Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/C56AA228721511EF9D7B9F3DC4F9AE02.roa
File: C56AA228721511EF9D7B9F3DC4F9AE02.roa (raw, json)
Hash identifier: kcJYtNKXX9JtsP6LFABOPgEKj6k6pMMtSj8ARfskd9U=
Subject key identifier: 37:2D:83:64:E5:52:B8:05:66:1F:50:F1:D1:2C:05:D9:D6:BB:FD:AF
Certificate issuer: /CN=A91AAEB2/serialNumber=9B98FB7D468983A2C14772733248EFFA3462E126
Certificate serial: CA
Authority key identifier: 9B:98:FB:7D:46:89:83:A2:C1:47:72:73:32:48:EF:FA:34:62:E1:26
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m5j7fUaJg6LBR3JzMkjv-jRi4SY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/C56AA228721511EF9D7B9F3DC4F9AE02.roa
Signing time: Sat 21 Dec 2024 05:50:20 +0000
ROA not before: Sat 21 Dec 2024 05:50:20 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 4762
IP address blocks: 202.28.128.0/18 maxlen: 18
202.28.128.0/20 maxlen: 20
202.28.128.0/24 maxlen: 24
202.28.129.0/24 maxlen: 24
202.28.130.0/24 maxlen: 24
202.28.131.0/24 maxlen: 24
202.28.132.0/24 maxlen: 24
202.28.133.0/24 maxlen: 24
202.28.134.0/24 maxlen: 24
202.28.135.0/24 maxlen: 24
202.28.136.0/22 maxlen: 22
202.28.136.0/24 maxlen: 24
202.28.137.0/24 maxlen: 24
202.28.138.0/23 maxlen: 24
202.28.140.0/24 maxlen: 24
202.28.141.0/24 maxlen: 24
202.28.142.0/24 maxlen: 24
202.28.143.0/24 maxlen: 24
202.28.144.0/20 maxlen: 20
202.28.144.0/22 maxlen: 22
202.28.144.0/24 maxlen: 24
202.28.145.0/24 maxlen: 24
202.28.146.0/24 maxlen: 24
202.28.147.0/24 maxlen: 24
202.28.148.0/22 maxlen: 22
202.28.148.0/24 maxlen: 24
202.28.149.0/24 maxlen: 24
202.28.150.0/23 maxlen: 24
202.28.152.0/21 maxlen: 21
202.28.152.0/24 maxlen: 24
202.28.153.0/24 maxlen: 24
202.28.154.0/24 maxlen: 24
202.28.155.0/24 maxlen: 24
202.28.156.0/24 maxlen: 24
202.28.157.0/24 maxlen: 24
202.28.158.0/24 maxlen: 24
202.28.159.0/24 maxlen: 24
202.28.160.0/20 maxlen: 20
202.28.160.0/24 maxlen: 24
202.28.161.0/24 maxlen: 24
202.28.162.0/24 maxlen: 24
202.28.163.0/24 maxlen: 24
202.28.164.0/24 maxlen: 24
202.28.165.0/24 maxlen: 24
202.28.166.0/24 maxlen: 24
202.28.167.0/24 maxlen: 24
202.28.168.0/24 maxlen: 24
202.28.169.0/24 maxlen: 24
202.28.170.0/24 maxlen: 24
202.28.171.0/24 maxlen: 24
202.28.172.0/24 maxlen: 24
202.28.173.0/24 maxlen: 24
202.28.174.0/24 maxlen: 24
202.28.175.0/24 maxlen: 24
202.28.176.0/20 maxlen: 20
202.28.176.0/24 maxlen: 24
202.28.177.0/24 maxlen: 24
202.28.178.0/24 maxlen: 24
202.28.179.0/24 maxlen: 24
202.28.180.0/24 maxlen: 24
202.28.181.0/24 maxlen: 24
202.28.182.0/24 maxlen: 24
202.28.183.0/24 maxlen: 24
202.28.184.0/24 maxlen: 24
202.28.185.0/24 maxlen: 24
202.28.186.0/24 maxlen: 24
202.28.187.0/24 maxlen: 24
202.28.188.0/24 maxlen: 24
202.28.189.0/24 maxlen: 24
202.28.190.0/24 maxlen: 24
202.28.191.0/24 maxlen: 24
2001:3c8:1202::/48 maxlen: 48
2001:3c8:1606::/48 maxlen: 48
2001:3c8:2707::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/m5j7fUaJg6LBR3JzMkjv-jRi4SY.crl
rsync://rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/m5j7fUaJg6LBR3JzMkjv-jRi4SY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m5j7fUaJg6LBR3JzMkjv-jRi4SY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 10 Apr 2025 06:09:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 202 (0xca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AAEB2
Validity
Not Before: Dec 21 05:50:20 2024 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=6766571c-3ff6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:cb:a1:5d:68:7d:90:f0:b5:c1:d9:d2:80:b1:
ed:0d:36:4d:41:c5:14:ea:ff:10:0e:b9:bb:41:8a:
bb:22:5f:eb:24:db:cb:5d:78:af:45:bf:45:16:c2:
7d:4c:66:dd:12:a3:6c:eb:bb:3a:82:56:c5:e4:1e:
21:20:ed:d2:84:ce:3e:81:1c:79:1f:73:e2:a4:46:
4f:72:87:03:ee:5e:6e:09:da:1e:70:44:d5:f9:b7:
5b:47:c1:c2:21:c3:d2:b4:14:7b:3e:52:fc:8e:76:
f3:7d:fe:55:24:d3:62:7d:b0:27:28:8e:7a:47:14:
8f:a5:ba:2a:8a:44:91:54:00:e2:bc:74:d1:51:07:
b3:eb:dc:70:d1:b3:58:7b:a4:eb:24:87:b0:6a:d2:
22:d1:4e:30:69:fc:30:61:56:c5:07:83:66:06:a6:
fe:b1:ed:fa:5f:c0:8e:cb:c0:93:2f:d6:a5:7e:dc:
87:9a:eb:91:93:f6:74:f2:bd:da:00:06:f2:0b:a4:
a9:74:52:28:df:41:f3:12:65:e4:58:1c:2a:03:fa:
f8:40:a9:47:6f:14:9a:5e:de:0f:6a:bb:88:23:6b:
5b:69:a0:0e:2f:f6:b2:fd:69:1d:ad:a5:d1:85:ef:
54:bb:88:c2:b3:e5:52:9e:e3:3c:51:cc:9b:a9:7c:
9f:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:2D:83:64:E5:52:B8:05:66:1F:50:F1:D1:2C:05:D9:D6:BB:FD:AF
X509v3 Authority Key Identifier:
keyid:9B:98:FB:7D:46:89:83:A2:C1:47:72:73:32:48:EF:FA:34:62:E1:26
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/m5j7fUaJg6LBR3JzMkjv-jRi4SY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m5j7fUaJg6LBR3JzMkjv-jRi4SY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AAEB2/3952100E6E8311EFAB726180C4F9AE02/C56AA228721511EF9D7B9F3DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.28.128.0/18
IPv6:
2001:3c8:1202::/48
2001:3c8:1606::/48
2001:3c8:2707::/48
Signature Algorithm: sha256WithRSAEncryption
3a:70:c2:51:fb:0c:1c:07:0c:da:d1:a2:01:d2:4c:42:7b:07:
7c:a5:cb:1b:e7:92:75:b9:32:5d:c4:c6:78:ef:cf:91:b5:ba:
5d:80:ad:8c:11:af:a1:49:8e:3c:e4:0f:6c:87:5f:95:d0:58:
62:42:97:81:5b:a9:b4:08:1f:c2:e8:40:00:83:ec:5e:a0:8d:
49:dd:30:aa:08:2e:63:90:93:c0:53:fc:97:2a:4f:a6:ad:9d:
0d:ad:e7:20:a9:aa:f6:f3:33:5e:3e:8a:e0:07:82:05:61:b2:
80:29:bf:86:b6:4d:23:d1:06:a9:c0:73:a6:7b:4d:ae:28:ca:
eb:c0:a7:ae:4b:9d:0d:41:1d:9d:65:54:9b:40:bd:a7:f5:37:
a8:f7:df:16:37:0f:c2:cf:ef:17:b2:19:95:3f:c4:2f:1b:b7:
5e:51:da:3f:da:ce:99:50:9e:96:9b:27:dc:fd:86:c7:cb:5a:
d5:86:59:3a:f3:32:14:1e:18:eb:8a:6e:56:59:3e:f0:5b:ce:
02:43:bd:bf:f9:b7:6e:91:57:f5:a6:c2:84:44:54:ed:4b:c8:
d2:86:fc:2b:28:f3:25:53:5b:c5:4f:bf:c2:63:9c:b7:06:ad:
06:bc:63:5d:b8:bb:56:7c:75:7f:b3:ad:67:47:88:0c:67:be:
29:65:c4:ca
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgICAMowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUFFQjIxMTAvBgNVBAUTKDlCOThGQjdENDY4OTgzQTJDMTQ3NzI3MzMyNDhFRkZB
MzQ2MkUxMjYwHhcNMjQxMjIxMDU1MDIwWhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzY2NTcxYy0zZmY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyMuhXWh9kPC1wdnSgLHtDTZNQcUU6v8QDrm7QYq7Il/rJNvLXXivRb9FFsJ9
TGbdEqNs67s6glbF5B4hIO3ShM4+gRx5H3PipEZPcocD7l5uCdoecETV+bdbR8HC
IcPStBR7PlL8jnbzff5VJNNifbAnKI56RxSPpboqikSRVADivHTRUQez69xw0bNY
e6TrJIewatIi0U4wafwwYVbFB4NmBqb+se36X8COy8CTL9alftyHmuuRk/Z08r3a
AAbyC6SpdFIo30HzEmXkWBwqA/r4QKlHbxSaXt4ParuII2tbaaAOL/ay/WkdraXR
he9Uu4jCs+VSnuM8UcybqXyfMwIDAQABo4ICuDCCArQwHQYDVR0OBBYEFDctg2Tl
UrgFZh9Q8dEsBdnWu/2vMB8GA1UdIwQYMBaAFJuY+31GiYOiwUdyczJI7/o0YuEm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQUVCMi8zOTUyMTAwRTZF
ODMxMUVGQUI3MjYxODBDNEY5QUUwMi9tNWo3ZlVhSmc2TEJSM0p6TWtqdi1qUmk0
U1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL201ajdmVWFKZzZMQlIzSnpNa2p2LWpSaTRTWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUFFQjIvMzk1MjEwMEU2RTgzMTFFRkFCNzI2MTgwQzRGOUFFMDIvQzU2QUEyMjg3
MjE1MTFFRjlEN0I5RjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQgYIKwYBBQUHAQcBAf8E
MzAxMAwEAgABMAYDBAbKHIAwIQQCAAIwGwMHACABA8gSAgMHACABA8gWBgMHACAB
A8gnBzANBgkqhkiG9w0BAQsFAAOCAQEAOnDCUfsMHAcM2tGiAdJMQnsHfKXLG+eS
dbkyXcTGeO/PkbW6XYCtjBGvoUmOPOQPbIdfldBYYkKXgVuptAgfwuhAAIPsXqCN
Sd0wqgguY5CTwFP8lypPpq2dDa3nIKmq9vMzXj6K4AeCBWGygCm/hrZNI9EGqcBz
pntNrijK68CnrkudDUEdnWVUm0C9p/U3qPffFjcPws/vF7IZlT/ELxu3XlHaP9rO
mVCelpsn3P2Gx8ta1YZZOvMyFB4Y64puVlk+8FvOAkO9v/m3bpFX9abChERU7UvI
0ob8KyjzJVNbxU+/wmOctwatBrxjXbi7Vnx1f7OtZ0eIDGe+KWXEyg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:00:49 2025 by rpki-client