Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
File: 257E3B94E37B11EA84A20810C4F9AE02.roa (raw, json)
Hash identifier: G1DkCuz7ZiVzBDV+JjzF5acJ6ODawTKt59lFfaFc5go=
Subject key identifier: 1C:4C:24:B5:B3:5F:56:57:E0:A3:60:AC:09:0A:AB:E9:7B:68:D5:1B
Certificate issuer: /CN=A91B3CB5/serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Certificate serial: 0B2A
Authority key identifier: 13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
Signing time: Fri 06 Oct 2023 19:16:46 +0000
ROA not before: Fri 06 Oct 2023 19:16:46 +0000
ROA not after: Mon 30 Dec 2024 00:00:00 +0000
asID: 38280
IP address blocks: 59.191.192.0/20 maxlen: 20
59.191.192.0/24 maxlen: 24
59.191.193.0/24 maxlen: 24
59.191.194.0/24 maxlen: 24
59.191.195.0/24 maxlen: 24
59.191.196.0/24 maxlen: 24
59.191.197.0/24 maxlen: 24
59.191.198.0/24 maxlen: 24
59.191.199.0/24 maxlen: 24
59.191.200.0/24 maxlen: 24
59.191.201.0/24 maxlen: 24
59.191.202.0/24 maxlen: 24
59.191.203.0/24 maxlen: 24
59.191.204.0/24 maxlen: 24
59.191.205.0/24 maxlen: 24
59.191.206.0/24 maxlen: 24
59.191.207.0/24 maxlen: 24
118.139.128.0/19 maxlen: 19
118.139.128.0/24 maxlen: 24
118.139.129.0/24 maxlen: 24
118.139.130.0/24 maxlen: 24
118.139.131.0/24 maxlen: 24
118.139.132.0/24 maxlen: 24
118.139.133.0/24 maxlen: 24
118.139.134.0/24 maxlen: 24
118.139.135.0/24 maxlen: 24
118.139.136.0/24 maxlen: 24
118.139.137.0/24 maxlen: 24
118.139.138.0/24 maxlen: 24
118.139.139.0/24 maxlen: 24
118.139.140.0/24 maxlen: 24
118.139.141.0/24 maxlen: 24
118.139.142.0/24 maxlen: 24
118.139.143.0/24 maxlen: 24
118.139.144.0/24 maxlen: 24
118.139.145.0/24 maxlen: 24
118.139.146.0/24 maxlen: 24
118.139.147.0/24 maxlen: 24
118.139.148.0/24 maxlen: 24
118.139.149.0/24 maxlen: 24
118.139.150.0/24 maxlen: 24
118.139.151.0/24 maxlen: 24
118.139.152.0/24 maxlen: 24
118.139.153.0/24 maxlen: 24
118.139.154.0/24 maxlen: 24
118.139.155.0/24 maxlen: 24
118.139.156.0/24 maxlen: 24
118.139.157.0/24 maxlen: 24
118.139.158.0/24 maxlen: 24
118.139.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 13 Jun 2024 19:42:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2858 (0xb2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B3CB5/serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Validity
Not Before: Oct 6 19:16:46 2023 GMT
Not After : Dec 30 00:00:00 2024 GMT
Subject: CN=65205d1e-5905
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:48:fe:34:96:40:52:ad:37:49:79:62:a6:f3:
a0:76:16:7e:8c:66:48:f4:54:e0:57:47:8a:f3:5a:
f8:f9:3f:4e:79:ca:66:9d:05:65:77:7d:25:20:f1:
43:14:58:bc:c5:54:cb:da:68:be:24:04:5e:ba:d2:
4f:52:92:95:aa:b0:dd:54:9b:85:94:a1:33:99:7b:
0a:92:66:1e:69:35:67:24:3a:e0:55:32:2a:88:77:
b0:8c:ba:92:b5:15:21:17:da:0c:4b:4e:45:cf:d9:
27:b7:0c:c7:41:bf:a8:f0:f4:54:09:3e:b8:69:e1:
28:a2:3c:e8:b1:2f:2d:3c:0a:09:08:16:77:70:22:
f2:90:e3:0a:92:d3:9d:a6:ec:4b:5e:18:44:78:94:
ce:c9:54:35:8a:05:c4:09:52:b3:1c:21:0a:d4:47:
5d:88:2f:9e:74:eb:87:67:06:82:79:13:d2:34:fb:
d9:d2:79:d5:b9:37:4d:f1:1f:bb:0c:ea:2c:d6:50:
6a:ab:08:8d:16:6c:58:38:8d:e6:d3:90:0c:d1:6d:
26:b8:8a:e2:2d:81:d4:ce:63:50:4d:f1:bf:2a:47:
1e:86:6b:56:3f:1d:6b:bd:aa:cf:29:29:ce:9d:b5:
8d:bf:65:68:c7:e4:a0:5a:4a:ab:17:af:05:eb:d8:
22:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:4C:24:B5:B3:5F:56:57:E0:A3:60:AC:09:0A:AB:E9:7B:68:D5:1B
X509v3 Authority Key Identifier:
keyid:13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.191.192.0/20
118.139.128.0/19
Signature Algorithm: sha256WithRSAEncryption
76:79:d9:32:3f:12:2d:74:49:0f:71:58:26:45:6e:ca:15:89:
67:f0:55:e6:44:ba:c6:0a:95:64:be:ed:fc:32:de:52:0f:cb:
08:f9:01:2a:0e:26:92:34:e8:7f:e7:91:10:c8:d3:2c:86:c8:
5a:3e:42:ca:1c:34:08:44:1c:cc:97:40:05:62:00:05:a8:db:
5e:f1:d4:4e:24:94:cc:97:64:92:72:7d:9a:0c:20:b4:15:9e:
b3:be:e7:ee:bf:fc:76:8d:11:87:f8:ec:56:7f:0c:e7:f2:ff:
7e:b1:8d:d2:e0:d4:43:5a:58:e0:13:0b:71:23:7d:80:0f:6b:
8c:fe:55:6f:1f:e9:a3:29:c5:22:e1:cd:3a:5f:8b:39:f9:b3:
ff:db:fc:57:b7:df:90:dc:43:6a:c5:d9:84:c7:44:21:97:49:
c8:58:a0:cb:0c:1b:dc:8c:7c:ca:83:82:d1:22:9a:07:6b:ce:
70:ca:09:ac:af:3c:d6:12:ac:39:43:0d:e1:a4:9b:e5:7e:61:
fa:3f:ad:1a:75:51:08:a6:d0:99:72:49:64:fd:ad:63:bc:1b:
6d:a2:7f:8a:c1:54:a3:5c:b3:46:6f:7e:73:e6:b2:32:73:79:
89:4d:16:98:77:8f:e3:05:b4:12:11:b4:ae:c9:49:4c:86:5e:
0b:35:9a:87
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCyowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjNDQjUxMTAvBgNVBAUTKDEzNTVENTE4N0QyRTYzRDdFNkQ0OTA3OEQ4RTcxRkEw
NTFDNDU2RTMwHhcNMjMxMDA2MTkxNjQ2WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTIwNWQxZS01OTA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxkj+NJZAUq03SXlipvOgdhZ+jGZI9FTgV0eK81r4+T9OecpmnQVld30lIPFD
FFi8xVTL2mi+JAReutJPUpKVqrDdVJuFlKEzmXsKkmYeaTVnJDrgVTIqiHewjLqS
tRUhF9oMS05Fz9kntwzHQb+o8PRUCT64aeEoojzosS8tPAoJCBZ3cCLykOMKktOd
puxLXhhEeJTOyVQ1igXECVKzHCEK1EddiC+edOuHZwaCeRPSNPvZ0nnVuTdN8R+7
DOos1lBqqwiNFmxYOI3m05AM0W0muIriLYHUzmNQTfG/KkcehmtWPx1rvarPKSnO
nbWNv2Vox+SgWkqrF68F69giNwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBxMJLWz
X1ZX4KNgrAkKq+l7aNUbMB8GA1UdIwQYMBaAFBNV1Rh9LmPX5tSQeNjnH6BRxFbj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCM0NCNS82MzI2NTBGODA1
MDUxMUVBQUE5MzRDNDNDNEY5QUUwMi9FMVhWR0gwdVk5Zm0xSkI0Mk9jZm9GSEVW
dU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0UxWFZHSDB1WTlmbTFKQjQyT2Nmb0ZIRVZ1TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjNDQjUvNjMyNjUwRjgwNTA1MTFFQUFBOTM0QzQzQzRGOUFFMDIvMjU3RTNCOTRF
MzdCMTFFQTg0QTIwODEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAQ7v8ADBAV2i4AwDQYJKoZIhvcNAQELBQADggEBAHZ52TI/
Ei10SQ9xWCZFbsoViWfwVeZEusYKlWS+7fwy3lIPywj5ASoOJpI06H/nkRDI0yyG
yFo+QsocNAhEHMyXQAViAAWo217x1E4klMyXZJJyfZoMILQVnrO+5+6//HaNEYf4
7FZ/DOfy/36xjdLg1ENaWOATC3EjfYAPa4z+VW8f6aMpxSLhzTpfizn5s//b/Fe3
35DcQ2rF2YTHRCGXSchYoMsMG9yMfMqDgtEimgdrznDKCayvPNYSrDlDDeGkm+V+
Yfo/rRp1UQim0JlySWT9rWO8G22if4rBVKNcs0ZvfnPmsjJzeYlNFph3j+MFtBIR
tK7JSUyGXgs1moc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 21:06:55 2024 by rpki-client on console-fra.rpki-client.org