Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/6C68485C5A1D11EFA9989052C4F9AE02.roa
File: 6C68485C5A1D11EFA9989052C4F9AE02.roa (raw, json)
Hash identifier: eMC9itpv3oFgg3wC16WZV3uYeAr5DZklaR+zjZUUL1Q=
Subject key identifier: C2:E0:24:E0:4C:4F:34:23:4B:CB:1B:94:4A:91:15:F4:2D:08:52:21
Certificate issuer: /CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Certificate serial: 0A12
Authority key identifier: 1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/6C68485C5A1D11EFA9989052C4F9AE02.roa
Signing time: Wed 06 Nov 2024 20:09:52 +0000
ROA not before: Wed 06 Nov 2024 20:09:52 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 152194
IP address blocks: 1.32.192.0/18 maxlen: 24
14.128.32.0/19 maxlen: 24
27.50.48.0/20 maxlen: 24
27.124.0.0/18 maxlen: 24
118.107.0.0/18 maxlen: 24
118.107.176.0/22 maxlen: 24
180.222.204.0/22 maxlen: 24
202.36.48.0/20 maxlen: 24
202.61.128.0/21 maxlen: 24
202.61.136.0/21 maxlen: 24
202.61.144.0/20 maxlen: 24
202.61.160.0/20 maxlen: 24
202.61.176.0/21 maxlen: 24
202.61.184.0/22 maxlen: 24
202.61.188.0/22 maxlen: 24
202.79.160.0/20 maxlen: 24
202.95.0.0/22 maxlen: 24
202.95.4.0/22 maxlen: 24
202.95.8.0/21 maxlen: 24
202.95.16.0/20 maxlen: 24
202.162.96.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 19:53:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2578 (0xa12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Validity
Not Before: Nov 6 20:09:52 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=672bcd0f-e1cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:d6:52:ec:6a:ff:96:af:2a:c0:93:1f:3d:98:
f1:92:95:8d:b3:bb:b3:c3:39:4d:69:d3:9f:11:f3:
b7:9a:fc:0e:a2:81:b3:d7:93:92:a3:e2:dd:99:e9:
bd:78:44:dd:02:5e:da:3a:1d:05:47:9b:41:5c:bb:
2f:17:ee:f3:ce:e1:e3:15:eb:cf:32:7f:12:65:c1:
52:30:61:18:c9:0d:71:3c:b2:10:f5:31:0d:92:54:
c0:e2:22:5d:4c:1b:fd:4e:22:71:72:d4:11:1f:9e:
3e:66:9f:76:62:fb:bb:a6:be:e4:ad:46:7a:47:f6:
d1:55:9b:8b:d7:29:4f:ab:78:f1:87:e4:d0:ef:b4:
fc:57:41:74:ff:36:4c:52:35:65:75:ab:04:a3:d0:
5f:fb:38:4e:0b:b1:93:7d:5e:70:94:10:17:d3:80:
64:81:ec:f1:70:7d:0a:cd:64:fa:89:5b:ee:b7:c6:
f9:9a:41:54:4c:c6:d0:46:e0:57:a1:81:56:9b:2a:
35:a7:b6:59:99:aa:3f:fd:77:9b:56:58:0b:e1:45:
c2:94:c1:a5:54:4b:ed:a0:5b:9f:f3:20:78:e6:e6:
ea:ad:ee:26:60:c1:2c:77:eb:f9:39:2b:34:3a:7c:
54:92:1c:2c:e9:3d:8b:fd:b7:9b:ff:29:a4:9f:7e:
f7:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:E0:24:E0:4C:4F:34:23:4B:CB:1B:94:4A:91:15:F4:2D:08:52:21
X509v3 Authority Key Identifier:
keyid:1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/6C68485C5A1D11EFA9989052C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.32.192.0/18
14.128.32.0/19
27.50.48.0/20
27.124.0.0/18
118.107.0.0/18
118.107.176.0/22
180.222.204.0/22
202.36.48.0/20
202.61.128.0/18
202.79.160.0/20
202.95.0.0/19
202.162.96.0/20
Signature Algorithm: sha256WithRSAEncryption
0e:71:05:94:ed:0a:52:66:a4:8a:53:39:7f:38:90:77:09:83:
b5:6c:b0:79:8c:2a:c3:9c:57:dc:cd:01:b9:ae:63:36:79:fe:
48:b2:d7:83:26:52:ee:f6:7c:51:42:c5:ed:3e:8a:64:49:b1:
8c:17:76:67:6a:19:98:b7:9d:fa:aa:56:19:41:12:cf:44:e1:
db:ad:58:08:8a:a3:ac:43:1c:34:99:66:ac:c2:95:fa:dd:33:
bd:5b:c6:f1:dc:31:42:64:5f:9a:27:23:2d:4c:2e:d9:3a:1c:
bd:b3:ac:d5:26:75:bf:4e:31:a0:bc:e9:3d:96:41:b4:f3:5c:
a0:fa:dd:ec:15:a2:d6:73:8d:d8:b9:95:e4:56:bc:5d:ca:db:
bb:73:cf:bf:24:c6:00:b1:34:84:e8:ca:ee:3c:12:bb:4c:76:
68:0f:f3:d6:6e:be:dc:fe:de:a1:5e:f9:4b:82:c5:d1:70:0e:
f1:c0:9d:f5:34:1b:33:3e:76:1d:4a:57:4e:ab:20:e5:ff:de:
40:98:82:4b:33:e4:e3:fb:03:f3:b9:25:02:fb:78:c2:4d:0e:
c9:a2:9c:95:0c:25:49:26:68:39:07:fd:d6:72:46:be:eb:ae:
56:fa:48:07:b4:54:a1:fc:99:d6:4c:3e:63:b5:56:5f:ca:ae:
a3:06:09:52
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgICChIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEM2NjExMTAvBgNVBAUTKDFFQzQyQzFCNjlFMTZGNUYzN0M3M0Q4MUJGOUZBQjFG
NEJBNDIzMjkwHhcNMjQxMTA2MjAwOTUyWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJiY2QwZi1lMWNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsdZS7Gr/lq8qwJMfPZjxkpWNs7uzwzlNadOfEfO3mvwOooGz15OSo+Ldmem9
eETdAl7aOh0FR5tBXLsvF+7zzuHjFevPMn8SZcFSMGEYyQ1xPLIQ9TENklTA4iJd
TBv9TiJxctQRH54+Zp92Yvu7pr7krUZ6R/bRVZuL1ylPq3jxh+TQ77T8V0F0/zZM
UjVldasEo9Bf+zhOC7GTfV5wlBAX04BkgezxcH0KzWT6iVvut8b5mkFUTMbQRuBX
oYFWmyo1p7ZZmao//XebVlgL4UXClMGlVEvtoFuf8yB45ubqre4mYMEsd+v5OSs0
OnxUkhws6T2L/beb/ymkn373CwIDAQABo4IC1zCCAtMwHQYDVR0OBBYEFMLgJOBM
TzQjS8sblEqRFfQtCFIhMB8GA1UdIwQYMBaAFB7ELBtp4W9fN8c9gb+fqx9LpCMp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QzY2MS8wQkJEOUVBMjgz
NkQxMUVBQjRBMkQ3NkRDNEY5QUUwMi9Ic1FzRzJuaGIxODN4ejJCdjUtckgwdWtJ
eWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hzUXNHMm5oYjE4M3h6MkJ2NS1ySDB1a0l5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEM2NjEvMEJCRDlFQTI4MzZEMTFFQUI0QTJENzZEQzRGOUFFMDIvNkM2ODQ4NUM1
QTFEMTFFRkE5OTg5MDUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYQYIKwYBBQUHAQcBAf8E
UjBQME4EAgABMEgDBAYBIMADBAUOgCADBAQbMjADBAYbfAADBAZ2awADBAJ2a7AD
BAK03swDBATKJDADBAbKPYADBATKT6ADBAXKXwADBATKomAwDQYJKoZIhvcNAQEL
BQADggEBAA5xBZTtClJmpIpTOX84kHcJg7VssHmMKsOcV9zNAbmuYzZ5/kiy14Mm
Uu72fFFCxe0+imRJsYwXdmdqGZi3nfqqVhlBEs9E4dutWAiKo6xDHDSZZqzClfrd
M71bxvHcMUJkX5onIy1MLtk6HL2zrNUmdb9OMaC86T2WQbTzXKD63ewVotZzjdi5
leRWvF3K27tzz78kxgCxNIToyu48ErtMdmgP89Zuvtz+3qFe+UuCxdFwDvHAnfU0
GzM+dh1KV06rIOX/3kCYgksz5OP7A/O5JQL7eMJNDsminJUMJUkmaDkH/dZyRr7r
rlb6SAe0VKH8mdZMPmO1Vl/KrqMGCVI=
-----END CERTIFICATE-----
Generated at Wed Nov 20 21:52:42 2024 by rpki-client on console-fra.rpki-client.org