Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/3BCBA04AE97211ECB2067F31C4F9AE02.roa
File: 3BCBA04AE97211ECB2067F31C4F9AE02.roa (raw, json)
Hash identifier: lM4dia6jyQDke+2hF0njFbgDGCkUb1QCZL3s1YprBco=
Subject key identifier: CA:87:30:C4:AA:FD:DA:74:02:D6:92:FD:C7:30:C2:6E:4F:7A:8E:C2
Certificate issuer: /CN=A91871C2/serialNumber=A9EABC2465116ED11D6C8CDAE2011237CF1F59DF
Certificate serial: 064C
Authority key identifier: A9:EA:BC:24:65:11:6E:D1:1D:6C:8C:DA:E2:01:12:37:CF:1F:59:DF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qeq8JGURbtEdbIza4gESN88fWd8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/3BCBA04AE97211ECB2067F31C4F9AE02.roa
Signing time: Fri 09 Feb 2024 11:10:57 +0000
ROA not before: Fri 09 Feb 2024 11:10:57 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 139009
IP address blocks: 14.1.100.0/24 maxlen: 24
14.1.101.0/24 maxlen: 24
14.1.102.0/23 maxlen: 23
14.1.102.0/24 maxlen: 24
14.1.103.0/24 maxlen: 24
103.161.168.0/23 maxlen: 24
202.173.120.0/22 maxlen: 22
202.173.120.0/23 maxlen: 23
202.173.120.0/24 maxlen: 24
202.173.121.0/24 maxlen: 24
202.173.122.0/23 maxlen: 23
202.173.122.0/24 maxlen: 24
202.173.123.0/24 maxlen: 24
2407:d40::/32 maxlen: 32
2407:d40::/36 maxlen: 36
2407:d40::/48 maxlen: 48
2407:d40:f::/48 maxlen: 48
2407:d40:100::/48 maxlen: 48
2407:d40:101::/48 maxlen: 48
2407:d40:102::/48 maxlen: 48
2407:d40:103::/48 maxlen: 48
2407:d40:106::/48 maxlen: 48
2407:d40:107::/48 maxlen: 48
2407:d40:108::/48 maxlen: 48
2407:d40:109::/48 maxlen: 48
2407:d40:122::/48 maxlen: 48
2407:d40:126::/48 maxlen: 48
2407:d40:140::/48 maxlen: 48
2407:d40:142::/48 maxlen: 48
2407:d40:201::/48 maxlen: 48
2407:d40:202::/48 maxlen: 48
2407:d40:203::/48 maxlen: 48
2407:d40:204::/48 maxlen: 48
2407:d40:205::/48 maxlen: 48
2407:d40:8000::/48 maxlen: 48
2407:d40:8007::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/qeq8JGURbtEdbIza4gESN88fWd8.crl
rsync://rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/qeq8JGURbtEdbIza4gESN88fWd8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qeq8JGURbtEdbIza4gESN88fWd8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 08 Jun 2024 00:42:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1612 (0x64c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91871C2/serialNumber=A9EABC2465116ED11D6C8CDAE2011237CF1F59DF
Validity
Not Before: Feb 9 11:10:57 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=65c60841-4b96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:f9:7e:ef:f8:fb:a1:f3:b4:ff:0e:69:b5:07:
b4:f4:c3:b1:a7:61:98:04:3a:da:a5:5f:55:fe:28:
32:fd:50:62:bb:cb:dd:f8:b5:e2:fa:a7:7c:e9:ec:
38:3b:a7:6d:51:d1:d2:a8:c9:9a:82:79:3b:d7:bb:
07:8b:cf:b9:a9:b2:f7:3e:53:cc:b0:11:f6:78:22:
a8:da:3c:29:1b:cb:4a:6b:cb:de:39:21:26:1e:c9:
81:4a:1a:12:2c:5a:68:52:7a:c9:0c:6b:f4:08:00:
46:f9:9a:53:22:b3:79:4f:29:2a:c7:3a:e0:9b:2e:
cf:61:a9:57:05:84:04:16:2b:0b:09:5a:a3:b1:31:
97:84:34:e6:b7:1b:af:49:91:ae:95:ed:bd:a3:62:
aa:f7:85:e3:d1:02:c3:db:5b:9e:0c:7a:b6:34:22:
05:d4:1c:7d:77:35:82:6a:d0:89:b3:0c:77:45:79:
ac:04:dd:38:30:21:f3:65:e7:54:75:9c:58:73:1b:
ef:44:66:cf:da:35:bc:1b:3a:d8:df:55:7b:9d:be:
c4:b2:94:ce:ee:ec:0f:47:c0:b3:4a:07:b0:5b:d6:
07:45:64:b4:b4:0f:e7:94:ab:ef:a2:15:20:20:ca:
22:61:c5:3c:e2:85:91:d4:aa:04:94:a1:fb:d5:48:
89:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:87:30:C4:AA:FD:DA:74:02:D6:92:FD:C7:30:C2:6E:4F:7A:8E:C2
X509v3 Authority Key Identifier:
keyid:A9:EA:BC:24:65:11:6E:D1:1D:6C:8C:DA:E2:01:12:37:CF:1F:59:DF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/qeq8JGURbtEdbIza4gESN88fWd8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qeq8JGURbtEdbIza4gESN88fWd8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91871C2/DE61666855A911EB99AFDA5DC4F9AE02/3BCBA04AE97211ECB2067F31C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.1.100.0/22
103.161.168.0/23
202.173.120.0/22
IPv6:
2407:d40::/32
Signature Algorithm: sha256WithRSAEncryption
0e:25:30:e3:49:9f:ce:31:27:c1:88:bf:7d:24:4a:2b:9a:c5:
d3:eb:0b:a5:8e:c3:e1:ac:bb:39:d4:ee:9e:85:b2:43:1d:17:
6e:1e:a8:6e:32:55:7a:95:7d:6c:84:c5:9f:96:ea:95:d4:f8:
1b:36:f7:7d:84:3a:ab:39:dd:64:6e:a2:37:ad:74:29:56:74:
1e:84:0d:5b:c6:68:57:72:38:19:6b:ca:e1:29:f8:40:ef:01:
52:23:a2:a0:e8:d1:f0:7c:08:b9:22:85:1c:07:1a:e1:00:63:
be:74:5d:19:57:39:e1:34:35:71:0f:db:ca:0f:f5:38:a9:fd:
d6:3e:73:a7:e5:b0:a4:95:f2:56:c9:92:d5:78:c1:b4:cf:7e:
0e:56:94:e8:ce:79:d2:15:90:b5:1e:d9:61:19:1c:ad:75:18:
7c:30:7f:a5:46:8f:c6:54:e8:1f:a8:b9:20:8b:72:28:00:41:
6b:2a:d2:96:2f:a5:dc:99:ab:a1:30:93:87:49:48:57:a2:d6:
c6:9e:0c:a3:bc:be:72:a0:83:75:92:11:16:b7:67:c6:8b:fb:
aa:dd:97:da:11:5e:bf:8c:a6:3c:e5:48:44:96:8d:8f:b7:aa:
dd:63:3a:54:cc:14:c9:b8:52:61:69:9e:1e:b6:69:3e:c4:65:
2c:e8:fa:c1
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICBkwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODcxQzIxMTAvBgNVBAUTKEE5RUFCQzI0NjUxMTZFRDExRDZDOENEQUUyMDExMjM3
Q0YxRjU5REYwHhcNMjQwMjA5MTExMDU3WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWM2MDg0MS00Yjk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz/l+7/j7ofO0/w5ptQe09MOxp2GYBDrapV9V/igy/VBiu8vd+LXi+qd86ew4
O6dtUdHSqMmagnk717sHi8+5qbL3PlPMsBH2eCKo2jwpG8tKa8veOSEmHsmBShoS
LFpoUnrJDGv0CABG+ZpTIrN5Tykqxzrgmy7PYalXBYQEFisLCVqjsTGXhDTmtxuv
SZGule29o2Kq94Xj0QLD21ueDHq2NCIF1Bx9dzWCatCJswx3RXmsBN04MCHzZedU
dZxYcxvvRGbP2jW8GzrY31V7nb7EspTO7uwPR8CzSgewW9YHRWS0tA/nlKvvohUg
IMoiYcU84oWR1KoElKH71UiJ0QIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFMqHMMSq
/dp0AtaS/ccwwm5Peo7CMB8GA1UdIwQYMBaAFKnqvCRlEW7RHWyM2uIBEjfPH1nf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NzFDMi9ERTYxNjY2ODU1
QTkxMUVCOTlBRkRBNURDNEY5QUUwMi9xZXE4SkdVUmJ0RWRiSXphNGdFU044OGZX
ZDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FlcThKR1VSYnRFZGJJemE0Z0VTTjg4ZldkOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODcxQzIvREU2MTY2Njg1NUE5MTFFQjk5QUZEQTVEQzRGOUFFMDIvM0JDQkEwNEFF
OTcyMTFFQ0IyMDY3RjMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIOAWQDBAFnoagDBALKrXgwDQQCAAIwBwMFACQHDUAwDQYJ
KoZIhvcNAQELBQADggEBAA4lMONJn84xJ8GIv30kSiuaxdPrC6WOw+GsuznU7p6F
skMdF24eqG4yVXqVfWyExZ+W6pXU+Bs2932EOqs53WRuojetdClWdB6EDVvGaFdy
OBlryuEp+EDvAVIjoqDo0fB8CLkihRwHGuEAY750XRlXOeE0NXEP28oP9Tip/dY+
c6flsKSV8lbJktV4wbTPfg5WlOjOedIVkLUe2WEZHK11GHwwf6VGj8ZU6B+ouSCL
cigAQWsq0pYvpdyZq6Ewk4dJSFei1saeDKO8vnKgg3WSERa3Z8aL+6rdl9oRXr+M
pjzlSESWjY+3qt1jOlTMFMm4UmFpnh62aT7EZSzo+sE=
-----END CERTIFICATE-----
Generated at Sat Jun 1 02:01:16 2024 by rpki-client on console-ams.rpki-client.org