Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
File: D17A895C0C5D11EAB1A29D67C4F9AE02.roa (raw, json)
Hash identifier: EZcxncfNl0zD/tSncvn3SUo/vaEA9kPik+cwYMuomd0=
Subject key identifier: 43:04:02:88:E1:3F:02:B2:B5:4D:79:C3:74:DD:C3:DB:FC:DE:0E:A1
Certificate issuer: /CN=A91A4C60/serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Certificate serial: 0DBA
Authority key identifier: 9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
Signing time: Fri 06 Sep 2024 18:36:55 +0000
ROA not before: Fri 06 Sep 2024 18:36:55 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 139782
IP address blocks: 2405:84c0::/48 maxlen: 48
2405:84c0:2000::/36 maxlen: 40
2405:84c0:9c00::/40 maxlen: 40
2405:84c0:ff30::/44 maxlen: 44
2405:84c0:ff30::/48 maxlen: 48
2405:84c0:ff31::/48 maxlen: 48
2405:84c0:ff32::/48 maxlen: 48
2405:84c0:ff33::/48 maxlen: 48
2405:84c0:ff34::/48 maxlen: 48
2405:84c0:ff35::/48 maxlen: 48
2405:84c0:ff36::/48 maxlen: 48
2405:84c0:ff37::/48 maxlen: 48
2405:84c0:ff38::/48 maxlen: 48
2405:84c0:ff39::/48 maxlen: 48
2405:84c0:ff3a::/48 maxlen: 48
2405:84c0:ff3b::/48 maxlen: 48
2405:84c0:ff3c::/48 maxlen: 48
2405:84c0:ff3d::/48 maxlen: 48
2405:84c0:ff3e::/48 maxlen: 48
2405:84c0:ff3f::/48 maxlen: 48
2405:84c0:ff50::/44 maxlen: 48
2405:84c0:ff60::/44 maxlen: 44
2405:84c0:fff0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 17:59:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3514 (0xdba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4C60/serialNumber=9EF9E4376E36653275C7963598D6B45B70AF8099
Validity
Not Before: Sep 6 18:36:55 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66db4bc7-969c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:de:0f:12:26:be:f9:e4:bf:6e:b1:be:c6:62:
ac:30:8f:00:cd:66:09:95:4b:c1:0d:31:1f:b2:23:
8c:0d:42:b4:88:52:da:da:c6:97:f2:9e:57:4a:de:
80:d3:89:73:fc:76:94:d7:43:88:0b:5e:e0:41:49:
dd:31:4e:1a:67:97:1c:4a:bc:e7:27:f5:83:9e:77:
6b:a1:b4:69:ed:47:a6:fd:23:71:6b:42:1e:cb:3a:
a2:b6:56:47:6f:19:b0:b3:3f:32:8d:15:3b:6e:3f:
31:a8:30:eb:84:a1:37:65:6b:48:b3:ad:72:c3:be:
46:49:68:5d:1e:a7:49:d7:83:9a:13:4f:d5:df:c3:
3d:1f:69:88:50:dd:16:96:90:96:c4:a6:8e:63:17:
8d:9f:f5:d2:0b:e9:83:43:c0:76:ec:77:c2:03:b7:
9d:d5:3f:f6:af:4f:6e:3f:05:f9:c3:9e:98:1a:29:
d4:c4:da:ae:9f:cd:af:90:57:ee:31:42:54:72:97:
48:01:18:30:6b:9e:b4:68:a7:50:7d:77:a4:b3:d2:
65:c1:e7:99:6c:ef:02:c3:51:b8:b4:c0:66:77:01:
12:22:00:0d:b4:ea:b8:b9:30:74:d6:8a:e9:c9:89:
c0:f5:76:d0:88:14:48:4d:44:2a:06:79:d0:68:53:
81:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:04:02:88:E1:3F:02:B2:B5:4D:79:C3:74:DD:C3:DB:FC:DE:0E:A1
X509v3 Authority Key Identifier:
keyid:9E:F9:E4:37:6E:36:65:32:75:C7:96:35:98:D6:B4:5B:70:AF:80:99
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nvnkN242ZTJ1x5Y1mNa0W3CvgJk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4C60/B526FF74D84111E9A4521413C4F9AE02/D17A895C0C5D11EAB1A29D67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2405:84c0::/48
2405:84c0:2000::/36
2405:84c0:9c00::/40
2405:84c0:ff30::/44
2405:84c0:ff50::-2405:84c0:ff6f:ffff:ffff:ffff:ffff:ffff
2405:84c0:fff0::/48
Signature Algorithm: sha256WithRSAEncryption
2a:3d:c1:9e:15:0b:15:45:41:33:07:3d:fe:75:05:13:45:4a:
cf:2b:27:3f:f4:d2:95:c2:51:eb:36:86:69:17:54:c2:f4:fe:
c2:46:f0:a2:3a:8c:1a:ae:d1:ce:58:68:16:0d:14:fe:09:b0:
4b:41:36:5b:d6:a6:53:6a:94:c8:e9:87:c6:a3:41:eb:cc:51:
96:5a:b6:a0:ce:a4:33:04:c9:b4:31:07:71:68:ed:ef:19:38:
96:ba:8b:20:4e:59:58:56:02:ea:17:fb:97:5d:ab:f3:0e:13:
4e:0b:87:4f:83:6c:18:0f:15:c5:a2:0a:bc:18:97:25:2e:c1:
d1:72:a4:07:50:15:da:9d:e6:e6:89:9d:06:68:f2:87:26:46:
5b:d7:35:44:d7:a9:30:15:6c:01:97:09:00:ac:fa:46:01:3f:
d0:20:c0:3c:ed:1a:51:5c:85:c1:06:d8:b9:7b:eb:ab:8f:b0:
fb:fd:0f:de:37:2a:46:5b:87:62:50:e4:14:57:3c:12:26:80:
81:56:ca:60:d5:25:cf:f4:80:bb:61:90:8e:59:9a:26:cd:59:
65:8d:24:a3:04:c2:53:53:98:91:11:28:54:13:5e:72:5f:13:
51:e7:e8:51:71:c4:86:64:2a:7f:f1:97:ae:69:2f:d2:cd:fd:
fa:c2:f9:71
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICDbowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTRDNjAxMTAvBgNVBAUTKDlFRjlFNDM3NkUzNjY1MzI3NUM3OTYzNTk4RDZCNDVC
NzBBRjgwOTkwHhcNMjQwOTA2MTgzNjU1WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmRiNGJjNy05NjljMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqd4PEia++eS/brG+xmKsMI8AzWYJlUvBDTEfsiOMDUK0iFLa2saX8p5XSt6A
04lz/HaU10OIC17gQUndMU4aZ5ccSrznJ/WDnndrobRp7Uem/SNxa0IeyzqitlZH
bxmwsz8yjRU7bj8xqDDrhKE3ZWtIs61yw75GSWhdHqdJ14OaE0/V38M9H2mIUN0W
lpCWxKaOYxeNn/XSC+mDQ8B27HfCA7ed1T/2r09uPwX5w56YGinUxNqun82vkFfu
MUJUcpdIARgwa560aKdQfXeks9JlweeZbO8Cw1G4tMBmdwESIgANtOq4uTB01orp
yYnA9XbQiBRITUQqBnnQaFOBOQIDAQABo4ICzjCCAsowHQYDVR0OBBYEFEMEAojh
PwKytU15w3Tdw9v83g6hMB8GA1UdIwQYMBaAFJ755DduNmUydceWNZjWtFtwr4CZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNEM2MC9CNTI2RkY3NEQ4
NDExMUU5QTQ1MjE0MTNDNEY5QUUwMi9udm5rTjI0MlpUSjF4NVkxbU5hMFczQ3Zn
SmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL252bmtOMjQyWlRKMXg1WTFtTmEwVzNDdmdKay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTRDNjAvQjUyNkZGNzREODQxMTFFOUE0NTIxNDEzQzRGOUFFMDIvRDE3QTg5NUMw
QzVEMTFFQUIxQTI5RDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMEUEAgACMD8DBwAkBYTAAAADBgQkBYTAIAMGACQFhMCcAwcEJAWEwP8wMBID
BwQkBYTA/1ADBwQkBYTA/2ADBwAkBYTA//AwDQYJKoZIhvcNAQELBQADggEBACo9
wZ4VCxVFQTMHPf51BRNFSs8rJz/00pXCUes2hmkXVML0/sJG8KI6jBqu0c5YaBYN
FP4JsEtBNlvWplNqlMjph8ajQevMUZZatqDOpDMEybQxB3Fo7e8ZOJa6iyBOWVhW
AuoX+5ddq/MOE04Lh0+DbBgPFcWiCrwYlyUuwdFypAdQFdqd5uaJnQZo8ocmRlvX
NUTXqTAVbAGXCQCs+kYBP9AgwDztGlFchcEG2Ll766uPsPv9D943KkZbh2JQ5BRX
PBImgIFWymDVJc/0gLthkI5ZmibNWWWNJKMEwlNTmJERKFQTXnJfE1Hn6FFxxIZk
Kn/xl65pL9LN/frC+XE=
-----END CERTIFICATE-----
Generated at Wed Nov 20 20:07:26 2024 by rpki-client on console-fra.rpki-client.org