Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
File: 67A60C64441E11EB861F005AC4F9AE02.roa (raw, json)
Hash identifier: JcavRD/UkGMKefo40xrhCPb2PgEwMsvZQrFanuv4C9k=
Subject key identifier: 90:EB:0E:35:9A:0F:2A:CE:FA:AC:32:42:A2:C6:87:E3:0D:96:25:47
Certificate issuer: /CN=A91B5AD4/serialNumber=3352886A8394F3ACF5E635E3C4756F4D0A6E45E9
Certificate serial: 0937
Authority key identifier: 33:52:88:6A:83:94:F3:AC:F5:E6:35:E3:C4:75:6F:4D:0A:6E:45:E9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
Signing time: Thu 12 Dec 2024 19:38:38 +0000
ROA not before: Thu 12 Dec 2024 19:38:38 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 138654
IP address blocks: 120.88.96.0/24 maxlen: 24
120.88.97.0/24 maxlen: 24
120.88.98.0/24 maxlen: 24
120.88.99.0/24 maxlen: 24
120.88.100.0/24 maxlen: 24
120.88.101.0/24 maxlen: 24
120.88.102.0/24 maxlen: 24
120.88.103.0/24 maxlen: 24
120.88.104.0/24 maxlen: 24
120.88.105.0/24 maxlen: 24
120.88.106.0/24 maxlen: 24
120.88.107.0/24 maxlen: 24
120.88.108.0/24 maxlen: 24
120.88.109.0/24 maxlen: 24
120.88.110.0/24 maxlen: 24
120.88.111.0/24 maxlen: 24
2406:f0c0::/32 maxlen: 32
2406:f0c0::/32 maxlen: 40
2406:f0c0:96::/48 maxlen: 48
2406:f0c0:97::/48 maxlen: 48
2406:f0c0:98::/48 maxlen: 48
2406:f0c0:99::/48 maxlen: 48
2406:f0c0:100::/48 maxlen: 48
2406:f0c0:101::/48 maxlen: 48
2406:f0c0:102::/48 maxlen: 48
2406:f0c0:103::/48 maxlen: 48
2406:f0c0:104::/48 maxlen: 48
2406:f0c0:105::/48 maxlen: 48
2406:f0c0:106::/48 maxlen: 48
2406:f0c0:107::/48 maxlen: 48
2406:f0c0:108::/48 maxlen: 48
2406:f0c0:109::/48 maxlen: 48
2406:f0c0:110::/48 maxlen: 48
2406:f0c0:111::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.crl
rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 13 Apr 2025 19:24:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2359 (0x937)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B5AD4
Validity
Not Before: Dec 12 19:38:38 2024 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=675b3bbe-1e44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:be:02:2a:e4:40:c0:bf:60:01:36:8d:a5:42:
a2:dd:5a:e5:d7:1f:ad:d9:0c:dc:8d:30:82:61:24:
4e:5c:d9:ee:e0:02:2b:0e:30:a7:06:96:11:ec:dc:
64:79:67:1e:3e:9a:5b:5c:b6:2b:43:22:a5:6d:ff:
38:f8:36:b4:9a:41:1e:66:24:bd:c6:24:3e:78:be:
37:08:92:f8:7f:dc:a6:02:df:32:24:06:bb:4b:09:
89:50:b3:56:ad:8c:0a:4d:98:5c:ab:ff:bf:69:1b:
9c:eb:96:70:7c:67:36:e1:d0:28:b6:4f:c2:96:86:
19:c3:fd:22:20:02:dd:9b:f2:86:97:5b:5d:a9:ca:
7b:f7:15:f4:59:cd:6c:87:af:ef:9b:a8:c6:24:72:
be:a9:77:9a:6a:5f:a4:0c:79:95:a9:b3:04:c1:9a:
64:c0:6f:17:01:41:d4:43:97:32:b1:c8:a1:fe:50:
29:ff:fa:13:48:eb:00:f1:96:22:20:ce:5c:51:ce:
e3:9e:e9:74:25:cb:eb:bb:aa:e7:30:e1:51:a3:6b:
29:4a:f1:6f:6a:0d:e8:4c:85:f6:e9:19:8f:0a:ee:
01:72:c7:e7:90:35:19:9f:28:3b:1b:b7:c6:cb:ad:
cd:fa:ac:f6:87:7f:42:c7:f7:01:59:1e:94:d5:95:
45:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:EB:0E:35:9A:0F:2A:CE:FA:AC:32:42:A2:C6:87:E3:0D:96:25:47
X509v3 Authority Key Identifier:
keyid:33:52:88:6A:83:94:F3:AC:F5:E6:35:E3:C4:75:6F:4D:0A:6E:45:E9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/M1KIaoOU86z15jXjxHVvTQpuRek.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M1KIaoOU86z15jXjxHVvTQpuRek.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B5AD4/11226B7E8F8A11EA9828C65DC4F9AE02/67A60C64441E11EB861F005AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
120.88.96.0/20
IPv6:
2406:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
66:fa:a0:98:a0:bb:60:0a:32:44:17:56:b5:14:59:1c:7d:97:
c3:29:e7:c9:33:f4:8d:fc:5d:10:f8:6c:b5:de:fa:7e:78:d4:
32:74:e6:5f:3a:63:e5:69:95:86:5b:4c:dd:8d:b5:6b:dc:f4:
53:0c:d1:db:c9:e6:5c:14:18:c3:14:2c:1b:1f:eb:42:1e:16:
64:cd:22:41:e9:a7:36:3f:c0:cf:7c:fa:20:da:46:8d:a0:3e:
46:cf:bc:01:5a:df:b3:df:24:c2:7e:d9:a8:62:4c:88:fb:4e:
a7:b2:b4:6a:eb:8b:0d:32:ee:c3:6a:3e:60:80:cd:ab:b3:a8:
03:09:b6:67:e5:df:e5:15:6c:86:a3:af:7b:c6:b4:0a:1d:74:
f9:59:1f:68:49:d0:76:9b:69:7c:55:27:dd:83:71:0c:0f:38:
10:ce:95:6b:f6:d2:f6:46:97:b4:33:4b:b9:af:64:b9:a1:a0:
ab:88:0d:83:2a:76:12:8d:ee:70:8a:ad:ad:10:72:14:b8:97:
49:a7:f0:a3:3d:5f:17:5e:ee:02:66:d2:c0:d0:1b:08:e0:b0:
17:f2:34:77:7c:30:1d:10:9f:3d:3d:c7:a1:41:c1:e0:d1:e4:
f2:02:b4:f6:c1:6a:46:7c:ff:c6:31:ed:d1:55:81:1d:f5:b4:
a0:d6:f4:82
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCTcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjVBRDQxMTAvBgNVBAUTKDMzNTI4ODZBODM5NEYzQUNGNUU2MzVFM0M0NzU2RjRE
MEE2RTQ1RTkwHhcNMjQxMjEyMTkzODM4WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzViM2JiZS0xZTQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0b4CKuRAwL9gATaNpUKi3Vrl1x+t2QzcjTCCYSROXNnu4AIrDjCnBpYR7Nxk
eWcePppbXLYrQyKlbf84+Da0mkEeZiS9xiQ+eL43CJL4f9ymAt8yJAa7SwmJULNW
rYwKTZhcq/+/aRuc65ZwfGc24dAotk/CloYZw/0iIALdm/KGl1tdqcp79xX0Wc1s
h6/vm6jGJHK+qXeaal+kDHmVqbMEwZpkwG8XAUHUQ5cyscih/lAp//oTSOsA8ZYi
IM5cUc7jnul0Jcvru6rnMOFRo2spSvFvag3oTIX26RmPCu4BcsfnkDUZnyg7G7fG
y63N+qz2h39Cx/cBWR6U1ZVFvQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFJDrDjWa
DyrO+qwyQqLGh+MNliVHMB8GA1UdIwQYMBaAFDNSiGqDlPOs9eY148R1b00KbkXp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNUFENC8xMTIyNkI3RThG
OEExMUVBOTgyOEM2NURDNEY5QUUwMi9NMUtJYW9PVTg2ejE1alhqeEhWdlRRcHVS
ZWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL00xS0lhb09VODZ6MTVqWGp4SFZ2VFFwdVJlay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjVBRDQvMTEyMjZCN0U4RjhBMTFFQTk4MjhDNjVEQzRGOUFFMDIvNjdBNjBDNjQ0
NDFFMTFFQjg2MUYwMDVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAR4WGAwDQQCAAIwBwMFACQG8MAwDQYJKoZIhvcNAQELBQAD
ggEBAGb6oJigu2AKMkQXVrUUWRx9l8Mp58kz9I38XRD4bLXe+n541DJ05l86Y+Vp
lYZbTN2NtWvc9FMM0dvJ5lwUGMMULBsf60IeFmTNIkHppzY/wM98+iDaRo2gPkbP
vAFa37PfJMJ+2ahiTIj7TqeytGrriw0y7sNqPmCAzauzqAMJtmfl3+UVbIajr3vG
tAoddPlZH2hJ0HabaXxVJ92DcQwPOBDOlWv20vZGl7QzS7mvZLmhoKuIDYMqdhKN
7nCKra0QchS4l0mn8KM9Xxde7gJm0sDQGwjgsBfyNHd8MB0Qnz09x6FBweDR5PIC
tPbBakZ8/8Yx7dFVgR31tKDW9II=
-----END CERTIFICATE-----
Generated at Tue Apr 8 08:40:30 2025 by rpki-client