Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/8C333A4E6B9E11EDB0DCC676C4F9AE02.roa
File: 8C333A4E6B9E11EDB0DCC676C4F9AE02.roa (raw, json)
Hash identifier: yA6Epbo7Tb7g6a4bRXGgsFN40BNWR1FgOiUmsWkDrGY=
Subject key identifier: E3:02:63:AD:55:AA:52:72:96:D7:B0:C2:F5:7F:D3:48:C3:56:1F:47
Certificate issuer: /CN=A9129E3A/serialNumber=5A96D4EC3D352494D9239D52AF35AC104DA12F9D
Certificate serial: 34BA
Authority key identifier: 5A:96:D4:EC:3D:35:24:94:D9:23:9D:52:AF:35:AC:10:4D:A1:2F:9D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WpbU7D01JJTZI51SrzWsEE2hL50.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/8C333A4E6B9E11EDB0DCC676C4F9AE02.roa
Signing time: Fri 24 Jan 2025 14:50:32 +0000
ROA not before: Fri 24 Jan 2025 14:50:32 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 17408
IP address blocks: 202.3.160.0/20 maxlen: 23
202.3.160.0/21 maxlen: 24
202.3.168.0/23 maxlen: 24
202.3.170.0/24 maxlen: 24
202.3.172.0/22 maxlen: 24
202.3.176.0/21 maxlen: 24
202.3.186.0/23 maxlen: 24
202.3.188.0/22 maxlen: 24
202.55.224.0/19 maxlen: 24
202.153.160.0/23 maxlen: 23
202.153.160.0/24 maxlen: 24
202.153.161.0/24 maxlen: 24
202.153.162.0/23 maxlen: 23
202.153.162.0/24 maxlen: 24
202.153.164.0/24 maxlen: 24
202.153.165.0/24 maxlen: 24
202.153.167.0/24 maxlen: 24
202.153.168.0/23 maxlen: 23
202.153.168.0/24 maxlen: 24
202.153.169.0/24 maxlen: 24
202.153.170.0/24 maxlen: 24
202.153.172.0/24 maxlen: 24
202.153.173.0/24 maxlen: 24
202.153.174.0/23 maxlen: 23
202.153.174.0/24 maxlen: 24
202.153.175.0/24 maxlen: 24
202.153.176.0/22 maxlen: 22
202.153.176.0/23 maxlen: 24
202.153.178.0/23 maxlen: 23
202.153.178.0/24 maxlen: 24
202.153.179.0/24 maxlen: 24
202.153.180.0/24 maxlen: 24
202.153.181.0/24 maxlen: 24
202.153.182.0/23 maxlen: 24
202.153.184.0/21 maxlen: 24
202.153.193.0/24 maxlen: 24
202.153.194.0/23 maxlen: 23
202.153.194.0/24 maxlen: 24
202.153.196.0/22 maxlen: 22
202.153.196.0/23 maxlen: 24
202.153.198.0/23 maxlen: 24
202.153.202.0/23 maxlen: 24
202.153.204.0/22 maxlen: 22
202.153.204.0/23 maxlen: 24
202.153.206.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/WpbU7D01JJTZI51SrzWsEE2hL50.crl
rsync://rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/WpbU7D01JJTZI51SrzWsEE2hL50.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WpbU7D01JJTZI51SrzWsEE2hL50.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 21 Feb 2025 05:15:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13498 (0x34ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9129E3A
Validity
Not Before: Jan 24 14:50:32 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=6793a8b7-f98f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:9a:e6:51:8c:cd:35:08:32:1e:b7:32:17:f7:
c5:47:60:20:0c:1e:84:4a:5c:13:ef:26:de:79:0b:
0b:ad:ad:2b:d7:20:ca:9c:1f:5b:0a:29:90:e8:8f:
9a:ab:ab:90:a0:3b:50:41:05:23:30:9c:5f:16:c9:
cc:b8:38:fc:e7:86:7f:95:d8:93:a4:30:81:55:87:
96:97:ea:1f:6c:5b:e9:67:a2:ca:ce:3d:dc:41:af:
2f:67:6c:b6:fc:03:89:9c:de:17:7c:39:7c:c3:57:
30:4f:85:55:15:91:7a:59:6d:fd:d1:1f:11:e1:73:
e3:57:35:6a:ff:15:d9:4a:ef:eb:2f:0d:c1:f4:a7:
a4:e2:85:ef:b8:9e:09:b4:fe:e0:b1:83:02:fc:6d:
0f:f5:db:24:8b:95:f9:fb:df:fd:43:6a:5d:c8:10:
f2:bf:54:00:83:50:17:90:95:ac:06:05:6e:7d:ae:
70:7d:31:65:e3:3f:02:d9:47:58:32:9e:7d:59:57:
a5:46:2b:e6:86:76:03:0d:2f:ab:97:71:29:5d:04:
e2:9a:52:72:a9:3b:a4:2f:cf:d4:68:a1:01:8e:09:
e0:00:55:48:61:35:2c:b1:59:44:1d:b7:97:4f:3b:
4a:e4:c7:0a:28:98:3d:26:b9:8b:40:3d:a2:23:7c:
76:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:02:63:AD:55:AA:52:72:96:D7:B0:C2:F5:7F:D3:48:C3:56:1F:47
X509v3 Authority Key Identifier:
keyid:5A:96:D4:EC:3D:35:24:94:D9:23:9D:52:AF:35:AC:10:4D:A1:2F:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/WpbU7D01JJTZI51SrzWsEE2hL50.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WpbU7D01JJTZI51SrzWsEE2hL50.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9129E3A/197EC0B61D8611E2ABEF22DD08B02CD2/8C333A4E6B9E11EDB0DCC676C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.3.160.0-202.3.183.255
202.3.186.0-202.3.191.255
202.55.224.0/19
202.153.160.0-202.153.165.255
202.153.167.0-202.153.170.255
202.153.172.0-202.153.191.255
202.153.193.0-202.153.199.255
202.153.202.0-202.153.207.255
Signature Algorithm: sha256WithRSAEncryption
9a:c6:2b:98:86:df:58:ee:cf:10:c9:54:ca:5f:6e:c0:20:44:
36:92:e1:f0:d0:f5:60:d2:a4:01:26:8b:87:11:22:13:8e:e3:
b3:af:c1:a4:2a:5b:66:6c:b2:06:30:be:c0:27:bb:e7:3a:3f:
ca:04:30:b0:3b:d0:ea:a7:e0:e9:dc:94:75:53:8b:e9:f0:9a:
56:47:c5:8d:66:8f:af:46:94:d0:1b:04:58:58:0a:47:46:ab:
29:e5:09:3e:1a:26:5d:d8:8c:0f:f3:71:da:56:8c:d9:03:74:
aa:48:b3:25:db:aa:62:4f:4c:8a:22:17:9b:c1:15:17:8b:50:
1c:29:3c:91:36:35:98:a1:92:62:20:a8:41:c5:27:a7:72:21:
12:f0:a0:bf:39:d1:28:f4:de:e8:67:fb:7a:e6:47:53:30:7b:
34:15:36:17:09:76:90:9d:6e:61:ec:72:93:23:fc:08:35:6b:
1a:98:8b:96:29:7d:b0:d8:a4:db:5f:b4:f7:3c:93:d5:7f:c9:
bc:57:7e:27:17:50:04:cb:0d:f2:ba:f6:32:e1:60:03:dc:4f:
7f:3a:c5:08:05:b0:9f:41:3d:2b:6a:32:a7:c6:b2:e8:7b:44:
a2:d8:1e:b3:98:2c:2f:bd:79:db:b7:4b:36:ba:51:7d:66:ed:
68:1c:02:e3
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgICNLowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjlFM0ExMTAvBgNVBAUTKDVBOTZENEVDM0QzNTI0OTREOTIzOUQ1MkFGMzVBQzEw
NERBMTJGOUQwHhcNMjUwMTI0MTQ1MDMyWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzkzYThiNy1mOThmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1prmUYzNNQgyHrcyF/fFR2AgDB6ESlwT7ybeeQsLra0r1yDKnB9bCimQ6I+a
q6uQoDtQQQUjMJxfFsnMuDj854Z/ldiTpDCBVYeWl+ofbFvpZ6LKzj3cQa8vZ2y2
/AOJnN4XfDl8w1cwT4VVFZF6WW390R8R4XPjVzVq/xXZSu/rLw3B9Kek4oXvuJ4J
tP7gsYMC/G0P9dski5X5+9/9Q2pdyBDyv1QAg1AXkJWsBgVufa5wfTFl4z8C2UdY
Mp59WVelRivmhnYDDS+rl3EpXQTimlJyqTukL8/UaKEBjgngAFVIYTUssVlEHbeX
TztK5McKKJg9JrmLQD2iI3x26wIDAQABo4IC+DCCAvQwHQYDVR0OBBYEFOMCY61V
qlJyltewwvV/00jDVh9HMB8GA1UdIwQYMBaAFFqW1Ow9NSSU2SOdUq81rBBNoS+d
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyOUUzQS8xOTdFQzBCNjFE
ODYxMUUyQUJFRjIyREQwOEIwMkNEMi9XcGJVN0QwMUpKVFpJNTFTcnpXc0VFMmhM
NTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dwYlU3RDAxSkpUWkk1MVNyeldzRUUyaEw1MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjlFM0EvMTk3RUMwQjYxRDg2MTFFMkFCRUYyMkREMDhCMDJDRDIvOEMzMzNBNEU2
QjlFMTFFREIwRENDNjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYEGCCsGAQUFBwEHAQH/
BHIwcDBuBAIAATBoMAwDBAXKA6ADBAPKA7AwDAMEAcoDugMEBsoDgAMEBco34DAM
AwQFypmgAwQBypmkMAwDBADKmacDBADKmaowDAMEAsqZrAMEBsqZgDAMAwQAypnB
AwQDypnAMAwDBAHKmcoDBATKmcAwDQYJKoZIhvcNAQELBQADggEBAJrGK5iG31ju
zxDJVMpfbsAgRDaS4fDQ9WDSpAEmi4cRIhOO47OvwaQqW2ZssgYwvsAnu+c6P8oE
MLA70Oqn4OnclHVTi+nwmlZHxY1mj69GlNAbBFhYCkdGqynlCT4aJl3YjA/zcdpW
jNkDdKpIsyXbqmJPTIoiF5vBFReLUBwpPJE2NZihkmIgqEHFJ6dyIRLwoL850Sj0
3uhn+3rmR1MwezQVNhcJdpCdbmHscpMj/Ag1axqYi5YpfbDYpNtftPc8k9V/ybxX
ficXUATLDfK69jLhYAPcT386xQgFsJ9BPStqMqfGsuh7RKLYHrOYLC+9edu3Sza6
UX1m7WgcAuM=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:15:20 2025 by rpki-client