Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/07E2991C5C4111EEAC516412C4F9AE02.roa
File: 07E2991C5C4111EEAC516412C4F9AE02.roa (raw, json)
Hash identifier: xu7L81ze9kEV12S7fMEZ2AFHg9wANEr7zej5fBMrk/4=
Subject key identifier: B1:C8:35:EB:BC:DD:90:1F:F9:BF:DD:9B:DB:E7:1D:FF:72:24:9C:FD
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 864F
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/07E2991C5C4111EEAC516412C4F9AE02.roa
Signing time: Thu 18 Apr 2024 08:48:02 +0000
ROA not before: Thu 18 Apr 2024 08:48:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 45916
IP address blocks: 14.192.28.0/22 maxlen: 24
27.116.48.0/21 maxlen: 24
27.121.100.0/22 maxlen: 24
43.224.0.0/22 maxlen: 24
43.224.8.0/22 maxlen: 24
43.230.212.0/22 maxlen: 24
43.231.58.0/24 maxlen: 24
43.239.200.0/22 maxlen: 22
43.239.200.0/24 maxlen: 24
43.239.201.0/24 maxlen: 24
43.239.202.0/24 maxlen: 24
43.239.203.0/24 maxlen: 24
43.241.140.0/22 maxlen: 24
43.241.144.0/22 maxlen: 24
43.241.192.0/22 maxlen: 24
43.242.116.0/22 maxlen: 24
43.242.120.0/22 maxlen: 24
43.243.36.0/22 maxlen: 24
43.248.32.0/22 maxlen: 24
43.249.216.0/22 maxlen: 24
43.249.228.0/22 maxlen: 24
43.249.232.0/22 maxlen: 24
43.250.156.0/22 maxlen: 24
43.250.164.0/22 maxlen: 24
43.251.72.0/22 maxlen: 24
43.251.220.0/22 maxlen: 24
43.252.196.0/24 maxlen: 24
43.252.197.0/24 maxlen: 24
43.252.198.0/24 maxlen: 24
43.252.199.0/24 maxlen: 24
103.1.100.0/22 maxlen: 24
103.15.60.0/22 maxlen: 24
103.21.160.0/22 maxlen: 24
103.36.80.0/22 maxlen: 24
103.38.204.0/22 maxlen: 24
103.39.128.0/22 maxlen: 24
103.50.150.0/24 maxlen: 24
103.81.92.0/22 maxlen: 24
103.84.104.0/23 maxlen: 24
103.84.198.0/23 maxlen: 24
103.85.8.0/22 maxlen: 24
103.86.16.0/22 maxlen: 24
103.161.98.0/23 maxlen: 24
103.175.182.0/23 maxlen: 24
103.176.10.0/23 maxlen: 24
103.182.162.0/24 maxlen: 24
103.206.136.0/22 maxlen: 24
103.209.64.0/22 maxlen: 24
103.216.80.0/22 maxlen: 24
103.226.184.0/22 maxlen: 24
103.228.144.0/22 maxlen: 24
103.232.128.0/22 maxlen: 22
103.232.128.0/24 maxlen: 24
103.232.129.0/24 maxlen: 24
103.232.130.0/24 maxlen: 24
103.232.131.0/24 maxlen: 24
103.238.104.0/22 maxlen: 24
103.238.108.0/22 maxlen: 24
103.240.76.0/22 maxlen: 24
103.240.160.0/22 maxlen: 24
103.240.168.0/22 maxlen: 24
103.240.204.0/22 maxlen: 24
103.240.208.0/22 maxlen: 24
103.241.44.0/22 maxlen: 24
103.241.224.0/22 maxlen: 24
103.245.196.0/22 maxlen: 24
103.246.84.0/24 maxlen: 24
103.246.85.0/24 maxlen: 24
103.246.86.0/24 maxlen: 24
103.246.87.0/24 maxlen: 24
103.249.232.0/22 maxlen: 24
103.250.136.0/22 maxlen: 24
103.250.144.0/22 maxlen: 24
103.250.148.0/22 maxlen: 24
103.250.152.0/22 maxlen: 24
103.250.156.0/22 maxlen: 24
103.250.160.0/22 maxlen: 24
103.250.164.0/22 maxlen: 24
103.250.188.0/22 maxlen: 24
103.251.16.0/22 maxlen: 24
103.251.56.0/22 maxlen: 24
103.251.212.0/22 maxlen: 24
103.251.216.0/22 maxlen: 24
103.251.224.0/22 maxlen: 24
113.20.16.0/22 maxlen: 24
150.107.188.0/22 maxlen: 24
150.107.232.0/22 maxlen: 24
150.107.240.0/22 maxlen: 24
150.107.252.0/22 maxlen: 24
150.129.52.0/23 maxlen: 24
150.129.54.0/23 maxlen: 24
150.129.104.0/22 maxlen: 24
150.129.112.0/22 maxlen: 24
150.129.148.0/22 maxlen: 24
150.129.164.0/22 maxlen: 24
150.129.168.0/22 maxlen: 24
150.129.200.0/22 maxlen: 24
150.129.204.0/22 maxlen: 24
157.119.204.0/22 maxlen: 24
163.53.176.0/22 maxlen: 24
163.53.208.0/22 maxlen: 24
182.237.8.0/22 maxlen: 24
182.237.12.0/22 maxlen: 24
183.182.88.0/24 maxlen: 24
183.182.89.0/24 maxlen: 24
183.182.90.0/24 maxlen: 24
183.182.91.0/24 maxlen: 24
2402:a00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 03 May 2024 15:38:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34383 (0x864f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Apr 18 08:48:02 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6620de41-4c94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:95:00:cf:d2:d7:cf:9a:86:a7:86:5c:0c:25:
5a:b1:1e:99:62:20:6f:23:ca:c0:90:bb:7b:cb:24:
da:24:37:2c:6c:f8:27:38:5d:3d:77:0c:2e:a7:0e:
75:ae:47:59:a8:a1:6e:d5:6c:97:2f:a4:71:f1:9d:
e6:69:30:43:a8:af:c4:f5:65:0f:3f:e4:fb:c2:df:
bb:7d:d9:9b:a3:41:c3:75:41:e8:d4:0c:66:24:f3:
01:88:b1:21:d3:44:c6:b0:a1:60:de:7f:27:a3:f0:
12:b5:d1:06:c1:ae:81:5d:c3:5a:64:3c:91:b7:41:
bc:e6:a4:f9:cd:12:21:54:14:de:8b:97:05:4b:bb:
7c:c4:d1:b0:9a:9b:82:65:a9:4f:b7:c3:7c:65:86:
89:5b:17:0d:40:bb:93:cb:a7:64:c3:d2:38:aa:ac:
b5:d5:52:1b:2f:cf:ac:c2:48:63:e4:14:6f:d3:11:
b2:02:9e:b1:d2:3f:be:44:82:7d:76:b6:e7:c7:04:
55:ab:db:e9:3f:1f:55:d5:d3:e0:d2:0b:2a:6d:f8:
4a:39:b3:db:fb:4d:05:84:d0:16:0f:13:f3:19:e8:
d0:f9:39:f2:8b:ee:3c:41:06:ba:d8:87:cd:d8:d8:
51:05:5f:b6:3a:64:73:04:5b:3e:54:46:44:ee:46:
37:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:C8:35:EB:BC:DD:90:1F:F9:BF:DD:9B:DB:E7:1D:FF:72:24:9C:FD
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/07E2991C5C4111EEAC516412C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.28.0/22
27.116.48.0/21
27.121.100.0/22
43.224.0.0/22
43.224.8.0/22
43.230.212.0/22
43.231.58.0/24
43.239.200.0/22
43.241.140.0-43.241.147.255
43.241.192.0/22
43.242.116.0-43.242.123.255
43.243.36.0/22
43.248.32.0/22
43.249.216.0/22
43.249.228.0-43.249.235.255
43.250.156.0/22
43.250.164.0/22
43.251.72.0/22
43.251.220.0/22
43.252.196.0/22
103.1.100.0/22
103.15.60.0/22
103.21.160.0/22
103.36.80.0/22
103.38.204.0/22
103.39.128.0/22
103.50.150.0/24
103.81.92.0/22
103.84.104.0/23
103.84.198.0/23
103.85.8.0/22
103.86.16.0/22
103.161.98.0/23
103.175.182.0/23
103.176.10.0/23
103.182.162.0/24
103.206.136.0/22
103.209.64.0/22
103.216.80.0/22
103.226.184.0/22
103.228.144.0/22
103.232.128.0/22
103.238.104.0/21
103.240.76.0/22
103.240.160.0/22
103.240.168.0/22
103.240.204.0-103.240.211.255
103.241.44.0/22
103.241.224.0/22
103.245.196.0/22
103.246.84.0/22
103.249.232.0/22
103.250.136.0/22
103.250.144.0-103.250.167.255
103.250.188.0/22
103.251.16.0/22
103.251.56.0/22
103.251.212.0-103.251.219.255
103.251.224.0/22
113.20.16.0/22
150.107.188.0/22
150.107.232.0/22
150.107.240.0/22
150.107.252.0/22
150.129.52.0/22
150.129.104.0/22
150.129.112.0/22
150.129.148.0/22
150.129.164.0-150.129.171.255
150.129.200.0/21
157.119.204.0/22
163.53.176.0/22
163.53.208.0/22
182.237.8.0/21
183.182.88.0/22
IPv6:
2402:a00::/32
Signature Algorithm: sha256WithRSAEncryption
bb:7d:54:2b:19:26:74:35:44:c4:59:fa:74:04:17:31:c9:91:
2a:37:04:ee:20:d1:f3:99:10:a4:29:16:ec:8c:38:46:bb:0b:
4c:6e:2c:2a:69:00:ea:ee:7a:c0:cc:39:ca:52:54:94:3c:db:
44:45:27:d2:06:7b:46:a7:74:fe:cd:b5:1e:43:d5:95:19:dd:
5e:34:59:a5:b0:87:1b:bd:ef:c4:17:a9:f5:0a:6f:02:ff:fd:
d5:88:9f:3b:f4:74:8e:cc:9a:ba:33:4a:c0:38:70:e5:f8:3a:
e9:f8:23:0b:00:db:ef:bf:31:5a:72:b1:a6:43:d6:d2:0a:63:
90:64:65:e5:41:0b:c3:df:fa:6b:32:de:85:75:d3:3c:c1:21:
d4:d2:b5:13:70:6e:3d:d4:e1:5e:37:85:e4:ac:d9:94:34:c5:
a9:1c:c9:22:36:02:2c:5f:bb:73:a6:dc:59:ee:1e:85:59:bf:
ab:29:0c:2d:a9:51:8d:f9:cf:f4:d7:d5:12:7b:1a:76:84:b7:
f5:ab:a7:40:3f:d5:7b:2c:97:f2:bc:91:25:1d:83:de:44:18:
bc:55:2e:14:5c:33:dc:f7:fe:d4:e5:4b:76:6b:d5:11:2b:01:
e4:a5:b1:fe:57:93:7f:22:e0:1a:a2:b0:48:56:ba:b1:c7:96:
94:ae:f7:7c
-----BEGIN CERTIFICATE-----
MIIHfzCCBmegAwIBAgIDAIZPMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDQxODA4NDgwMloXDTI0MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjYyMGRlNDEtNGM5NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKVAM/S18+ahqeGXAwlWrEemWIgbyPKwJC7e8sk2iQ3LGz4JzhdPXcMLqcO
da5HWaihbtVsly+kcfGd5mkwQ6ivxPVlDz/k+8Lfu33Zm6NBw3VB6NQMZiTzAYix
IdNExrChYN5/J6PwErXRBsGugV3DWmQ8kbdBvOak+c0SIVQU3ouXBUu7fMTRsJqb
gmWpT7fDfGWGiVsXDUC7k8unZMPSOKqstdVSGy/PrMJIY+QUb9MRsgKesdI/vkSC
fXa258cEVavb6T8fVdXT4NILKm34Sjmz2/tNBYTQFg8T8xno0Pk58ovuPEEGutiH
zdjYUQVftjpkcwRbPlRGRO5GN18CAwEAAaOCBKIwggSeMB0GA1UdDgQWBBSxyDXr
vN2QH/m/3Zvb5x3/ciSc/TAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzA3RTI5OTFD
NUM0MTExRUVBQzUxNjQxMkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIICKgYIKwYBBQUHAQcB
Af8EggIZMIICFTCCAgIEAgABMIIB+gMEAg7AHAMEAxt0MAMEAht5ZAMEAivgAAME
AivgCAMEAivm1AMEACvnOgMEAivvyDAMAwQCK/GMAwQCK/GQAwQCK/HAMAwDBAIr
8nQDBAIr8ngDBAIr8yQDBAIr+CADBAIr+dgwDAMEAiv55AMEAiv56AMEAiv6nAME
Aiv6pAMEAiv7SAMEAiv73AMEAiv8xAMEAmcBZAMEAmcPPAMEAmcVoAMEAmckUAME
AmcmzAMEAmcngAMEAGcylgMEAmdRXAMEAWdUaAMEAWdUxgMEAmdVCAMEAmdWEAME
AWehYgMEAWevtgMEAWewCgMEAGe2ogMEAmfOiAMEAmfRQAMEAmfYUAMEAmfiuAME
AmfkkAMEAmfogAMEA2fuaAMEAmfwTAMEAmfwoAMEAmfwqDAMAwQCZ/DMAwQCZ/DQ
AwQCZ/EsAwQCZ/HgAwQCZ/XEAwQCZ/ZUAwQCZ/noAwQCZ/qIMAwDBARn+pADBANn
+qADBAJn+rwDBAJn+xADBAJn+zgwDAMEAmf71AMEAmf72AMEAmf74AMEAnEUEAME
ApZrvAMEApZr6AMEApZr8AMEApZr/AMEApaBNAMEApaBaAMEApaBcAMEApaBlDAM
AwQCloGkAwQCloGoAwQDloHIAwQCnXfMAwQCozWwAwQCozXQAwQDtu0IAwQCt7ZY
MA0EAgACMAcDBQAkAgoAMA0GCSqGSIb3DQEBCwUAA4IBAQC7fVQrGSZ0NUTEWfp0
BBcxyZEqNwTuINHzmRCkKRbsjDhGuwtMbiwqaQDq7nrAzDnKUlSUPNtERSfSBntG
p3T+zbUeQ9WVGd1eNFmlsIcbve/EF6n1Cm8C//3ViJ879HSOzJq6M0rAOHDl+Drp
+CMLANvvvzFacrGmQ9bSCmOQZGXlQQvD3/prMt6FddM8wSHU0rUTcG491OFeN4Xk
rNmUNMWpHMkiNgIsX7tzptxZ7h6FWb+rKQwtqVGN+c/019USexp2hLf1q6dAP9V7
LJfyvJElHYPeRBi8VS4UXDPc9/7U5Ut2a9URKwHkpbH+V5N/IuAaorBIVrqxx5aU
rvd8
-----END CERTIFICATE-----
Generated at Sat Apr 27 10:19:26 2024 by rpki-client on console-ams.rpki-client.org