88.212.0/22 maxlen: 22
23.88.212.0/24 maxlen: 24
23.88.213.0/24 maxlen: 24
23.88.214.0/24 maxlen: 24
23.88.215.0/24 maxlen: 24
23.88.216.0/22 maxlen: 22
23.88.216.0/24 maxlen: 24
23.88.217.0/24 maxlen: 24
23.88.218.0/24 maxlen: 24
23.88.219.0/24 maxlen: 24
23.88.220.0/22 maxlen: 22
23.88.220.0/24 maxlen: 24
23.88.221.0/24 maxlen: 24
152.36.194.0/24 maxlen: 24
152.36.195.0/24 maxlen: 24
152.36.200.0/24 maxlen: 24
152.36.202.0/24 maxlen: 24
152.36.206.0/24 maxlen: 24
152.36.207.0/24 maxlen: 24
152.36.209.0/24 maxlen: 24
152.36.210.0/24 maxlen: 24
152.36.216.0/24 maxlen: 24
152.36.217.0/24 maxlen: 24
152.36.218.0/24 maxlen: 24
152.36.219.0/24 maxlen: 24
152.36.220.0/24 maxlen: 24
152.36.221.0/24 maxlen: 24
152.36.222.0/24 maxlen: 24
152.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 27 Apr 2025 14:45:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2110 (0x83e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Validity
Not Before: Jan 28 04:52:25 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67986289-ca96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:46:9b:b9:92:1b:75:3a:a2:c8:3b:2c:00:99:
4d:aa:a2:08:0d:ff:a2:30:ba:8e:d7:02:dc:ae:f7:
04:59:b3:db:4c:79:76:97:8d:1b:96:25:27:dc:e2:
91:bd:41:71:03:94:72:7e:c5:89:a0:bd:f1:70:80:
ea:94:1c:55:84:c9:66:52:a3:4f:fa:9a:fc:2a:78:
ee:ef:64:0f:e3:b5:61:af:0f:af:3c:ce:a5:4e:83:
32:a2:d1:30:7b:46:77:a9:ae:9f:c6:27:90:e9:25:
e6:93:5b:93:0f:18:16:db:12:e1:16:d4:64:d6:2d:
88:33:71:b7:0d:c9:c1:32:89:8d:12:b7:75:8c:dc:
d0:39:b9:3a:fa:fe:ae:eb:01:ee:a9:30:c2:18:5b:
25:4f:50:c4:89:fe:20:8f:60:fe:84:aa:8d:6b:86:
23:d7:ed:ea:b3:fa:c8:fc:0a:7b:37:5e:f9:fb:1d:
63:a4:09:47:5f:f9:94:44:43:22:93:96:b1:e8:19:
51:77:ad:24:6c:01:94:dd:7d:13:f9:8f:89:16:05:
53:99:e1:a8:01:c3:b9:ab:b1:4c:b8:2a:47:3b:d4:
a2:aa:f5:c8:c5:e4:f2:39:ec:0a:cb:5b:80:ca:67:
54:c0:b3:19:e2:db:f6:5d:5c:e4:9e:3b:b6:26:83:
15:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:08:81:18:0B:AB:7F:93:AB:50:DA:32:A9:BB:D2:D1:58:AF:D5:11
X509v3 Authority Key Identifier:
keyid:7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
23.88.194.0-23.88.223.255
152.36.194.0/23
152.36.200.0/24
152.36.202.0/24
152.36.206.0/23
152.36.209.0-152.36.210.255
152.36.216.0/21
Signature Algorithm: sha256WithRSAEncryption
40:bf:87:a6:48:9b:a7:9f:a4:9c:44:0d:90:bd:35:7f:72:dc:
29:b2:12:b6:cd:15:1f:47:f1:6d:f2:43:2c:c5:45:96:7c:d9:
93:00:c8:07:2b:f1:f6:23:21:30:7b:76:15:45:69:33:1f:d8:
9f:65:10:84:08:f1:67:74:f8:2a:5f:bf:76:09:71:48:30:5e:
14:9c:37:c6:71:df:69:4a:c3:31:3d:10:49:59:f9:36:be:6d:
23:11:e5:e6:4d:e0:01:8a:e1:a5:86:cf:48:54:6d:2a:34:e8:
a9:b6:73:d0:ff:d9:24:1f:63:8b:ce:f9:aa:f8:1c:01:d2:2c:
46:cf:3c:e6:a9:e1:6d:b8:ea:18:aa:e2:1d:f1:34:b5:05:82:
7f:48:ef:82:eb:03:be:64:4e:0a:05:9c:cf:ff:b5:89:6c:ad:
6d:ae:4e:2f:9f:4e:6a:ed:97:87:6a:a2:15:94:b7:7e:aa:11:
70:d0:8b:08:4d:63:2d:c5:d2:94:70:73:47:84:fe:2b:da:af:
c7:52:3b:35:1b:75:9b:ee:ca:5c:da:bc:9b:9d:c8:bd:ce:d4:
53:bd:64:a2:c7:6d:03:55:2e:7f:55:b3:88:cd:cc:24:46:cc:
c1:7c:df:70:37:a9:ff:bf:3d:6a:a4:55:4e:db:e4:d7:d0:ed:
bf:d6:ed:0c
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgICCD4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDdGNzk2NjVFNjNCRjNDRDU2REMyNEEwQTcwRDU3RjlB
OTQyREQxQjgwHhcNMjUwMTI4MDQ1MjI1WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzk4NjI4OS1jYTk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2EabuZIbdTqiyDssAJlNqqIIDf+iMLqO1wLcrvcEWbPbTHl2l40bliUn3OKR
vUFxA5RyfsWJoL3xcIDqlBxVhMlmUqNP+pr8Knju72QP47Vhrw+vPM6lToMyotEw
e0Z3qa6fxieQ6SXmk1uTDxgW2xLhFtRk1i2IM3G3DcnBMomNErd1jNzQObk6+v6u
6wHuqTDCGFslT1DEif4gj2D+hKqNa4Yj1+3qs/rI/Ap7N175+x1jpAlHX/mUREMi
k5ax6BlRd60kbAGU3X0T+Y+JFgVTmeGoAcO5q7FMuCpHO9SiqvXIxeTyOewKy1uA
ymdUwLMZ4tv2XVzknju2JoMVbQIDAQABo4ICyTCCAsUwHQYDVR0OBBYEFIMIgRgL
q3+Tq1DaMqm70tFYr9URMB8GA1UdIwQYMBaAFH95Zl5jvzzVbcJKCnDVf5qULdG4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi81QkZDRkY4Q0Q2
MzAxMUVBOTQwREEwMzlDNEY5QUUwMi9mM2xtWG1PX1BOVnR3a29LY05WX21wUXQw
YmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2YzbG1YbU9fUE5WdHdrb0tjTlZfbXBRdDBiZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNUJGQ0ZGOENENjMwMTFFQTk0MERBMDM5QzRGOUFFMDIvQUIyMEY4QzBE
RDMzMTFFRjhCOEE3MTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUwYIKwYBBQUHAQcBAf8E
RDBCMEAEAgABMDowDAMEARdYwgMEBRdYwAMEAZgkwgMEAJgkyAMEAJgkygMEAZgk
zjAMAwQAmCTRAwQAmCTSAwQDmCTYMA0GCSqGSIb3DQEBCwUAA4IBAQBAv4emSJun
n6ScRA2QvTV/ctwpshK2zRUfR/Ft8kMsxUWWfNmTAMgHK/H2IyEwe3YVRWkzH9if
ZRCECPFndPgqX792CXFIMF4UnDfGcd9pSsMxPRBJWfk2vm0jEeXmTeABiuGlhs9I
VG0qNOiptnPQ/9kkH2OLzvmq+BwB0ixGzzzmqeFtuOoYquId8TS1BYJ/SO+C6wO+
ZE4KBZzP/7WJbK1trk4vn05q7ZeHaqIVlLd+qhFw0IsITWMtxdKUcHNHhP4r2q/H
Ujs1G3Wb7spc2rybnci9ztRTvWSix20DVS5/VbOIzcwkRszBfN9wN6n/vz1qpFVO
2+TX0O2/1u0M
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:28:58 2025 by rpki-client