Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
File: 8F6D3D583AEA11EC84E6634EC4F9AE02.roa (raw, json)
Hash identifier: OEeulBe+c5wW7GbGzbuk4OL54v4TtW6TzQZ66hJIVjE=
Subject key identifier: E6:36:BE:4E:1C:0E:5C:B3:D2:F8:84:2A:C0:0E:3D:D1:EC:84:72:24
Certificate issuer: /CN=A91B885C/serialNumber=5374C6E75F186052455A2D8DA5292FEF009CC9AF
Certificate serial: 0CC7
Authority key identifier: 53:74:C6:E7:5F:18:60:52:45:5A:2D:8D:A5:29:2F:EF:00:9C:C9:AF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
Signing time: Thu 31 Oct 2024 18:36:45 +0000
ROA not before: Thu 31 Oct 2024 18:36:45 +0000
ROA not after: Sat 01 Mar 2025 00:00:00 +0000
asID: 63916
IP address blocks: 27.122.56.0/24 maxlen: 24
27.122.57.0/24 maxlen: 24
27.122.58.0/24 maxlen: 24
27.122.59.0/24 maxlen: 24
43.239.156.0/22 maxlen: 22
43.239.156.0/23 maxlen: 23
43.239.156.0/24 maxlen: 24
43.239.157.0/24 maxlen: 24
43.239.158.0/23 maxlen: 23
43.239.158.0/24 maxlen: 24
43.239.159.0/24 maxlen: 24
43.245.196.0/23 maxlen: 23
43.245.196.0/24 maxlen: 24
43.245.197.0/24 maxlen: 24
43.245.198.0/24 maxlen: 24
43.245.199.0/24 maxlen: 24
43.251.157.0/24 maxlen: 24
43.251.158.0/24 maxlen: 24
43.251.159.0/24 maxlen: 24
103.1.154.0/24 maxlen: 24
103.35.72.0/22 maxlen: 22
103.35.72.0/24 maxlen: 24
103.35.73.0/24 maxlen: 24
103.35.74.0/24 maxlen: 24
103.35.75.0/24 maxlen: 24
103.68.223.0/24 maxlen: 24
103.71.254.0/24 maxlen: 24
103.72.4.0/23 maxlen: 24
182.161.32.0/22 maxlen: 22
182.161.32.0/24 maxlen: 24
182.161.33.0/24 maxlen: 24
182.161.34.0/24 maxlen: 24
182.161.35.0/24 maxlen: 24
202.144.192.0/22 maxlen: 22
202.144.192.0/24 maxlen: 24
202.144.193.0/24 maxlen: 24
202.144.194.0/24 maxlen: 24
202.144.195.0/24 maxlen: 24
2402:c480::/32 maxlen: 32
2402:c480:3000::/48 maxlen: 48
2402:c480:3001::/48 maxlen: 48
2402:c480:3002::/48 maxlen: 48
2402:c480:3003::/48 maxlen: 48
2402:c480:3004::/48 maxlen: 48
2402:c480:5000::/48 maxlen: 48
2402:c480:6000::/48 maxlen: 48
2402:c480:6001::/48 maxlen: 48
2402:c480:6002::/48 maxlen: 48
2402:c480:7000::/48 maxlen: 48
2402:c480:7001::/48 maxlen: 48
2402:c480:8000::/48 maxlen: 48
2402:c480:8001::/48 maxlen: 48
2402:c480:8003::/48 maxlen: 48
2402:c480:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.crl
rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 18:10:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3271 (0xcc7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B885C/serialNumber=5374C6E75F186052455A2D8DA5292FEF009CC9AF
Validity
Not Before: Oct 31 18:36:45 2024 GMT
Not After : Mar 1 00:00:00 2025 GMT
Subject: CN=6723ce3c-04d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:91:d1:e4:68:53:37:7d:f3:c3:b6:cd:8a:a0:
23:76:7f:e0:3d:ca:23:9a:2b:a7:20:cc:40:68:14:
6e:7a:0a:21:78:70:f9:68:89:0e:8b:50:75:6f:2b:
0f:d4:c5:8f:bb:9f:e3:66:dc:29:07:09:56:24:3e:
3c:73:6c:e0:ae:1c:87:39:5b:41:b7:0c:19:29:53:
95:92:d6:de:6a:96:7d:5d:09:5c:ad:7b:47:f8:d0:
43:fb:c2:cd:87:ce:50:67:2e:2d:cd:7d:80:63:9d:
47:9f:29:60:51:d7:7c:e5:f1:28:dd:fb:89:0f:c6:
7f:b5:19:ef:1b:ae:ef:71:5c:22:5a:2e:4f:22:36:
1c:96:36:5c:72:5e:8a:b5:ff:55:d1:dd:26:88:db:
63:7a:5f:a0:a6:d4:a0:ab:2c:0a:eb:1c:eb:92:c3:
eb:88:88:eb:d9:2d:b2:7f:fe:fb:31:7e:20:a5:ab:
51:0f:6c:96:d0:3b:4f:cd:7c:5f:47:d0:e6:48:f9:
e0:56:c2:9b:2f:08:17:45:93:8d:25:bc:e3:77:c4:
b5:d6:39:d8:99:24:15:b6:cc:44:c2:f3:85:7a:20:
1d:03:c5:d3:0f:c5:2e:2c:21:02:54:b3:8d:2a:d1:
24:81:1a:37:89:3a:48:54:d7:e8:7d:a2:22:8b:4a:
e8:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:36:BE:4E:1C:0E:5C:B3:D2:F8:84:2A:C0:0E:3D:D1:EC:84:72:24
X509v3 Authority Key Identifier:
keyid:53:74:C6:E7:5F:18:60:52:45:5A:2D:8D:A5:29:2F:EF:00:9C:C9:AF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/U3TG518YYFJFWi2NpSkv7wCcya8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U3TG518YYFJFWi2NpSkv7wCcya8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B885C/5C19F842F26711E987C7131FC4F9AE02/8F6D3D583AEA11EC84E6634EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.122.56.0/22
43.239.156.0/22
43.245.196.0/22
43.251.157.0-43.251.159.255
103.1.154.0/24
103.35.72.0/22
103.68.223.0/24
103.71.254.0/24
103.72.4.0/23
182.161.32.0/22
202.144.192.0/22
IPv6:
2402:c480::/32
Signature Algorithm: sha256WithRSAEncryption
70:a6:a1:46:05:54:0f:7e:b8:dc:ec:08:ba:ef:6a:ce:f4:bf:
d7:10:10:aa:21:05:39:66:c6:3a:aa:fd:37:a1:4c:9d:20:98:
b6:c4:41:2c:ba:70:1e:d7:e7:0b:79:b0:28:43:39:86:f6:17:
50:50:67:81:84:bb:97:39:7e:e8:a3:d1:db:2f:73:15:0f:40:
94:4f:67:a4:4d:5f:e2:df:0a:84:1e:8c:35:99:1f:06:c5:a0:
57:60:f6:e6:f4:35:af:8a:ba:41:65:7e:73:08:c6:97:67:5a:
83:2b:36:0c:e7:1a:95:e2:85:fc:83:11:1a:f8:23:a0:0b:f0:
88:0c:96:30:7e:a3:cb:5e:c5:35:1e:dc:e7:82:81:88:d2:19:
c5:39:81:3d:ff:2b:6e:3f:1d:34:17:42:3f:f5:ad:ff:72:fb:
41:05:50:a4:9b:a8:d5:f7:78:40:4e:5c:4b:4a:e9:77:0e:ee:
c3:54:12:94:52:b7:00:b5:e6:33:f8:e2:5f:ff:24:73:cb:b4:
b4:f3:0b:60:8b:b6:1c:5d:a8:7d:b4:2c:7f:e2:d4:e6:cc:a5:
8e:77:14:49:26:3b:aa:cd:e9:d0:fa:a6:82:94:1f:40:c2:39:
80:c7:1e:e1:75:2a:02:e9:41:ac:50:01:a7:b0:72:f1:9a:34:
6b:9f:00:7b
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgICDMcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjg4NUMxMTAvBgNVBAUTKDUzNzRDNkU3NUYxODYwNTI0NTVBMkQ4REE1MjkyRkVG
MDA5Q0M5QUYwHhcNMjQxMDMxMTgzNjQ1WhcNMjUwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzIzY2UzYy0wNGQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt5HR5GhTN33zw7bNiqAjdn/gPcojmiunIMxAaBRuegoheHD5aIkOi1B1bysP
1MWPu5/jZtwpBwlWJD48c2zgrhyHOVtBtwwZKVOVktbeapZ9XQlcrXtH+NBD+8LN
h85QZy4tzX2AY51HnylgUdd85fEo3fuJD8Z/tRnvG67vcVwiWi5PIjYcljZccl6K
tf9V0d0miNtjel+gptSgqywK6xzrksPriIjr2S2yf/77MX4gpatRD2yW0DtPzXxf
R9DmSPngVsKbLwgXRZONJbzjd8S11jnYmSQVtsxEwvOFeiAdA8XTD8UuLCECVLON
KtEkgRo3iTpIVNfofaIii0roowIDAQABo4IC6DCCAuQwHQYDVR0OBBYEFOY2vk4c
Dlyz0viEKsAOPdHshHIkMB8GA1UdIwQYMBaAFFN0xudfGGBSRVotjaUpL+8AnMmv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCODg1Qy81QzE5Rjg0MkYy
NjcxMUU5ODdDNzEzMUZDNEY5QUUwMi9VM1RHNTE4WVlGSkZXaTJOcFNrdjd3Q2N5
YTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1UzVEc1MThZWUZKRldpMk5wU2t2N3dDY3lhOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjg4NUMvNUMxOUY4NDJGMjY3MTFFOTg3QzcxMzFGQzRGOUFFMDIvOEY2RDNENTgz
QUVBMTFFQzg0RTY2MzRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcgYIKwYBBQUHAQcBAf8E
YzBhMFAEAgABMEoDBAIbejgDBAIr75wDBAIr9cQwDAMEACv7nQMEBSv7gAMEAGcB
mgMEAmcjSAMEAGdE3wMEAGdH/gMEAWdIBAMEArahIAMEAsqQwDANBAIAAjAHAwUA
JALEgDANBgkqhkiG9w0BAQsFAAOCAQEAcKahRgVUD3643OwIuu9qzvS/1xAQqiEF
OWbGOqr9N6FMnSCYtsRBLLpwHtfnC3mwKEM5hvYXUFBngYS7lzl+6KPR2y9zFQ9A
lE9npE1f4t8KhB6MNZkfBsWgV2D25vQ1r4q6QWV+cwjGl2dagys2DOcaleKF/IMR
GvgjoAvwiAyWMH6jy17FNR7c54KBiNIZxTmBPf8rbj8dNBdCP/Wt/3L7QQVQpJuo
1fd4QE5cS0rpdw7uw1QSlFK3ALXmM/jiX/8kc8u0tPMLYIu2HF2ofbQsf+LU5syl
jncUSSY7qs3p0PqmgpQfQMI5gMce4XUqAulBrFABp7By8Zo0a58Aew==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:16 2024 by rpki-client on console-ams.rpki-client.org