Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
File: 11A28878915611EE83F61C41C4F9AE02.roa (raw, json)
Hash identifier: PDLab9I2VoJXocP3omeTp4+5FxlvzesQ2sG877OCrkk=
Subject key identifier: 93:B2:41:B4:7F:79:CE:BD:57:3D:45:39:EA:53:02:B0:04:8D:5D:48
Certificate issuer: /CN=A911D9B2/serialNumber=91295BBB75BFAAEB9531B39B36EC7521DDE30D63
Certificate serial: FF
Authority key identifier: 91:29:5B:BB:75:BF:AA:EB:95:31:B3:9B:36:EC:75:21:DD:E3:0D:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
Signing time: Mon 20 Jan 2025 07:48:55 +0000
ROA not before: Mon 20 Jan 2025 07:48:55 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 931
IP address blocks: 103.96.80.0/24 maxlen: 24
103.96.81.0/24 maxlen: 24
103.96.82.0/24 maxlen: 24
103.96.83.0/24 maxlen: 24
103.131.130.0/24 maxlen: 24
103.131.131.0/24 maxlen: 24
103.144.51.0/24 maxlen: 24
103.199.98.0/24 maxlen: 24
103.199.99.0/24 maxlen: 24
2401:3a60:1000::/36 maxlen: 36
2401:3a60:1100::/40 maxlen: 40
2401:3a60:1200::/40 maxlen: 40
2401:3a60:1300::/40 maxlen: 40
2401:3a60:1400::/40 maxlen: 40
2401:3a60:1500::/40 maxlen: 40
2401:3a60:15ff::/112 maxlen: 112
2401:3a60:1600::/40 maxlen: 40
2401:3a60:1600::/112 maxlen: 112
2401:3a60:3100::/40 maxlen: 40
2401:3a60:3200::/40 maxlen: 40
2401:3a60:3300::/40 maxlen: 40
2401:3a60:5000::/40 maxlen: 40
2401:3a60:5100::/40 maxlen: 40
2401:3a60:5200::/40 maxlen: 40
2401:3a60:5300::/40 maxlen: 40
2401:3a60:7100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.crl
rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 21 Feb 2025 05:15:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 255 (0xff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911D9B2
Validity
Not Before: Jan 20 07:48:55 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=678dffe7-2bd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:80:63:90:98:69:38:24:6c:89:f5:e5:65:64:
d7:8a:72:da:a1:9a:17:c7:31:32:67:8a:8b:80:d4:
86:f8:cf:77:97:ee:5a:46:c2:cd:e7:67:d5:f3:6b:
5c:3e:76:70:9e:a5:f0:7b:1e:8b:10:e9:1a:b6:fe:
82:11:52:6c:99:f5:c9:0c:c1:c3:23:f6:fa:84:7c:
e8:20:c1:fe:cb:72:ba:99:18:ab:b7:45:74:ae:f5:
f3:87:8f:12:28:f4:62:1e:70:8e:94:58:8b:17:de:
7d:e3:77:a1:00:87:4a:8e:b1:2e:ae:59:98:8f:fc:
a0:1f:65:c8:89:0b:c7:f8:70:46:b9:0e:fb:d9:6c:
ed:1f:89:6d:fe:e3:a3:18:ac:42:4e:dc:91:29:20:
ff:c3:4b:1b:66:bb:21:a8:e5:b5:cc:5e:e2:ce:c1:
90:71:3f:58:aa:01:eb:c4:ca:5a:7f:64:ef:55:d8:
6f:30:0f:10:4f:c6:33:53:a4:2d:f3:88:6a:24:fc:
87:31:95:24:08:4b:67:60:dd:a2:0f:0b:51:f9:36:
54:04:7a:10:ea:63:5c:b7:a5:1c:5d:ee:22:f4:0b:
42:1d:35:4c:a1:72:3d:3d:44:1e:53:56:d2:1f:ab:
ee:7b:89:15:21:d7:ba:07:f9:2b:e4:4a:5d:59:ec:
c6:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:B2:41:B4:7F:79:CE:BD:57:3D:45:39:EA:53:02:B0:04:8D:5D:48
X509v3 Authority Key Identifier:
keyid:91:29:5B:BB:75:BF:AA:EB:95:31:B3:9B:36:EC:75:21:DD:E3:0D:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/kSlbu3W_quuVMbObNux1Id3jDWM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kSlbu3W_quuVMbObNux1Id3jDWM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D9B2/0A6F3B42915511EEA4C0F668C4F9AE02/11A28878915611EE83F61C41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.96.80.0/22
103.131.130.0/23
103.144.51.0/24
103.199.98.0/23
IPv6:
2401:3a60:1000::/36
2401:3a60:3100::-2401:3a60:33ff:ffff:ffff:ffff:ffff:ffff
2401:3a60:5000::/38
2401:3a60:7100::/40
Signature Algorithm: sha256WithRSAEncryption
ab:f4:e2:13:99:f9:0c:fc:86:fa:eb:34:57:29:53:d5:8f:14:
5b:35:53:c0:2c:5e:14:5d:35:53:f0:a8:85:62:f3:1f:71:b1:
d9:77:ef:dd:2a:d6:73:57:87:44:2f:1f:6e:2f:a9:49:db:ab:
dc:f7:7e:bb:c4:37:0e:94:d5:5a:a7:96:39:c7:4c:31:07:cf:
63:b2:0f:94:52:b7:bd:c8:10:e0:40:72:a1:c0:f6:96:f8:57:
f5:67:c2:75:59:c1:29:a3:47:38:0c:93:db:81:57:37:ff:60:
22:33:09:7a:ac:b6:cd:76:0e:41:7d:ba:c0:86:a9:f1:e4:16:
5c:be:33:02:17:eb:a1:53:04:1c:04:b3:0e:c0:76:22:15:9f:
32:e8:db:a0:71:f4:b9:51:b8:9f:8e:95:76:23:74:43:59:25:
fe:a6:48:f6:8a:d0:1f:24:17:3d:9a:8d:88:96:fa:38:fd:68:
e4:48:7b:cf:64:15:61:4f:9a:5c:b7:ec:9f:1f:da:ab:93:b7:
5c:d7:7b:9c:33:dd:83:58:cd:45:df:fe:ac:82:95:f5:c7:ba:
76:9e:67:7e:0b:4d:01:5d:7a:c6:db:31:7b:23:84:75:ff:16:
b8:d1:21:f5:ae:48:27:1f:a1:d9:cd:27:45:f2:7c:2b:d9:67:
94:97:63:74
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICAP8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQ5QjIxMTAvBgNVBAUTKDkxMjk1QkJCNzVCRkFBRUI5NTMxQjM5QjM2RUM3NTIx
RERFMzBENjMwHhcNMjUwMTIwMDc0ODU1WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzhkZmZlNy0yYmQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAroBjkJhpOCRsifXlZWTXinLaoZoXxzEyZ4qLgNSG+M93l+5aRsLN52fV82tc
PnZwnqXwex6LEOkatv6CEVJsmfXJDMHDI/b6hHzoIMH+y3K6mRirt0V0rvXzh48S
KPRiHnCOlFiLF95943ehAIdKjrEurlmYj/ygH2XIiQvH+HBGuQ772WztH4lt/uOj
GKxCTtyRKSD/w0sbZrshqOW1zF7izsGQcT9YqgHrxMpaf2TvVdhvMA8QT8YzU6Qt
84hqJPyHMZUkCEtnYN2iDwtR+TZUBHoQ6mNct6UcXe4i9AtCHTVMoXI9PUQeU1bS
H6vue4kVIde6B/kr5EpdWezGxQIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFJOyQbR/
ec69Vz1FOepTArAEjV1IMB8GA1UdIwQYMBaAFJEpW7t1v6rrlTGzmzbsdSHd4w1j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDlCMi8wQTZGM0I0Mjkx
NTUxMUVFQTRDMEY2NjhDNEY5QUUwMi9rU2xidTNXX3F1dVZNYk9iTnV4MUlkM2pE
V00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tTbGJ1M1dfcXV1Vk1iT2JOdXgxSWQzakRXTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQ5QjIvMEE2RjNCNDI5MTU1MTFFRUE0QzBGNjY4QzRGOUFFMDIvMTFBMjg4Nzg5
MTU2MTFFRTgzRjYxQzQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMB4EAgABMBgDBAJnYFADBAFng4IDBABnkDMDBAFnx2IwMAQCAAIwKgMGBCQB
OmAQMBADBgAkATpgMQMGAiQBOmAwAwYCJAE6YFADBgAkATpgcTANBgkqhkiG9w0B
AQsFAAOCAQEAq/TiE5n5DPyG+us0VylT1Y8UWzVTwCxeFF01U/CohWLzH3Gx2Xfv
3SrWc1eHRC8fbi+pSdur3Pd+u8Q3DpTVWqeWOcdMMQfPY7IPlFK3vcgQ4EByocD2
lvhX9WfCdVnBKaNHOAyT24FXN/9gIjMJeqy2zXYOQX26wIap8eQWXL4zAhfroVME
HASzDsB2IhWfMujboHH0uVG4n46VdiN0Q1kl/qZI9orQHyQXPZqNiJb6OP1o5Eh7
z2QVYU+aXLfsnx/aq5O3XNd7nDPdg1jNRd/+rIKV9ce6dp5nfgtNAV16xtsxeyOE
df8WuNEh9a5IJx+h2c0nRfJ8K9lnlJdjdA==
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:45:22 2025 by rpki-client