Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/9908BDDE1CAA11EF80E3BB87C4F9AE02.roa
File: 9908BDDE1CAA11EF80E3BB87C4F9AE02.roa (raw, json)
Hash identifier: AICX9y8wbsNvicm9cDH6zrAHQD3slGc0I+Lc9CGXhmg=
Subject key identifier: 40:96:D8:29:BF:9E:89:2A:E2:8B:A0:17:64:4F:27:C7:D0:24:9B:A0
Certificate issuer: /CN=A91DC2A9/serialNumber=3F996261AB3D1EF041661B3AEF7D8932B5702637
Certificate serial: A5
Authority key identifier: 3F:99:62:61:AB:3D:1E:F0:41:66:1B:3A:EF:7D:89:32:B5:70:26:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P5liYas9HvBBZhs6732JMrVwJjc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/9908BDDE1CAA11EF80E3BB87C4F9AE02.roa
Signing time: Tue 28 May 2024 04:27:31 +0000
ROA not before: Tue 28 May 2024 04:27:31 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 7477
IP address blocks: 103.206.236.0/22 maxlen: 24
114.129.160.0/20 maxlen: 24
114.129.176.0/21 maxlen: 24
180.181.128.0/19 maxlen: 24
210.16.68.0/22 maxlen: 24
2401:a400::/32 maxlen: 32
2401:a400:100::/40 maxlen: 40
2401:a400:200::/40 maxlen: 40
2401:a400:300::/40 maxlen: 40
2401:a400:400::/40 maxlen: 40
2401:a400:500::/40 maxlen: 40
2401:a400:2000::/36 maxlen: 36
2401:a400:3000::/36 maxlen: 36
2401:a400:4000::/36 maxlen: 36
2401:a400:5000::/36 maxlen: 36
2401:a400:6000::/36 maxlen: 36
2401:a400:7000::/36 maxlen: 36
2401:a400:c200::/40 maxlen: 40
2401:a400:c300::/40 maxlen: 40
2401:a400:c400::/40 maxlen: 40
2401:a400:c500::/40 maxlen: 40
2401:a400:c600::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/P5liYas9HvBBZhs6732JMrVwJjc.crl
rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/P5liYas9HvBBZhs6732JMrVwJjc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P5liYas9HvBBZhs6732JMrVwJjc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 30 Nov 2024 02:50:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 165 (0xa5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DC2A9/serialNumber=3F996261AB3D1EF041661B3AEF7D8932B5702637
Validity
Not Before: May 28 04:27:31 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=66555d33-e10e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:40:da:d0:9e:41:76:d1:4b:ee:d8:4b:75:ac:
8e:80:74:7a:76:69:99:61:ba:23:65:7b:4b:a3:87:
07:93:ac:9e:38:94:27:41:0b:30:b7:a6:d4:e0:94:
ca:9e:6d:00:ff:be:df:e3:97:22:d0:ce:a7:a8:f7:
7d:ab:ec:49:f4:86:96:dd:d4:dc:7b:01:e9:7d:f1:
9a:bc:e7:78:bf:db:a3:42:ea:24:d2:75:dd:58:00:
73:8e:70:82:b1:ac:75:62:e9:e1:fc:d7:b4:ec:90:
12:57:bc:5e:bf:c2:26:30:f3:f4:a2:30:03:f3:3b:
6a:71:ee:a2:db:59:50:3e:9f:b6:c9:7e:ed:0b:b0:
6f:ba:1d:68:41:a8:fe:40:b2:ff:22:fc:1f:43:e4:
5f:70:51:f2:e7:26:c0:2a:ba:8b:7a:ac:98:25:66:
ba:87:00:df:c9:89:e8:c8:82:61:c2:47:15:aa:a8:
eb:6a:2f:84:1e:29:9b:13:d8:80:66:a9:42:4a:ef:
7b:2c:b1:4d:a2:4c:1b:ed:d3:b4:c1:db:d5:93:d9:
59:54:20:7e:d0:8a:cd:2b:0a:b2:26:0b:d0:0d:23:
19:7e:a2:82:00:b0:5c:be:c4:be:f8:7c:67:ac:ac:
68:16:2c:d4:f0:af:c9:24:b1:d4:5b:99:51:f3:3f:
a6:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:96:D8:29:BF:9E:89:2A:E2:8B:A0:17:64:4F:27:C7:D0:24:9B:A0
X509v3 Authority Key Identifier:
keyid:3F:99:62:61:AB:3D:1E:F0:41:66:1B:3A:EF:7D:89:32:B5:70:26:37
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/P5liYas9HvBBZhs6732JMrVwJjc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P5liYas9HvBBZhs6732JMrVwJjc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/9908BDDE1CAA11EF80E3BB87C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.206.236.0/22
114.129.160.0-114.129.183.255
180.181.128.0/19
210.16.68.0/22
IPv6:
2401:a400::/32
Signature Algorithm: sha256WithRSAEncryption
3e:8e:da:03:eb:38:b6:9e:80:22:d2:dd:27:b9:3e:a7:02:3f:
27:23:c0:ea:65:f3:4c:bd:98:a1:d3:68:e0:8a:66:2b:17:a7:
c6:d3:27:03:8f:85:79:38:f1:57:b2:c6:bd:59:2c:20:c0:0c:
9b:85:9a:2c:c9:cd:4d:55:d5:ba:f6:22:9b:3d:d2:35:4e:31:
6d:b5:6e:58:82:b5:10:f1:27:3f:33:05:97:80:e9:65:01:d4:
b3:42:7c:a2:b9:7d:80:6c:c9:69:29:65:dd:29:b9:20:23:ed:
31:25:4c:89:5e:94:01:4f:13:5d:3e:05:4e:4b:03:58:21:6a:
c7:80:38:1a:e9:fb:db:0b:e7:0a:48:c8:a8:3d:55:5f:f6:1a:
15:63:6a:6f:ea:43:0c:fe:83:74:b9:fe:38:d2:7c:5e:bf:df:
fa:5b:4d:5b:a4:7f:7d:94:16:a7:1e:52:10:3d:01:93:a5:0a:
c5:fd:05:01:33:d5:19:84:dd:54:f5:92:52:14:0a:00:13:9c:
af:ad:d2:6d:3c:0b:69:49:37:d7:90:9a:56:2e:0f:f5:0f:c9:
f5:e0:91:f8:be:61:97:1a:7d:e3:21:9c:32:44:a1:26:aa:c5:
91:03:ea:93:6d:d9:eb:04:9e:f7:5c:fa:13:52:17:af:51:ad:
39:2a:34:87
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICAKUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REMyQTkxMTAvBgNVBAUTKDNGOTk2MjYxQUIzRDFFRjA0MTY2MUIzQUVGN0Q4OTMy
QjU3MDI2MzcwHhcNMjQwNTI4MDQyNzMxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU1NWQzMy1lMTBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvUDa0J5BdtFL7thLdayOgHR6dmmZYbojZXtLo4cHk6yeOJQnQQswt6bU4JTK
nm0A/77f45ci0M6nqPd9q+xJ9IaW3dTcewHpffGavOd4v9ujQuok0nXdWABzjnCC
sax1Yunh/Ne07JASV7xev8ImMPP0ojAD8ztqce6i21lQPp+2yX7tC7Bvuh1oQaj+
QLL/IvwfQ+RfcFHy5ybAKrqLeqyYJWa6hwDfyYnoyIJhwkcVqqjrai+EHimbE9iA
ZqlCSu97LLFNokwb7dO0wdvVk9lZVCB+0IrNKwqyJgvQDSMZfqKCALBcvsS++Hxn
rKxoFizU8K/JJLHUW5lR8z+mGwIDAQABo4ICvjCCArowHQYDVR0OBBYEFECW2Cm/
nokq4ougF2RPJ8fQJJugMB8GA1UdIwQYMBaAFD+ZYmGrPR7wQWYbOu99iTK1cCY3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzJBOS9EOEREQzFBNjM0
QzYxMUVFQjRFQkIwNzBDNEY5QUUwMi9QNWxpWWFzOUh2QkJaaHM2NzMySk1yVndK
amMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1A1bGlZYXM5SHZCQlpoczY3MzJKTXJWd0pqYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REMyQTkvRDhEREMxQTYzNEM2MTFFRUI0RUJCMDcwQzRGOUFFMDIvOTkwOEJEREUx
Q0FBMTFFRjgwRTNCQjg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MCYEAgABMCADBAJnzuwwDAMEBXKBoAMEA3KBsAMEBbS1gAMEAtIQRDANBAIA
AjAHAwUAJAGkADANBgkqhkiG9w0BAQsFAAOCAQEAPo7aA+s4tp6AItLdJ7k+pwI/
JyPA6mXzTL2YodNo4IpmKxenxtMnA4+FeTjxV7LGvVksIMAMm4WaLMnNTVXVuvYi
mz3SNU4xbbVuWIK1EPEnPzMFl4DpZQHUs0J8orl9gGzJaSll3Sm5ICPtMSVMiV6U
AU8TXT4FTksDWCFqx4A4Gun72wvnCkjIqD1VX/YaFWNqb+pDDP6DdLn+ONJ8Xr/f
+ltNW6R/fZQWpx5SED0Bk6UKxf0FATPVGYTdVPWSUhQKABOcr63SbTwLaUk315Ca
Vi4P9Q/J9eCR+L5hlxp94yGcMkShJqrFkQPqk23Z6wSe91z6E1IXr1GtOSo0hw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:59 2024 by rpki-client on console-fra.rpki-client.org