Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
File: 843F754669EA11EE90D6585BC4F9AE02.roa (raw, json)
Hash identifier: dOPINm+X0a/7qz4DJTOmc8jtnH9q3I2oFG16VAh92xI=
Subject key identifier: DF:CA:39:85:58:50:95:C3:57:EB:B0:49:C5:F4:26:A9:C8:DE:54:12
Certificate issuer: /CN=A91BA9CE/serialNumber=E9690BBB9F36C09D4C2ED4F66CF55DC35275FB72
Certificate serial: 0BCC
Authority key identifier: E9:69:0B:BB:9F:36:C0:9D:4C:2E:D4:F6:6C:F5:5D:C3:52:75:FB:72
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
Signing time: Sat 08 Jun 2024 19:34:00 +0000
ROA not before: Sat 08 Jun 2024 19:34:00 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 132829
IP address blocks: 43.239.100.0/24 maxlen: 24
103.248.132.0/24 maxlen: 24
103.248.133.0/24 maxlen: 24
103.248.134.0/23 maxlen: 24
2406:f900::/32 maxlen: 32
2406:f900::/48 maxlen: 48
2406:f900:1::/48 maxlen: 48
2406:f900:2::/48 maxlen: 48
2406:f900:3::/48 maxlen: 48
2406:f900:4::/48 maxlen: 48
2406:f900:5::/48 maxlen: 48
2406:f900:6::/48 maxlen: 48
2406:f900:7::/48 maxlen: 48
2406:f900:8::/48 maxlen: 48
2406:f900:9::/48 maxlen: 48
2406:f900:14::/48 maxlen: 48
2406:f900:15::/48 maxlen: 48
2406:f900:16::/48 maxlen: 48
2406:f900:17::/48 maxlen: 48
2406:f900:18::/48 maxlen: 48
2406:f900:19::/48 maxlen: 48
2406:f900:1a::/48 maxlen: 48
2406:f900:1b::/48 maxlen: 48
2406:f900:1c::/48 maxlen: 48
2406:f900:1d::/48 maxlen: 48
2406:f900:28::/48 maxlen: 48
2406:f900:29::/48 maxlen: 48
2406:f900:2a::/48 maxlen: 48
2406:f900:2b::/48 maxlen: 48
2406:f900:2c::/48 maxlen: 48
2406:f900:2d::/48 maxlen: 48
2406:f900:2e::/48 maxlen: 48
2406:f900:2f::/48 maxlen: 48
2406:f900:30::/48 maxlen: 48
2406:f900:31::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.crl
rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 18:28:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3020 (0xbcc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BA9CE
Validity
Not Before: Jun 8 19:34:00 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=6664b228-e5be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:c8:1e:44:54:3c:78:5e:14:72:ee:55:ef:e1:
f2:10:43:78:8a:c4:01:93:cc:99:40:79:fd:97:d1:
94:95:0e:bf:e1:9c:53:83:29:b5:4f:f5:c6:6d:04:
ec:8b:72:df:6b:4e:78:ea:e6:89:82:70:19:26:01:
58:c6:66:43:c6:0c:14:a5:d8:94:8a:fa:25:38:06:
7d:e4:7f:48:79:32:1a:d4:85:be:c4:f9:bc:f9:5c:
2d:1d:73:fc:2e:32:c1:56:d1:ba:21:89:bc:e6:47:
a4:8d:fa:e3:23:26:ca:4d:06:30:32:e5:44:74:7f:
c5:e6:42:fb:a2:f6:19:0e:16:82:44:45:fb:5b:4c:
83:f1:5b:41:a8:0c:7f:ea:8d:2a:04:98:f7:f6:d9:
ce:b1:6a:77:ca:ad:21:28:0c:cc:20:5f:a7:17:de:
cc:bd:e5:44:d5:d2:6c:d9:63:6d:7d:e2:28:35:c1:
85:be:e7:a3:d5:15:5e:7b:96:50:52:3b:af:18:b7:
f3:a1:d2:22:16:58:31:8f:b2:6d:1e:a4:5d:4a:3e:
50:54:65:9a:9f:90:90:f1:57:78:e5:6a:df:6a:1e:
06:e1:3d:f5:32:6e:67:fc:ff:ef:40:53:38:33:32:
c5:51:0a:ec:14:83:26:c8:70:40:44:52:64:1c:a3:
91:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:CA:39:85:58:50:95:C3:57:EB:B0:49:C5:F4:26:A9:C8:DE:54:12
X509v3 Authority Key Identifier:
keyid:E9:69:0B:BB:9F:36:C0:9D:4C:2E:D4:F6:6C:F5:5D:C3:52:75:FB:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.100.0/24
103.248.132.0/22
IPv6:
2406:f900::/32
Signature Algorithm: sha256WithRSAEncryption
8e:72:72:24:63:50:e2:2c:29:00:04:d4:07:24:73:93:3e:4e:
97:0d:db:f6:a3:91:ed:38:6e:dc:4d:9b:3b:9a:1f:b9:da:93:
6c:c2:90:55:31:4e:de:a4:bb:55:91:20:85:fe:db:c8:52:58:
b6:1f:9a:de:88:54:95:56:d5:58:11:ef:d6:09:5d:3a:6e:16:
20:07:2c:db:25:57:c7:6b:ae:6e:f8:65:39:1b:bc:19:e1:4d:
55:48:ca:9e:47:92:e5:8a:1d:9b:da:b0:bf:67:f0:da:b8:4a:
72:ec:ac:5a:d8:6a:40:f4:09:2c:5f:94:46:e5:c1:bc:d2:e8:
37:63:94:ee:4d:30:c2:9d:bf:d0:57:9b:0f:48:63:be:91:28:
1f:98:88:14:4b:39:4a:74:7a:a4:a1:76:e6:f0:e4:ee:15:79:
44:7a:12:2d:e5:ca:f8:ee:42:7e:ce:94:b8:2b:3c:69:1f:f1:
68:88:61:b8:53:9c:79:10:0c:b8:43:84:0b:ec:d1:08:54:3d:
1d:93:59:c6:d3:dd:ca:43:2b:7d:e1:ff:5b:75:ce:4a:88:ee:
5e:96:ef:ab:76:d1:45:36:d4:cf:b5:ab:f2:c7:29:bb:a6:3c:
c8:16:ef:06:c9:fd:d5:53:b7:4e:1b:89:0c:a9:52:08:9b:f9:
36:90:8b:45
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICC8wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkE5Q0UxMTAvBgNVBAUTKEU5NjkwQkJCOUYzNkMwOUQ0QzJFRDRGNjZDRjU1REMz
NTI3NUZCNzIwHhcNMjQwNjA4MTkzNDAwWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjY0YjIyOC1lNWJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArMgeRFQ8eF4Ucu5V7+HyEEN4isQBk8yZQHn9l9GUlQ6/4ZxTgym1T/XGbQTs
i3Lfa0546uaJgnAZJgFYxmZDxgwUpdiUivolOAZ95H9IeTIa1IW+xPm8+VwtHXP8
LjLBVtG6IYm85kekjfrjIybKTQYwMuVEdH/F5kL7ovYZDhaCREX7W0yD8VtBqAx/
6o0qBJj39tnOsWp3yq0hKAzMIF+nF97MveVE1dJs2WNtfeIoNcGFvuej1RVee5ZQ
UjuvGLfzodIiFlgxj7JtHqRdSj5QVGWan5CQ8Vd45Wrfah4G4T31Mm5n/P/vQFM4
MzLFUQrsFIMmyHBARFJkHKORoQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFN/KOYVY
UJXDV+uwScX0JqnI3lQSMB8GA1UdIwQYMBaAFOlpC7ufNsCdTC7U9mz1XcNSdfty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQTlDRS81NEYxNURBNDAx
MTExMUVBQkQ0RjBBNDlDNEY5QUUwMi82V2tMdTU4MndKMU1MdFQyYlBWZHcxSjEt
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZXa0x1NTgyd0oxTUx0VDJiUFZkdzFKMS0zSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkE5Q0UvNTRGMTVEQTQwMTExMTFFQUJENEYwQTQ5QzRGOUFFMDIvODQzRjc1NDY2
OUVBMTFFRTkwRDY1ODVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAAr72QDBAJn+IQwDQQCAAIwBwMFACQG+QAwDQYJKoZIhvcN
AQELBQADggEBAI5yciRjUOIsKQAE1Ackc5M+TpcN2/ajke04btxNmzuaH7nak2zC
kFUxTt6ku1WRIIX+28hSWLYfmt6IVJVW1VgR79YJXTpuFiAHLNslV8drrm74ZTkb
vBnhTVVIyp5HkuWKHZvasL9n8Nq4SnLsrFrYakD0CSxflEblwbzS6DdjlO5NMMKd
v9BXmw9IY76RKB+YiBRLOUp0eqShdubw5O4VeUR6Ei3lyvjuQn7OlLgrPGkf8WiI
YbhTnHkQDLhDhAvs0QhUPR2TWcbT3cpDK33h/1t1zkqI7l6W76t20UU21M+1q/LH
KbumPMgW7wbJ/dVTt04biQypUgib+TaQi0U=
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:12:39 2025 by rpki-client