Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/C1B929B4682B11E9AE87C117C4F9AE02.roa
File: C1B929B4682B11E9AE87C117C4F9AE02.roa (raw, json)
Hash identifier: Bub+bmfe4PnreQ1ZPIst7Ck9C3Kep4qMMCvN4ZXfJXg=
Subject key identifier: 74:94:FC:91:0D:8F:A0:67:8D:CF:6C:1D:0B:A6:FA:7F:36:AF:4B:41
Certificate issuer: /CN=A91302B0/serialNumber=C08EC70A5B79742FC55F910536CA065C6CFB7CB5
Certificate serial: 25AF
Authority key identifier: C0:8E:C7:0A:5B:79:74:2F:C5:5F:91:05:36:CA:06:5C:6C:FB:7C:B5
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wI7HClt5dC_FX5EFNsoGXGz7fLU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/C1B929B4682B11E9AE87C117C4F9AE02.roa
Signing time: Tue 24 Sep 2024 15:52:44 +0000
ROA not before: Tue 24 Sep 2024 15:52:44 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 23688
IP address blocks: 27.147.128.0/17 maxlen: 24
103.197.152.0/22 maxlen: 24
103.232.100.0/22 maxlen: 24
123.200.0.0/19 maxlen: 24
163.47.32.0/22 maxlen: 24
203.76.96.0/19 maxlen: 24
2400:ca00::/28 maxlen: 36
2400:ca00::/40 maxlen: 48
2400:ca00:100::/48 maxlen: 48
2400:ca00:1f1::/48 maxlen: 48
2400:ca00:1f2::/48 maxlen: 48
2400:ca00:1f3::/48 maxlen: 48
2400:ca00:1f3:2::/64 maxlen: 64
2400:ca00:1fb::/48 maxlen: 48
2400:ca00:1fb:fb01::/64 maxlen: 64
2400:ca00:1fb:fc01::/64 maxlen: 64
2400:ca00:1fb:fd01::/64 maxlen: 64
2400:ca00:1fb:fe01::/64 maxlen: 64
2400:ca00:1fb:ff01::/64 maxlen: 64
2400:ca00:1fc::/48 maxlen: 48
2400:ca00:1fd::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/wI7HClt5dC_FX5EFNsoGXGz7fLU.crl
rsync://rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/wI7HClt5dC_FX5EFNsoGXGz7fLU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wI7HClt5dC_FX5EFNsoGXGz7fLU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:22:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9647 (0x25af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91302B0/serialNumber=C08EC70A5B79742FC55F910536CA065C6CFB7CB5
Validity
Not Before: Sep 24 15:52:44 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66f2e04c-b4d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:8d:ed:d3:1a:e4:cf:80:f7:80:48:3d:a8:8b:
bf:6b:60:2a:f0:5b:81:11:d8:51:74:c8:35:09:63:
e6:98:04:e8:5d:54:8a:68:2c:ae:1c:97:85:d8:63:
25:69:9e:0e:61:e2:9d:94:6d:b4:ca:09:fd:28:64:
d0:0b:de:da:0b:90:f9:85:ff:e3:6c:cb:aa:fd:3b:
4d:87:bc:78:68:eb:ee:0d:7d:4e:bb:92:22:ed:26:
f2:b7:59:94:29:78:b5:86:c3:59:f1:b4:2f:ae:e5:
30:6f:f2:84:b2:6c:57:38:a3:d6:83:75:ea:ed:b5:
b3:d4:68:bc:61:4d:68:c7:92:5a:fd:8e:84:00:09:
02:6c:39:6d:22:84:d1:dd:13:8a:c3:7d:35:92:f1:
33:72:4e:0b:b0:63:72:8e:b1:7b:7c:68:03:3a:c1:
16:c1:48:83:4d:6f:85:6d:a0:f6:4e:f7:57:5d:16:
e8:bd:25:71:a2:8a:76:f7:a3:80:cb:05:e1:6f:0a:
71:d4:81:92:42:50:de:b0:ad:42:2a:6e:c0:56:38:
78:bd:de:52:a2:8f:0e:ed:31:d1:79:0c:4d:e5:84:
a8:97:6f:b8:fe:38:07:fa:ac:cb:63:48:0c:ab:42:
cc:46:61:97:f8:3c:8d:8e:ac:3e:5d:ad:7f:8e:b8:
d0:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:94:FC:91:0D:8F:A0:67:8D:CF:6C:1D:0B:A6:FA:7F:36:AF:4B:41
X509v3 Authority Key Identifier:
keyid:C0:8E:C7:0A:5B:79:74:2F:C5:5F:91:05:36:CA:06:5C:6C:FB:7C:B5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/wI7HClt5dC_FX5EFNsoGXGz7fLU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wI7HClt5dC_FX5EFNsoGXGz7fLU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91302B0/6572BE94FF9411E4876B945DC4F9AE02/C1B929B4682B11E9AE87C117C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.147.128.0/17
103.197.152.0/22
103.232.100.0/22
123.200.0.0/19
163.47.32.0/22
203.76.96.0/19
IPv6:
2400:ca00::/28
Signature Algorithm: sha256WithRSAEncryption
55:26:fa:05:e2:38:b4:21:14:d6:33:bf:53:38:46:43:2c:77:
30:95:06:b0:52:ff:e3:cf:00:4f:59:61:3f:57:00:fd:38:f3:
47:46:16:26:92:17:61:98:d2:41:17:b0:be:91:cd:68:6e:44:
08:37:ab:82:02:27:f3:8b:60:50:6f:2e:26:f7:81:11:f3:e5:
a8:ba:25:6e:5c:68:7c:e2:fc:42:c3:63:27:2f:9a:56:92:24:
28:b0:24:5e:11:80:51:0a:7e:e6:96:ec:2e:15:0f:2d:09:c1:
83:09:fb:a8:0e:1a:00:0f:ae:75:f2:0e:7e:fd:81:c3:24:ea:
85:12:41:49:80:4a:d8:71:6d:87:26:3f:08:16:93:89:f9:a4:
5a:2a:0b:b6:06:7f:96:45:51:4d:22:17:e8:a1:59:59:c4:cc:
0f:5f:cb:f4:cb:1b:e3:f2:b3:46:4c:ad:7b:79:88:14:62:f3:
b1:8f:b7:e1:90:41:26:27:6d:6e:bc:52:39:43:ff:83:48:fa:
a4:f5:f5:bc:1c:4c:fc:ba:e3:2a:e0:35:0f:1e:86:43:a2:bd:
3f:7a:78:45:34:b6:e8:11:36:57:d8:66:ea:1c:2d:5b:a7:d9:
1c:97:bb:46:d8:06:21:8f:12:fc:a1:52:c5:7c:bb:97:01:bc:
bd:11:d2:83
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICJa8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzAyQjAxMTAvBgNVBAUTKEMwOEVDNzBBNUI3OTc0MkZDNTVGOTEwNTM2Q0EwNjVD
NkNGQjdDQjUwHhcNMjQwOTI0MTU1MjQ0WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmYyZTA0Yy1iNGQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwY3t0xrkz4D3gEg9qIu/a2Aq8FuBEdhRdMg1CWPmmAToXVSKaCyuHJeF2GMl
aZ4OYeKdlG20ygn9KGTQC97aC5D5hf/jbMuq/TtNh7x4aOvuDX1Ou5Ii7Sbyt1mU
KXi1hsNZ8bQvruUwb/KEsmxXOKPWg3Xq7bWz1Gi8YU1ox5Ja/Y6EAAkCbDltIoTR
3ROKw301kvEzck4LsGNyjrF7fGgDOsEWwUiDTW+FbaD2TvdXXRbovSVxoop296OA
ywXhbwpx1IGSQlDesK1CKm7AVjh4vd5Soo8O7THReQxN5YSol2+4/jgH+qzLY0gM
q0LMRmGX+DyNjqw+Xa1/jrjQvwIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFHSU/JEN
j6Bnjc9sHQum+n82r0tBMB8GA1UdIwQYMBaAFMCOxwpbeXQvxV+RBTbKBlxs+3y1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMDJCMC82NTcyQkU5NEZG
OTQxMUU0ODc2Qjk0NURDNEY5QUUwMi93STdIQ2x0NWRDX0ZYNUVGTnNvR1hHejdm
TFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dJN0hDbHQ1ZENfRlg1RUZOc29HWEd6N2ZMVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzAyQjAvNjU3MkJFOTRGRjk0MTFFNDg3NkI5NDVEQzRGOUFFMDIvQzFCOTI5QjQ2
ODJCMTFFOUFFODdDMTE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAcbk4ADBAJnxZgDBAJn6GQDBAV7yAADBAKjLyADBAXLTGAw
DQQCAAIwBwMFBCQAygAwDQYJKoZIhvcNAQELBQADggEBAFUm+gXiOLQhFNYzv1M4
RkMsdzCVBrBS/+PPAE9ZYT9XAP0480dGFiaSF2GY0kEXsL6RzWhuRAg3q4ICJ/OL
YFBvLib3gRHz5ai6JW5caHzi/ELDYycvmlaSJCiwJF4RgFEKfuaW7C4VDy0JwYMJ
+6gOGgAPrnXyDn79gcMk6oUSQUmASthxbYcmPwgWk4n5pFoqC7YGf5ZFUU0iF+ih
WVnEzA9fy/TLG+Pys0ZMrXt5iBRi87GPt+GQQSYnbW68UjlD/4NI+qT19bwcTPy6
4yrgNQ8ehkOivT96eEU0tugRNlfYZuocLVun2RyXu0bYBiGPEvyhUsV8u5cBvL0R
0oM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:49:15 2024 by rpki-client on console-ams.rpki-client.org