Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/FD72AA3CADE211EEA5C03933C4F9AE02.roa
File: FD72AA3CADE211EEA5C03933C4F9AE02.roa (raw, json)
Hash identifier: eDlQueT1D4xJIzK+yrIg8snR2fM+NgBg/h/McbpxMnc=
Subject key identifier: 28:9A:B4:64:F6:80:08:27:D9:6A:AA:B2:6A:78:51:78:60:45:5F:3E
Certificate issuer: /CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Certificate serial: 079D
Authority key identifier: 68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/FD72AA3CADE211EEA5C03933C4F9AE02.roa
Signing time: Mon 01 Apr 2024 05:31:37 +0000
ROA not before: Mon 01 Apr 2024 05:31:37 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 45609
IP address blocks: 27.56.0.0/13 maxlen: 24
103.235.8.0/22 maxlen: 24
106.192.0.0/11 maxlen: 24
110.224.0.0/14 maxlen: 24
117.96.0.0/17 maxlen: 22
117.96.0.0/18 maxlen: 24
117.96.64.0/19 maxlen: 24
117.96.96.0/20 maxlen: 24
117.96.112.0/21 maxlen: 24
117.96.120.0/22 maxlen: 24
117.96.124.0/23 maxlen: 23
117.96.128.0/20 maxlen: 24
117.96.144.0/21 maxlen: 24
117.96.153.0/24 maxlen: 24
117.96.154.0/24 maxlen: 24
117.96.160.0/20 maxlen: 24
117.96.176.0/20 maxlen: 24
117.97.0.0/17 maxlen: 18
117.97.0.0/18 maxlen: 24
117.97.64.0/19 maxlen: 20
117.97.64.0/20 maxlen: 24
117.97.80.0/21 maxlen: 21
117.97.80.0/22 maxlen: 24
117.97.91.0/24 maxlen: 24
117.97.92.0/24 maxlen: 24
117.97.128.0/17 maxlen: 24
117.98.0.0/17 maxlen: 24
150.129.212.0/22 maxlen: 24
223.176.0.0/12 maxlen: 24
223.224.32.0/19 maxlen: 24
223.224.64.0/18 maxlen: 24
223.224.128.0/17 maxlen: 24
223.225.0.0/16 maxlen: 24
223.226.0.0/15 maxlen: 24
223.228.0.0/14 maxlen: 24
223.232.0.0/13 maxlen: 24
2401:4900:800::/37 maxlen: 48
2401:4900:1000::/37 maxlen: 48
2401:4900:1800::/37 maxlen: 48
2401:4900:2000::/37 maxlen: 48
2401:4900:2800::/37 maxlen: 48
2401:4900:3000::/37 maxlen: 48
2401:4900:3800::/37 maxlen: 48
2401:4900:4000::/37 maxlen: 48
2401:4900:4800::/37 maxlen: 48
2401:4900:5000::/37 maxlen: 48
2401:4900:5800::/37 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 13 May 2024 22:42:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1949 (0x79d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9199197/serialNumber=6835DDFB8438D24BB6C5979316E54891066090A7
Validity
Not Before: Apr 1 05:31:37 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=660a46b9-da45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:65:a2:af:f0:2b:cf:a9:67:20:39:0c:75:29:
24:a0:51:92:76:fb:5f:cb:95:0c:63:7a:79:35:d6:
b2:e2:72:85:e9:86:70:31:9a:59:48:9d:30:75:39:
4e:4c:ca:f0:e1:22:00:55:8d:59:c1:90:5f:8a:a7:
f2:48:09:8b:da:5d:19:14:cd:d8:d8:87:a9:26:26:
0d:ac:69:58:d9:56:99:f5:92:87:dc:98:89:cf:b3:
bf:49:91:de:6f:c4:11:ec:b5:8b:13:e7:e0:f9:8a:
e4:0e:c4:4d:5a:3f:ce:75:7b:09:22:b1:37:50:68:
1d:15:0c:fb:32:1a:6d:d6:15:d2:81:90:dc:94:1d:
17:b0:95:bc:cb:69:7e:1b:14:c1:19:f7:3c:77:e8:
db:fd:5d:17:c8:e9:cc:a3:54:e7:f6:a0:ce:84:a3:
9e:2b:af:f2:82:0b:e6:c9:93:d7:4f:8d:93:34:f0:
65:4c:5f:d2:b7:44:68:bb:76:ee:09:ce:32:28:94:
71:48:3d:d9:76:82:29:73:d7:e0:bd:7e:1f:a6:9e:
fe:14:b6:2c:1d:4f:c4:33:10:6d:85:a2:70:82:9b:
64:4f:d8:0b:5d:1e:e6:5a:43:27:ab:30:10:5e:06:
22:43:c7:2c:c1:ef:71:ef:a0:66:05:d7:f7:5f:6a:
44:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:9A:B4:64:F6:80:08:27:D9:6A:AA:B2:6A:78:51:78:60:45:5F:3E
X509v3 Authority Key Identifier:
keyid:68:35:DD:FB:84:38:D2:4B:B6:C5:97:93:16:E5:48:91:06:60:90:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/aDXd-4Q40ku2xZeTFuVIkQZgkKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aDXd-4Q40ku2xZeTFuVIkQZgkKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9199197/84B2EC98F27D11EA9456EE60C4F9AE02/FD72AA3CADE211EEA5C03933C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.56.0.0/13
103.235.8.0/22
106.192.0.0/11
110.224.0.0/14
117.96.0.0-117.96.151.255
117.96.153.0-117.96.154.255
117.96.160.0/19
117.97.0.0-117.98.127.255
150.129.212.0/22
223.176.0.0/12
223.224.32.0-223.239.255.255
IPv6:
2401:4900:800::-2401:4900:5fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
42:d1:4e:1d:d4:76:26:45:cc:7d:3f:3e:15:d4:0d:48:d9:f1:
75:6e:68:8a:81:1e:03:dc:2b:95:80:4e:3a:6a:a1:10:d6:6d:
d6:ad:9b:2e:7e:c6:4e:d0:79:19:b8:d2:93:c9:0e:e9:6e:a6:
45:df:43:3f:49:eb:36:a0:98:1e:d5:3b:32:01:56:7c:6e:79:
be:7c:5a:1e:7e:f1:a8:64:4c:85:3e:83:29:9d:c3:be:b1:ce:
c4:fc:af:48:41:c5:b9:97:1d:b7:f9:c4:0b:9f:33:e5:3d:35:
19:dc:3e:24:f3:d5:5f:dd:e2:2f:5e:b1:be:8e:03:a8:85:ed:
f8:1a:3e:87:c6:ac:ef:ab:f5:14:50:50:4c:dc:4d:9e:8e:23:
59:34:a0:f5:a3:16:25:16:6b:59:ce:ac:43:30:c8:bb:d8:43:
4c:75:a5:4b:fe:3e:6d:b7:49:f0:fb:9b:ef:f8:47:33:c6:8f:
91:52:24:90:a3:c3:b9:aa:a5:8d:5f:6f:af:b0:ce:b9:df:f3:
43:0b:7b:b6:26:ee:3c:f3:a2:1b:9e:4d:b8:5e:af:20:f7:c3:
bd:2f:02:2c:20:8c:b1:1b:32:5e:35:66:ff:4e:da:8c:37:47:
e6:5b:cc:5e:ee:2e:6c:a1:dd:0f:a9:b0:50:6e:05:25:9a:37:
22:f1:1f:5d
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgICB50wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTkxOTcxMTAvBgNVBAUTKDY4MzVEREZCODQzOEQyNEJCNkM1OTc5MzE2RTU0ODkx
MDY2MDkwQTcwHhcNMjQwNDAxMDUzMTM3WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBhNDZiOS1kYTQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsmWir/Arz6lnIDkMdSkkoFGSdvtfy5UMY3p5Nday4nKF6YZwMZpZSJ0wdTlO
TMrw4SIAVY1ZwZBfiqfySAmL2l0ZFM3Y2IepJiYNrGlY2VaZ9ZKH3JiJz7O/SZHe
b8QR7LWLE+fg+YrkDsRNWj/OdXsJIrE3UGgdFQz7Mhpt1hXSgZDclB0XsJW8y2l+
GxTBGfc8d+jb/V0XyOnMo1Tn9qDOhKOeK6/yggvmyZPXT42TNPBlTF/St0Rou3bu
Cc4yKJRxSD3ZdoIpc9fgvX4fpp7+FLYsHU/EMxBthaJwgptkT9gLXR7mWkMnqzAQ
XgYiQ8cswe9x76BmBdf3X2pEGwIDAQABo4IDBTCCAwEwHQYDVR0OBBYEFCiatGT2
gAgn2Wqqsmp4UXhgRV8+MB8GA1UdIwQYMBaAFGg13fuEONJLtsWXkxblSJEGYJCn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5OTE5Ny84NEIyRUM5OEYy
N0QxMUVBOTQ1NkVFNjBDNEY5QUUwMi9hRFhkLTRRNDBrdTJ4WmVURnVWSWtRWmdr
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FEWGQtNFE0MGt1MnhaZVRGdVZJa1FaZ2tLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTkxOTcvODRCMkVDOThGMjdEMTFFQTk0NTZFRTYwQzRGOUFFMDIvRkQ3MkFBM0NB
REUyMTFFRUE1QzAzOTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgY4GCCsGAQUFBwEHAQH/
BH8wfTBhBAIAATBbAwMDGzgDBAJn6wgDAwVqwAMDAm7gMAsDAwV1YAMEA3VgkDAM
AwQAdWCZAwQAdWCaAwQFdWCgMAsDAwB1YQMEB3ViAAMEApaB1AMDBN+wMAsDBAXf
4CADAwTf4DAYBAIAAjASMBADBgMkAUkACAMGBSQBSQBAMA0GCSqGSIb3DQEBCwUA
A4IBAQBC0U4d1HYmRcx9Pz4V1A1I2fF1bmiKgR4D3CuVgE46aqEQ1m3WrZsufsZO
0HkZuNKTyQ7pbqZF30M/Ses2oJge1TsyAVZ8bnm+fFoefvGoZEyFPoMpncO+sc7E
/K9IQcW5lx23+cQLnzPlPTUZ3D4k89Vf3eIvXrG+jgOohe34Gj6Hxqzvq/UUUFBM
3E2ejiNZNKD1oxYlFmtZzqxDMMi72ENMdaVL/j5tt0nw+5vv+Eczxo+RUiSQo8O5
qqWNX2+vsM653/NDC3u2Ju4886Ibnk24Xq8g98O9LwIsIIyxGzJeNWb/TtqMN0fm
W8xe7i5sod0PqbBQbgUlmjci8R9d
-----END CERTIFICATE-----
Generated at Tue May 7 00:53:21 2024 by rpki-client on console-ams.rpki-client.org