Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
File: 3CF0117A7DED11EEBBF0314EC4F9AE02.roa (raw, json)
Hash identifier: kE9KUgv7IHKHeNfKyEQSnjrbTtsN0keyLTjZ9E/kqmA=
Subject key identifier: D6:AE:6A:37:3F:C1:25:56:09:1C:33:6E:60:38:7B:0C:E0:78:5B:45
Certificate issuer: /CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Certificate serial: 080F
Authority key identifier: 68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
Signing time: Wed 18 Sep 2024 10:07:49 +0000
ROA not before: Wed 18 Sep 2024 10:07:49 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 24560
IP address blocks: 27.56.128.0/20 maxlen: 24
27.56.144.0/20 maxlen: 24
27.56.160.0/19 maxlen: 24
27.57.0.0/16 maxlen: 24
27.58.0.0/16 maxlen: 24
27.62.116.0/24 maxlen: 24
27.62.117.0/24 maxlen: 24
27.63.176.0/20 maxlen: 24
106.200.0.0/18 maxlen: 24
106.200.192.0/18 maxlen: 24
106.201.0.0/16 maxlen: 24
106.202.128.0/17 maxlen: 24
106.203.192.0/18 maxlen: 24
106.205.0.0/18 maxlen: 24
106.205.64.0/18 maxlen: 24
106.212.0.0/17 maxlen: 24
106.212.128.0/17 maxlen: 24
106.213.0.0/17 maxlen: 24
106.214.0.0/16 maxlen: 24
106.215.0.0/17 maxlen: 24
106.215.128.0/19 maxlen: 24
106.215.160.0/20 maxlen: 24
106.215.176.0/21 maxlen: 24
106.219.64.0/19 maxlen: 24
106.219.96.0/20 maxlen: 24
106.219.120.0/22 maxlen: 24
106.219.124.0/22 maxlen: 24
106.219.128.0/21 maxlen: 24
106.219.136.0/22 maxlen: 24
106.219.144.0/20 maxlen: 24
106.219.160.0/20 maxlen: 24
106.219.176.0/21 maxlen: 24
106.222.192.0/18 maxlen: 24
110.224.128.0/17 maxlen: 24
110.225.0.0/16 maxlen: 24
110.226.0.0/16 maxlen: 24
110.227.0.0/16 maxlen: 24
117.96.0.0/16 maxlen: 24
117.97.128.0/18 maxlen: 24
117.98.192.0/20 maxlen: 24
117.98.208.0/21 maxlen: 21
223.177.0.0/16 maxlen: 24
223.178.0.0/17 maxlen: 24
223.178.192.0/18 maxlen: 24
223.179.128.0/19 maxlen: 24
223.181.0.0/17 maxlen: 24
223.181.128.0/18 maxlen: 24
223.182.64.0/18 maxlen: 24
223.182.164.0/22 maxlen: 24
223.182.172.0/22 maxlen: 24
223.182.180.0/22 maxlen: 24
223.182.248.0/21 maxlen: 24
223.184.0.0/17 maxlen: 24
223.185.12.0/22 maxlen: 24
223.185.16.0/20 maxlen: 24
223.185.32.0/19 maxlen: 24
223.185.128.0/21 maxlen: 24
223.185.136.0/21 maxlen: 24
223.185.144.0/20 maxlen: 24
223.185.160.0/20 maxlen: 24
223.185.176.0/20 maxlen: 24
223.190.0.0/17 maxlen: 24
223.190.192.0/18 maxlen: 24
223.224.172.0/23 maxlen: 24
223.226.0.0/16 maxlen: 24
223.229.128.0/17 maxlen: 24
223.230.0.0/16 maxlen: 24
223.233.64.0/18 maxlen: 24
223.235.0.0/16 maxlen: 24
223.236.0.0/16 maxlen: 24
223.239.0.0/16 maxlen: 24
2401:4900:1c00::/41 maxlen: 48
2401:4900:1c80::/41 maxlen: 48
2401:4900:1f20::/44 maxlen: 48
2401:4900:1f30::/44 maxlen: 48
2401:4900:8800::/46 maxlen: 48
2401:4900:8804::/46 maxlen: 48
2401:4900:8808::/46 maxlen: 48
2401:4900:880c::/46 maxlen: 48
2401:4900:8814::/46 maxlen: 48
2401:4900:8818::/46 maxlen: 48
2401:4900:881c::/46 maxlen: 48
2401:4900:8820::/46 maxlen: 48
2401:4900:8824::/46 maxlen: 48
2401:4900:8828::/46 maxlen: 48
2401:4900:882c::/46 maxlen: 48
2401:4900:8830::/46 maxlen: 48
2401:4900:8834::/46 maxlen: 48
2401:4900:8838::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2063 (0x80f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Validity
Not Before: Sep 18 10:07:49 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=66eaa674-b8be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:50:a2:1f:76:d2:67:9a:7c:1f:ed:a7:e4:f8:
c2:b3:c7:e9:f8:28:2d:1c:eb:82:b5:af:3b:d6:1d:
3e:ca:e2:c3:50:c7:ed:42:f7:54:02:ca:06:d2:54:
8f:72:be:51:89:40:9d:a5:60:cf:ad:98:37:e4:7e:
66:02:1a:21:d2:54:4b:0e:24:bf:71:6a:50:9a:65:
0f:7d:4b:e7:b9:ad:ed:50:f2:78:d7:75:35:44:00:
3c:c9:75:a7:7e:ef:47:c5:f9:bb:30:68:2b:2e:93:
4b:bd:58:f0:14:dc:63:41:8d:13:df:ab:7c:f7:3e:
6b:ef:e8:70:24:c0:ed:43:76:f0:c3:5e:8e:03:83:
03:38:3e:c2:2f:f1:79:09:c4:f9:70:c6:84:c8:66:
30:bc:dc:1a:44:fa:72:b3:ee:22:20:62:2d:8e:e8:
43:e5:53:41:66:bc:14:24:89:14:e8:90:ce:c6:23:
8d:1c:40:ce:af:9c:a8:7c:26:04:da:fa:67:89:3a:
c5:cd:d4:16:3a:1b:fe:22:08:bd:d0:c6:4c:43:fa:
e0:6d:f8:aa:98:a6:98:f8:69:fb:9f:ca:49:05:63:
94:ec:46:4c:4f:26:3d:3f:cc:60:e4:91:ea:44:cc:
9d:09:af:ff:bc:29:ba:f9:3f:14:44:cc:b2:c8:7c:
6f:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:AE:6A:37:3F:C1:25:56:09:1C:33:6E:60:38:7B:0C:E0:78:5B:45
X509v3 Authority Key Identifier:
keyid:68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/3CF0117A7DED11EEBBF0314EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.56.128.0/18
27.57.0.0-27.58.255.255
27.62.116.0/23
27.63.176.0/20
106.200.0.0/18
106.200.192.0-106.201.255.255
106.202.128.0/17
106.203.192.0/18
106.205.0.0/17
106.212.0.0-106.213.127.255
106.214.0.0-106.215.183.255
106.219.64.0-106.219.111.255
106.219.120.0-106.219.139.255
106.219.144.0-106.219.183.255
106.222.192.0/18
110.224.128.0-110.227.255.255
117.96.0.0/16
117.97.128.0/18
117.98.192.0-117.98.215.255
223.177.0.0-223.178.127.255
223.178.192.0/18
223.179.128.0/19
223.181.0.0-223.181.191.255
223.182.64.0/18
223.182.164.0/22
223.182.172.0/22
223.182.180.0/22
223.182.248.0/21
223.184.0.0/17
223.185.12.0-223.185.63.255
223.185.128.0/18
223.190.0.0/17
223.190.192.0/18
223.224.172.0/23
223.226.0.0/16
223.229.128.0-223.230.255.255
223.233.64.0/18
223.235.0.0-223.236.255.255
223.239.0.0/16
IPv6:
2401:4900:1c00::/40
2401:4900:1f20::/43
2401:4900:8800::/44
2401:4900:8814::-2401:4900:883b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
9d:28:53:0d:23:c6:c9:46:1e:af:66:3d:9b:d8:63:8d:ca:b8:
59:32:56:6e:64:9c:af:e6:bb:8f:97:3c:37:67:3e:7e:6f:4a:
a2:a8:5b:af:f8:c1:52:c6:28:0b:d4:fd:3a:ae:ff:5f:da:99:
b3:52:6a:58:9c:9b:17:40:e4:f2:61:a3:e8:ac:10:33:e0:40:
e5:c5:d9:8b:ba:64:71:67:78:12:0c:05:e8:e9:a5:39:dc:16:
e9:2f:13:76:84:9f:a7:14:7b:08:e7:39:b9:36:ff:22:f6:4a:
ba:42:28:04:25:9c:8f:07:12:03:a3:77:1e:54:1f:39:c9:87:
55:4a:33:e5:aa:2d:00:36:21:10:fc:0f:d5:89:3f:63:28:5d:
c0:ad:39:9d:75:aa:86:75:8f:62:91:68:7c:81:11:cd:4f:88:
e7:72:b2:f0:64:7d:63:89:2f:a4:9e:fd:e4:36:d5:3d:d2:90:
aa:d5:f8:ef:08:1e:fb:cd:fe:85:ce:c7:85:0f:71:08:c0:fa:
f5:50:ee:8a:ac:c9:28:fe:bd:e5:43:1e:67:16:ec:81:04:46:
00:84:be:1e:d7:93:24:f4:97:12:de:c4:2b:a4:b6:ad:84:bc:
4c:b7:f1:67:9b:e1:f0:f4:f2:6f:e1:61:00:7c:cf:c0:fb:96:
54:cb:e9:cf
-----BEGIN CERTIFICATE-----
MIIG9zCCBd+gAwIBAgICCA8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTkxOTcxMTAvBgNVBAUTKDY4MzVEREZCODQzOEQyNEJCNkM1OTc5MzE2RTU0ODkx
MDY2MDkwQTcwHhcNMjQwOTE4MTAwNzQ5WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVhYTY3NC1iOGJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA11CiH3bSZ5p8H+2n5PjCs8fp+CgtHOuCta871h0+yuLDUMftQvdUAsoG0lSP
cr5RiUCdpWDPrZg35H5mAhoh0lRLDiS/cWpQmmUPfUvnua3tUPJ413U1RAA8yXWn
fu9Hxfm7MGgrLpNLvVjwFNxjQY0T36t89z5r7+hwJMDtQ3bww16OA4MDOD7CL/F5
CcT5cMaEyGYwvNwaRPpys+4iIGItjuhD5VNBZrwUJIkU6JDOxiONHEDOr5yofCYE
2vpniTrFzdQWOhv+Igi90MZMQ/rgbfiqmKaY+Gn7n8pJBWOU7EZMTyY9P8xg5JHq
RMydCa//vCm6+T8URMyyyHxv9wIDAQABo4IEGzCCBBcwHQYDVR0OBBYEFNauajc/
wSVWCRwzbmA4ewzgeFtFMB8GA1UdIwQYMBaAFGg13fuEONJLtsWXkxblSJEGYJCn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5OTE5Ny84NEIyRUM5OEYy
N0QxMUVBOTQ1NkVFNjBDNEY5QUUwMi9hRFhkLTRRNDBrdTJ4WmVURnVWSWtRWmdr
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FEWGQtNFE0MGt1MnhaZVRGdVZJa1FaZ2tLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTkxOTcvODRCMkVDOThGMjdEMTFFQTk0NTZFRTYwQzRGOUFFMDIvM0NGMDExN0E3
REVEMTFFRUJCRjAzMTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggGjBggrBgEFBQcBBwEB
/wSCAZIwggGOMIIBVAQCAAEwggFMAwQGGziAMAoDAwAbOQMDABs6AwQBGz50AwQE
Gz+wAwQGasgAMAsDBAZqyMADAwFqyAMEB2rKgAMEBmrLwAMEB2rNADALAwMCatQD
BAdq1QAwCwMDAWrWAwQDatewMAwDBAZq20ADBARq22AwDAMEA2rbeAMEAmrbiDAM
AwQEatuQAwQDatuwAwQGat7AMAsDBAdu4IADAwJu4AMDAHVgAwQGdWGAMAwDBAZ1
YsADBAN1YtAwCwMDAN+xAwQH37IAAwQG37LAAwQF37OAMAsDAwDftQMEBt+1gAME
Bt+2QAMEAt+2pAMEAt+2rAMEAt+2tAMEA9+2+AMEB9+4ADAMAwQC37kMAwQG37kA
AwQG37mAAwQH374AAwQG377AAwQB3+CsAwMA3+IwCwMEB9/lgAMDAN/mAwQG3+lA
MAoDAwDf6wMDAN/sAwMA3+8wNAQCAAIwLgMGACQBSQAcAwcFJAFJAB8gAwcEJAFJ
AIgAMBIDBwIkAUkAiBQDBwIkAUkAiDgwDQYJKoZIhvcNAQELBQADggEBAJ0oUw0j
xslGHq9mPZvYY43KuFkyVm5knK/mu4+XPDdnPn5vSqKoW6/4wVLGKAvU/Tqu/1/a
mbNSalicmxdA5PJho+isEDPgQOXF2Yu6ZHFneBIMBejppTncFukvE3aEn6cUewjn
Obk2/yL2SrpCKAQlnI8HEgOjdx5UHznJh1VKM+WqLQA2IRD8D9WJP2MoXcCtOZ11
qoZ1j2KRaHyBEc1PiOdysvBkfWOJL6Se/eQ21T3SkKrV+O8IHvvN/oXOx4UPcQjA
+vVQ7oqsySj+veVDHmcW7IEERgCEvh7XkyT0lxLexCuktq2EvEy38Web4fD08m/h
YQB8z8D7llTL6c8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:10 2024 by rpki-client on console-fra.rpki-client.org