Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/8D7B467A09C211EB8B759828C4F9AE02.roa
File: 8D7B467A09C211EB8B759828C4F9AE02.roa (raw, json)
Hash identifier: auKN/5wn23vr9uClvIJlCd+TZfziI8EgQd8kHShs9CA=
Subject key identifier: F8:1F:E7:E3:5B:AC:5B:07:BE:CC:BE:07:E5:05:D3:9F:FF:E9:9E:99
Certificate issuer: /CN=A91275FD/serialNumber=4E10F13F295FBF2B359C84DDD1651BC851AA8AF5
Certificate serial: 2648
Authority key identifier: 4E:10:F1:3F:29:5F:BF:2B:35:9C:84:DD:D1:65:1B:C8:51:AA:8A:F5
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ThDxPylfvys1nITd0WUbyFGqivU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/8D7B467A09C211EB8B759828C4F9AE02.roa
Signing time: Wed 08 May 2024 16:33:01 +0000
ROA not before: Wed 08 May 2024 16:33:01 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 17970
IP address blocks: 43.255.216.0/22 maxlen: 22
61.9.0.0/17 maxlen: 17
61.9.0.0/19 maxlen: 19
61.9.32.0/19 maxlen: 19
61.9.80.0/21 maxlen: 21
61.9.96.0/22 maxlen: 22
61.9.111.0/24 maxlen: 24
61.14.192.0/21 maxlen: 24
103.239.200.0/22 maxlen: 22
202.81.160.0/20 maxlen: 20
202.81.160.0/22 maxlen: 22
202.81.164.0/22 maxlen: 22
202.81.168.0/22 maxlen: 22
202.81.172.0/22 maxlen: 22
202.81.173.0/24 maxlen: 24
202.81.174.0/24 maxlen: 24
203.76.192.0/20 maxlen: 20
203.76.192.0/22 maxlen: 22
203.76.195.0/24 maxlen: 24
203.76.196.0/22 maxlen: 22
203.76.196.0/24 maxlen: 24
203.76.200.0/22 maxlen: 22
203.76.204.0/22 maxlen: 22
219.90.80.0/20 maxlen: 20
219.90.80.0/22 maxlen: 22
219.90.84.0/22 maxlen: 22
219.90.84.0/24 maxlen: 24
219.90.86.0/24 maxlen: 24
219.90.87.0/24 maxlen: 24
219.90.88.0/22 maxlen: 22
219.90.90.0/24 maxlen: 24
219.90.91.0/24 maxlen: 24
219.90.92.0/22 maxlen: 22
219.90.92.0/24 maxlen: 24
2405:f400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/ThDxPylfvys1nITd0WUbyFGqivU.crl
rsync://rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/ThDxPylfvys1nITd0WUbyFGqivU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ThDxPylfvys1nITd0WUbyFGqivU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:42:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9800 (0x2648)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91275FD/serialNumber=4E10F13F295FBF2B359C84DDD1651BC851AA8AF5
Validity
Not Before: May 8 16:33:01 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=663ba93c-dc57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:22:0c:79:e5:b5:2f:77:08:f8:ca:61:ad:95:
73:8d:81:1e:f0:da:4a:16:5d:95:e0:70:96:2b:b9:
33:12:7c:31:24:52:87:e9:a0:ec:f0:2a:e0:17:1f:
77:6e:17:01:ae:ca:df:4d:ec:f7:8f:c2:55:5a:09:
7a:5c:aa:1f:6e:56:56:23:78:c7:36:7d:e3:fa:a3:
45:3e:fd:c9:a2:be:9c:63:97:59:bb:b9:b2:df:7b:
e8:5a:a5:5d:52:c5:56:77:dd:d8:aa:a3:0f:d5:22:
d1:20:ea:6c:f0:67:fa:0d:02:78:9f:e1:0e:23:28:
57:6f:ba:29:a7:b0:b8:ca:99:88:91:60:f0:88:03:
45:0f:7f:29:e3:a3:b5:27:43:84:32:a3:cb:49:45:
e5:93:bf:1b:15:2b:f4:c3:38:b8:04:b8:3a:95:2e:
52:0d:b4:75:d3:87:f1:15:25:e1:4d:d9:1f:00:8f:
68:08:65:f4:a6:b8:5a:b8:ad:a0:c0:93:0e:a8:6b:
41:c1:72:a3:ac:01:e9:18:84:79:3c:96:64:69:4b:
f5:1d:f5:4f:64:f8:74:f3:bf:5a:fa:39:60:01:4e:
33:5f:41:f4:47:60:b1:31:13:66:6b:be:e0:34:72:
f9:e9:23:2c:5a:e1:6e:47:cf:48:3f:7d:cd:64:a3:
93:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:1F:E7:E3:5B:AC:5B:07:BE:CC:BE:07:E5:05:D3:9F:FF:E9:9E:99
X509v3 Authority Key Identifier:
keyid:4E:10:F1:3F:29:5F:BF:2B:35:9C:84:DD:D1:65:1B:C8:51:AA:8A:F5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/ThDxPylfvys1nITd0WUbyFGqivU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ThDxPylfvys1nITd0WUbyFGqivU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91275FD/E1EFD9B6DECE11E4A14F0068C4F9AE02/8D7B467A09C211EB8B759828C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.255.216.0/22
61.9.0.0/17
61.14.192.0/21
103.239.200.0/22
202.81.160.0/20
203.76.192.0/20
219.90.80.0/20
IPv6:
2405:f400::/32
Signature Algorithm: sha256WithRSAEncryption
6c:7a:e4:e0:70:bb:4e:1c:17:e9:22:7a:a9:d2:6f:45:1f:48:
a7:fb:fd:1b:8e:cd:c2:9c:e3:76:fc:db:7b:1c:a0:89:fc:bb:
ea:47:a8:93:d8:ca:d9:4c:c9:ab:ed:29:41:21:c5:89:9a:72:
aa:d8:40:4b:43:1d:25:a1:ce:41:e8:c8:e7:56:bc:bc:cd:d1:
3f:51:1c:04:8a:d5:d8:bc:16:7d:ee:cf:31:b1:29:08:a8:eb:
2e:69:21:52:09:fc:37:d2:60:9c:6b:94:52:70:79:eb:ac:71:
ca:da:e8:1e:c9:c8:26:4a:05:ca:d6:0e:55:f9:4b:c8:95:66:
a3:e0:20:76:d6:f3:12:9e:ef:79:20:82:ea:08:c1:8c:18:1a:
03:4e:94:8e:41:76:a9:f7:11:dd:f0:42:0f:c4:10:db:68:c5:
3b:3d:c7:48:cf:67:13:df:08:27:2b:c9:ec:b3:9f:ce:18:2b:
df:00:98:99:59:08:2e:b0:3d:44:9f:b9:64:04:76:7d:0c:fd:
a9:76:9f:13:82:3f:7b:e6:dd:0a:54:5a:a7:9b:f6:f4:92:80:
db:60:bc:42:92:e7:6e:4a:e9:0c:84:69:04:ef:f0:64:1f:24:
41:b0:1b:0b:c2:f8:98:cf:bb:3b:c8:23:87:c0:44:4e:4f:4f:
de:8b:71:00
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICJkgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjc1RkQxMTAvBgNVBAUTKDRFMTBGMTNGMjk1RkJGMkIzNTlDODREREQxNjUxQkM4
NTFBQThBRjUwHhcNMjQwNTA4MTYzMzAxWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNiYTkzYy1kYzU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAryIMeeW1L3cI+MphrZVzjYEe8NpKFl2V4HCWK7kzEnwxJFKH6aDs8CrgFx93
bhcBrsrfTez3j8JVWgl6XKofblZWI3jHNn3j+qNFPv3Jor6cY5dZu7my33voWqVd
UsVWd93YqqMP1SLRIOps8Gf6DQJ4n+EOIyhXb7opp7C4ypmIkWDwiANFD38p46O1
J0OEMqPLSUXlk78bFSv0wzi4BLg6lS5SDbR104fxFSXhTdkfAI9oCGX0prhauK2g
wJMOqGtBwXKjrAHpGIR5PJZkaUv1HfVPZPh0879a+jlgAU4zX0H0R2CxMRNma77g
NHL56SMsWuFuR89IP33NZKOT8wIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFPgf5+Nb
rFsHvsy+B+UF05//6Z6ZMB8GA1UdIwQYMBaAFE4Q8T8pX78rNZyE3dFlG8hRqor1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNzVGRC9FMUVGRDlCNkRF
Q0UxMUU0QTE0RjAwNjhDNEY5QUUwMi9UaER4UHlsZnZ5czFuSVRkMFdVYnlGR3Fp
dlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RoRHhQeWxmdnlzMW5JVGQwV1VieUZHcWl2VS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjc1RkQvRTFFRkQ5QjZERUNFMTFFNEExNEYwMDY4QzRGOUFFMDIvOEQ3QjQ2N0Ew
OUMyMTFFQjhCNzU5ODI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMDAEAgABMCoDBAIr/9gDBAc9CQADBAM9DsADBAJn78gDBATKUaADBATLTMAD
BATbWlAwDQQCAAIwBwMFACQF9AAwDQYJKoZIhvcNAQELBQADggEBAGx65OBwu04c
F+kieqnSb0UfSKf7/RuOzcKc43b823scoIn8u+pHqJPYytlMyavtKUEhxYmacqrY
QEtDHSWhzkHoyOdWvLzN0T9RHASK1di8Fn3uzzGxKQio6y5pIVIJ/DfSYJxrlFJw
eeusccra6B7JyCZKBcrWDlX5S8iVZqPgIHbW8xKe73kgguoIwYwYGgNOlI5Bdqn3
Ed3wQg/EENtoxTs9x0jPZxPfCCcryeyzn84YK98AmJlZCC6wPUSfuWQEdn0M/al2
nxOCP3vm3QpUWqeb9vSSgNtgvEKS525K6QyEaQTv8GQfJEGwGwvC+JjPuzvII4fA
RE5PT96LcQA=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:55:39 2024 by rpki-client on console-fra.rpki-client.org