Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/7EFB8A6E885311E6BDE50A80C4F9AE02.roa
File: 7EFB8A6E885311E6BDE50A80C4F9AE02.roa (raw, json)
Hash identifier: WKYh+NxnsT3X7rLjv5qUGFM6/m1tIHkeIZefmgprnPs=
Subject key identifier: 72:9B:08:4D:C1:EC:54:23:31:6E:A9:AE:30:CC:8D:6C:96:17:0E:62
Certificate issuer: /CN=A915AE5F/serialNumber=AFE727E4209DCDF82762574B5E33C8083787A18F
Certificate serial: 1E47
Authority key identifier: AF:E7:27:E4:20:9D:CD:F8:27:62:57:4B:5E:33:C8:08:37:87:A1:8F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-cn5CCdzfgnYldLXjPICDeHoY8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/7EFB8A6E885311E6BDE50A80C4F9AE02.roa
Signing time: Thu 28 Nov 2024 16:33:35 +0000
ROA not before: Thu 28 Nov 2024 16:33:35 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 24392
IP address blocks: 202.179.64.0/19 maxlen: 19
202.179.64.0/24 maxlen: 24
202.179.65.0/24 maxlen: 24
202.179.66.0/24 maxlen: 24
202.179.67.0/24 maxlen: 24
202.179.68.0/24 maxlen: 24
202.179.69.0/24 maxlen: 24
202.179.70.0/24 maxlen: 24
202.179.71.0/24 maxlen: 24
202.179.72.0/24 maxlen: 24
202.179.73.0/24 maxlen: 24
202.179.74.0/24 maxlen: 24
202.179.75.0/24 maxlen: 24
202.179.76.0/24 maxlen: 24
202.179.77.0/24 maxlen: 24
202.179.78.0/24 maxlen: 24
202.179.79.0/24 maxlen: 24
202.179.80.0/24 maxlen: 24
202.179.81.0/24 maxlen: 24
202.179.82.0/24 maxlen: 24
202.179.83.0/24 maxlen: 24
202.179.84.0/24 maxlen: 24
202.179.85.0/24 maxlen: 24
202.179.86.0/24 maxlen: 24
202.179.87.0/24 maxlen: 24
202.179.88.0/24 maxlen: 24
202.179.89.0/24 maxlen: 24
202.179.90.0/24 maxlen: 24
202.179.91.0/24 maxlen: 24
202.179.92.0/24 maxlen: 24
202.179.93.0/24 maxlen: 24
202.179.94.0/24 maxlen: 24
202.179.95.0/24 maxlen: 24
2407:5c00:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/r-cn5CCdzfgnYldLXjPICDeHoY8.crl
rsync://rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/r-cn5CCdzfgnYldLXjPICDeHoY8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-cn5CCdzfgnYldLXjPICDeHoY8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 16:08:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7751 (0x1e47)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915AE5F
Validity
Not Before: Nov 28 16:33:35 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=67489b5f-fbc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:78:72:90:28:bc:30:b0:b3:61:87:fa:20:7d:
60:1b:c7:b8:90:25:b0:61:37:10:79:f4:d8:e2:39:
05:1d:22:02:4f:1a:83:df:97:63:92:9c:a3:11:d3:
98:ba:94:5f:7b:3f:f6:0c:b5:9b:13:c5:7f:80:19:
2a:47:05:2e:a3:f2:e0:2c:17:7d:e3:45:f6:c9:81:
0a:6b:30:22:98:0e:1a:b9:73:21:2f:c6:53:d8:34:
f0:cf:41:8b:ad:32:2d:41:06:18:d8:f5:f8:6e:9d:
b9:fc:56:1e:5c:2c:fd:8d:e2:62:c7:ab:e0:f5:cf:
94:bc:d2:42:fb:7d:69:6c:ba:09:1e:5f:31:cc:7a:
11:60:46:6c:80:65:5f:2b:7d:a5:32:75:aa:cb:06:
05:9e:ae:d2:2c:be:cf:02:21:e3:b0:85:44:41:1c:
25:84:40:23:1e:08:c7:ee:ab:c8:d8:ce:9f:b6:aa:
0b:fd:7e:18:b7:c8:9f:93:f3:da:f0:ac:0f:66:d8:
c4:ec:92:58:6f:b6:22:54:5d:08:63:1f:f0:a3:19:
8f:c8:9d:1e:8c:ae:f7:5b:33:f6:9d:42:92:ba:cf:
1e:76:78:73:1b:93:d6:a1:27:00:fe:f9:52:d8:bb:
67:88:db:0d:d4:fc:b3:ec:be:56:ab:57:b1:2f:52:
23:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:9B:08:4D:C1:EC:54:23:31:6E:A9:AE:30:CC:8D:6C:96:17:0E:62
X509v3 Authority Key Identifier:
keyid:AF:E7:27:E4:20:9D:CD:F8:27:62:57:4B:5E:33:C8:08:37:87:A1:8F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/r-cn5CCdzfgnYldLXjPICDeHoY8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-cn5CCdzfgnYldLXjPICDeHoY8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915AE5F/8B79B678885111E6A692DE78C4F9AE02/7EFB8A6E885311E6BDE50A80C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.179.64.0/19
IPv6:
2407:5c00:1::/48
Signature Algorithm: sha256WithRSAEncryption
d4:33:15:af:53:57:6d:38:9e:3b:4b:32:d2:6c:d5:d3:2c:a8:
69:d1:87:17:f5:42:89:f9:9f:b5:c7:f9:5e:b3:71:e0:8a:bc:
a8:15:c4:21:8c:ad:45:cd:69:f6:a8:c1:f3:23:59:2f:49:e9:
05:1a:59:81:67:75:50:a6:6f:de:db:19:8b:e5:65:f2:14:95:
51:28:46:f8:df:d7:55:70:e5:fb:44:4c:a0:ee:6b:66:bc:54:
e6:9f:b1:33:55:6c:d0:a3:ca:e2:59:f3:4b:19:0b:97:cc:bb:
1a:a7:71:70:93:2d:d6:66:41:2a:09:b7:50:f4:65:62:72:7a:
b9:29:9b:8c:f2:7a:a4:96:b0:41:3f:f1:92:1b:fc:c5:b3:c8:
a8:45:a4:42:40:4e:09:1e:27:10:aa:d6:6c:15:e8:ed:63:7a:
17:da:fb:6e:ff:24:74:d8:68:ed:cd:fc:72:5c:ce:d2:17:69:
6b:52:72:9b:29:78:b8:f8:2d:fc:5b:f2:14:76:57:78:18:49:
46:b2:4a:21:ee:99:24:2c:62:04:d5:45:a0:05:21:4d:ea:9c:
42:32:27:d1:63:9c:46:13:4b:b5:ec:1d:b1:b0:3d:22:be:bc:
51:3f:15:08:77:7c:55:7f:5f:5b:1c:91:7c:f0:6c:a9:ab:f0:
c1:d0:c0:7a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICHkcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUFFNUYxMTAvBgNVBAUTKEFGRTcyN0U0MjA5RENERjgyNzYyNTc0QjVFMzNDODA4
Mzc4N0ExOEYwHhcNMjQxMTI4MTYzMzM1WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ4OWI1Zi1mYmMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzHhykCi8MLCzYYf6IH1gG8e4kCWwYTcQefTY4jkFHSICTxqD35djkpyjEdOY
upRfez/2DLWbE8V/gBkqRwUuo/LgLBd940X2yYEKazAimA4auXMhL8ZT2DTwz0GL
rTItQQYY2PX4bp25/FYeXCz9jeJix6vg9c+UvNJC+31pbLoJHl8xzHoRYEZsgGVf
K32lMnWqywYFnq7SLL7PAiHjsIVEQRwlhEAjHgjH7qvI2M6ftqoL/X4Yt8ifk/Pa
8KwPZtjE7JJYb7YiVF0IYx/woxmPyJ0ejK73WzP2nUKSus8ednhzG5PWoScA/vlS
2LtniNsN1Pyz7L5Wq1exL1IjSwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHKbCE3B
7FQjMW6prjDMjWyWFw5iMB8GA1UdIwQYMBaAFK/nJ+Qgnc34J2JXS14zyAg3h6GP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QUU1Ri84Qjc5QjY3ODg4
NTExMUU2QTY5MkRFNzhDNEY5QUUwMi9yLWNuNUNDZHpmZ25ZbGRMWGpQSUNEZUhv
WTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ItY241Q0NkemZnbllsZExYalBJQ0RlSG9ZOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUFFNUYvOEI3OUI2Nzg4ODUxMTFFNkE2OTJERTc4QzRGOUFFMDIvN0VGQjhBNkU4
ODUzMTFFNkJERTUwQTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAXKs0AwDwQCAAIwCQMHACQHXAAAATANBgkqhkiG9w0BAQsF
AAOCAQEA1DMVr1NXbTieO0sy0mzV0yyoadGHF/VCifmftcf5XrNx4Iq8qBXEIYyt
Rc1p9qjB8yNZL0npBRpZgWd1UKZv3tsZi+Vl8hSVUShG+N/XVXDl+0RMoO5rZrxU
5p+xM1Vs0KPK4lnzSxkLl8y7GqdxcJMt1mZBKgm3UPRlYnJ6uSmbjPJ6pJawQT/x
khv8xbPIqEWkQkBOCR4nEKrWbBXo7WN6F9r7bv8kdNho7c38clzO0hdpa1Jymyl4
uPgt/FvyFHZXeBhJRrJKIe6ZJCxiBNVFoAUhTeqcQjIn0WOcRhNLtewdsbA9Ir68
UT8VCHd8VX9fWxyRfPBsqavwwdDAeg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 20:00:57 2025 by rpki-client