Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B21435FE5ADC11EFB0311382C4F9AE02.roa
File: B21435FE5ADC11EFB0311382C4F9AE02.roa (raw, json)
Hash identifier: gV0XgVylgvEyrHvn7xIxLu0Ct7OvDXYB7F+o1A54zO4=
Subject key identifier: 57:99:76:30:43:2E:FF:62:A0:30:9C:3D:FE:E7:CD:0F:1F:87:DD:27
Certificate issuer: /CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Certificate serial: 0A15
Authority key identifier: 1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B21435FE5ADC11EFB0311382C4F9AE02.roa
Signing time: Wed 06 Nov 2024 20:09:54 +0000
ROA not before: Wed 06 Nov 2024 20:09:54 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 64050
IP address blocks: 1.32.192.0/18 maxlen: 24
14.128.32.0/19 maxlen: 24
27.50.48.0/20 maxlen: 24
27.124.0.0/18 maxlen: 24
103.200.200.0/22 maxlen: 24
118.107.0.0/18 maxlen: 19
118.107.0.0/19 maxlen: 23
118.107.0.0/22 maxlen: 24
118.107.4.0/24 maxlen: 24
118.107.6.0/23 maxlen: 24
118.107.8.0/21 maxlen: 24
118.107.16.0/20 maxlen: 24
118.107.32.0/20 maxlen: 24
118.107.56.0/21 maxlen: 24
118.107.176.0/22 maxlen: 24
180.215.0.0/16 maxlen: 16
180.222.204.0/22 maxlen: 24
182.173.70.0/24 maxlen: 24
202.36.48.0/20 maxlen: 24
202.61.128.0/18 maxlen: 24
202.79.160.0/20 maxlen: 24
202.95.0.0/22 maxlen: 24
202.95.4.0/22 maxlen: 24
202.95.8.0/21 maxlen: 24
202.95.16.0/20 maxlen: 24
202.162.96.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 17:11:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2581 (0xa15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Validity
Not Before: Nov 6 20:09:54 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=672bcd12-99ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:ab:53:3b:70:2b:05:b9:bb:96:7f:59:29:06:
d6:29:50:91:3a:d0:01:eb:f2:b7:24:8e:80:79:d9:
71:5a:5e:48:47:47:a7:ee:00:53:d9:d4:10:18:32:
ea:ef:26:3e:9b:66:d7:83:e1:a2:88:f1:e1:a0:7a:
6c:08:c4:1c:49:ca:0d:94:b8:34:1f:40:14:aa:92:
80:51:54:cd:db:48:fa:38:01:d6:0c:68:c0:69:07:
86:12:34:09:29:a2:82:7d:d8:67:2b:3f:83:f3:a7:
96:8c:e7:c9:4f:4e:72:99:11:df:82:a4:d5:86:fb:
8f:05:4a:c3:c8:4e:17:12:97:e5:1b:90:ed:da:06:
e4:d0:c2:d9:0a:c0:d8:99:89:80:39:a1:e8:b9:8e:
d6:bd:2b:f0:6b:b8:a7:f6:f1:ba:a0:d6:48:f2:27:
57:c0:e7:10:f0:28:95:7c:f1:4e:eb:e6:e5:31:8d:
f4:6d:d6:f0:12:cd:51:02:58:1a:cc:d0:b8:53:68:
9d:bb:48:cd:bf:44:cd:2b:5f:d7:06:13:ac:c4:87:
a8:55:45:bc:de:7c:96:7f:95:b2:0a:e8:a5:2d:ca:
d2:f9:b5:25:b7:f4:42:d2:fe:04:5b:f2:51:9e:50:
48:46:d8:3e:a4:05:e5:41:a5:f8:61:e3:7f:ff:2c:
92:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:99:76:30:43:2E:FF:62:A0:30:9C:3D:FE:E7:CD:0F:1F:87:DD:27
X509v3 Authority Key Identifier:
keyid:1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B21435FE5ADC11EFB0311382C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.32.192.0/18
14.128.32.0/19
27.50.48.0/20
27.124.0.0/18
103.200.200.0/22
118.107.0.0/18
118.107.176.0/22
180.215.0.0/16
180.222.204.0/22
182.173.70.0/24
202.36.48.0/20
202.61.128.0/18
202.79.160.0/20
202.95.0.0/19
202.162.96.0/20
Signature Algorithm: sha256WithRSAEncryption
3c:b7:6e:68:54:10:1d:84:ab:e3:63:e2:92:4d:b9:09:95:f3:
ce:7f:59:31:e2:cb:4a:f3:b9:d2:61:6b:5c:19:47:c6:70:7c:
03:6b:53:b0:71:97:b7:26:c5:1e:e7:25:26:cf:0e:f8:5c:74:
e1:62:70:d3:8c:05:91:a3:00:5f:4e:60:e1:f7:5e:45:70:a6:
f9:18:ad:4c:b6:70:33:af:25:66:05:bb:85:57:e4:3f:75:91:
8c:61:6c:e5:07:b0:9e:de:2a:89:1f:c3:66:62:04:80:01:39:
a3:ef:31:63:ca:4f:37:fc:0e:61:56:2b:6b:a4:45:5f:2d:e8:
86:11:c0:3b:8f:0f:2e:d3:48:69:61:90:36:05:e8:68:cc:a6:
a5:f0:f4:91:2b:ec:43:a6:10:02:ef:eb:97:48:c8:68:ea:77:
2d:5b:ba:b8:6d:0f:dd:b3:79:f1:6a:36:61:a5:2e:82:fb:11:
3d:42:e9:e0:b8:3c:55:4d:f8:0a:a7:a6:56:d7:0a:f6:83:64:
39:89:4d:f8:98:e0:23:fc:c6:c9:b1:71:24:7a:34:cb:34:fd:
8a:df:59:c6:9f:7a:14:5d:50:30:e5:b7:8b:65:12:a6:4b:98:
3b:6e:73:c0:87:55:32:8b:3d:cb:d4:ce:7c:21:c4:33:1a:bd:
80:e8:b0:2a
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgICChUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEM2NjExMTAvBgNVBAUTKDFFQzQyQzFCNjlFMTZGNUYzN0M3M0Q4MUJGOUZBQjFG
NEJBNDIzMjkwHhcNMjQxMTA2MjAwOTU0WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJiY2QxMi05OWFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4atTO3ArBbm7ln9ZKQbWKVCROtAB6/K3JI6AedlxWl5IR0en7gBT2dQQGDLq
7yY+m2bXg+GiiPHhoHpsCMQcScoNlLg0H0AUqpKAUVTN20j6OAHWDGjAaQeGEjQJ
KaKCfdhnKz+D86eWjOfJT05ymRHfgqTVhvuPBUrDyE4XEpflG5Dt2gbk0MLZCsDY
mYmAOaHouY7WvSvwa7in9vG6oNZI8idXwOcQ8CiVfPFO6+blMY30bdbwEs1RAlga
zNC4U2idu0jNv0TNK1/XBhOsxIeoVUW83nyWf5WyCuilLcrS+bUlt/RC0v4EW/JR
nlBIRtg+pAXlQaX4YeN//yySIwIDAQABo4IC6DCCAuQwHQYDVR0OBBYEFFeZdjBD
Lv9ioDCcPf7nzQ8fh90nMB8GA1UdIwQYMBaAFB7ELBtp4W9fN8c9gb+fqx9LpCMp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QzY2MS8wQkJEOUVBMjgz
NkQxMUVBQjRBMkQ3NkRDNEY5QUUwMi9Ic1FzRzJuaGIxODN4ejJCdjUtckgwdWtJ
eWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hzUXNHMm5oYjE4M3h6MkJ2NS1ySDB1a0l5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEM2NjEvMEJCRDlFQTI4MzZEMTFFQUI0QTJENzZEQzRGOUFFMDIvQjIxNDM1RkU1
QURDMTFFRkIwMzExMzgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcgYIKwYBBQUHAQcBAf8E
YzBhMF8EAgABMFkDBAYBIMADBAUOgCADBAQbMjADBAYbfAADBAJnyMgDBAZ2awAD
BAJ2a7ADAwC01wMEArTezAMEALatRgMEBMokMAMEBso9gAMEBMpPoAMEBcpfAAME
BMqiYDANBgkqhkiG9w0BAQsFAAOCAQEAPLduaFQQHYSr42Pikk25CZXzzn9ZMeLL
SvO50mFrXBlHxnB8A2tTsHGXtybFHuclJs8O+Fx04WJw04wFkaMAX05g4fdeRXCm
+RitTLZwM68lZgW7hVfkP3WRjGFs5Qewnt4qiR/DZmIEgAE5o+8xY8pPN/wOYVYr
a6RFXy3ohhHAO48PLtNIaWGQNgXoaMympfD0kSvsQ6YQAu/rl0jIaOp3LVu6uG0P
3bN58Wo2YaUugvsRPULp4Lg8VU34CqemVtcK9oNkOYlN+JjgI/zGybFxJHo0yzT9
it9Zxp96FF1QMOW3i2USpkuYO25zwIdVMos9y9TOfCHEMxq9gOiwKg==
-----END CERTIFICATE-----
Generated at Sun Nov 24 21:45:06 2024 by rpki-client on console-ams.rpki-client.org