Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CA1ADBD4EF1811ED96D1F733C4F9AE02.roa
File: CA1ADBD4EF1811ED96D1F733C4F9AE02.roa (raw, json)
Hash identifier: M+Ha6LtNrdRVn+1M3PjfJ0jMthl7g/dIw6roTNcYXF8=
Subject key identifier: 18:09:BF:D0:74:E2:4A:C1:86:D7:23:8B:8F:24:3F:27:42:AE:77:C4
Certificate issuer: /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial: 1195
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CA1ADBD4EF1811ED96D1F733C4F9AE02.roa
Signing time: Wed 20 Sep 2023 07:22:37 +0000
ROA not before: Wed 20 Sep 2023 07:22:37 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 138345
IP address blocks: 27.54.32.0/22 maxlen: 22
27.54.37.0/24 maxlen: 24
113.10.64.0/18 maxlen: 24
117.20.128.0/23 maxlen: 24
117.20.130.0/23 maxlen: 24
117.20.140.0/22 maxlen: 24
117.20.144.0/22 maxlen: 24
117.20.150.0/23 maxlen: 24
117.20.152.0/23 maxlen: 24
117.20.154.0/24 maxlen: 24
117.20.160.0/19 maxlen: 24
122.11.212.0/24 maxlen: 24
122.11.213.0/24 maxlen: 24
122.11.214.0/24 maxlen: 24
122.11.215.0/24 maxlen: 24
171.0.0.0/15 maxlen: 15
171.0.0.0/16 maxlen: 24
171.1.0.0/16 maxlen: 24
171.207.0.0/16 maxlen: 24
2406:3000:5a::/48 maxlen: 56
2406:3000:5b::/48 maxlen: 56
2406:3000:5c::/48 maxlen: 56
2406:3000:5d::/48 maxlen: 56
2406:3002:40::/48 maxlen: 56
2406:3002:50::/48 maxlen: 56
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 23 May 2024 18:01:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4501 (0x1195)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Validity
Not Before: Sep 20 07:22:37 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=650a9dbd-c29e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:7c:9b:32:6d:69:a9:4d:f1:46:9a:ac:17:00:
03:fb:f1:b0:ee:d7:bc:ee:7c:26:d6:aa:ac:8c:94:
17:d8:ba:23:c4:02:8f:87:ed:c3:9c:47:46:c2:ab:
45:c7:74:a5:ef:35:45:73:4a:76:fd:a7:78:b7:c1:
42:0b:c1:d9:e9:7d:af:73:59:2d:60:09:ef:df:55:
e1:26:e4:5e:3a:19:d7:9f:7e:a3:a9:a3:77:e3:15:
9e:96:56:18:2d:c4:04:51:95:d1:6c:17:24:b3:d5:
2a:73:b9:eb:d5:67:68:1f:0e:0c:1a:1c:a9:e9:3f:
17:bc:ea:49:46:b8:e8:d5:88:9b:ab:8b:7c:c5:0c:
87:20:c8:9d:bc:19:92:96:bd:14:9c:6e:3f:3b:c2:
2c:c2:8f:4c:0e:da:37:4f:82:19:dc:da:17:5d:79:
ee:a3:ce:97:3f:b0:5f:37:4a:9e:b4:c0:e6:7a:aa:
b4:bb:79:d1:41:35:e0:0e:ef:70:f2:da:69:04:af:
bd:44:fd:5c:c3:8e:db:03:50:1e:0f:35:38:3a:53:
78:bd:70:fd:be:bd:c6:07:a5:bd:eb:e1:57:0b:55:
dc:61:2f:80:b6:8b:3a:03:31:30:24:79:a8:7a:4f:
5b:d9:8f:e3:18:38:e1:73:ec:96:32:11:69:36:2a:
89:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:09:BF:D0:74:E2:4A:C1:86:D7:23:8B:8F:24:3F:27:42:AE:77:C4
X509v3 Authority Key Identifier:
keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CA1ADBD4EF1811ED96D1F733C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.54.32.0/22
27.54.37.0/24
113.10.64.0/18
117.20.128.0/22
117.20.140.0-117.20.147.255
117.20.150.0-117.20.154.255
117.20.160.0/19
122.11.212.0/22
171.0.0.0/15
171.207.0.0/16
IPv6:
2406:3000:5a::-2406:3000:5d:ffff:ffff:ffff:ffff:ffff
2406:3002:40::/48
2406:3002:50::/48
Signature Algorithm: sha256WithRSAEncryption
35:59:f0:56:5a:49:5a:fe:5d:ed:40:88:8a:a9:57:52:34:22:
9d:18:8d:5d:86:b4:3b:bb:06:d3:a6:b6:f7:d0:1e:27:fa:e9:
7f:73:bd:7a:fa:79:87:f5:ad:a6:16:ff:8c:77:33:6a:d7:f5:
76:86:5b:38:64:8a:14:cd:e8:81:a1:da:35:98:98:1b:77:ca:
db:bd:46:0e:55:b5:af:02:fa:23:aa:11:65:5d:e4:37:eb:7c:
81:6f:49:d3:42:0d:e3:7a:2a:6b:93:04:f8:d5:44:1c:0b:7e:
c7:d0:33:8b:f1:73:68:31:7f:b0:d4:88:50:c8:95:91:a3:44:
f8:9f:e4:2e:d2:99:45:c7:de:ed:ba:e0:23:54:da:6f:da:99:
eb:cd:35:d8:d0:e3:ac:36:37:31:7c:11:1b:31:d6:41:1b:c4:
35:39:cb:5c:da:dd:0b:fa:4e:63:f6:50:ea:ca:15:57:dc:07:
11:07:1a:2c:15:62:48:7f:bb:86:db:7c:52:cb:b3:f5:25:4c:
ed:f1:71:7a:84:b9:ab:67:8b:1c:3a:30:3a:04:1f:76:50:51:
dd:b4:7d:3d:d9:c7:04:88:67:cf:19:69:b7:1e:c8:6d:1f:45:
86:cc:ac:ad:d1:b8:f4:ce:94:ea:16:13:f0:2b:92:b2:f7:40:
52:5b:ce:db
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgICEZUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjMwOTIwMDcyMjM3WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBhOWRiZC1jMjllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwXybMm1pqU3xRpqsFwAD+/Gw7te87nwm1qqsjJQX2LojxAKPh+3DnEdGwqtF
x3Sl7zVFc0p2/ad4t8FCC8HZ6X2vc1ktYAnv31XhJuReOhnXn36jqaN34xWellYY
LcQEUZXRbBcks9Uqc7nr1WdoHw4MGhyp6T8XvOpJRrjo1Yibq4t8xQyHIMidvBmS
lr0UnG4/O8Iswo9MDto3T4IZ3NoXXXnuo86XP7BfN0qetMDmeqq0u3nRQTXgDu9w
8tppBK+9RP1cw47bA1AeDzU4OlN4vXD9vr3GB6W96+FXC1XcYS+Atos6AzEwJHmo
ek9b2Y/jGDjhc+yWMhFpNiqJMQIDAQABo4IDCjCCAwYwHQYDVR0OBBYEFBgJv9B0
4krBhtcji48kPydCrnfEMB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvQ0ExQURCRDRF
RjE4MTFFRDk2RDFGNzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZMGCCsGAQUFBwEHAQH/
BIGDMIGAMFAEAgABMEoDBAIbNiADBAAbNiUDBAZxCkADBAJ1FIAwDAMEAnUUjAME
AnUUkDAMAwQBdRSWAwQAdRSaAwQFdRSgAwQCegvUAwMBqwADAwCrzzAsBAIAAjAm
MBIDBwEkBjAAAFoDBwEkBjAAAFwDBwAkBjACAEADBwAkBjACAFAwDQYJKoZIhvcN
AQELBQADggEBADVZ8FZaSVr+Xe1AiIqpV1I0Ip0YjV2GtDu7BtOmtvfQHif66X9z
vXr6eYf1raYW/4x3M2rX9XaGWzhkihTN6IGh2jWYmBt3ytu9Rg5Vta8C+iOqEWVd
5DfrfIFvSdNCDeN6KmuTBPjVRBwLfsfQM4vxc2gxf7DUiFDIlZGjRPif5C7SmUXH
3u264CNU2m/amevNNdjQ46w2NzF8ERsx1kEbxDU5y1za3Qv6TmP2UOrKFVfcBxEH
GiwVYkh/u4bbfFLLs/UlTO3xcXqEuatnixw6MDoEH3ZQUd20fT3ZxwSIZ88Zabce
yG0fRYbMrK3RuPTOlOoWE/ArkrL3QFJbzts=
-----END CERTIFICATE-----
Generated at Thu May 16 19:10:54 2024 by rpki-client on console-fra.rpki-client.org