Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
File: CB598446EF1811ED96D1F733C4F9AE02.roa (raw, json)
Hash identifier: hRNZyfRzeRFOuYP02LqeZC62CwbEGFyqzlu6Izq5YRg=
Subject key identifier: 33:16:72:B2:0A:D0:B1:A7:62:5E:09:D9:53:DF:63:58:97:30:41:FB
Certificate issuer: /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial: 1264
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
Signing time: Sat 10 Aug 2024 17:44:54 +0000
ROA not before: Sat 10 Aug 2024 17:44:54 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 55430
IP address blocks: 27.125.128.0/18 maxlen: 24
39.109.128.0/17 maxlen: 24
58.96.192.0/18 maxlen: 24
101.127.0.0/17 maxlen: 24
101.127.128.0/18 maxlen: 24
101.127.240.0/21 maxlen: 24
103.17.146.0/24 maxlen: 24
182.19.128.0/17 maxlen: 24
182.55.0.0/16 maxlen: 24
183.90.0.0/17 maxlen: 24
2406:3003::/32 maxlen: 35
2406:3003::/32 maxlen: 36
2406:3003::/32 maxlen: 40
2406:3003::/36 maxlen: 39
2406:3003::/40 maxlen: 48
2406:3003:1000::/36 maxlen: 39
2406:3003:1000::/40 maxlen: 48
2406:3003:2000::/36 maxlen: 39
2406:3003:2000::/40 maxlen: 48
2406:3003:3000::/36 maxlen: 39
2406:3003:3000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 17:06:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4708 (0x1264)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Validity
Not Before: Aug 10 17:44:54 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66b7a716-657b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:01:ca:80:21:bf:b4:f8:7a:a0:61:cd:ee:dc:
b4:0b:0a:85:15:31:f4:39:3b:88:15:92:5c:26:12:
10:b1:c2:af:89:c7:1f:88:b7:73:29:04:6f:e0:ec:
22:8a:b9:5a:d6:5f:39:58:2a:bb:92:8d:8c:01:8d:
10:7e:70:90:6e:62:54:96:bf:fd:fe:0b:5d:d7:25:
0b:a8:87:0a:a8:64:68:76:0d:7d:2c:99:51:d6:45:
da:e8:6e:55:41:86:bf:bb:3a:99:9c:a5:09:c7:77:
38:e1:a6:3c:de:d3:3c:bb:ec:99:26:a9:98:0e:5e:
66:36:6a:25:16:0f:96:d3:9a:33:83:b8:d5:82:db:
88:66:50:1f:54:4c:a1:d7:68:f3:86:fe:04:4a:78:
67:cf:43:b5:3e:42:d6:28:5d:a9:b0:69:e6:4b:0d:
0f:fb:c1:80:b2:56:d8:94:aa:14:42:63:1e:9e:45:
03:62:79:5c:bc:94:f2:66:fb:49:42:1e:2c:1c:0d:
05:8d:86:7f:38:44:d3:2e:0d:96:e6:3c:5c:5d:74:
53:e9:7e:fe:75:ae:b6:fc:b5:b7:0a:0e:eb:ee:e1:
01:7a:14:b7:d0:56:e3:6d:1e:51:6a:31:ab:5e:65:
bb:e2:70:1f:0b:5e:d2:64:8a:15:a0:98:15:25:a1:
08:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:16:72:B2:0A:D0:B1:A7:62:5E:09:D9:53:DF:63:58:97:30:41:FB
X509v3 Authority Key Identifier:
keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/CB598446EF1811ED96D1F733C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.125.128.0/18
39.109.128.0/17
58.96.192.0/18
101.127.0.0-101.127.191.255
101.127.240.0/21
103.17.146.0/24
182.19.128.0/17
182.55.0.0/16
183.90.0.0/17
IPv6:
2406:3003::/32
Signature Algorithm: sha256WithRSAEncryption
8e:35:cf:e1:15:f4:c4:7f:a1:e1:34:25:66:c5:8a:cd:da:7b:
6d:de:54:cf:33:ff:31:6b:7c:a8:48:9d:40:26:49:f4:70:68:
25:c0:6d:63:ce:31:5d:e5:af:86:84:dc:68:78:da:17:94:7c:
26:b4:03:1f:09:6b:02:ee:8b:0a:a1:28:a3:d8:9d:61:06:48:
17:41:9a:e6:9d:cf:66:78:f2:52:b5:7e:98:27:50:b9:43:7f:
2b:7d:79:ba:09:eb:23:b1:56:a0:38:53:4a:a3:e1:75:9a:db:
5b:37:ee:4e:20:bb:bf:07:43:7d:e6:82:58:a4:41:d0:47:12:
03:5f:7f:14:7a:fc:36:97:94:15:34:68:01:1b:28:b6:89:5b:
03:7a:c2:9e:40:c5:f2:07:fb:6f:36:65:c4:0d:47:d5:6e:59:
00:68:e2:3a:58:80:3b:3b:93:a0:a2:1b:65:d5:04:24:3b:c0:
ee:61:46:6e:98:9b:f3:b4:7c:c7:c3:ea:a0:02:e3:4d:3d:90:
1d:5e:72:4e:61:dd:47:c3:a5:c3:fd:2b:e6:46:eb:06:04:7a:
00:9e:0a:a5:3a:1a:10:23:e2:fe:89:9f:00:e7:5d:74:31:d3:
03:11:65:77:b7:13:6e:7c:30:17:b6:58:65:ae:c0:d2:d7:4b:
9a:89:d2:18
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICEmQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjQwODEwMTc0NDU0WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmI3YTcxNi02NTdiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvAHKgCG/tPh6oGHN7ty0CwqFFTH0OTuIFZJcJhIQscKviccfiLdzKQRv4Owi
irla1l85WCq7ko2MAY0QfnCQbmJUlr/9/gtd1yULqIcKqGRodg19LJlR1kXa6G5V
QYa/uzqZnKUJx3c44aY83tM8u+yZJqmYDl5mNmolFg+W05ozg7jVgtuIZlAfVEyh
12jzhv4ESnhnz0O1PkLWKF2psGnmSw0P+8GAslbYlKoUQmMenkUDYnlcvJTyZvtJ
Qh4sHA0FjYZ/OETTLg2W5jxcXXRT6X7+da62/LW3Cg7r7uEBehS30FbjbR5RajGr
XmW74nAfC17SZIoVoJgVJaEIUQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFDMWcrIK
0LGnYl4J2VPfY1iXMEH7MB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvQ0I1OTg0NDZF
RjE4MTFFRDk2RDFGNzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMEIEAgABMDwDBAYbfYADBAcnbYADBAY6YMAwCwMDAGV/AwQGZX+AAwQDZX/w
AwQAZxGSAwQHthOAAwMAtjcDBAe3WgAwDQQCAAIwBwMFACQGMAMwDQYJKoZIhvcN
AQELBQADggEBAI41z+EV9MR/oeE0JWbFis3ae23eVM8z/zFrfKhInUAmSfRwaCXA
bWPOMV3lr4aE3Gh42heUfCa0Ax8JawLuiwqhKKPYnWEGSBdBmuadz2Z48lK1fpgn
ULlDfyt9eboJ6yOxVqA4U0qj4XWa21s37k4gu78HQ33mglikQdBHEgNffxR6/DaX
lBU0aAEbKLaJWwN6wp5AxfIH+282ZcQNR9VuWQBo4jpYgDs7k6CiG2XVBCQ7wO5h
Rm6Ym/O0fMfD6qAC4009kB1eck5h3UfDpcP9K+ZG6wYEegCeCqU6GhAj4v6JnwDn
XXQx0wMRZXe3E258MBe2WGWuwNLXS5qJ0hg=
-----END CERTIFICATE-----
Generated at Sun Nov 24 18:36:19 2024 by rpki-client on console-fra.rpki-client.org