Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/F33309A2B72011EFB3A5D772C4F9AE02.roa
File: F33309A2B72011EFB3A5D772C4F9AE02.roa (raw, json)
Hash identifier: GBnxkeFd5kF/YBnopk97FZtTVwQ6CFwNKcvPbBcM+Z4=
Subject key identifier: A8:21:48:F1:78:88:07:E8:2C:C8:31:79:88:32:68:D1:79:D2:A8:A7
Certificate issuer: /CN=A91982EF/serialNumber=87197FD546DC31523111DD9390B1BA3F3D702656
Certificate serial: 08
Authority key identifier: 87:19:7F:D5:46:DC:31:52:31:11:DD:93:90:B1:BA:3F:3D:70:26:56
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/F33309A2B72011EFB3A5D772C4F9AE02.roa
Signing time: Tue 10 Dec 2024 18:09:34 +0000
ROA not before: Tue 10 Dec 2024 18:09:33 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 13445
IP address blocks: 2402:2500:10a0::/44 maxlen: 44
2402:2500:10a0::/48 maxlen: 48
2402:2500:10a1::/48 maxlen: 48
2402:2500:10a2::/48 maxlen: 48
2402:2500:10a3::/48 maxlen: 48
2402:2500:10a4::/48 maxlen: 48
2402:2500:10a5::/48 maxlen: 48
2402:2500:10a6::/48 maxlen: 48
2402:2500:10a7::/48 maxlen: 48
2402:2500:10a8::/48 maxlen: 48
2402:2500:10a9::/48 maxlen: 48
2402:2500:10aa::/48 maxlen: 48
2402:2500:10ab::/48 maxlen: 48
2402:2500:10ac::/48 maxlen: 48
2402:2500:10ad::/48 maxlen: 48
2402:2500:10ae::/48 maxlen: 48
2402:2500:10af::/48 maxlen: 48
2402:2500:20a0::/44 maxlen: 44
2402:2500:20a0::/48 maxlen: 48
2402:2500:20a1::/48 maxlen: 48
2402:2500:20a2::/48 maxlen: 48
2402:2500:20a3::/48 maxlen: 48
2402:2500:20a4::/48 maxlen: 48
2402:2500:20a5::/48 maxlen: 48
2402:2500:20a6::/48 maxlen: 48
2402:2500:20a7::/48 maxlen: 48
2402:2500:20a8::/48 maxlen: 48
2402:2500:20a9::/48 maxlen: 48
2402:2500:20aa::/48 maxlen: 48
2402:2500:20ab::/48 maxlen: 48
2402:2500:20ac::/48 maxlen: 48
2402:2500:20ad::/48 maxlen: 48
2402:2500:20ae::/48 maxlen: 48
2402:2500:20af::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.crl
rsync://rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 03 Jan 2025 05:57:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91982EF/serialNumber=87197FD546DC31523111DD9390B1BA3F3D702656
Validity
Not Before: Dec 10 18:09:33 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=675883dd-c210
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:8f:76:a2:ae:24:a7:cc:96:52:63:a6:41:f0:
ce:4a:40:d3:9f:5e:8d:cf:a2:d1:1f:d9:90:3a:5f:
bf:93:13:27:6c:ef:db:7c:45:32:8e:7a:c0:1c:37:
8a:dd:0d:2e:54:87:4b:3f:d6:7a:4d:a9:60:d8:48:
86:65:db:dc:b3:6a:bb:60:b8:37:d2:1d:4b:21:1d:
b3:61:c0:9b:0d:86:3b:20:17:0e:e5:89:5e:84:82:
89:f9:13:fe:ab:96:0c:35:f2:2d:22:f4:71:e8:5f:
08:ae:e3:9f:38:80:97:bd:1b:e7:3e:13:83:d7:97:
79:c3:86:05:c3:36:62:7c:19:ea:23:c1:e7:f2:2c:
11:2e:67:0f:33:12:58:8f:97:e2:fd:b8:2d:3b:c5:
6e:2c:3e:98:65:27:4b:43:e5:65:0a:ed:f1:a3:49:
c9:03:69:bd:5b:03:0f:e6:4f:98:51:74:35:45:8e:
c3:c2:7a:fb:be:4c:cd:8a:a3:68:74:ea:c6:cb:89:
67:06:e4:e7:7c:0c:ac:2e:1b:6d:2a:e1:47:fc:db:
e6:1a:c2:10:89:58:fa:c2:7b:b7:2b:54:18:3a:54:
ed:cd:87:78:7a:2b:55:71:3e:87:2c:cd:f9:0d:d9:
e6:20:58:6a:67:f5:d0:c6:7a:73:4f:b7:ef:74:b8:
8f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:21:48:F1:78:88:07:E8:2C:C8:31:79:88:32:68:D1:79:D2:A8:A7
X509v3 Authority Key Identifier:
keyid:87:19:7F:D5:46:DC:31:52:31:11:DD:93:90:B1:BA:3F:3D:70:26:56
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hxl_1UbcMVIxEd2TkLG6Pz1wJlY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91982EF/FC650B72B71D11EF8982C40CC4F9AE02/F33309A2B72011EFB3A5D772C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2402:2500:10a0::/44
2402:2500:20a0::/44
Signature Algorithm: sha256WithRSAEncryption
75:f9:e2:a4:ce:41:81:f5:f6:e0:13:12:6a:ab:f8:6b:42:64:
a9:b6:57:6b:18:4f:b2:81:33:1e:94:4e:eb:52:af:23:87:a6:
6d:21:07:6b:61:b0:ed:15:bb:21:ee:97:04:c7:2e:41:b8:79:
f3:7b:1c:12:8a:9e:06:f1:5b:dd:78:f7:4d:bf:64:d6:aa:0b:
71:5b:8f:2d:30:dd:ac:c0:e8:d6:05:ff:41:ad:e8:39:34:a6:
97:0c:a7:2e:6f:90:35:c5:ec:32:81:4f:21:b6:37:27:f5:5c:
2e:79:39:b0:86:88:70:84:bb:fa:c7:65:03:34:74:c5:25:d6:
63:8f:fe:75:74:95:ac:5f:63:4f:9d:84:c2:ba:c5:c0:4e:45:
5c:3f:97:9a:e5:fe:38:8b:96:88:c4:ed:6d:ee:77:bd:96:c3:
4d:ba:e1:8a:12:dc:5a:4c:f4:d2:fe:30:ab:6c:69:9c:58:6e:
c2:a6:f8:68:9f:45:08:4a:e1:17:b2:c3:d2:e6:68:b5:56:95:
ee:48:10:50:d0:dc:b7:8b:c9:0a:09:4a:85:dc:c7:ae:70:d6:
42:0c:aa:dd:51:97:be:fd:ad:a4:6d:62:18:3d:10:d8:01:7f:
81:bd:fb:98:3c:6c:e5:50:57:61:87:01:36:fa:9d:9c:b6:b2:
79:11:55:4d
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
ODJFRjExMC8GA1UEBRMoODcxOTdGRDU0NkRDMzE1MjMxMTFERDkzOTBCMUJBM0Yz
RDcwMjY1NjAeFw0yNDEyMTAxODA5MzNaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3NTg4M2RkLWMyMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC7j3airiSnzJZSY6ZB8M5KQNOfXo3PotEf2ZA6X7+TEyds79t8RTKOesAcN4rd
DS5Uh0s/1npNqWDYSIZl29yzartguDfSHUshHbNhwJsNhjsgFw7liV6Egon5E/6r
lgw18i0i9HHoXwiu4584gJe9G+c+E4PXl3nDhgXDNmJ8GeojwefyLBEuZw8zEliP
l+L9uC07xW4sPphlJ0tD5WUK7fGjSckDab1bAw/mT5hRdDVFjsPCevu+TM2Ko2h0
6sbLiWcG5Od8DKwuG20q4Uf82+YawhCJWPrCe7crVBg6VO3Nh3h6K1VxPocszfkN
2eYgWGpn9dDGenNPt+90uI8vAgMBAAGjggKhMIICnTAdBgNVHQ4EFgQUqCFI8XiI
B+gsyDF5iDJo0XnSqKcwHwYDVR0jBBgwFoAUhxl/1UbcMVIxEd2TkLG6Pz1wJlYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTk4MkVGL0ZDNjUwQjcyQjcx
RDExRUY4OTgyQzQwQ0M0RjlBRTAyL2h4bF8xVWJjTVZJeEVkMlRrTEc2UHoxd0ps
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaHhsXzFVYmNNVkl4RWQyVGtMRzZQejF3SmxZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
ODJFRi9GQzY1MEI3MkI3MUQxMUVGODk4MkM0MENDNEY5QUUwMi9GMzMzMDlBMkI3
MjAxMUVGQjNBNUQ3NzJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDArBggrBgEFBQcBBwEB/wQc
MBowGAQCAAIwEgMHBCQCJQAQoAMHBCQCJQAgoDANBgkqhkiG9w0BAQsFAAOCAQEA
dfnipM5BgfX24BMSaqv4a0JkqbZXaxhPsoEzHpRO61KvI4embSEHa2Gw7RW7Ie6X
BMcuQbh583scEoqeBvFb3Xj3Tb9k1qoLcVuPLTDdrMDo1gX/Qa3oOTSmlwynLm+Q
NcXsMoFPIbY3J/VcLnk5sIaIcIS7+sdlAzR0xSXWY4/+dXSVrF9jT52EwrrFwE5F
XD+XmuX+OIuWiMTtbe53vZbDTbrhihLcWkz00v4wq2xpnFhuwqb4aJ9FCErhF7LD
0uZotVaV7kgQUNDct4vJCglKhdzHrnDWQgyq3VGXvv2tpG1iGD0Q2AF/gb37mDxs
5VBXYYcBNvqdnLayeRFVTQ==
-----END CERTIFICATE-----
Generated at Fri Dec 27 07:43:56 2024 by rpki-client on console-ams.rpki-client.org