Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
File: 24252532B84711EA8A7F036DC4F9AE02.roa (raw, json)
Hash identifier: xMmvJvlGe/uvnHVdxcMoD5TOuMIT+w9ZoofsAGfEJ0o=
Subject key identifier: 7B:A5:CA:CA:A5:BA:2B:A5:EC:0C:1D:05:DA:A8:F0:09:15:A8:9C:66
Certificate issuer: /CN=A91B37E3/serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Certificate serial: 0B9E
Authority key identifier: A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
Signing time: Sat 02 Mar 2024 19:27:52 +0000
ROA not before: Sat 02 Mar 2024 19:27:52 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 24342
IP address blocks: 115.127.0.0/17 maxlen: 22
115.127.0.0/18 maxlen: 23
115.127.0.0/19 maxlen: 24
115.127.32.0/22 maxlen: 24
115.127.36.0/23 maxlen: 24
115.127.39.0/24 maxlen: 24
115.127.40.0/21 maxlen: 24
115.127.48.0/20 maxlen: 24
115.127.64.0/20 maxlen: 24
115.127.80.0/21 maxlen: 24
115.127.88.0/22 maxlen: 24
115.127.92.0/23 maxlen: 24
115.127.94.0/24 maxlen: 24
115.127.95.0/24 maxlen: 24
115.127.96.0/19 maxlen: 24
115.127.128.0/18 maxlen: 24
115.127.192.0/19 maxlen: 24
202.168.224.0/19 maxlen: 24
2406:1400::/32 maxlen: 32
2406:1400::/48 maxlen: 48
2406:1400:c00::/48 maxlen: 48
2406:1400:c6b::/48 maxlen: 48
2406:1400:8386::/48 maxlen: 48
2406:1400:8387::/48 maxlen: 48
2406:1400:c100::/48 maxlen: 48
2406:1400:c109::/48 maxlen: 48
2406:1400:c174::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 07 Jun 2024 19:54:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2974 (0xb9e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B37E3/serialNumber=A7570DCF3720A8D5A8856A4BB6583F1BAEAE0093
Validity
Not Before: Mar 2 19:27:52 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=65e37db8-fefc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:9e:95:7a:2d:f0:a3:df:8f:bb:bd:02:c1:6f:
10:0a:f8:c9:ee:42:d2:d1:c8:68:64:00:f4:ad:4d:
60:63:91:1a:c1:a8:00:6d:1d:66:42:b0:e3:37:12:
40:61:2b:20:39:86:b2:25:b8:9c:56:f9:a5:48:6b:
ca:9c:a3:a2:41:44:9e:2a:1b:ed:34:b5:2e:3d:1e:
28:3b:a4:1c:04:8a:cd:89:b6:e0:7a:56:65:f1:ab:
2f:8c:94:e6:0f:a1:1f:46:9c:70:f6:42:93:21:e7:
17:bd:97:ac:9c:4e:70:cb:4f:24:bd:bb:bd:45:99:
4b:41:ad:bd:b1:e3:c4:8d:25:fe:41:40:56:e0:68:
0f:7f:b4:e2:8c:f9:00:7b:ed:ec:1c:66:8b:0d:bd:
30:f2:7e:a8:03:6b:59:b6:b3:97:c4:0a:35:20:09:
85:42:51:a0:4c:31:38:53:f2:28:71:01:11:65:92:
3f:55:f5:aa:d1:a8:e9:14:a5:12:4c:de:cd:44:96:
66:83:cf:f2:27:43:c6:fd:43:c6:dd:e4:b2:a1:37:
36:40:25:22:8e:05:1f:63:7e:9b:67:a6:60:f0:4f:
4c:7c:a6:65:23:28:73:07:e3:3d:55:e7:c2:cc:3f:
27:20:50:b8:87:89:d6:f0:a3:39:9f:d8:6d:10:03:
80:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:A5:CA:CA:A5:BA:2B:A5:EC:0C:1D:05:DA:A8:F0:09:15:A8:9C:66
X509v3 Authority Key Identifier:
keyid:A7:57:0D:CF:37:20:A8:D5:A8:85:6A:4B:B6:58:3F:1B:AE:AE:00:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/p1cNzzcgqNWohWpLtlg_G66uAJM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p1cNzzcgqNWohWpLtlg_G66uAJM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B37E3/0AFEA7CE03A011EAB4C5D27CC4F9AE02/24252532B84711EA8A7F036DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
115.127.0.0-115.127.223.255
202.168.224.0/19
IPv6:
2406:1400::/32
Signature Algorithm: sha256WithRSAEncryption
30:91:a1:f0:eb:79:65:ef:d8:c2:11:9c:6f:86:cb:59:b8:3e:
b1:94:e0:44:f9:c5:81:81:15:d2:e9:d5:25:1c:43:02:2a:62:
1a:ec:03:de:23:be:12:70:24:8c:d7:96:53:ee:7b:46:e7:2a:
8a:b8:10:e8:fb:bd:19:11:8c:ef:8e:82:a9:40:7c:46:64:be:
95:44:9e:3f:c1:fd:9d:2f:c0:e5:ff:97:75:09:8e:76:28:ba:
9a:eb:9a:ec:ca:02:36:68:38:97:96:49:bb:be:a5:47:3c:5f:
d2:1d:a2:03:d0:10:0a:27:85:65:40:eb:e4:24:dd:2d:d5:12:
88:60:c7:2d:db:19:e6:3d:78:49:e4:c5:2e:69:a7:47:f4:b1:
3b:dc:3f:05:96:ad:bf:10:71:78:f5:35:a7:f3:b2:07:26:0d:
1a:2c:57:70:8b:51:36:98:08:24:6c:7b:d9:33:ec:88:c6:08:
8b:ce:f5:4c:fb:61:ef:08:ad:6b:48:df:79:b8:10:22:3a:6e:
38:57:cf:8e:93:dc:af:fb:31:42:f0:37:93:21:c1:86:e5:fe:
fb:a9:b8:2d:ca:ed:7c:f8:b6:e6:02:58:26:a2:f7:d4:14:f6:
25:c2:1b:0e:47:fc:3a:9d:fc:72:b6:b4:96:80:24:51:22:93:
03:d2:59:3e
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICC54wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjM3RTMxMTAvBgNVBAUTKEE3NTcwRENGMzcyMEE4RDVBODg1NkE0QkI2NTgzRjFC
QUVBRTAwOTMwHhcNMjQwMzAyMTkyNzUyWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzN2RiOC1mZWZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0Z6Vei3wo9+Pu70CwW8QCvjJ7kLS0choZAD0rU1gY5EawagAbR1mQrDjNxJA
YSsgOYayJbicVvmlSGvKnKOiQUSeKhvtNLUuPR4oO6QcBIrNibbgelZl8asvjJTm
D6EfRpxw9kKTIecXvZesnE5wy08kvbu9RZlLQa29sePEjSX+QUBW4GgPf7TijPkA
e+3sHGaLDb0w8n6oA2tZtrOXxAo1IAmFQlGgTDE4U/IocQERZZI/VfWq0ajpFKUS
TN7NRJZmg8/yJ0PG/UPG3eSyoTc2QCUijgUfY36bZ6Zg8E9MfKZlIyhzB+M9VefC
zD8nIFC4h4nW8KM5n9htEAOAvQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFHulysql
uiul7AwdBdqo8AkVqJxmMB8GA1UdIwQYMBaAFKdXDc83IKjVqIVqS7ZYPxuurgCT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMzdFMy8wQUZFQTdDRTAz
QTAxMUVBQjRDNUQyN0NDNEY5QUUwMi9wMWNOenpjZ3FOV29oV3BMdGxnX0c2NnVB
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3AxY056emNncU5Xb2hXcEx0bGdfRzY2dUFKTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjM3RTMvMEFGRUE3Q0UwM0EwMTFFQUI0QzVEMjdDQzRGOUFFMDIvMjQyNTI1MzJC
ODQ3MTFFQThBN0YwMzZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBkEAgABMBMwCwMDAHN/AwQFc3/AAwQFyqjgMA0EAgACMAcDBQAkBhQAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwkaHw63ll79jCEZxvhstZuD6xlOBE+cWBgRXS6dUl
HEMCKmIa7APeI74ScCSM15ZT7ntG5yqKuBDo+70ZEYzvjoKpQHxGZL6VRJ4/wf2d
L8Dl/5d1CY52KLqa65rsygI2aDiXlkm7vqVHPF/SHaID0BAKJ4VlQOvkJN0t1RKI
YMct2xnmPXhJ5MUuaadH9LE73D8Flq2/EHF49TWn87IHJg0aLFdwi1E2mAgkbHvZ
M+yIxgiLzvVM+2HvCK1rSN95uBAiOm44V8+Ok9yv+zFC8DeTIcGG5f77qbgtyu18
+LbmAlgmovfUFPYlwhsOR/w6nfxytrSWgCRRIpMD0lk+
-----END CERTIFICATE-----
Generated at Fri May 31 22:13:10 2024 by rpki-client on console-fra.rpki-client.org