Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
File: 2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa (raw, json)
Hash identifier: UPMMI0z9dONYJVSXshhS5irNO5vzpt7XsxFcM7ezWkc=
Subject key identifier: 50:CE:6F:F8:70:CD:A5:7B:59:9B:E9:45:99:25:CA:6E:5B:8B:CB:1F
Certificate issuer: /CN=A91E7363/serialNumber=A897C04DE12F0A6F59C1AD1509F0B209FA5438B3
Certificate serial: 3430
Authority key identifier: A8:97:C0:4D:E1:2F:0A:6F:59:C1:AD:15:09:F0:B2:09:FA:54:38:B3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
Signing time: Wed 29 May 2024 05:53:20 +0000
ROA not before: Wed 29 May 2024 05:53:20 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 9329
IP address blocks: 112.134.0.0/15 maxlen: 15
112.134.0.0/19 maxlen: 24
112.134.32.0/19 maxlen: 24
112.134.64.0/19 maxlen: 24
112.134.96.0/19 maxlen: 24
112.134.128.0/19 maxlen: 24
112.134.160.0/19 maxlen: 24
112.134.192.0/19 maxlen: 24
112.134.224.0/19 maxlen: 24
112.135.0.0/19 maxlen: 24
112.135.32.0/19 maxlen: 24
112.135.64.0/19 maxlen: 24
112.135.96.0/19 maxlen: 24
112.135.128.0/19 maxlen: 24
112.135.160.0/19 maxlen: 24
112.135.192.0/19 maxlen: 24
112.135.224.0/19 maxlen: 24
119.235.4.0/24 maxlen: 24
119.235.5.0/24 maxlen: 24
119.235.6.0/24 maxlen: 24
119.235.7.0/24 maxlen: 24
119.235.8.0/24 maxlen: 24
119.235.9.0/24 maxlen: 24
119.235.10.0/24 maxlen: 24
119.235.12.0/24 maxlen: 24
124.43.0.0/16 maxlen: 16
124.43.0.0/17 maxlen: 17
124.43.0.0/19 maxlen: 24
124.43.32.0/19 maxlen: 24
124.43.64.0/18 maxlen: 18
124.43.64.0/19 maxlen: 24
124.43.96.0/19 maxlen: 24
124.43.128.0/17 maxlen: 17
124.43.128.0/18 maxlen: 18
124.43.128.0/19 maxlen: 24
124.43.160.0/19 maxlen: 24
124.43.192.0/19 maxlen: 24
124.43.224.0/19 maxlen: 24
203.81.99.0/24 maxlen: 24
203.81.100.0/24 maxlen: 24
203.81.101.0/24 maxlen: 24
203.81.102.0/24 maxlen: 24
203.94.64.0/18 maxlen: 18
203.94.65.0/24 maxlen: 24
203.94.69.0/24 maxlen: 24
203.94.70.0/24 maxlen: 24
203.94.71.0/24 maxlen: 24
203.94.72.0/24 maxlen: 24
203.94.74.0/24 maxlen: 24
203.94.84.0/24 maxlen: 24
203.94.89.0/24 maxlen: 24
203.94.95.0/24 maxlen: 24
203.115.0.0/18 maxlen: 18
203.115.0.0/24 maxlen: 24
203.115.11.0/24 maxlen: 24
203.115.21.0/24 maxlen: 24
203.115.28.0/24 maxlen: 24
203.115.31.0/24 maxlen: 24
220.247.192.0/18 maxlen: 23
220.247.192.0/19 maxlen: 24
220.247.224.0/24 maxlen: 24
220.247.226.0/23 maxlen: 24
220.247.228.0/22 maxlen: 24
220.247.232.0/21 maxlen: 24
220.247.240.0/20 maxlen: 24
222.165.128.0/18 maxlen: 24
2402:d000::/32 maxlen: 40
2402:d000:20::/48 maxlen: 48
2402:d000:21::/48 maxlen: 48
2402:d000:140::/48 maxlen: 48
2402:d000:141::/48 maxlen: 48
2402:d000:142::/48 maxlen: 48
2402:d000:100c::/48 maxlen: 48
2402:d000:1060::/48 maxlen: 48
2402:d000:1064::/48 maxlen: 48
2402:d000:1068::/48 maxlen: 48
2402:d000:106c::/48 maxlen: 48
2402:d000:1074::/48 maxlen: 48
2402:d000:1088::/48 maxlen: 48
2402:d000:7000::/48 maxlen: 48
2402:d000:8100::/48 maxlen: 48
2402:d000:8104::/48 maxlen: 48
2402:d000:8108::/48 maxlen: 48
2402:d000:810c::/48 maxlen: 48
2402:d000:8110::/48 maxlen: 48
2402:d000:8114::/48 maxlen: 48
2402:d000:8118::/48 maxlen: 48
2402:d000:811c::/48 maxlen: 48
2402:d000:8120::/48 maxlen: 48
2402:d000:8124::/48 maxlen: 48
2402:d000:8128::/48 maxlen: 48
2402:d000:812c::/48 maxlen: 48
2402:d000:8130::/48 maxlen: 48
2402:d000:8134::/48 maxlen: 48
2402:d000:8138::/48 maxlen: 48
2402:d000:813c::/48 maxlen: 48
2402:d000:8140::/48 maxlen: 48
2402:d000:8f00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.crl
rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 21 Jun 2024 14:06:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13360 (0x3430)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E7363/serialNumber=A897C04DE12F0A6F59C1AD1509F0B209FA5438B3
Validity
Not Before: May 29 05:53:20 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=6656c2cf-1a9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:07:ae:53:b4:b3:4b:ce:fa:ae:ed:30:51:34:
62:29:c3:db:94:e2:bf:4d:e5:8c:d7:c0:76:dd:8e:
e5:a6:49:bf:aa:f1:eb:68:60:9b:dc:6e:cc:ec:1e:
15:c2:e0:71:28:41:ec:b7:1b:57:1a:83:f9:54:72:
33:f4:d9:25:b0:13:a5:55:c7:6f:ab:60:51:87:28:
a1:b2:6d:ca:2a:a7:9d:ed:dd:68:52:1b:e6:b1:d6:
eb:78:c4:d9:8f:90:21:93:5a:60:b7:11:05:94:9b:
9d:66:12:63:e4:be:46:ab:6d:53:c2:83:c6:63:7b:
fe:0f:4a:1a:9e:b4:eb:3f:61:b9:33:cd:97:f1:28:
1f:5a:8e:00:b6:3d:44:ff:c5:a0:31:71:9b:62:3c:
21:a5:bd:90:6e:bc:63:40:6b:ab:66:e3:45:5f:62:
81:c7:9e:e5:b3:35:2d:16:e8:67:c5:1d:39:0a:a3:
f5:51:fa:71:00:16:f6:f3:30:5b:d8:a7:e1:55:1d:
a3:c5:47:2f:73:da:7d:45:f7:f5:d3:62:56:7c:f0:
b3:72:e9:75:83:ee:0d:ca:8e:79:dd:48:0b:b9:b0:
60:0d:4e:54:cc:d6:3c:e0:5b:9d:43:a5:bc:2a:53:
bb:9a:4d:fb:62:a6:a7:56:83:54:75:6f:76:b7:e0:
89:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:CE:6F:F8:70:CD:A5:7B:59:9B:E9:45:99:25:CA:6E:5B:8B:CB:1F
X509v3 Authority Key Identifier:
keyid:A8:97:C0:4D:E1:2F:0A:6F:59:C1:AD:15:09:F0:B2:09:FA:54:38:B3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
112.134.0.0/15
119.235.4.0-119.235.10.255
119.235.12.0/24
124.43.0.0/16
203.81.99.0-203.81.102.255
203.94.64.0/18
203.115.0.0/18
220.247.192.0/18
222.165.128.0/18
IPv6:
2402:d000::/32
Signature Algorithm: sha256WithRSAEncryption
b4:9b:6d:1c:64:38:10:d4:6b:17:36:f2:59:87:98:3b:15:65:
21:fd:28:d6:70:1d:a1:07:f1:d5:6a:5a:ac:93:b9:21:73:08:
e5:04:05:41:1e:39:02:43:02:50:58:b1:be:af:ed:c4:05:33:
e6:14:69:1d:f7:e6:77:b3:05:ac:77:eb:2a:d2:b9:c3:05:4d:
78:ee:72:4f:d0:99:41:c2:e9:5d:aa:bc:57:e8:72:52:93:cb:
e1:46:1d:f2:48:c6:2d:12:5f:79:98:2a:c3:14:24:59:a0:4d:
2d:ab:8d:8d:50:3c:9b:0c:05:c5:5b:c2:6d:9c:81:6e:ef:f0:
97:4c:cb:7b:56:95:e9:b0:45:95:fa:32:a5:21:a7:c7:37:51:
17:de:32:04:2e:89:07:4f:47:ff:72:23:45:55:36:41:1b:f7:
e9:af:df:94:10:67:27:32:9f:ed:6b:da:c8:9d:21:c7:d7:a3:
37:56:91:48:71:c8:b2:93:1b:b1:18:ac:43:fb:a4:ce:da:71:
15:0b:c4:fb:d4:bc:cd:13:7d:34:29:55:bf:40:97:53:ee:72:
f8:03:04:25:6b:74:00:fc:33:ee:b0:4b:29:4a:11:4b:fd:bc:
a6:b7:89:f0:25:d1:36:74:92:8c:dd:00:97:a0:3e:bc:3d:d0:
25:e7:58:b4
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICNDAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTczNjMxMTAvBgNVBAUTKEE4OTdDMDRERTEyRjBBNkY1OUMxQUQxNTA5RjBCMjA5
RkE1NDM4QjMwHhcNMjQwNTI5MDU1MzIwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU2YzJjZi0xYTlmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuweuU7SzS876ru0wUTRiKcPblOK/TeWM18B23Y7lpkm/qvHraGCb3G7M7B4V
wuBxKEHstxtXGoP5VHIz9NklsBOlVcdvq2BRhyihsm3KKqed7d1oUhvmsdbreMTZ
j5Ahk1pgtxEFlJudZhJj5L5Gq21TwoPGY3v+D0oanrTrP2G5M82X8SgfWo4Atj1E
/8WgMXGbYjwhpb2QbrxjQGurZuNFX2KBx57lszUtFuhnxR05CqP1UfpxABb28zBb
2KfhVR2jxUcvc9p9Rff102JWfPCzcul1g+4Nyo553UgLubBgDU5UzNY84FudQ6W8
KlO7mk37YqanVoNUdW92t+CJkQIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFFDOb/hw
zaV7WZvpRZklym5bi8sfMB8GA1UdIwQYMBaAFKiXwE3hLwpvWcGtFQnwsgn6VDiz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNzM2My9GRjhCNEI2QzFE
ODQxMUUyOENEMzNEREIwOEIwMkNEMi9xSmZBVGVFdkNtOVp3YTBWQ2ZDeUNmcFVP
TE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FKZkFUZUV2Q205WndhMFZDZkN5Q2ZwVU9MTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTczNjMvRkY4QjRCNkMxRDg0MTFFMjhDRDMzRERCMDhCMDJDRDIvMkNERENBQjg2
OEFDMTFFREFBNkM4RjJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDAwFwhjAMAwQCd+sEAwQAd+sKAwQAd+sMAwMAfCswDAMEAMtR
YwMEAMtRZgMEBsteQAMEBstzAAMEBtz3wAMEBt6lgDANBAIAAjAHAwUAJALQADAN
BgkqhkiG9w0BAQsFAAOCAQEAtJttHGQ4ENRrFzbyWYeYOxVlIf0o1nAdoQfx1Wpa
rJO5IXMI5QQFQR45AkMCUFixvq/txAUz5hRpHffmd7MFrHfrKtK5wwVNeO5yT9CZ
QcLpXaq8V+hyUpPL4UYd8kjGLRJfeZgqwxQkWaBNLauNjVA8mwwFxVvCbZyBbu/w
l0zLe1aV6bBFlfoypSGnxzdRF94yBC6JB09H/3IjRVU2QRv36a/flBBnJzKf7Wva
yJ0hx9ejN1aRSHHIspMbsRisQ/ukztpxFQvE+9S8zRN9NClVv0CXU+5y+AMEJWt0
APwz7rBLKUoRS/28preJ8CXRNnSSjN0Al6A+vD3QJedYtA==
-----END CERTIFICATE-----
Generated at Fri Jun 14 15:17:05 2024 by rpki-client on console-ams.rpki-client.org