Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
File: 257E3B94E37B11EA84A20810C4F9AE02.roa (raw, json)
Hash identifier: ZW4D52b/QqoUPTvkPyb0ztzXgPBkyyW+b1SqWMCRNR4=
Subject key identifier: 8C:89:AE:7A:4B:52:44:00:63:80:1E:D8:53:18:A5:47:B8:CD:13:E2
Certificate issuer: /CN=A91B3CB5/serialNumber=1355D5187D2E63D7E6D49078D8E71FA051C456E3
Certificate serial: 0C05
Authority key identifier: 13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
Signing time: Mon 25 Nov 2024 03:42:20 +0000
ROA not before: Mon 25 Nov 2024 03:42:20 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 38280
IP address blocks: 59.191.192.0/20 maxlen: 20
59.191.192.0/24 maxlen: 24
59.191.193.0/24 maxlen: 24
59.191.194.0/24 maxlen: 24
59.191.195.0/24 maxlen: 24
59.191.196.0/24 maxlen: 24
59.191.197.0/24 maxlen: 24
59.191.198.0/24 maxlen: 24
59.191.199.0/24 maxlen: 24
59.191.200.0/24 maxlen: 24
59.191.201.0/24 maxlen: 24
59.191.202.0/24 maxlen: 24
59.191.203.0/24 maxlen: 24
59.191.204.0/24 maxlen: 24
59.191.205.0/24 maxlen: 24
59.191.206.0/24 maxlen: 24
59.191.207.0/24 maxlen: 24
118.139.128.0/19 maxlen: 19
118.139.128.0/24 maxlen: 24
118.139.129.0/24 maxlen: 24
118.139.130.0/24 maxlen: 24
118.139.131.0/24 maxlen: 24
118.139.132.0/24 maxlen: 24
118.139.133.0/24 maxlen: 24
118.139.134.0/24 maxlen: 24
118.139.135.0/24 maxlen: 24
118.139.136.0/24 maxlen: 24
118.139.137.0/24 maxlen: 24
118.139.138.0/24 maxlen: 24
118.139.139.0/24 maxlen: 24
118.139.140.0/24 maxlen: 24
118.139.141.0/24 maxlen: 24
118.139.142.0/24 maxlen: 24
118.139.143.0/24 maxlen: 24
118.139.144.0/24 maxlen: 24
118.139.145.0/24 maxlen: 24
118.139.146.0/24 maxlen: 24
118.139.147.0/24 maxlen: 24
118.139.148.0/24 maxlen: 24
118.139.149.0/24 maxlen: 24
118.139.150.0/24 maxlen: 24
118.139.151.0/24 maxlen: 24
118.139.152.0/24 maxlen: 24
118.139.153.0/24 maxlen: 24
118.139.154.0/24 maxlen: 24
118.139.155.0/24 maxlen: 24
118.139.156.0/24 maxlen: 24
118.139.157.0/24 maxlen: 24
118.139.158.0/24 maxlen: 24
118.139.159.0/24 maxlen: 24
2404:2400:200::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 18:35:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3077 (0xc05)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B3CB5
Validity
Not Before: Nov 25 03:42:20 2024 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=6743f21c-9ae2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:aa:5f:ce:c0:52:9e:4d:3a:5a:15:f1:b2:e7:
ff:84:89:f1:1d:fe:58:fe:51:ea:96:72:2f:58:c6:
3f:c5:df:c0:b6:87:d3:39:5a:6e:0f:54:86:5d:07:
85:85:98:bb:8b:6f:d2:e5:a1:84:36:51:4c:02:8b:
f6:b7:5e:40:02:12:9a:1d:23:7f:07:3b:27:ad:d6:
9f:ed:5c:1c:cd:a5:18:08:8a:e4:37:c5:e3:bf:45:
c4:9b:c2:97:08:f0:0b:5a:1e:9e:41:bb:bc:05:9e:
47:81:c7:eb:0e:e6:37:1c:71:82:20:41:2f:60:c7:
21:c9:b5:08:34:22:87:03:b1:b2:b6:cd:38:af:01:
fd:2c:08:b4:50:4c:bc:20:03:42:10:63:21:74:a6:
a5:f2:e7:9c:d8:76:52:ce:c0:6a:06:ec:6a:a1:c3:
15:19:c8:a3:b6:07:82:6e:46:91:da:fc:a4:f6:be:
03:14:e1:7d:18:f7:77:bd:64:11:5e:88:7e:45:44:
f4:ff:f4:ff:5a:e1:bf:fc:13:e6:73:bb:f5:b8:1c:
97:da:d3:69:ab:d2:b7:ea:4b:86:75:af:53:c7:14:
cd:b9:0c:ad:30:8f:d2:1c:4c:62:ab:55:ce:06:91:
45:09:91:c2:9f:fa:e4:d8:1e:1a:3a:00:51:6d:2f:
68:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:89:AE:7A:4B:52:44:00:63:80:1E:D8:53:18:A5:47:B8:CD:13:E2
X509v3 Authority Key Identifier:
keyid:13:55:D5:18:7D:2E:63:D7:E6:D4:90:78:D8:E7:1F:A0:51:C4:56:E3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/E1XVGH0uY9fm1JB42OcfoFHEVuM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E1XVGH0uY9fm1JB42OcfoFHEVuM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3CB5/632650F8050511EAAA934C43C4F9AE02/257E3B94E37B11EA84A20810C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.191.192.0/20
118.139.128.0/19
IPv6:
2404:2400:200::/48
Signature Algorithm: sha256WithRSAEncryption
99:ac:44:db:16:a3:16:c2:d2:79:df:e8:35:e8:b9:7d:1a:2f:
12:d1:1d:36:ad:e2:49:f0:98:03:dc:34:29:2d:4f:37:96:34:
12:02:08:1f:5a:22:1f:f9:12:fe:03:b8:41:c7:6c:82:f7:ac:
b8:ce:53:04:78:a9:2c:d2:d2:b6:eb:3d:1d:24:58:18:66:7f:
36:e3:b6:d8:28:93:1d:7f:c7:9b:d0:10:ca:3f:a6:ec:c7:8f:
39:c6:91:aa:c7:75:be:6c:a2:2d:72:e4:22:8e:29:29:87:be:
87:29:6e:3b:ed:bb:3d:00:5f:1f:c7:bb:d7:ff:07:cc:be:b5:
b4:64:b5:38:ab:78:c1:94:91:d6:fe:84:4c:0a:ea:6e:1c:4d:
7f:e2:9d:40:da:c7:a7:06:2c:56:46:47:bc:36:da:31:dc:96:
28:e2:99:0f:3c:12:89:c0:44:0e:7a:9d:91:e5:22:08:de:47:
bf:83:d9:93:d2:c4:aa:b7:8e:9a:f1:1c:51:98:4d:25:cc:2e:
ca:76:c4:e3:40:58:af:3d:75:ae:9f:4f:ef:a8:9c:8f:1f:16:
96:e6:47:83:ca:56:07:99:02:14:25:f6:da:e1:f4:14:6e:52:
e2:78:d5:95:a1:04:e8:9e:84:47:58:68:71:75:0c:cd:3c:03:
9f:c8:37:35
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICDAUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjNDQjUxMTAvBgNVBAUTKDEzNTVENTE4N0QyRTYzRDdFNkQ0OTA3OEQ4RTcxRkEw
NTFDNDU2RTMwHhcNMjQxMTI1MDM0MjIwWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQzZjIxYy05YWUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuapfzsBSnk06WhXxsuf/hInxHf5Y/lHqlnIvWMY/xd/AtofTOVpuD1SGXQeF
hZi7i2/S5aGENlFMAov2t15AAhKaHSN/Bzsnrdaf7VwczaUYCIrkN8Xjv0XEm8KX
CPALWh6eQbu8BZ5HgcfrDuY3HHGCIEEvYMchybUINCKHA7Gyts04rwH9LAi0UEy8
IANCEGMhdKal8uec2HZSzsBqBuxqocMVGcijtgeCbkaR2vyk9r4DFOF9GPd3vWQR
Xoh+RUT0//T/WuG//BPmc7v1uByX2tNpq9K36kuGda9TxxTNuQytMI/SHExiq1XO
BpFFCZHCn/rk2B4aOgBRbS9otwIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFIyJrnpL
UkQAY4Ae2FMYpUe4zRPiMB8GA1UdIwQYMBaAFBNV1Rh9LmPX5tSQeNjnH6BRxFbj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCM0NCNS82MzI2NTBGODA1
MDUxMUVBQUE5MzRDNDNDNEY5QUUwMi9FMVhWR0gwdVk5Zm0xSkI0Mk9jZm9GSEVW
dU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0UxWFZHSDB1WTlmbTFKQjQyT2Nmb0ZIRVZ1TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjNDQjUvNjMyNjUwRjgwNTA1MTFFQUFBOTM0QzQzQzRGOUFFMDIvMjU3RTNCOTRF
MzdCMTFFQTg0QTIwODEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBAQ7v8ADBAV2i4AwDwQCAAIwCQMHACQEJAACADANBgkqhkiG
9w0BAQsFAAOCAQEAmaxE2xajFsLSed/oNei5fRovEtEdNq3iSfCYA9w0KS1PN5Y0
EgIIH1oiH/kS/gO4QcdsgvesuM5TBHipLNLStus9HSRYGGZ/NuO22CiTHX/Hm9AQ
yj+m7MePOcaRqsd1vmyiLXLkIo4pKYe+hyluO+27PQBfH8e71/8HzL61tGS1OKt4
wZSR1v6ETArqbhxNf+KdQNrHpwYsVkZHvDbaMdyWKOKZDzwSicBEDnqdkeUiCN5H
v4PZk9LEqreOmvEcUZhNJcwuynbE40BYrz11rp9P76icjx8WluZHg8pWB5kCFCX2
2uH0FG5S4njVlaEE6J6ER1hocXUMzTwDn8g3NQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:16:42 2025 by rpki-client