Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
File: 3CF0117A7DED11EEBBF0314EC4F9AE02.roa (raw, json)
Hash identifier: LQKPPT40j0S6UwBeY+igYF7vpPun1xmewI/SDwBLnHo=
Subject key identifier: C1:AC:39:82:73:00:CD:3C:1C:BE:97:4D:22:A8:C8:31:EC:66:DC:7B
Certificate issuer: /CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Certificate serial: 0793
Authority key identifier: 68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
Signing time: Wed 20 Mar 2024 05:24:31 +0000
ROA not before: Wed 20 Mar 2024 05:24:31 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 24560
IP address blocks: 27.56.128.0/20 maxlen: 24
27.56.144.0/20 maxlen: 24
27.56.160.0/19 maxlen: 24
27.57.0.0/16 maxlen: 24
27.58.0.0/16 maxlen: 24
27.62.116.0/24 maxlen: 24
27.62.117.0/24 maxlen: 24
27.63.176.0/20 maxlen: 24
106.200.192.0/18 maxlen: 24
106.201.0.0/16 maxlen: 24
106.202.128.0/17 maxlen: 24
106.203.192.0/18 maxlen: 24
106.205.64.0/18 maxlen: 24
106.212.0.0/17 maxlen: 24
106.212.128.0/17 maxlen: 24
106.213.0.0/17 maxlen: 24
106.214.0.0/16 maxlen: 24
106.215.0.0/17 maxlen: 24
106.219.64.0/19 maxlen: 24
106.219.96.0/20 maxlen: 24
106.219.120.0/22 maxlen: 24
106.219.124.0/22 maxlen: 24
106.219.128.0/21 maxlen: 24
106.219.136.0/22 maxlen: 24
106.219.144.0/20 maxlen: 24
106.219.160.0/20 maxlen: 24
106.219.176.0/21 maxlen: 24
106.222.192.0/18 maxlen: 24
110.224.128.0/17 maxlen: 24
110.225.0.0/16 maxlen: 24
110.226.0.0/16 maxlen: 24
110.227.0.0/16 maxlen: 24
117.96.0.0/16 maxlen: 24
117.97.128.0/18 maxlen: 24
117.98.192.0/20 maxlen: 24
117.98.208.0/21 maxlen: 21
223.177.0.0/16 maxlen: 24
223.178.0.0/17 maxlen: 24
223.178.192.0/18 maxlen: 24
223.179.128.0/19 maxlen: 24
223.181.128.0/18 maxlen: 24
223.182.64.0/18 maxlen: 24
223.182.164.0/22 maxlen: 24
223.182.172.0/22 maxlen: 24
223.182.180.0/22 maxlen: 24
223.182.248.0/21 maxlen: 24
223.184.0.0/17 maxlen: 24
223.185.12.0/22 maxlen: 24
223.185.16.0/20 maxlen: 24
223.185.32.0/19 maxlen: 24
223.185.128.0/21 maxlen: 24
223.185.136.0/21 maxlen: 24
223.185.144.0/20 maxlen: 24
223.185.160.0/20 maxlen: 24
223.185.176.0/20 maxlen: 24
223.190.0.0/17 maxlen: 24
223.190.192.0/18 maxlen: 24
223.224.172.0/23 maxlen: 24
223.226.0.0/16 maxlen: 24
223.229.128.0/17 maxlen: 24
223.230.0.0/16 maxlen: 24
223.233.64.0/18 maxlen: 24
223.235.0.0/16 maxlen: 24
223.236.0.0/16 maxlen: 24
223.239.0.0/16 maxlen: 24
2401:4900:1c00::/41 maxlen: 48
2401:4900:1c80::/41 maxlen: 48
2401:4900:1f20::/44 maxlen: 48
2401:4900:1f30::/44 maxlen: 48
2401:4900:8800::/46 maxlen: 48
2401:4900:8804::/46 maxlen: 48
2401:4900:8808::/46 maxlen: 48
2401:4900:880c::/46 maxlen: 48
2401:4900:8814::/46 maxlen: 48
2401:4900:8818::/46 maxlen: 48
2401:4900:881c::/46 maxlen: 48
2401:4900:8820::/46 maxlen: 48
2401:4900:8824::/46 maxlen: 48
2401:4900:8828::/46 maxlen: 48
2401:4900:882c::/46 maxlen: 48
2401:4900:8830::/46 maxlen: 48
2401:4900:8834::/46 maxlen: 48
2401:4900:8838::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 13 May 2024 22:42:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1939 (0x793)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Validity
Not Before: Mar 20 05:24:31 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=65fa730f-87fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:89:42:ed:bc:3d:e8:c4:48:e5:99:73:ee:b9:
06:b0:ab:ce:09:c7:c6:22:76:83:e8:50:60:72:ad:
d5:c6:b0:41:72:b9:88:1b:6f:78:24:73:7f:8b:35:
27:b1:b0:ae:13:42:2f:8d:37:61:7b:07:0d:87:ab:
b5:45:40:cc:4b:23:4f:47:fc:4b:d1:1e:2c:eb:4a:
d8:8d:35:9e:13:fb:c0:29:5c:45:39:e2:7b:b1:21:
73:cd:c1:11:8b:1f:87:09:c2:fd:5d:cd:10:07:b6:
b2:07:ed:0a:bd:6d:4f:12:2d:db:9b:3b:d6:fd:58:
26:c9:ed:74:81:25:54:b7:18:05:06:c9:28:ca:10:
31:7b:c0:91:d7:e0:ab:30:8b:5f:e1:50:10:e2:0e:
e2:14:a3:8d:4f:3c:b3:ba:04:5f:8e:d3:98:9e:a1:
54:fc:fa:4d:f8:94:99:60:f7:7b:67:7d:c1:b4:7f:
84:ac:65:fe:dd:28:4d:8e:f1:93:77:d7:a8:85:28:
32:5c:d1:11:1b:f9:85:e1:33:dc:b5:d3:57:22:db:
df:b7:64:eb:6c:76:5c:87:df:d5:ce:e5:f9:34:dd:
05:98:ba:a0:05:ca:86:92:ee:3d:73:81:6a:ac:e6:
c0:e5:a1:49:ae:c2:29:db:b2:61:96:0f:ec:a8:10:
78:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:AC:39:82:73:00:CD:3C:1C:BE:97:4D:22:A8:C8:31:EC:66:DC:7B
X509v3 Authority Key Identifier:
keyid:68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.56.128.0/18
27.57.0.0-27.58.255.255
27.62.116.0/23
27.63.176.0/20
106.200.192.0-106.201.255.255
106.202.128.0/17
106.203.192.0/18
106.205.64.0/18
106.212.0.0-106.213.127.255
106.214.0.0-106.215.127.255
106.219.64.0-106.219.111.255
106.219.120.0-106.219.139.255
106.219.144.0-106.219.183.255
106.222.192.0/18
110.224.128.0-110.227.255.255
117.96.0.0/16
117.97.128.0/18
117.98.192.0-117.98.215.255
223.177.0.0-223.178.127.255
223.178.192.0/18
223.179.128.0/19
223.181.128.0/18
223.182.64.0/18
223.182.164.0/22
223.182.172.0/22
223.182.180.0/22
223.182.248.0/21
223.184.0.0/17
223.185.12.0-223.185.63.255
223.185.128.0/18
223.190.0.0/17
223.190.192.0/18
223.224.172.0/23
223.226.0.0/16
223.229.128.0-223.230.255.255
223.233.64.0/18
223.235.0.0-223.236.255.255
223.239.0.0/16
IPv6:
2401:4900:1c00::/40
2401:4900:1f20::/43
2401:4900:8800::/44
2401:4900:8814::-2401:4900:883b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
b5:fb:f0:4c:8f:14:2f:0b:89:39:db:3f:df:7c:16:f7:7f:74:
24:c5:a8:05:75:5d:4e:e2:36:23:ee:e7:42:21:0a:32:a6:94:
5c:38:68:d1:08:1c:3b:95:55:4b:53:50:eb:89:d6:30:24:d7:
58:e4:f3:12:de:7e:77:12:55:1b:75:ab:13:1d:b9:c6:7c:58:
41:f8:63:2d:38:30:4c:03:39:d1:6e:34:67:dc:e9:42:1b:9b:
e5:eb:8e:9a:ed:79:37:2c:46:f6:4b:2a:e4:a2:fd:4a:26:1c:
2a:18:ef:cc:f9:52:48:05:ab:79:51:14:b4:82:e9:ac:75:27:
60:bd:71:82:33:79:c3:9b:e6:ec:69:a1:62:ee:d4:11:2e:18:
09:3c:68:cf:e7:f4:28:c5:fc:51:e2:49:c3:92:df:99:cd:c3:
0a:9e:c7:37:3f:ef:b3:da:8f:de:1b:29:24:3d:cc:ab:2e:11:
9d:0f:09:79:f8:95:4f:18:61:67:9f:54:ae:ce:0b:6f:9c:1a:
7b:35:d2:be:e0:e5:f3:bb:a9:a7:3a:d1:0f:b6:c6:4a:46:ef:
c9:86:71:76:15:1d:be:0c:72:58:ad:f1:09:69:f5:c2:c9:69:
5c:4e:45:b6:31:46:4c:02:6e:d2:63:c0:db:ba:ed:e0:f6:4f:
fd:1e:fc:d7
-----BEGIN CERTIFICATE-----
MIIG6jCCBdKgAwIBAgICB5MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTkxOTcxMTAvBgNVBAUTKDY4MzVEREZCODQzOEQyNEJCNkM1OTc5MzE2RTU0ODkx
MDY2MDkwQTcwHhcNMjQwMzIwMDUyNDMxWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWZhNzMwZi04N2ZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmolC7bw96MRI5Zlz7rkGsKvOCcfGInaD6FBgcq3VxrBBcrmIG294JHN/izUn
sbCuE0IvjTdhewcNh6u1RUDMSyNPR/xL0R4s60rYjTWeE/vAKVxFOeJ7sSFzzcER
ix+HCcL9Xc0QB7ayB+0KvW1PEi3bmzvW/Vgmye10gSVUtxgFBskoyhAxe8CR1+Cr
MItf4VAQ4g7iFKONTzyzugRfjtOYnqFU/PpN+JSZYPd7Z33BtH+ErGX+3ShNjvGT
d9eohSgyXNERG/mF4TPctdNXItvft2TrbHZch9/VzuX5NN0FmLqgBcqGku49c4Fq
rObA5aFJrsIp27Jhlg/sqBB4yQIDAQABo4IEDjCCBAowHQYDVR0OBBYEFMGsOYJz
AM08HL6XTSKoyDHsZtx7MB8GA1UdIwQYMBaAFGg13fuEONJLtsWXkxblSJEGYJCn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5OTE5Ny84NEIyRUM5OEYy
N0QxMUVBOTQ1NkVFNjBDNEY5QUUwMi9hRFhkLTRRNDBrdTJ4WmVURnVWSWtRWmdr
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FEWGQtNFE0MGt1MnhaZVRGdVZJa1FaZ2tLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTkxOTcvODRCMkVDOThGMjdEMTFFQTk0NTZFRTYwQzRGOUFFMDIvM0NGMDExN0E3
REVEMTFFRUJCRjAzMTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggGWBggrBgEFBQcBBwEB
/wSCAYUwggGBMIIBRwQCAAEwggE/AwQGGziAMAoDAwAbOQMDABs6AwQBGz50AwQE
Gz+wMAsDBAZqyMADAwFqyAMEB2rKgAMEBmrLwAMEBmrNQDALAwMCatQDBAdq1QAw
CwMDAWrWAwQHatcAMAwDBAZq20ADBARq22AwDAMEA2rbeAMEAmrbiDAMAwQEatuQ
AwQDatuwAwQGat7AMAsDBAdu4IADAwJu4AMDAHVgAwQGdWGAMAwDBAZ1YsADBAN1
YtAwCwMDAN+xAwQH37IAAwQG37LAAwQF37OAAwQG37WAAwQG37ZAAwQC37akAwQC
37asAwQC37a0AwQD37b4AwQH37gAMAwDBALfuQwDBAbfuQADBAbfuYADBAffvgAD
BAbfvsADBAHf4KwDAwDf4jALAwQH3+WAAwMA3+YDBAbf6UAwCgMDAN/rAwMA3+wD
AwDf7zA0BAIAAjAuAwYAJAFJABwDBwUkAUkAHyADBwQkAUkAiAAwEgMHAiQBSQCI
FAMHAiQBSQCIODANBgkqhkiG9w0BAQsFAAOCAQEAtfvwTI8ULwuJOds/33wW9390
JMWoBXVdTuI2I+7nQiEKMqaUXDho0QgcO5VVS1NQ64nWMCTXWOTzEt5+dxJVG3Wr
Ex25xnxYQfhjLTgwTAM50W40Z9zpQhub5euOmu15NyxG9ksq5KL9SiYcKhjvzPlS
SAWreVEUtILprHUnYL1xgjN5w5vm7GmhYu7UES4YCTxoz+f0KMX8UeJJw5Lfmc3D
Cp7HNz/vs9qP3hspJD3Mqy4RnQ8JefiVTxhhZ59Urs4Lb5waezXSvuDl87uppzrR
D7bGSkbvyYZxdhUdvgxyWK3xCWn1wslpXE5FtjFGTAJu0mPA27rt4PZP/R781w==
-----END CERTIFICATE-----
Generated at Tue May 7 00:53:21 2024 by rpki-client on console-ams.rpki-client.org