Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/A38D9084E6F811EC87D3034DC4F9AE02.roa
File: A38D9084E6F811EC87D3034DC4F9AE02.roa (raw, json)
Hash identifier: znarpXPxU3H5L3u9jVUVZ05Bh72k54vXN+/OLstvXVY=
Subject key identifier: A9:1B:86:F0:73:9B:F6:1F:05:E9:84:4B:D5:BB:42:E1:0B:6B:A1:5D
Certificate issuer: /CN=A91A09BF/serialNumber=7870F240BC4516E39A9C25958CF97B194BE76567
Certificate serial: 0AC6
Authority key identifier: 78:70:F2:40:BC:45:16:E3:9A:9C:25:95:8C:F9:7B:19:4B:E7:65:67
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eHDyQLxFFuOanCWVjPl7GUvnZWc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/A38D9084E6F811EC87D3034DC4F9AE02.roa
Signing time: Mon 06 May 2024 06:16:30 +0000
ROA not before: Mon 06 May 2024 06:16:30 +0000
ROA not after: Fri 31 Jan 2025 00:00:00 +0000
asID: 9729
IP address blocks: 202.85.128.0/20 maxlen: 20
202.85.128.0/24 maxlen: 24
202.85.129.0/24 maxlen: 24
202.85.131.0/24 maxlen: 24
202.85.132.0/24 maxlen: 24
202.85.137.0/24 maxlen: 24
202.85.138.0/24 maxlen: 24
202.85.140.0/24 maxlen: 24
202.85.144.0/20 maxlen: 20
202.85.164.0/23 maxlen: 23
202.85.165.0/24 maxlen: 24
202.85.166.0/23 maxlen: 23
202.85.167.0/24 maxlen: 24
202.85.168.0/22 maxlen: 22
202.85.169.0/24 maxlen: 24
202.85.170.0/24 maxlen: 24
202.85.171.0/24 maxlen: 24
202.85.172.0/22 maxlen: 22
202.85.172.0/24 maxlen: 24
202.85.180.0/22 maxlen: 22
202.85.181.0/24 maxlen: 24
202.85.184.0/22 maxlen: 22
202.85.188.0/24 maxlen: 24
202.85.190.0/24 maxlen: 24
202.85.191.0/24 maxlen: 24
203.194.128.0/21 maxlen: 21
203.194.133.0/24 maxlen: 24
203.194.135.0/24 maxlen: 24
203.194.136.0/21 maxlen: 21
203.194.136.0/24 maxlen: 24
203.194.141.0/24 maxlen: 24
203.194.144.0/21 maxlen: 21
203.194.144.0/24 maxlen: 24
203.194.145.0/24 maxlen: 24
203.194.146.0/24 maxlen: 24
203.194.148.0/24 maxlen: 24
203.194.149.0/24 maxlen: 24
203.194.152.0/21 maxlen: 21
203.194.153.0/24 maxlen: 24
203.194.159.0/24 maxlen: 24
203.194.160.0/22 maxlen: 22
203.194.160.0/24 maxlen: 24
203.194.164.0/22 maxlen: 22
203.194.168.0/22 maxlen: 22
203.194.168.0/24 maxlen: 24
203.194.169.0/24 maxlen: 24
203.194.170.0/24 maxlen: 24
203.194.171.0/24 maxlen: 24
203.194.176.0/22 maxlen: 22
203.194.176.0/24 maxlen: 24
203.194.177.0/24 maxlen: 24
203.194.179.0/24 maxlen: 24
203.194.183.0/24 maxlen: 24
203.194.186.0/23 maxlen: 24
203.194.188.0/22 maxlen: 22
203.194.188.0/24 maxlen: 24
203.194.192.0/21 maxlen: 21
203.194.196.0/24 maxlen: 24
203.194.199.0/24 maxlen: 24
203.194.200.0/22 maxlen: 22
203.194.200.0/23 maxlen: 23
203.194.204.0/22 maxlen: 22
203.194.206.0/24 maxlen: 24
203.194.208.0/22 maxlen: 22
203.194.208.0/24 maxlen: 24
203.194.209.0/24 maxlen: 24
203.194.211.0/24 maxlen: 24
203.194.212.0/22 maxlen: 22
203.194.212.0/23 maxlen: 23
203.194.216.0/22 maxlen: 22
203.194.216.0/24 maxlen: 24
203.194.217.0/24 maxlen: 24
203.194.218.0/24 maxlen: 24
203.194.219.0/24 maxlen: 24
203.194.220.0/22 maxlen: 22
203.194.220.0/24 maxlen: 24
203.194.221.0/24 maxlen: 24
203.194.223.0/24 maxlen: 24
203.194.224.0/22 maxlen: 22
203.194.224.0/24 maxlen: 24
203.194.227.0/24 maxlen: 24
203.194.228.0/22 maxlen: 22
203.194.228.0/24 maxlen: 24
203.194.232.0/22 maxlen: 22
203.194.232.0/24 maxlen: 24
203.194.233.0/24 maxlen: 24
203.194.236.0/22 maxlen: 22
203.194.239.0/24 maxlen: 24
203.194.240.0/22 maxlen: 22
203.194.244.0/22 maxlen: 22
203.194.244.0/24 maxlen: 24
203.194.248.0/21 maxlen: 21
203.194.255.0/24 maxlen: 24
210.184.96.0/22 maxlen: 22
210.184.97.0/24 maxlen: 24
210.184.99.0/24 maxlen: 24
210.184.100.0/22 maxlen: 22
210.184.108.0/22 maxlen: 22
210.184.110.0/24 maxlen: 24
210.184.112.0/21 maxlen: 21
210.184.113.0/24 maxlen: 24
210.184.114.0/24 maxlen: 24
210.184.120.0/24 maxlen: 24
210.184.121.0/24 maxlen: 24
210.184.122.0/24 maxlen: 24
210.184.124.0/24 maxlen: 24
210.184.127.0/24 maxlen: 24
210.184.128.0/17 maxlen: 17
210.184.128.0/21 maxlen: 21
210.184.136.0/22 maxlen: 22
210.184.137.0/24 maxlen: 24
210.184.139.0/24 maxlen: 24
210.184.142.0/24 maxlen: 24
210.184.152.0/22 maxlen: 22
210.184.156.0/23 maxlen: 23
210.184.158.0/23 maxlen: 23
210.184.164.0/22 maxlen: 22
210.184.167.0/24 maxlen: 24
210.184.168.0/22 maxlen: 22
210.184.172.0/23 maxlen: 23
210.184.174.0/23 maxlen: 23
210.184.178.0/23 maxlen: 23
210.184.178.0/24 maxlen: 24
210.184.180.0/22 maxlen: 22
210.184.180.0/24 maxlen: 24
210.184.184.0/22 maxlen: 22
210.184.189.0/24 maxlen: 24
210.184.190.0/23 maxlen: 23
210.184.190.0/24 maxlen: 24
210.184.192.0/24 maxlen: 24
210.184.193.0/24 maxlen: 24
210.184.194.0/24 maxlen: 24
210.184.196.0/22 maxlen: 22
210.184.196.0/24 maxlen: 24
210.184.197.0/24 maxlen: 24
210.184.198.0/23 maxlen: 24
210.184.200.0/22 maxlen: 22
210.184.200.0/24 maxlen: 24
210.184.201.0/24 maxlen: 24
210.184.202.0/24 maxlen: 24
210.184.203.0/24 maxlen: 24
210.184.204.0/22 maxlen: 22
210.184.208.0/24 maxlen: 24
210.184.209.0/24 maxlen: 24
210.184.210.0/24 maxlen: 24
210.184.211.0/24 maxlen: 24
210.184.212.0/24 maxlen: 24
210.184.213.0/24 maxlen: 24
210.184.214.0/24 maxlen: 24
210.184.215.0/24 maxlen: 24
210.184.216.0/24 maxlen: 24
210.184.217.0/24 maxlen: 24
210.184.218.0/24 maxlen: 24
210.184.219.0/24 maxlen: 24
210.184.220.0/24 maxlen: 24
210.184.221.0/24 maxlen: 24
210.184.222.0/24 maxlen: 24
210.184.223.0/24 maxlen: 24
210.184.224.0/24 maxlen: 24
210.184.225.0/24 maxlen: 24
210.184.226.0/24 maxlen: 24
210.184.251.0/24 maxlen: 24
210.184.252.0/22 maxlen: 22
210.184.254.0/24 maxlen: 24
2403:2400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/eHDyQLxFFuOanCWVjPl7GUvnZWc.crl
rsync://rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/eHDyQLxFFuOanCWVjPl7GUvnZWc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eHDyQLxFFuOanCWVjPl7GUvnZWc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 23 May 2024 20:05:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2758 (0xac6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A09BF/serialNumber=7870F240BC4516E39A9C25958CF97B194BE76567
Validity
Not Before: May 6 06:16:30 2024 GMT
Not After : Jan 31 00:00:00 2025 GMT
Subject: CN=663875bd-b48f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:46:d0:31:9d:39:a2:8b:9a:cc:8b:e2:6b:13:
24:24:56:66:2c:79:da:d2:30:ca:d9:92:d9:9c:36:
9c:0f:db:cf:55:23:7e:39:8f:50:1e:0a:00:61:d7:
3e:7d:5c:21:ba:e2:36:08:47:38:9b:bf:6a:31:ec:
16:30:14:3a:2d:4e:ce:65:23:23:71:69:a3:86:e8:
61:2b:ab:c1:10:fe:6b:4c:c0:07:09:6d:be:8e:b5:
9e:10:20:50:df:93:02:d3:e2:94:6f:5e:49:23:61:
22:5b:76:0f:73:a2:d9:cb:5e:30:0b:c2:9b:04:82:
71:5c:45:40:bf:89:38:8d:46:cc:57:ed:41:dd:77:
7f:c5:e4:36:02:91:c1:39:dd:31:05:e9:19:4b:19:
a4:fb:49:2b:f4:b6:d3:33:e4:e9:a2:77:f7:44:c8:
63:1e:6c:66:11:e0:10:7e:5a:05:4b:12:82:ff:88:
73:ec:5b:17:96:2c:12:73:d2:dc:ad:fb:00:ca:a8:
76:b7:43:c9:32:8a:57:a3:a8:ee:b7:e7:fe:a0:8b:
60:5a:f5:e0:cd:27:5f:4e:dc:71:84:c7:a3:39:60:
33:9a:bc:35:0f:31:ba:e2:a5:28:d0:b1:85:ab:47:
6a:d2:1f:dc:3e:43:4f:e8:11:f5:a0:a6:95:2f:04:
0d:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:1B:86:F0:73:9B:F6:1F:05:E9:84:4B:D5:BB:42:E1:0B:6B:A1:5D
X509v3 Authority Key Identifier:
keyid:78:70:F2:40:BC:45:16:E3:9A:9C:25:95:8C:F9:7B:19:4B:E7:65:67
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/eHDyQLxFFuOanCWVjPl7GUvnZWc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eHDyQLxFFuOanCWVjPl7GUvnZWc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A09BF/D13DA1D42DFC11EABC1B6B82C4F9AE02/A38D9084E6F811EC87D3034DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.85.128.0/19
202.85.164.0-202.85.175.255
202.85.180.0-202.85.188.255
202.85.190.0/23
203.194.128.0-203.194.171.255
203.194.176.0/22
203.194.183.0/24
203.194.186.0-203.194.255.255
210.184.96.0/21
210.184.108.0-210.184.122.255
210.184.124.0/24
210.184.127.0-210.184.255.255
IPv6:
2403:2400::/32
Signature Algorithm: sha256WithRSAEncryption
32:8c:80:07:36:73:5e:24:ca:37:b1:36:56:73:b9:33:08:14:
26:28:1a:98:ad:da:a8:8c:1f:4a:88:a4:67:76:6e:f5:15:5e:
02:d2:ee:b0:92:47:4c:94:16:ce:12:73:2d:5d:54:27:52:cd:
e7:a6:ce:b5:a7:a9:e3:d4:c0:27:48:82:18:ce:b2:40:8b:7a:
13:97:ca:25:a0:b5:48:5c:12:08:94:af:cd:65:10:83:78:80:
a9:e5:88:5d:53:d2:fb:7d:9b:ac:8f:b1:f3:7a:da:3e:1c:4e:
00:92:32:36:87:6f:91:00:85:ef:89:89:4d:31:0f:5f:04:b6:
ae:f7:57:73:4f:8b:b8:ec:c9:10:57:ba:4b:fe:59:aa:15:33:
77:90:ea:aa:00:72:a0:9c:d9:2b:b4:d1:96:99:1a:78:28:c2:
e6:6a:4d:0e:14:30:6d:82:bf:01:63:b5:31:fe:8f:00:d0:12:
a0:a1:25:b5:85:76:d3:91:ad:76:99:2d:d8:a8:19:b7:4b:09:
7b:72:5c:83:30:db:48:8d:37:45:a7:ce:78:e5:3a:07:70:03:
48:c8:38:eb:fc:be:73:ca:f9:46:a8:e2:4c:b0:d3:77:04:4a:
ec:53:38:b6:90:21:cc:3d:35:aa:da:80:b8:31:5e:7e:5a:d0:
41:da:5b:e2
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgICCsYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTA5QkYxMTAvBgNVBAUTKDc4NzBGMjQwQkM0NTE2RTM5QTlDMjU5NThDRjk3QjE5
NEJFNzY1NjcwHhcNMjQwNTA2MDYxNjMwWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM4NzViZC1iNDhmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq0bQMZ05oouazIviaxMkJFZmLHna0jDK2ZLZnDacD9vPVSN+OY9QHgoAYdc+
fVwhuuI2CEc4m79qMewWMBQ6LU7OZSMjcWmjhuhhK6vBEP5rTMAHCW2+jrWeECBQ
35MC0+KUb15JI2EiW3YPc6LZy14wC8KbBIJxXEVAv4k4jUbMV+1B3Xd/xeQ2ApHB
Od0xBekZSxmk+0kr9LbTM+Tponf3RMhjHmxmEeAQfloFSxKC/4hz7FsXliwSc9Lc
rfsAyqh2t0PJMopXo6jut+f+oItgWvXgzSdfTtxxhMejOWAzmrw1DzG64qUo0LGF
q0dq0h/cPkNP6BH1oKaVLwQNSQIDAQABo4IDFzCCAxMwHQYDVR0OBBYEFKkbhvBz
m/YfBemES9W7QuELa6FdMB8GA1UdIwQYMBaAFHhw8kC8RRbjmpwllYz5exlL52Vn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDlCRi9EMTNEQTFENDJE
RkMxMUVBQkMxQjZCODJDNEY5QUUwMi9lSER5UUx4RkZ1T2FuQ1dWalBsN0dVdm5a
V2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VIRHlRTHhGRnVPYW5DV1ZqUGw3R1V2blpXYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTA5QkYvRDEzREExRDQyREZDMTFFQUJDMUI2QjgyQzRGOUFFMDIvQTM4RDkwODRF
NkY4MTFFQzg3RDMwMzREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaAGCCsGAQUFBwEHAQH/
BIGQMIGNMHwEAgABMHYDBAXKVYAwDAMEAspVpAMEBMpVoDAMAwQCylW0AwQAylW8
AwQBylW+MAwDBAfLwoADBALLwqgDBALLwrADBADLwrcwCwMEAcvCugMDAMvCAwQD
0rhgMAwDBALSuGwDBADSuHoDBADSuHwwCwMEANK4fwMDANK4MA0EAgACMAcDBQAk
AyQAMA0GCSqGSIb3DQEBCwUAA4IBAQAyjIAHNnNeJMo3sTZWc7kzCBQmKBqYrdqo
jB9KiKRndm71FV4C0u6wkkdMlBbOEnMtXVQnUs3nps61p6nj1MAnSIIYzrJAi3oT
l8oloLVIXBIIlK/NZRCDeICp5YhdU9L7fZusj7Hzeto+HE4AkjI2h2+RAIXviYlN
MQ9fBLau91dzT4u47MkQV7pL/lmqFTN3kOqqAHKgnNkrtNGWmRp4KMLmak0OFDBt
gr8BY7Ux/o8A0BKgoSW1hXbTka12mS3YqBm3Swl7clyDMNtIjTdFp8545ToHcANI
yDjr/L5zyvlGqOJMsNN3BErsUzi2kCHMPTWq2oC4MV5+WtBB2lvi
-----END CERTIFICATE-----
Generated at Thu May 16 22:34:50 2024 by rpki-client on console-ams.rpki-client.org