Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/3E8B52A4C34F11EE8EFD7916C4F9AE02.roa
File: 3E8B52A4C34F11EE8EFD7916C4F9AE02.roa (raw, json)
Hash identifier: oqMHpsgiS0VaQQyUF5jNfEMEsHe0f7IvP4IJn3ymNZg=
Subject key identifier: B3:03:15:92:19:A3:3E:CD:55:CC:22:EB:EF:B3:B5:6F:30:A2:49:F9
Certificate issuer: /CN=A911C5B0/serialNumber=7A961769549E0AAD0A9BF9925683BAEF733A2F1A
Certificate serial: 3437
Authority key identifier: 7A:96:17:69:54:9E:0A:AD:0A:9B:F9:92:56:83:BA:EF:73:3A:2F:1A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/3E8B52A4C34F11EE8EFD7916C4F9AE02.roa
Signing time: Tue 30 Jul 2024 14:50:19 +0000
ROA not before: Tue 30 Jul 2024 14:50:19 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 4741
IP address blocks: 203.149.0.0/18 maxlen: 18
203.149.0.0/19 maxlen: 19
203.149.0.0/20 maxlen: 20
203.149.0.0/22 maxlen: 22
203.149.0.0/24 maxlen: 24
203.149.6.0/24 maxlen: 24
203.149.8.0/24 maxlen: 24
203.149.10.0/24 maxlen: 24
203.149.16.0/20 maxlen: 20
203.149.20.0/24 maxlen: 24
203.149.21.0/24 maxlen: 24
203.149.29.0/24 maxlen: 24
203.149.31.0/24 maxlen: 24
203.149.32.0/19 maxlen: 19
203.149.32.0/24 maxlen: 24
203.149.37.0/24 maxlen: 24
203.149.38.0/24 maxlen: 24
203.149.44.0/24 maxlen: 24
203.149.45.0/24 maxlen: 24
203.149.46.0/23 maxlen: 23
203.149.48.0/20 maxlen: 20
203.149.62.0/24 maxlen: 24
210.246.64.0/18 maxlen: 18
210.246.64.0/19 maxlen: 19
210.246.64.0/20 maxlen: 20
210.246.80.0/20 maxlen: 20
210.246.96.0/19 maxlen: 19
210.246.96.0/20 maxlen: 20
210.246.112.0/20 maxlen: 20
210.246.128.0/17 maxlen: 17
210.246.128.0/18 maxlen: 18
210.246.128.0/20 maxlen: 20
210.246.144.0/20 maxlen: 20
210.246.150.0/24 maxlen: 24
210.246.151.0/24 maxlen: 24
210.246.152.0/24 maxlen: 24
210.246.154.0/24 maxlen: 24
210.246.176.0/20 maxlen: 20
210.246.192.0/18 maxlen: 18
210.246.192.0/20 maxlen: 20
210.246.253.0/24 maxlen: 24
2403:c000::/32 maxlen: 32
2403:c000:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.crl
rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 14:22:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13367 (0x3437)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911C5B0/serialNumber=7A961769549E0AAD0A9BF9925683BAEF733A2F1A
Validity
Not Before: Jul 30 14:50:19 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a8fdab-d2b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:19:f5:91:3f:fb:e6:7a:25:b3:97:60:58:d2:
e5:23:45:f1:70:88:a8:81:0f:85:21:88:54:d8:3d:
e9:ba:2d:b3:b1:b5:9e:23:ae:17:5e:8a:86:3b:05:
f6:61:ca:d9:74:d8:b0:fb:6f:8d:b1:1a:9e:61:9e:
bc:ff:b6:59:58:d1:69:e7:29:d3:c7:ae:ec:a2:c5:
5a:16:0b:fc:c8:5e:a2:9a:71:4b:db:f4:29:ac:57:
86:5b:18:d0:6f:bf:a2:eb:84:71:2a:4a:72:b1:ca:
1b:61:09:a9:be:33:78:11:80:1f:e3:13:45:4b:40:
8d:99:1c:7e:3a:b2:98:c3:96:1f:f0:33:88:b6:c8:
1c:46:57:ec:d6:c6:c0:93:f9:ac:53:29:6d:40:6c:
a7:19:44:d3:16:27:38:98:a0:0c:c1:49:ea:22:80:
97:05:03:31:a7:07:a6:6c:90:b4:f4:7d:86:df:63:
b9:d8:ab:c5:55:6a:89:27:b6:84:d6:2e:6c:03:ec:
2c:0f:ff:16:29:b3:e9:c6:11:95:2f:b4:99:8c:fe:
50:db:68:94:15:31:c4:53:ef:1a:b9:bd:46:22:e0:
a2:68:7d:8b:80:d4:ac:59:0a:ab:6c:74:50:5c:37:
4a:03:dc:00:43:58:ec:89:fd:c0:22:a7:0e:3c:8b:
e7:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:03:15:92:19:A3:3E:CD:55:CC:22:EB:EF:B3:B5:6F:30:A2:49:F9
X509v3 Authority Key Identifier:
keyid:7A:96:17:69:54:9E:0A:AD:0A:9B:F9:92:56:83:BA:EF:73:3A:2F:1A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/epYXaVSeCq0Km_mSVoO673M6Lxo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/epYXaVSeCq0Km_mSVoO673M6Lxo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C5B0/40C8D5A61D8311E2823A5FD808B02CD2/3E8B52A4C34F11EE8EFD7916C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.149.0.0/18
210.246.64.0-210.246.255.255
IPv6:
2403:c000::/32
Signature Algorithm: sha256WithRSAEncryption
0f:88:fd:9d:18:f3:b3:79:25:37:b8:fb:e8:8d:1a:cb:73:65:
e4:31:d0:ac:11:85:63:ea:c2:7a:ad:c8:50:fb:78:53:67:92:
9c:ab:0b:c0:09:d4:3f:7c:0b:87:2c:cd:5f:97:f6:a3:e0:38:
77:c4:96:d6:ef:d8:0e:8b:c0:c1:72:a3:17:e8:b7:8f:95:37:
00:1f:0c:b6:75:b2:5d:a6:5a:0b:a8:e8:59:1b:75:ed:a1:ec:
f4:37:3e:73:ee:8c:ca:82:21:e9:dd:8c:8c:9c:bd:03:60:8d:
f9:a4:88:0d:b6:cb:bb:24:2a:c1:91:d6:a6:24:a6:63:2f:29:
a8:23:df:d1:62:0e:d2:5e:c1:f9:a9:c4:6d:f9:4c:74:39:34:
3a:dd:9e:0b:d9:e4:0d:a6:42:31:df:6c:fb:14:36:05:46:29:
d0:ec:09:32:d7:29:36:7b:dc:4d:28:36:8a:8e:ed:e3:29:31:
f1:58:ea:a1:57:ee:c9:5f:e9:c1:2f:15:c7:00:b2:7e:59:3e:
2a:35:b3:77:73:cf:79:08:4d:10:a8:45:32:12:e1:d7:64:3d:
eb:dd:4c:59:30:2c:1a:08:18:09:e9:32:ff:02:49:83:56:02:
17:d2:a8:28:54:aa:c8:6e:8e:46:04:ec:01:14:8e:90:8c:a5:
fd:09:56:bf
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICNDcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUM1QjAxMTAvBgNVBAUTKDdBOTYxNzY5NTQ5RTBBQUQwQTlCRjk5MjU2ODNCQUVG
NzMzQTJGMUEwHhcNMjQwNzMwMTQ1MDE5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE4ZmRhYi1kMmI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwhn1kT/75nols5dgWNLlI0XxcIiogQ+FIYhU2D3pui2zsbWeI64XXoqGOwX2
YcrZdNiw+2+NsRqeYZ68/7ZZWNFp5ynTx67sosVaFgv8yF6imnFL2/QprFeGWxjQ
b7+i64RxKkpyscobYQmpvjN4EYAf4xNFS0CNmRx+OrKYw5Yf8DOItsgcRlfs1sbA
k/msUyltQGynGUTTFic4mKAMwUnqIoCXBQMxpwembJC09H2G32O52KvFVWqJJ7aE
1i5sA+wsD/8WKbPpxhGVL7SZjP5Q22iUFTHEU+8aub1GIuCiaH2LgNSsWQqrbHRQ
XDdKA9wAQ1jsif3AIqcOPIvnOQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFLMDFZIZ
oz7NVcwi6++ztW8wokn5MB8GA1UdIwQYMBaAFHqWF2lUngqtCpv5klaDuu9zOi8a
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzVCMC80MEM4RDVBNjFE
ODMxMUUyODIzQTVGRDgwOEIwMkNEMi9lcFlYYVZTZUNxMEttX21TVm9PNjczTTZM
eG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VwWVhhVlNlQ3EwS21fbVNWb082NzNNNkx4by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUM1QjAvNDBDOEQ1QTYxRDgzMTFFMjgyM0E1RkQ4MDhCMDJDRDIvM0U4QjUyQTRD
MzRGMTFFRThFRkQ3OTE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBkEAgABMBMDBAbLlQAwCwMEBtL2QAMDANL2MA0EAgACMAcDBQAkA8AAMA0G
CSqGSIb3DQEBCwUAA4IBAQAPiP2dGPOzeSU3uPvojRrLc2XkMdCsEYVj6sJ6rchQ
+3hTZ5KcqwvACdQ/fAuHLM1fl/aj4Dh3xJbW79gOi8DBcqMX6LePlTcAHwy2dbJd
ploLqOhZG3Xtoez0Nz5z7ozKgiHp3YyMnL0DYI35pIgNtsu7JCrBkdamJKZjLymo
I9/RYg7SXsH5qcRt+Ux0OTQ63Z4L2eQNpkIx32z7FDYFRinQ7Aky1yk2e9xNKDaK
ju3jKTHxWOqhV+7JX+nBLxXHALJ+WT4qNbN3c895CE0QqEUyEuHXZD3r3UxZMCwa
CBgJ6TL/AkmDVgIX0qgoVKrIbo5GBOwBFI6QjKX9CVa/
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:25:34 2024 by rpki-client on console-fra.rpki-client.org