Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/3D98B69C977111EFBB74DC15C4F9AE02.roa
File: 3D98B69C977111EFBB74DC15C4F9AE02.roa (raw, json)
Hash identifier: lt1D5sciR+2lOQyy1N8uzWcJormxPCZGQ/QdfmIRJiI=
Subject key identifier: 8E:13:AD:0D:D7:36:CC:65:AE:38:64:81:0A:F8:1E:D1:88:FE:4B:9B
Certificate issuer: /CN=A917E678/serialNumber=FF3341972DD8A1F6871EDE869A3A1DD92528AEB6
Certificate serial: 0C04
Authority key identifier: FF:33:41:97:2D:D8:A1:F6:87:1E:DE:86:9A:3A:1D:D9:25:28:AE:B6
Authority info access: rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/_zNBly3YofaHHt6Gmjod2SUorrY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/3D98B69C977111EFBB74DC15C4F9AE02.roa
Signing time: Thu 07 Nov 2024 10:08:41 +0000
ROA not before: Thu 07 Nov 2024 10:08:41 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 136907
IP address blocks: 46.250.160.0/19 maxlen: 19
46.250.160.0/20 maxlen: 20
46.250.176.0/20 maxlen: 20
62.245.0.0/19 maxlen: 19
62.245.0.0/20 maxlen: 20
62.245.16.0/20 maxlen: 20
80.238.128.0/17 maxlen: 17
80.238.128.0/22 maxlen: 22
80.238.128.0/24 maxlen: 24
80.238.129.0/24 maxlen: 24
80.238.132.0/22 maxlen: 22
80.238.136.0/22 maxlen: 22
80.238.140.0/22 maxlen: 22
80.238.144.0/22 maxlen: 22
80.238.148.0/22 maxlen: 22
80.238.152.0/22 maxlen: 22
80.238.156.0/22 maxlen: 22
80.238.160.0/22 maxlen: 22
80.238.164.0/22 maxlen: 22
80.238.168.0/22 maxlen: 22
80.238.172.0/22 maxlen: 22
80.238.176.0/22 maxlen: 22
80.238.180.0/24 maxlen: 24
80.238.181.0/24 maxlen: 24
80.238.182.0/24 maxlen: 24
80.238.183.0/24 maxlen: 24
80.238.184.0/24 maxlen: 24
80.238.185.0/24 maxlen: 24
80.238.186.0/24 maxlen: 24
80.238.187.0/24 maxlen: 24
80.238.188.0/24 maxlen: 24
80.238.189.0/24 maxlen: 24
80.238.190.0/24 maxlen: 24
80.238.191.0/24 maxlen: 24
80.238.192.0/20 maxlen: 20
80.238.208.0/20 maxlen: 20
80.238.224.0/20 maxlen: 20
80.238.240.0/20 maxlen: 20
83.101.0.0/17 maxlen: 17
83.101.0.0/21 maxlen: 21
83.101.8.0/21 maxlen: 24
83.101.16.0/21 maxlen: 21
83.101.24.0/21 maxlen: 21
83.101.32.0/21 maxlen: 21
83.101.40.0/21 maxlen: 21
83.101.48.0/21 maxlen: 21
83.101.56.0/21 maxlen: 21
83.101.64.0/21 maxlen: 21
83.101.72.0/21 maxlen: 21
83.101.80.0/21 maxlen: 21
83.101.88.0/21 maxlen: 21
83.101.96.0/21 maxlen: 21
83.101.104.0/21 maxlen: 21
83.101.112.0/21 maxlen: 21
83.101.120.0/21 maxlen: 21
87.119.12.0/24 maxlen: 24
89.150.192.0/18 maxlen: 18
89.150.192.0/20 maxlen: 20
89.150.208.0/20 maxlen: 20
89.150.224.0/20 maxlen: 20
89.150.240.0/20 maxlen: 20
94.45.160.0/19 maxlen: 19
94.45.160.0/24 maxlen: 24
94.45.161.0/24 maxlen: 24
94.45.163.0/24 maxlen: 24
94.45.191.0/24 maxlen: 24
94.74.64.0/20 maxlen: 20
94.74.80.0/20 maxlen: 20
94.74.96.0/20 maxlen: 20
94.74.120.0/21 maxlen: 21
94.244.128.0/18 maxlen: 18
94.244.128.0/20 maxlen: 20
94.244.144.0/20 maxlen: 20
94.244.160.0/20 maxlen: 20
94.244.176.0/20 maxlen: 20
176.52.128.0/19 maxlen: 19
176.52.128.0/20 maxlen: 20
176.52.144.0/20 maxlen: 20
188.119.192.0/18 maxlen: 18
188.119.192.0/20 maxlen: 20
188.119.208.0/20 maxlen: 20
188.119.224.0/20 maxlen: 20
188.119.240.0/20 maxlen: 20
188.239.0.0/18 maxlen: 18
188.239.0.0/20 maxlen: 20
188.239.16.0/20 maxlen: 20
188.239.32.0/20 maxlen: 20
188.239.48.0/20 maxlen: 20
212.34.192.0/19 maxlen: 19
212.34.192.0/20 maxlen: 20
212.34.208.0/20 maxlen: 20
213.250.128.0/19 maxlen: 19
213.250.128.0/20 maxlen: 20
213.250.144.0/20 maxlen: 20
213.250.160.0/19 maxlen: 19
213.250.160.0/20 maxlen: 20
213.250.176.0/20 maxlen: 20
213.250.176.0/21 maxlen: 21
213.250.184.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/_zNBly3YofaHHt6Gmjod2SUorrY.crl
rsync://rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/_zNBly3YofaHHt6Gmjod2SUorrY.mft
rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/_zNBly3YofaHHt6Gmjod2SUorrY.cer
rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 14:50:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3076 (0xc04)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917E678/serialNumber=FF3341972DD8A1F6871EDE869A3A1DD92528AEB6
Validity
Not Before: Nov 7 10:08:41 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=672c91a8-9893
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:4c:ef:d5:c7:56:89:b4:53:39:a9:f7:fb:9e:
3a:aa:f6:7e:8f:c7:ed:f2:5a:d8:9d:73:f9:42:70:
50:97:78:06:b8:fa:64:68:51:4a:70:de:79:b1:b0:
eb:81:24:cc:5f:b7:be:23:15:d8:ee:4f:e0:8a:08:
05:1e:c4:e5:ec:97:3a:f5:68:0d:21:ef:ee:38:1a:
16:13:18:2c:ea:93:0b:13:68:f4:16:57:e1:30:5b:
39:73:2c:6a:5a:d9:d8:fe:64:68:1c:0f:e9:20:48:
15:11:6a:27:6e:ca:83:83:3e:65:ef:d4:60:2e:80:
f7:89:f5:a9:a6:46:01:38:4e:07:c1:38:34:cd:dd:
ca:e0:36:ce:3e:28:b5:5e:b9:3e:ca:7e:25:c5:36:
be:85:00:27:cd:9d:0f:44:99:54:79:87:62:cc:29:
aa:97:76:87:37:0b:5d:07:21:08:d3:e6:8e:06:3f:
0a:63:32:6e:bc:ef:c8:f3:b1:e0:8f:a2:b2:45:9c:
65:e8:17:04:dc:f6:1b:83:e5:50:eb:4d:86:a9:d4:
fb:c2:27:8d:a7:af:a9:37:43:64:6c:f1:09:6b:99:
6a:5f:a8:a0:72:44:3c:cc:25:9f:b2:c4:a5:4d:4a:
95:c4:55:c0:00:64:19:0b:46:a0:7a:70:93:51:2a:
38:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:13:AD:0D:D7:36:CC:65:AE:38:64:81:0A:F8:1E:D1:88:FE:4B:9B
X509v3 Authority Key Identifier:
keyid:FF:33:41:97:2D:D8:A1:F6:87:1E:DE:86:9A:3A:1D:D9:25:28:AE:B6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/_zNBly3YofaHHt6Gmjod2SUorrY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/_zNBly3YofaHHt6Gmjod2SUorrY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E678/BEB333FA225111EAB2CB8469C4F9AE02/3D98B69C977111EFBB74DC15C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
46.250.160.0/19
62.245.0.0/19
80.238.128.0/17
83.101.0.0/17
87.119.12.0/24
89.150.192.0/18
94.45.160.0/19
94.74.64.0-94.74.111.255
94.74.120.0/21
94.244.128.0/18
176.52.128.0/19
188.119.192.0/18
188.239.0.0/18
212.34.192.0/19
213.250.128.0/18
Signature Algorithm: sha256WithRSAEncryption
80:1c:f3:fa:64:03:93:96:9e:eb:b1:44:db:50:51:8c:df:d9:
c8:f9:da:45:8d:7f:8a:53:eb:54:c8:d3:85:71:ea:02:9e:75:
3b:44:22:5f:e6:73:69:d2:6b:5c:f0:58:90:c5:51:28:e3:b7:
70:76:27:0b:55:76:42:84:7c:ed:4a:56:3a:35:e7:d9:d7:03:
52:b5:c2:dd:dd:27:e0:d9:23:ac:be:f1:f0:15:7d:26:d8:5d:
4a:0d:73:29:b6:46:90:93:4e:9d:a4:75:95:1d:7a:51:66:a9:
7c:4c:97:8a:91:1e:16:ba:90:33:7e:cf:f9:cf:1d:b6:5e:92:
16:27:f8:e1:8e:3f:57:25:79:94:8a:6f:69:70:70:88:ed:a5:
b0:46:30:33:02:d4:9f:26:4b:5c:e0:0a:26:35:8a:1b:56:ff:
57:03:2d:60:51:9d:90:64:64:e9:75:77:97:c3:f4:6c:95:a3:
08:ec:f5:d7:4e:6b:73:77:53:80:ee:b4:40:a2:9b:0b:b3:05:
92:7f:23:6c:eb:69:10:4a:0a:72:52:63:23:7d:0b:b9:d4:e9:
b0:f6:df:39:de:0f:e8:8b:41:4d:ee:30:2c:da:58:5f:11:2b:
25:0c:66:79:5c:db:13:c3:4b:68:78:5d:8c:73:37:d7:8f:0f:
a3:cb:f5:ea
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgICDAQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0U2NzgxMTAvBgNVBAUTKEZGMzM0MTk3MkREOEExRjY4NzFFREU4NjlBM0ExREQ5
MjUyOEFFQjYwHhcNMjQxMTA3MTAwODQxWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJjOTFhOC05ODkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApUzv1cdWibRTOan3+546qvZ+j8ft8lrYnXP5QnBQl3gGuPpkaFFKcN55sbDr
gSTMX7e+IxXY7k/giggFHsTl7Jc69WgNIe/uOBoWExgs6pMLE2j0FlfhMFs5cyxq
WtnY/mRoHA/pIEgVEWonbsqDgz5l79RgLoD3ifWppkYBOE4HwTg0zd3K4DbOPii1
Xrk+yn4lxTa+hQAnzZ0PRJlUeYdizCmql3aHNwtdByEI0+aOBj8KYzJuvO/I87Hg
j6KyRZxl6BcE3PYbg+VQ602GqdT7wieNp6+pN0NkbPEJa5lqX6igckQ8zCWfssSl
TUqVxFXAAGQZC0agenCTUSo4tQIDAQABo4IC8TCCAu0wHQYDVR0OBBYEFI4TrQ3X
NsxlrjhkgQr4HtGI/kubMB8GA1UdIwQYMBaAFP8zQZct2KH2hx7ehpo6HdklKK62
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RTY3OC9CRUIzMzNGQTIy
NTExMUVBQjJDQjg0NjlDNEY5QUUwMi9fek5CbHkzWW9mYUhIdDZHbWpvZDJTVW9y
clkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL196TkJseTNZb2ZhSEh0Nkdtam9kMlNVb3JyWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0U2NzgvQkVCMzMzRkEyMjUxMTFFQUIyQ0I4NDY5QzRGOUFFMDIvM0Q5OEI2OUM5
NzcxMTFFRkJCNzREQzE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwewYIKwYBBQUHAQcBAf8E
bDBqMGgEAgABMGIDBAUu+qADBAU+9QADBAdQ7oADBAdTZQADBABXdwwDBAZZlsAD
BAVeLaAwDAMEBl5KQAMEBF5KYAMEA15KeAMEBl70gAMEBbA0gAMEBrx3wAMEBrzv
AAMEBdQiwAMEBtX6gDANBgkqhkiG9w0BAQsFAAOCAQEAgBzz+mQDk5ae67FE21BR
jN/ZyPnaRY1/ilPrVMjThXHqAp51O0QiX+ZzadJrXPBYkMVRKOO3cHYnC1V2QoR8
7UpWOjXn2dcDUrXC3d0n4NkjrL7x8BV9JthdSg1zKbZGkJNOnaR1lR16UWapfEyX
ipEeFrqQM37P+c8dtl6SFif44Y4/VyV5lIpvaXBwiO2lsEYwMwLUnyZLXOAKJjWK
G1b/VwMtYFGdkGRk6XV3l8P0bJWjCOz1105rc3dTgO60QKKbC7MFkn8jbOtpEEoK
clJjI30LudTpsPbfOd4P6ItBTe4wLNpYXxErJQxmeVzbE8NLaHhdjHM3148Po8v1
6g==
-----END CERTIFICATE-----
Generated at Wed Nov 20 19:05:22 2024 by rpki-client on console-ams.rpki-client.org