Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
File: CEBECC28D38811E8A763B462C4F9AE02.roa (raw, json)
Hash identifier: JnF5+7NsmUg1WH1IMV33GUBJe1CH0KdvlE0jmWBmNQE=
Subject key identifier: 2F:9E:63:EF:7A:99:AE:72:A6:85:C0:3D:D0:F5:2D:D7:63:8F:35:1D
Certificate issuer: /CN=A91BFE6A/serialNumber=EF62F155C1971D504941F571EEDFAC0AFCC52859
Certificate serial: 11AF
Authority key identifier: EF:62:F1:55:C1:97:1D:50:49:41:F5:71:EE:DF:AC:0A:FC:C5:28:59
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
Signing time: Wed 17 Apr 2024 02:21:52 +0000
ROA not before: Wed 17 Apr 2024 02:21:52 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 38001
IP address blocks: 43.245.60.0/24 maxlen: 24
43.245.61.0/24 maxlen: 24
43.245.62.0/24 maxlen: 24
43.245.63.0/24 maxlen: 24
45.119.200.0/24 maxlen: 24
45.119.201.0/24 maxlen: 24
45.119.202.0/24 maxlen: 24
103.14.76.0/24 maxlen: 24
103.14.77.0/24 maxlen: 24
103.14.79.0/24 maxlen: 24
103.25.52.0/24 maxlen: 24
103.60.8.0/24 maxlen: 24
103.200.216.0/24 maxlen: 24
103.200.217.0/24 maxlen: 24
103.200.218.0/24 maxlen: 24
103.200.219.0/24 maxlen: 24
119.161.101.0/24 maxlen: 24
119.161.102.0/24 maxlen: 24
119.161.103.0/24 maxlen: 24
202.150.208.0/20 maxlen: 20
202.150.208.0/24 maxlen: 24
202.150.209.0/24 maxlen: 24
202.150.210.0/24 maxlen: 24
202.150.211.0/24 maxlen: 24
202.150.212.0/24 maxlen: 24
202.150.213.0/24 maxlen: 24
202.150.214.0/24 maxlen: 24
202.150.215.0/24 maxlen: 24
202.150.216.0/24 maxlen: 24
202.150.217.0/24 maxlen: 24
202.150.218.0/24 maxlen: 24
202.150.219.0/24 maxlen: 24
202.150.220.0/24 maxlen: 24
202.150.221.0/24 maxlen: 24
202.150.222.0/24 maxlen: 24
202.150.223.0/24 maxlen: 24
203.174.80.0/21 maxlen: 21
203.174.80.0/24 maxlen: 24
203.174.81.0/24 maxlen: 24
203.174.82.0/24 maxlen: 24
203.174.83.0/24 maxlen: 24
203.174.84.0/24 maxlen: 24
203.174.85.0/24 maxlen: 24
203.174.86.0/24 maxlen: 24
203.174.87.0/24 maxlen: 24
2406:f400::/32 maxlen: 32
2406:f400::/44 maxlen: 44
2406:f400:20::/44 maxlen: 44
2406:f400:40::/44 maxlen: 44
2406:f400:80::/44 maxlen: 44
2406:f400:b0::/44 maxlen: 44
2406:f400:100::/44 maxlen: 44
2406:f400:130::/44 maxlen: 44
2406:f400:160::/44 maxlen: 44
2406:f400:161::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.crl
rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 15 May 2024 02:42:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4527 (0x11af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BFE6A/serialNumber=EF62F155C1971D504941F571EEDFAC0AFCC52859
Validity
Not Before: Apr 17 02:21:52 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=661f3240-3364
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ec:dd:b3:5b:97:04:96:b3:86:92:98:b2:a8:
1d:83:8f:97:b6:c3:23:81:dd:ea:26:a8:4d:06:65:
bc:e3:3b:58:a9:f9:c0:78:7b:39:43:ef:93:c0:6f:
cb:1c:43:44:bf:4a:f0:c8:86:4b:9d:be:23:af:6a:
93:26:14:9f:80:12:52:2d:e6:45:22:55:c3:b2:9c:
e0:59:d9:3d:ab:67:8b:21:3e:09:2a:a7:31:b4:16:
c1:38:7c:30:00:57:f0:4b:dc:d2:2b:29:1d:df:eb:
a8:e1:f2:58:2d:ff:b1:a6:2d:d3:81:3a:96:1a:74:
92:12:b6:14:ba:ac:cd:c4:62:19:40:ef:10:b2:e8:
9a:ce:1d:ce:e9:3d:90:b3:7e:67:e4:39:56:8e:84:
db:1d:09:63:ca:4c:ee:a3:16:7a:4e:43:9f:f4:93:
35:73:d2:e9:f9:fa:72:4d:e3:d2:18:68:c9:5e:0a:
38:21:68:a1:23:bd:7f:79:db:6c:79:42:26:c4:cd:
93:a5:22:6c:5d:09:ab:cd:60:43:be:95:82:4a:a9:
bc:f2:b0:c5:20:bb:a8:bc:71:a8:d9:64:ed:36:b0:
50:dd:e4:71:8b:a7:67:3a:16:4b:e2:bc:bf:61:39:
ab:88:4c:2f:c2:b6:7d:16:6c:24:68:01:62:31:18:
51:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:9E:63:EF:7A:99:AE:72:A6:85:C0:3D:D0:F5:2D:D7:63:8F:35:1D
X509v3 Authority Key Identifier:
keyid:EF:62:F1:55:C1:97:1D:50:49:41:F5:71:EE:DF:AC:0A:FC:C5:28:59
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/72LxVcGXHVBJQfVx7t-sCvzFKFk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/72LxVcGXHVBJQfVx7t-sCvzFKFk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BFE6A/1D64328ED38711E8BD70755CC4F9AE02/CEBECC28D38811E8A763B462C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.60.0/22
45.119.200.0-45.119.202.255
103.14.76.0/23
103.14.79.0/24
103.25.52.0/24
103.60.8.0/24
103.200.216.0/22
119.161.101.0-119.161.103.255
202.150.208.0/20
203.174.80.0/21
IPv6:
2406:f400::/32
Signature Algorithm: sha256WithRSAEncryption
3f:a1:5a:9f:ac:0b:7d:b3:a4:a4:89:56:a6:99:98:6b:fa:a4:
1b:ad:2c:bd:12:19:48:21:18:e0:30:f0:9d:ad:a8:d3:ab:2c:
7a:a4:21:38:68:84:e0:1b:ef:87:3a:2b:4f:42:b8:d6:ff:db:
0d:56:06:48:8e:2c:a1:63:c1:97:ce:c8:44:ce:67:97:e9:0e:
38:42:d1:ca:fe:5d:e2:a6:d3:48:3a:b7:aa:f4:aa:72:54:2b:
4a:c7:f1:d1:38:be:66:98:5f:e0:ea:9e:42:97:d5:8b:c6:17:
18:89:69:c8:6c:52:6c:0c:2f:11:62:cf:df:91:a5:23:c5:fb:
84:fc:51:73:86:08:cd:0e:3b:d7:e8:fc:be:9d:5e:68:37:e2:
76:3a:3e:52:c0:82:1f:fc:8b:72:50:73:6d:cf:b3:1d:3d:a0:
49:51:d2:a6:79:c9:42:68:1d:d0:a6:e9:7f:41:9d:55:c8:84:
d3:43:1c:89:01:2e:ea:f4:18:8b:15:f9:3b:9b:92:4f:ab:c8:
1d:63:e4:d4:1a:f0:ee:1c:63:97:0d:5d:b4:5a:0c:2c:31:05:
5b:b1:b4:e3:11:3c:8e:0c:19:64:f4:c6:8b:21:fa:71:f4:b4:
60:b1:31:50:dd:61:8a:8e:7a:58:29:92:39:3f:c7:2e:7d:e4:
5b:05:c2:37
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgICEa8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkZFNkExMTAvBgNVBAUTKEVGNjJGMTU1QzE5NzFENTA0OTQxRjU3MUVFREZBQzBB
RkNDNTI4NTkwHhcNMjQwNDE3MDIyMTUyWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjFmMzI0MC0zMzY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwOzds1uXBJazhpKYsqgdg4+XtsMjgd3qJqhNBmW84ztYqfnAeHs5Q++TwG/L
HENEv0rwyIZLnb4jr2qTJhSfgBJSLeZFIlXDspzgWdk9q2eLIT4JKqcxtBbBOHww
AFfwS9zSKykd3+uo4fJYLf+xpi3TgTqWGnSSErYUuqzNxGIZQO8Qsuiazh3O6T2Q
s35n5DlWjoTbHQljykzuoxZ6TkOf9JM1c9Lp+fpyTePSGGjJXgo4IWihI71/edts
eUImxM2TpSJsXQmrzWBDvpWCSqm88rDFILuovHGo2WTtNrBQ3eRxi6dnOhZL4ry/
YTmriEwvwrZ9FmwkaAFiMRhRLwIDAQABo4IC6jCCAuYwHQYDVR0OBBYEFC+eY+96
ma5ypoXAPdD1LddjjzUdMB8GA1UdIwQYMBaAFO9i8VXBlx1QSUH1ce7frAr8xShZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRkU2QS8xRDY0MzI4RUQz
ODcxMUU4QkQ3MDc1NUNDNEY5QUUwMi83Mkx4VmNHWEhWQkpRZlZ4N3Qtc0N2ekZL
RmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzcyTHhWY0dYSFZCSlFmVng3dC1zQ3Z6RktGay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkZFNkEvMUQ2NDMyOEVEMzg3MTFFOEJENzA3NTVDQzRGOUFFMDIvQ0VCRUNDMjhE
Mzg4MTFFOEE3NjNCNDYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdAYIKwYBBQUHAQcBAf8E
ZTBjMFIEAgABMEwDBAIr9TwwDAMEAy13yAMEAC13ygMEAWcOTAMEAGcOTwMEAGcZ
NAMEAGc8CAMEAmfI2DAMAwQAd6FlAwQDd6FgAwQEypbQAwQDy65QMA0EAgACMAcD
BQAkBvQAMA0GCSqGSIb3DQEBCwUAA4IBAQA/oVqfrAt9s6SkiVammZhr+qQbrSy9
EhlIIRjgMPCdrajTqyx6pCE4aITgG++HOitPQrjW/9sNVgZIjiyhY8GXzshEzmeX
6Q44QtHK/l3iptNIOreq9KpyVCtKx/HROL5mmF/g6p5Cl9WLxhcYiWnIbFJsDC8R
Ys/fkaUjxfuE/FFzhgjNDjvX6Py+nV5oN+J2Oj5SwIIf/ItyUHNtz7MdPaBJUdKm
eclCaB3Qpul/QZ1VyITTQxyJAS7q9BiLFfk7m5JPq8gdY+TUGvDuHGOXDV20Wgws
MQVbsbTjETyODBlk9MaLIfpx9LRgsTFQ3WGKjnpYKZI5P8cufeRbBcI3
-----END CERTIFICATE-----
Generated at Fri May 10 19:18:45 2024 by rpki-client on console-ams.rpki-client.org