Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/C1B8D000B5BE11EEBB039D81C4F9AE02.roa
File: C1B8D000B5BE11EEBB039D81C4F9AE02.roa (raw, json)
Hash identifier: Ktd8zTmAEP8d4po1PWCfJzfzivZrqBIqgha+n7WH0OM=
Subject key identifier: 60:72:55:AE:9A:6D:C8:04:AF:AB:6C:1C:96:EC:DC:64:13:42:01:8B
Certificate issuer: /CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Certificate serial: 091E
Authority key identifier: 1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/C1B8D000B5BE11EEBB039D81C4F9AE02.roa
Signing time: Thu 18 Jan 2024 05:02:19 +0000
ROA not before: Thu 18 Jan 2024 05:02:19 +0000
ROA not after: Fri 31 Jan 2025 00:00:00 +0000
asID: 64050
IP address blocks: 1.32.192.0/18 maxlen: 24
14.128.32.0/19 maxlen: 24
27.50.48.0/20 maxlen: 24
27.124.0.0/18 maxlen: 24
103.200.200.0/22 maxlen: 24
118.107.0.0/18 maxlen: 19
118.107.0.0/19 maxlen: 23
118.107.0.0/22 maxlen: 24
118.107.4.0/24 maxlen: 24
118.107.6.0/23 maxlen: 24
118.107.8.0/21 maxlen: 24
118.107.16.0/20 maxlen: 24
118.107.32.0/20 maxlen: 24
118.107.56.0/21 maxlen: 24
118.107.176.0/22 maxlen: 24
180.222.204.0/22 maxlen: 24
182.173.68.0/22 maxlen: 24
202.36.48.0/20 maxlen: 24
202.61.128.0/18 maxlen: 24
202.79.160.0/20 maxlen: 24
202.95.0.0/22 maxlen: 24
202.95.4.0/22 maxlen: 24
202.95.8.0/21 maxlen: 24
202.95.16.0/20 maxlen: 24
202.162.96.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 21 May 2024 21:24:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2334 (0x91e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Validity
Not Before: Jan 18 05:02:19 2024 GMT
Not After : Jan 31 00:00:00 2025 GMT
Subject: CN=65a8b0db-b797
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:a2:33:89:eb:90:e7:07:84:b8:f2:4c:79:ff:
a6:80:0d:42:9a:7d:56:c7:aa:c3:e7:c0:73:1f:19:
fd:2f:6d:73:9c:10:87:1c:4d:1d:a0:54:58:12:3f:
d5:cb:dd:cb:39:46:32:e2:27:80:07:5b:e9:af:15:
9d:73:d9:1c:4c:73:ba:a5:ac:2f:f9:92:67:9f:48:
a4:74:dc:56:68:2b:fc:35:0b:87:a8:0c:07:fe:16:
39:49:63:42:f5:ba:e4:cf:ea:fe:f0:d8:0e:b2:76:
4d:da:c8:07:9d:f9:fa:40:0e:d6:e2:8f:0e:a6:12:
e8:4d:07:c5:5a:c9:31:bf:2b:ce:6e:f7:77:20:3f:
58:4e:a7:14:a4:ce:9f:ac:d8:29:ca:96:79:99:b3:
88:46:e9:62:6f:05:c8:f6:08:a9:06:79:71:1d:5b:
b9:a9:55:9b:f1:37:34:ba:49:d4:76:2f:12:9d:ed:
62:26:40:5f:33:87:e3:15:83:ab:34:6c:e0:f0:14:
e2:2e:2c:06:d2:9a:c2:b6:02:f9:80:e6:1f:72:56:
78:64:c2:dc:c8:3b:99:f1:ee:cb:aa:92:95:4a:12:
53:b9:2c:35:23:10:1d:c5:0f:96:10:52:3d:63:54:
1a:65:57:e1:6f:02:f7:41:e1:fe:85:53:7c:72:e9:
96:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:72:55:AE:9A:6D:C8:04:AF:AB:6C:1C:96:EC:DC:64:13:42:01:8B
X509v3 Authority Key Identifier:
keyid:1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/C1B8D000B5BE11EEBB039D81C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.32.192.0/18
14.128.32.0/19
27.50.48.0/20
27.124.0.0/18
103.200.200.0/22
118.107.0.0/18
118.107.176.0/22
180.222.204.0/22
182.173.68.0/22
202.36.48.0/20
202.61.128.0/18
202.79.160.0/20
202.95.0.0/19
202.162.96.0/20
Signature Algorithm: sha256WithRSAEncryption
33:f7:ca:da:1c:6d:a9:09:dd:d6:91:25:dd:3f:dd:db:e3:71:
24:a2:3a:80:9a:5d:cc:3b:10:e2:8d:96:82:9a:31:bf:86:1a:
b4:64:11:ef:5d:7c:26:20:47:2f:42:f3:dc:18:14:ad:96:44:
a9:9d:91:97:2f:d6:10:58:f5:ca:fb:67:f9:3f:0b:c3:e0:f3:
0b:8a:1d:6b:5b:60:01:07:7e:a8:14:5d:4a:5e:4b:7c:2d:d2:
4d:8d:2a:10:d9:76:30:0d:49:a0:da:80:95:c2:ee:25:6e:40:
b9:36:70:53:5b:a1:57:dd:2e:37:da:99:42:0e:14:cb:30:9e:
14:d5:e3:42:72:5d:80:64:f6:ab:dd:cf:b5:60:fb:26:74:90:
6b:43:cf:63:cd:0b:63:59:a6:5f:e4:a7:b7:e2:5d:58:20:74:
d0:16:68:72:b6:c4:0d:1a:a5:a4:83:ad:6d:4a:73:1b:8e:15:
85:32:cc:88:d0:72:fa:bc:72:2f:ac:fb:e2:0f:7c:d9:13:16:
06:2d:7b:25:a2:2b:93:ba:27:5e:cc:e8:b5:92:e9:58:f5:14:
df:ea:35:8d:ef:46:40:48:c1:17:ee:8e:e0:83:5e:2d:1f:82:
8f:5d:b5:e3:4b:15:f0:85:8b:76:5b:2a:78:99:cd:0c:d0:8e:
58:1a:a0:a9
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgICCR4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEM2NjExMTAvBgNVBAUTKDFFQzQyQzFCNjlFMTZGNUYzN0M3M0Q4MUJGOUZBQjFG
NEJBNDIzMjkwHhcNMjQwMTE4MDUwMjE5WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWE4YjBkYi1iNzk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA06IzieuQ5weEuPJMef+mgA1Cmn1Wx6rD58BzHxn9L21znBCHHE0doFRYEj/V
y93LOUYy4ieAB1vprxWdc9kcTHO6pawv+ZJnn0ikdNxWaCv8NQuHqAwH/hY5SWNC
9brkz+r+8NgOsnZN2sgHnfn6QA7W4o8OphLoTQfFWskxvyvObvd3ID9YTqcUpM6f
rNgpypZ5mbOIRulibwXI9gipBnlxHVu5qVWb8Tc0uknUdi8Sne1iJkBfM4fjFYOr
NGzg8BTiLiwG0prCtgL5gOYfclZ4ZMLcyDuZ8e7LqpKVShJTuSw1IxAdxQ+WEFI9
Y1QaZVfhbwL3QeH+hVN8cumWXwIDAQABo4IC4zCCAt8wHQYDVR0OBBYEFGByVa6a
bcgEr6tsHJbs3GQTQgGLMB8GA1UdIwQYMBaAFB7ELBtp4W9fN8c9gb+fqx9LpCMp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QzY2MS8wQkJEOUVBMjgz
NkQxMUVBQjRBMkQ3NkRDNEY5QUUwMi9Ic1FzRzJuaGIxODN4ejJCdjUtckgwdWtJ
eWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hzUXNHMm5oYjE4M3h6MkJ2NS1ySDB1a0l5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEM2NjEvMEJCRDlFQTI4MzZEMTFFQUI0QTJENzZEQzRGOUFFMDIvQzFCOEQwMDBC
NUJFMTFFRUJCMDM5RDgxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbQYIKwYBBQUHAQcBAf8E
XjBcMFoEAgABMFQDBAYBIMADBAUOgCADBAQbMjADBAYbfAADBAJnyMgDBAZ2awAD
BAJ2a7ADBAK03swDBAK2rUQDBATKJDADBAbKPYADBATKT6ADBAXKXwADBATKomAw
DQYJKoZIhvcNAQELBQADggEBADP3ytocbakJ3daRJd0/3dvjcSSiOoCaXcw7EOKN
loKaMb+GGrRkEe9dfCYgRy9C89wYFK2WRKmdkZcv1hBY9cr7Z/k/C8Pg8wuKHWtb
YAEHfqgUXUpeS3wt0k2NKhDZdjANSaDagJXC7iVuQLk2cFNboVfdLjfamUIOFMsw
nhTV40JyXYBk9qvdz7Vg+yZ0kGtDz2PNC2NZpl/kp7fiXVggdNAWaHK2xA0apaSD
rW1KcxuOFYUyzIjQcvq8ci+s++IPfNkTFgYteyWiK5O6J17M6LWS6Vj1FN/qNY3v
RkBIwRfujuCDXi0fgo9dteNLFfCFi3ZbKniZzQzQjlgaoKk=
-----END CERTIFICATE-----
Generated at Tue May 14 22:49:19 2024 by rpki-client on console-ams.rpki-client.org