Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/991EB004BE8511EE960E5082C4F9AE02.roa
File: 991EB004BE8511EE960E5082C4F9AE02.roa (raw, json)
Hash identifier: t3uXAAC7DVCjGuatTrRz2OAtGNPalTSBDR1N9KBgHdA=
Subject key identifier: CF:2B:C9:ED:93:07:B0:80:F1:23:35:76:13:9D:B8:70:E4:66:34:D5
Certificate issuer: /CN=A91A395C/serialNumber=0D8B71D86B5E202933BCB02A5B6D74092A52A17C
Certificate serial: 345D
Authority key identifier: 0D:8B:71:D8:6B:5E:20:29:33:BC:B0:2A:5B:6D:74:09:2A:52:A1:7C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DYtx2GteICkzvLAqW210CSpSoXw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/991EB004BE8511EE960E5082C4F9AE02.roa
Signing time: Fri 25 Oct 2024 07:58:25 +0000
ROA not before: Fri 25 Oct 2024 07:58:25 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 9304
IP address blocks: 103.247.231.0/24 maxlen: 24
112.137.16.0/24 maxlen: 24
112.137.21.0/24 maxlen: 24
114.134.80.0/21 maxlen: 22
114.134.80.0/22 maxlen: 24
114.134.84.0/23 maxlen: 23
114.134.84.0/24 maxlen: 24
114.134.86.0/24 maxlen: 24
175.100.192.0/20 maxlen: 20
175.100.192.0/24 maxlen: 24
175.100.193.0/24 maxlen: 24
175.100.194.0/24 maxlen: 24
175.100.195.0/24 maxlen: 24
175.100.196.0/24 maxlen: 24
175.100.197.0/24 maxlen: 24
175.100.198.0/24 maxlen: 24
175.100.199.0/24 maxlen: 24
175.100.200.0/24 maxlen: 24
175.100.206.0/24 maxlen: 24
2403:5000::/32 maxlen: 32
2403:5000:165::/48 maxlen: 48
2403:5000:171::/48 maxlen: 48
2403:5000:182::/48 maxlen: 48
2403:5000:183::/48 maxlen: 48
2403:5000:184::/48 maxlen: 48
2403:5000:185::/48 maxlen: 48
2403:5000:188::/48 maxlen: 48
2403:5000:299::/48 maxlen: 48
2403:5000:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/DYtx2GteICkzvLAqW210CSpSoXw.crl
rsync://rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/DYtx2GteICkzvLAqW210CSpSoXw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DYtx2GteICkzvLAqW210CSpSoXw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 14:52:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13405 (0x345d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A395C/serialNumber=0D8B71D86B5E202933BCB02A5B6D74092A52A17C
Validity
Not Before: Oct 25 07:58:25 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=671b4fa0-7673
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bf:76:18:cb:2c:91:9a:6f:d4:03:63:b3:76:
be:2f:d1:02:4c:74:42:c3:bb:4a:dd:ad:6e:92:62:
85:3e:ed:5d:9f:d4:ec:0b:c9:f9:45:60:7f:0f:15:
e2:04:44:13:cb:cb:c0:83:99:01:9b:1c:51:d9:1a:
e2:83:da:a9:ae:2b:92:a9:43:1b:98:88:27:62:57:
6d:bd:aa:28:4b:7b:cc:34:e0:b5:29:0b:d5:2a:2f:
40:5f:d7:33:30:25:d4:a1:80:2a:b8:79:00:54:74:
eb:b2:bd:5d:35:3e:3c:93:a4:98:37:50:bc:c2:97:
5c:9f:63:25:26:44:7f:3e:f6:4f:6a:76:62:3d:5d:
70:5b:7f:67:85:f8:65:dd:20:4b:db:14:06:f2:92:
95:cb:bf:4a:33:16:b7:4c:08:d5:33:b8:e6:50:b8:
70:02:13:d7:5e:4e:59:6e:e7:17:cf:69:de:ed:53:
f7:33:7e:27:8c:8c:22:de:2f:e8:4c:8a:81:d6:9d:
a1:84:e6:40:9e:b6:d3:b4:b7:15:bd:e8:a3:1a:65:
73:1e:85:d0:a9:fa:7c:19:33:dd:8f:22:4b:df:f7:
a1:96:ec:e6:ca:26:b9:b7:42:dd:76:b8:09:f7:e8:
c3:e7:0e:9f:28:32:ce:59:03:32:f2:dd:2e:9f:70:
51:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:2B:C9:ED:93:07:B0:80:F1:23:35:76:13:9D:B8:70:E4:66:34:D5
X509v3 Authority Key Identifier:
keyid:0D:8B:71:D8:6B:5E:20:29:33:BC:B0:2A:5B:6D:74:09:2A:52:A1:7C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/DYtx2GteICkzvLAqW210CSpSoXw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DYtx2GteICkzvLAqW210CSpSoXw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A395C/BB3417C01D9611E2B8BB827F08B02CD2/991EB004BE8511EE960E5082C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.247.231.0/24
112.137.16.0/24
112.137.21.0/24
114.134.80.0/21
175.100.192.0/20
IPv6:
2403:5000::/32
Signature Algorithm: sha256WithRSAEncryption
94:47:0f:b8:8c:29:e5:ec:8b:93:fc:80:a4:11:55:9c:24:04:
1a:fe:4b:3c:5b:86:77:b1:54:2b:4a:b2:f9:ab:63:a3:d9:51:
5a:40:af:47:f3:f3:1b:88:27:3e:6a:a7:9e:c5:6e:e5:8d:18:
25:83:80:d2:9d:bf:99:f3:c5:1f:52:f9:52:a8:a4:59:46:b3:
ec:bb:56:6f:9f:19:41:59:7d:72:88:78:6b:60:56:af:03:31:
8d:7f:51:3e:45:f1:54:09:15:05:7b:27:98:e0:e7:9d:a8:e4:
a5:7b:90:d2:13:a7:52:ec:a9:2e:98:2e:38:bb:28:84:49:3d:
a9:02:71:eb:d1:46:62:87:25:ec:7c:aa:06:c8:40:63:f5:94:
7b:01:11:47:cf:52:d3:72:e0:91:f8:e5:75:c9:5c:a0:2c:56:
50:21:ad:69:ed:4a:4f:ec:ba:16:e2:98:2c:57:b9:c5:b3:81:
4c:71:af:ee:0b:f5:7a:bc:72:f0:ea:0e:7a:9d:78:50:42:e8:
bb:ef:06:9b:6a:f8:da:97:f2:37:4c:2f:be:34:9f:99:ec:76:
a2:a1:5a:8e:4e:cf:98:1f:6e:ca:4d:00:8d:bf:3c:c3:56:30:
b0:e9:52:ce:5b:39:75:69:78:24:c7:4f:3b:03:f8:e6:e7:f8:
ee:da:b2:31
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICNF0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTM5NUMxMTAvBgNVBAUTKDBEOEI3MUQ4NkI1RTIwMjkzM0JDQjAyQTVCNkQ3NDA5
MkE1MkExN0MwHhcNMjQxMDI1MDc1ODI1WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzFiNGZhMC03NjczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAur92GMsskZpv1ANjs3a+L9ECTHRCw7tK3a1ukmKFPu1dn9TsC8n5RWB/DxXi
BEQTy8vAg5kBmxxR2Rrig9qpriuSqUMbmIgnYldtvaooS3vMNOC1KQvVKi9AX9cz
MCXUoYAquHkAVHTrsr1dNT48k6SYN1C8wpdcn2MlJkR/PvZPanZiPV1wW39nhfhl
3SBL2xQG8pKVy79KMxa3TAjVM7jmULhwAhPXXk5ZbucXz2ne7VP3M34njIwi3i/o
TIqB1p2hhOZAnrbTtLcVveijGmVzHoXQqfp8GTPdjyJL3/ehluzmyia5t0LddrgJ
9+jD5w6fKDLOWQMy8t0un3BRHwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFM8rye2T
B7CA8SM1dhOduHDkZjTVMB8GA1UdIwQYMBaAFA2LcdhrXiApM7ywKlttdAkqUqF8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMzk1Qy9CQjM0MTdDMDFE
OTYxMUUyQjhCQjgyN0YwOEIwMkNEMi9EWXR4Mkd0ZUlDa3p2TEFxVzIxMENTcFNv
WHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0RZdHgyR3RlSUNrenZMQXFXMjEwQ1NwU29Ydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTM5NUMvQkIzNDE3QzAxRDk2MTFFMkI4QkI4MjdGMDhCMDJDRDIvOTkxRUIwMDRC
RTg1MTFFRTk2MEU1MDgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBABn9+cDBABwiRADBABwiRUDBANyhlADBASvZMAwDQQCAAIw
BwMFACQDUAAwDQYJKoZIhvcNAQELBQADggEBAJRHD7iMKeXsi5P8gKQRVZwkBBr+
SzxbhnexVCtKsvmrY6PZUVpAr0fz8xuIJz5qp57FbuWNGCWDgNKdv5nzxR9S+VKo
pFlGs+y7Vm+fGUFZfXKIeGtgVq8DMY1/UT5F8VQJFQV7J5jg552o5KV7kNITp1Ls
qS6YLji7KIRJPakCcevRRmKHJex8qgbIQGP1lHsBEUfPUtNy4JH45XXJXKAsVlAh
rWntSk/suhbimCxXucWzgUxxr+4L9Xq8cvDqDnqdeFBC6LvvBptq+NqX8jdML740
n5nsdqKhWo5Oz5gfbspNAI2/PMNWMLDpUs5bOXVpeCTHTzsD+Obn+O7asjE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:49:59 2024 by rpki-client on console-ams.rpki-client.org