Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/84559BB01D4611EDBB06705BC4F9AE02.roa
File: 84559BB01D4611EDBB06705BC4F9AE02.roa (raw, json)
Hash identifier: nliRTAkVAtJ8FfxKEHQS9HqVovT0tZ32fPM48Sk/l8k=
Subject key identifier: 2F:E8:19:8A:56:EF:F0:32:00:8B:9F:4D:5B:AE:5C:16:B0:0F:A5:71
Certificate issuer: /CN=A91D462A/serialNumber=CF712CB389EE84DA19CA981DE630F509FF44CD45
Certificate serial: 19DF
Authority key identifier: CF:71:2C:B3:89:EE:84:DA:19:CA:98:1D:E6:30:F5:09:FF:44:CD:45
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3Ess4nuhNoZypgd5jD1Cf9EzUU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/84559BB01D4611EDBB06705BC4F9AE02.roa
Signing time: Wed 04 Dec 2024 16:24:09 +0000
ROA not before: Wed 04 Dec 2024 16:24:09 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 9484
IP address blocks: 45.117.32.0/22 maxlen: 22
45.117.32.0/24 maxlen: 24
45.117.33.0/24 maxlen: 24
45.117.34.0/24 maxlen: 24
45.117.35.0/24 maxlen: 24
202.21.96.0/19 maxlen: 19
202.21.96.0/24 maxlen: 24
202.21.97.0/24 maxlen: 24
202.21.98.0/24 maxlen: 24
202.21.99.0/24 maxlen: 24
202.21.100.0/24 maxlen: 24
202.21.101.0/24 maxlen: 24
202.21.102.0/24 maxlen: 24
202.21.103.0/24 maxlen: 24
202.21.104.0/24 maxlen: 24
202.21.105.0/24 maxlen: 24
202.21.106.0/24 maxlen: 24
202.21.107.0/24 maxlen: 24
202.21.108.0/24 maxlen: 24
202.21.109.0/24 maxlen: 24
202.21.110.0/24 maxlen: 24
202.21.111.0/24 maxlen: 24
202.21.112.0/24 maxlen: 24
202.21.113.0/24 maxlen: 24
202.21.114.0/24 maxlen: 24
202.21.115.0/24 maxlen: 24
202.21.116.0/24 maxlen: 24
202.21.117.0/24 maxlen: 24
202.21.118.0/24 maxlen: 24
202.21.119.0/24 maxlen: 24
202.21.120.0/24 maxlen: 24
202.21.121.0/24 maxlen: 24
202.21.122.0/23 maxlen: 24
202.21.124.0/22 maxlen: 22
202.21.124.0/24 maxlen: 24
202.21.125.0/24 maxlen: 24
202.21.126.0/24 maxlen: 24
202.21.127.0/24 maxlen: 24
202.126.92.0/22 maxlen: 24
202.131.224.0/19 maxlen: 19
202.131.224.0/24 maxlen: 24
202.131.225.0/24 maxlen: 24
202.131.226.0/24 maxlen: 24
202.131.227.0/24 maxlen: 24
202.131.228.0/24 maxlen: 24
202.131.229.0/24 maxlen: 24
202.131.230.0/24 maxlen: 24
202.131.231.0/24 maxlen: 24
202.131.232.0/24 maxlen: 24
202.131.233.0/24 maxlen: 24
202.131.234.0/24 maxlen: 24
202.131.235.0/24 maxlen: 24
202.131.236.0/24 maxlen: 24
202.131.237.0/24 maxlen: 24
202.131.238.0/24 maxlen: 24
202.131.239.0/24 maxlen: 24
202.131.240.0/24 maxlen: 24
202.131.241.0/24 maxlen: 24
202.131.242.0/24 maxlen: 24
202.131.243.0/24 maxlen: 24
202.131.244.0/24 maxlen: 24
202.131.245.0/24 maxlen: 24
202.131.246.0/24 maxlen: 24
202.131.247.0/24 maxlen: 24
202.131.248.0/24 maxlen: 24
202.131.249.0/24 maxlen: 24
202.131.250.0/24 maxlen: 24
202.131.251.0/24 maxlen: 24
202.131.252.0/24 maxlen: 24
202.131.253.0/24 maxlen: 24
202.131.254.0/24 maxlen: 24
202.131.255.0/24 maxlen: 24
2407:6400::/32 maxlen: 48
2407:6400:400:700::/56 maxlen: 56
2407:6400:400:800::/56 maxlen: 56
2407:6400:400:900::/56 maxlen: 56
2407:6400:400:1000::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/z3Ess4nuhNoZypgd5jD1Cf9EzUU.crl
rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/z3Ess4nuhNoZypgd5jD1Cf9EzUU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3Ess4nuhNoZypgd5jD1Cf9EzUU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 23 Apr 2025 16:23:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6623 (0x19df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D462A, serialNumber=CF712CB389EE84DA19CA981DE630F509FF44CD45
Validity
Not Before: Dec 4 16:24:09 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=67508229-7c73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:97:6b:53:88:8c:1e:df:ad:27:85:13:2e:18:
1b:f7:0f:66:91:d2:87:03:9f:ad:3c:9a:68:70:2d:
c7:6a:b6:7e:bc:cf:a6:9c:7b:dd:a2:16:29:e7:6d:
1d:5c:29:e4:ae:ac:b7:77:30:c7:4e:ee:7a:7e:3c:
04:f8:b6:7e:5a:57:f3:62:8a:04:58:26:df:64:fd:
22:86:52:c1:88:b2:7f:77:15:08:7c:7a:95:54:2e:
b1:76:c6:7e:09:d5:af:32:71:5c:c8:3f:cd:72:85:
80:15:53:dd:68:1c:8c:4b:26:ad:41:bd:06:29:0a:
4b:f1:4d:55:55:ee:8a:78:49:97:38:28:8b:3e:d5:
1c:d9:14:58:1d:56:a9:e1:ad:73:ea:74:23:60:ef:
fa:5f:75:d4:6d:1d:78:ca:f2:47:95:58:a5:a3:cf:
2e:e5:3a:14:23:4c:63:b0:15:8d:2a:80:0e:ed:ff:
14:98:98:4a:12:75:ba:fd:2b:df:37:a7:06:2c:16:
e1:65:5d:33:29:b1:aa:c7:3c:5f:b7:13:c2:c9:f2:
4e:23:4e:0b:f0:8c:21:b1:57:3a:62:b0:46:c3:f7:
c0:72:79:a6:72:7b:8e:28:bc:95:a0:aa:50:e6:95:
0f:11:d6:34:65:82:54:b6:c7:dc:24:cc:04:29:50:
0e:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:E8:19:8A:56:EF:F0:32:00:8B:9F:4D:5B:AE:5C:16:B0:0F:A5:71
X509v3 Authority Key Identifier:
keyid:CF:71:2C:B3:89:EE:84:DA:19:CA:98:1D:E6:30:F5:09:FF:44:CD:45
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/z3Ess4nuhNoZypgd5jD1Cf9EzUU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3Ess4nuhNoZypgd5jD1Cf9EzUU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/84559BB01D4611EDBB06705BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.117.32.0/22
202.21.96.0/19
202.126.92.0/22
202.131.224.0/19
IPv6:
2407:6400::/32
Signature Algorithm: sha256WithRSAEncryption
60:85:5d:52:75:6f:49:f1:0c:08:dc:6d:8f:63:b6:7f:ce:55:
1f:10:22:7b:f4:01:d5:15:a8:19:4b:2d:ba:ec:f3:8b:30:af:
70:d7:d8:55:87:a9:ad:3f:87:88:cc:2d:7f:9c:e8:f7:dd:0b:
b0:23:19:52:cd:f4:03:b9:f9:97:19:24:57:59:bb:1b:bd:ed:
f1:01:d5:9f:db:2b:92:8d:c1:19:da:4d:3b:af:90:22:7c:35:
ef:c0:9a:18:76:3d:ea:8b:dd:61:77:ea:fd:51:36:02:6c:38:
79:fb:cf:4e:76:1f:d2:dc:d6:c8:ca:c8:1c:ff:22:9e:0b:65:
cf:7d:36:08:72:b1:e1:12:49:1a:a7:77:6b:2a:29:24:33:60:
9c:23:1e:32:53:2b:ed:a4:33:63:bc:e7:06:47:a1:4e:5f:a3:
18:60:b6:c6:34:20:90:af:f8:b0:67:fb:07:7e:f9:66:15:d8:
7b:07:ac:2b:74:a4:40:a4:8d:56:09:71:e5:8c:b3:57:d0:07:
cd:05:dc:c3:b4:27:7e:24:d1:fe:3b:28:17:b5:53:be:a1:7d:
c7:67:9e:63:c7:2c:32:66:90:84:98:2b:49:17:a0:01:b1:30:
cd:de:09:5a:6a:0c:ec:af:a8:5a:ce:ac:17:74:be:de:e8:c1:
91:0e:de:36
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICGd8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQ2MkExMTAvBgNVBAUTKENGNzEyQ0IzODlFRTg0REExOUNBOTgxREU2MzBGNTA5
RkY0NENENDUwHhcNMjQxMjA0MTYyNDA5WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzUwODIyOS03YzczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzpdrU4iMHt+tJ4UTLhgb9w9mkdKHA5+tPJpocC3HarZ+vM+mnHvdohYp520d
XCnkrqy3dzDHTu56fjwE+LZ+WlfzYooEWCbfZP0ihlLBiLJ/dxUIfHqVVC6xdsZ+
CdWvMnFcyD/NcoWAFVPdaByMSyatQb0GKQpL8U1VVe6KeEmXOCiLPtUc2RRYHVap
4a1z6nQjYO/6X3XUbR14yvJHlVilo88u5ToUI0xjsBWNKoAO7f8UmJhKEnW6/Svf
N6cGLBbhZV0zKbGqxzxftxPCyfJOI04L8IwhsVc6YrBGw/fAcnmmcnuOKLyVoKpQ
5pUPEdY0ZYJUtsfcJMwEKVAOLwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFC/oGYpW
7/AyAIufTVuuXBawD6VxMB8GA1UdIwQYMBaAFM9xLLOJ7oTaGcqYHeYw9Qn/RM1F
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDYyQS80Q0JEM0Y4NDUw
RDUxMUU3OTMxM0FFMTJDNEY5QUUwMi96M0VzczRudWhOb1p5cGdkNWpEMUNmOUV6
VVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ozRXNzNG51aE5vWnlwZ2Q1akQxQ2Y5RXpVVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQ2MkEvNENCRDNGODQ1MEQ1MTFFNzkzMTNBRTEyQzRGOUFFMDIvODQ1NTlCQjAx
RDQ2MTFFREJCMDY3MDVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAItdSADBAXKFWADBALKflwDBAXKg+AwDQQCAAIwBwMFACQH
ZAAwDQYJKoZIhvcNAQELBQADggEBAGCFXVJ1b0nxDAjcbY9jtn/OVR8QInv0AdUV
qBlLLbrs84swr3DX2FWHqa0/h4jMLX+c6PfdC7AjGVLN9AO5+ZcZJFdZuxu97fEB
1Z/bK5KNwRnaTTuvkCJ8Ne/Amhh2PeqL3WF36v1RNgJsOHn7z052H9Lc1sjKyBz/
Ip4LZc99NghyseESSRqnd2sqKSQzYJwjHjJTK+2kM2O85wZHoU5foxhgtsY0IJCv
+LBn+wd++WYV2HsHrCt0pECkjVYJceWMs1fQB80F3MO0J34k0f47KBe1U76hfcdn
nmPHLDJmkISYK0kXoAGxMM3eCVpqDOyvqFrOrBd0vt7owZEO3jY=
-----END CERTIFICATE-----
Generated at Thu Apr 17 15:04:12 2025 by rpki-client