Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
File: D17A895C0C5D11EAB1A29D67C4F9AE02.roa (raw, json)
Hash identifier: HVgZmtfltM8VF/B+QLrkDDUXuHb5uOskHzhCGcAh7b4=
Subject key identifier: 50:E8:41:94:D0:BD:69:FE:CD:32:7B:5E:6B:B6:6E:AE:12:DE:36:20
Certificate issuer: /CN=A91A4C60/serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Certificate serial: 0D11
Authority key identifier: 9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
Signing time: Fri 24 Nov 2023 17:31:05 +0000
ROA not before: Fri 24 Nov 2023 17:31:05 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 139782
IP address blocks: 2405:84c0::/48 maxlen: 48
2405:84c0:2000::/36 maxlen: 40
2405:84c0:9c00::/40 maxlen: 40
2405:84c0:ff30::/44 maxlen: 44
2405:84c0:ff30::/48 maxlen: 48
2405:84c0:ff31::/48 maxlen: 48
2405:84c0:ff32::/48 maxlen: 48
2405:84c0:ff33::/48 maxlen: 48
2405:84c0:ff34::/48 maxlen: 48
2405:84c0:ff35::/48 maxlen: 48
2405:84c0:ff36::/48 maxlen: 48
2405:84c0:ff37::/48 maxlen: 48
2405:84c0:ff38::/48 maxlen: 48
2405:84c0:ff39::/48 maxlen: 48
2405:84c0:ff3a::/48 maxlen: 48
2405:84c0:ff3b::/48 maxlen: 48
2405:84c0:ff3c::/48 maxlen: 48
2405:84c0:ff3d::/48 maxlen: 48
2405:84c0:ff3e::/48 maxlen: 48
2405:84c0:ff3f::/48 maxlen: 48
2405:84c0:ff50::/44 maxlen: 48
2405:84c0:ff60::/44 maxlen: 44
2405:84c0:fff0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 13 Jun 2024 19:13:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3345 (0xd11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4C60/serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Validity
Not Before: Nov 24 17:31:05 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=6560ddd8-b614
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:26:d6:88:9e:88:db:85:35:76:d5:de:c9:aa:
c2:6c:89:54:2f:6d:2f:5d:8f:7d:37:9d:86:cd:c0:
f2:59:d0:4d:e8:ad:eb:c0:80:f7:5d:a9:38:34:ad:
42:4e:db:e1:59:50:5d:a4:59:2b:8c:5f:ed:15:84:
b7:6a:ce:24:d8:93:05:33:e0:59:f3:39:7c:92:40:
6e:e0:8e:3a:71:7c:87:06:56:dd:3b:96:6f:4c:91:
c5:6a:a5:84:5d:db:94:12:cd:e0:93:d5:97:d4:e3:
c9:cb:57:03:43:61:df:a5:d5:41:1a:49:d5:12:1e:
64:51:b6:63:7b:5e:12:51:d0:e1:c3:74:37:63:39:
16:a2:49:cd:33:2b:65:85:0d:bc:88:89:14:13:73:
20:4e:7c:bb:4b:a7:fd:45:5e:fe:bc:aa:2e:11:40:
ba:5a:ea:e4:26:81:ea:44:2d:1e:66:72:ec:fe:ea:
e7:44:3d:8f:92:28:fd:5f:4f:b8:9f:9c:47:ef:16:
12:78:75:25:87:bd:d0:39:f3:fb:ed:9d:7e:bd:38:
63:3f:59:dc:5c:6f:d7:bb:2a:9f:90:27:f2:e6:00:
65:19:5d:d0:86:8e:d4:00:da:6b:1b:42:27:5d:7e:
45:ee:b5:e4:af:c0:cc:26:87:e4:3a:c3:91:40:37:
c9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:E8:41:94:D0:BD:69:FE:CD:32:7B:5E:6B:B6:6E:AE:12:DE:36:20
X509v3 Authority Key Identifier:
keyid:9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2405:84c0::/48
2405:84c0:2000::/36
2405:84c0:9c00::/40
2405:84c0:ff30::/44
2405:84c0:ff50::-2405:84c0:ff6f:ffff:ffff:ffff:ffff:ffff
2405:84c0:fff0::/48
Signature Algorithm: sha256WithRSAEncryption
46:1b:4c:f0:a9:a9:22:5c:e8:3e:fa:e4:8f:cf:f9:ff:61:00:
bf:da:c2:89:9f:51:91:c5:9d:9e:de:44:85:cf:7a:18:78:50:
c5:ed:c3:5b:11:62:53:5a:f0:c3:a8:8c:76:db:c8:b8:32:9b:
70:c1:9f:f0:74:6c:04:2f:72:84:55:29:c1:5d:0f:fa:63:52:
45:a9:25:00:54:68:60:27:60:cd:c5:22:cc:ff:40:6a:0d:c6:
49:19:b8:ce:50:8d:35:6e:f9:88:88:43:95:c6:28:3b:d5:d2:
71:95:64:fc:c3:67:3a:43:7f:a1:93:56:f6:72:e9:00:4a:46:
16:7c:6d:51:85:77:24:34:cb:df:5c:14:3f:d2:cd:2a:f8:51:
24:c4:64:ed:ae:30:7e:17:b6:59:65:04:36:e0:76:85:f2:5e:
97:83:4f:6c:6d:2f:8c:0d:24:c6:c4:8a:17:65:6d:bb:4a:1c:
e9:3c:7b:7e:8d:d4:47:e4:87:fb:e2:ad:08:aa:3f:57:8f:6e:
57:87:c7:27:ae:10:06:00:32:f4:34:51:b2:84:e0:f2:8a:82:
48:30:63:86:6f:a8:2f:6d:b3:1c:1d:82:43:de:a7:d4:fc:78:
e2:51:9f:e7:d8:66:f2:db:f9:c2:3b:19:4a:33:3f:7b:16:ef:
02:71:4b:3b
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICDREwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTRDNjAxMTAvBgNVBAUTKDlFRjlFNDM3NkUzNjY1MzI3NUM3OTYzNTk4RDZCNDVC
NzBBRjgwOTkwHhcNMjMxMTI0MTczMTA1WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTYwZGRkOC1iNjE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4ybWiJ6I24U1dtXeyarCbIlUL20vXY99N52GzcDyWdBN6K3rwID3Xak4NK1C
TtvhWVBdpFkrjF/tFYS3as4k2JMFM+BZ8zl8kkBu4I46cXyHBlbdO5ZvTJHFaqWE
XduUEs3gk9WX1OPJy1cDQ2HfpdVBGknVEh5kUbZje14SUdDhw3Q3YzkWoknNMytl
hQ28iIkUE3MgTny7S6f9RV7+vKouEUC6WurkJoHqRC0eZnLs/urnRD2Pkij9X0+4
n5xH7xYSeHUlh73QOfP77Z1+vThjP1ncXG/XuyqfkCfy5gBlGV3Qho7UANprG0In
XX5F7rXkr8DMJofkOsORQDfJwQIDAQABo4ICzjCCAsowHQYDVR0OBBYEFFDoQZTQ
vWn+zTJ7Xmu2bq4S3jYgMB8GA1UdIwQYMBaAFJ755DduNmUydceWNZjWtFtwr4CZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNEM2MC9CNTI2RkY3NEQ4
NDExMUU5QTQ1MjE0MTNDNEY5QUUwMi9udm5rTjI0MlpUSjF4NVkxbU5hMFczQ3Zn
SmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL252bmtOMjQyWlRKMXg1WTFtTmEwVzNDdmdKay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTRDNjAvQjUyNkZGNzREODQxMTFFOUE0NTIxNDEzQzRGOUFFMDIvRDE3QTg5NUMw
QzVEMTFFQUIxQTI5RDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMEUEAgACMD8DBwAkBYTAAAADBgQkBYTAIAMGACQFhMCcAwcEJAWEwP8wMBID
BwQkBYTA/1ADBwQkBYTA/2ADBwAkBYTA//AwDQYJKoZIhvcNAQELBQADggEBAEYb
TPCpqSJc6D765I/P+f9hAL/awomfUZHFnZ7eRIXPehh4UMXtw1sRYlNa8MOojHbb
yLgym3DBn/B0bAQvcoRVKcFdD/pjUkWpJQBUaGAnYM3FIsz/QGoNxkkZuM5QjTVu
+YiIQ5XGKDvV0nGVZPzDZzpDf6GTVvZy6QBKRhZ8bVGFdyQ0y99cFD/SzSr4USTE
ZO2uMH4XtlllBDbgdoXyXpeDT2xtL4wNJMbEihdlbbtKHOk8e36N1Efkh/virQiq
P1ePbleHxyeuEAYAMvQ0UbKE4PKKgkgwY4ZvqC9tsxwdgkPep9T8eOJRn+fYZvLb
+cI7GUozP3sW7wJxSzs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 21:11:27 2024 by rpki-client on console-ams.rpki-client.org