Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
File: 3F763E44017211EE8B2BF635C4F9AE02.roa (raw, json)
Hash identifier: T27PqZODiVTbI+EbFf62hQq8msnaqE9QMZQB3c52YSY=
Subject key identifier: 31:94:C5:E7:4C:EC:A4:6B:42:71:57:05:F6:15:7F:FA:4C:B9:11:A6
Certificate issuer: /CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
Certificate serial: 0E67
Authority key identifier: 77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
Signing time: Sat 20 Apr 2024 18:36:49 +0000
ROA not before: Sat 20 Apr 2024 18:36:49 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 3356
IP address blocks: 2401:df00:1::/48 maxlen: 48
2401:df00:2::/48 maxlen: 48
2401:df00:11::/48 maxlen: 48
2401:df00:12::/48 maxlen: 48
2401:df00:21::/48 maxlen: 48
2401:df00:22::/48 maxlen: 48
2401:df00:31::/48 maxlen: 48
2401:df00:32::/48 maxlen: 48
2401:df00:41::/48 maxlen: 48
2401:df00:42::/48 maxlen: 48
2401:df00:51::/48 maxlen: 48
2401:df00:52::/48 maxlen: 48
2401:df00:61::/48 maxlen: 48
2401:df00:62::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.crl
rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 07 May 2024 18:43:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3687 (0xe67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
Validity
Not Before: Apr 20 18:36:49 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=66240b41-258b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:3b:c0:c4:35:f5:f3:39:cb:b1:68:79:ac:9a:
28:ed:bd:d8:ea:b4:38:c0:a9:d0:8d:7f:2e:5a:7e:
cd:04:26:a3:0c:6e:95:61:5d:e4:37:23:70:a2:e7:
20:44:00:d0:87:d4:3c:0f:0d:f4:08:ad:b4:01:b1:
d2:4e:1e:59:ef:ef:5a:d7:f0:f5:a2:2f:40:16:22:
96:ae:b5:fd:af:b2:b1:dd:f4:14:31:f9:a2:f1:ae:
cd:cb:b4:a8:c5:ed:b0:34:2a:d5:08:7d:cb:15:6e:
13:31:15:3b:32:a5:98:89:72:6a:b7:a8:ad:39:60:
3b:2d:3c:ff:28:8d:21:93:4e:48:e0:00:c6:da:ad:
52:de:d7:5f:30:ad:a1:19:f6:65:ed:25:b7:4d:25:
b1:c5:71:9c:f2:01:39:6e:b5:5d:38:4b:e7:8f:4b:
7b:a4:08:74:a6:49:b6:53:1c:9a:6b:f6:45:06:9b:
94:6f:d0:60:5d:35:19:d2:fa:d2:cd:f3:56:1a:6d:
0a:09:b0:f1:ff:1e:c0:90:82:33:d8:59:c5:28:ae:
6b:59:b6:ec:2b:7c:5e:db:e5:a8:ba:f8:f3:bb:53:
d8:17:17:8f:68:92:63:3a:e7:6a:24:3f:52:44:a4:
ad:87:66:06:a0:bb:85:cb:aa:bc:42:43:22:4d:8e:
f2:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:94:C5:E7:4C:EC:A4:6B:42:71:57:05:F6:15:7F:FA:4C:B9:11:A6
X509v3 Authority Key Identifier:
keyid:77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2401:df00:1::-2401:df00:2:ffff:ffff:ffff:ffff:ffff
2401:df00:11::-2401:df00:12:ffff:ffff:ffff:ffff:ffff
2401:df00:21::-2401:df00:22:ffff:ffff:ffff:ffff:ffff
2401:df00:31::-2401:df00:32:ffff:ffff:ffff:ffff:ffff
2401:df00:41::-2401:df00:42:ffff:ffff:ffff:ffff:ffff
2401:df00:51::-2401:df00:52:ffff:ffff:ffff:ffff:ffff
2401:df00:61::-2401:df00:62:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
d1:5a:c0:ec:7d:99:30:36:05:27:c4:0b:94:ef:08:00:80:0a:
2a:1b:f9:2f:88:f8:91:3c:41:75:05:c4:e2:23:01:2f:b2:a4:
2a:93:56:db:30:32:47:e3:fd:70:de:8a:c8:29:5d:5b:94:a5:
fa:e8:fc:59:9f:68:fc:21:4b:ba:f7:9f:17:14:d3:7a:5b:85:
ff:9c:c8:1b:ec:56:dc:9c:f6:16:d1:ea:cd:46:2d:f1:c6:66:
09:fb:2d:44:6b:95:31:f7:93:bf:d5:bf:8c:58:9f:26:9b:11:
40:90:5c:f7:b5:b1:78:5d:8e:05:b3:03:ee:65:e2:63:9d:df:
82:a8:ee:90:ca:0e:b6:64:e2:24:cc:a4:35:2b:24:32:6a:70:
e1:c1:9f:3d:b1:8c:67:8e:5e:4f:1c:ea:72:62:41:1b:60:05:
7e:39:b1:f3:2c:2f:64:e3:64:f5:e2:48:bd:ef:58:c4:b8:f4:
60:84:7e:dc:f4:70:da:93:d8:96:9c:aa:55:62:5a:94:c6:40:
1c:9f:24:8e:b4:98:b4:33:7e:c1:fe:e2:73:f3:1f:8c:a9:2a:
a8:51:c8:e2:e9:05:f4:5e:78:26:61:1b:9c:87:44:0e:10:c2:
01:2c:b5:6f:77:18:b5:69:05:6c:d7:89:83:37:dc:5f:05:48:
2b:c5:21:2b
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgICDmcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzJDQzcxMTAvBgNVBAUTKDc3NDg2QjYxMEQzMzNBRUJEQThGMjU1QzUwMTQxMUIw
MUYxOEZGNDkwHhcNMjQwNDIwMTgzNjQ5WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjI0MGI0MS0yNThiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAszvAxDX18znLsWh5rJoo7b3Y6rQ4wKnQjX8uWn7NBCajDG6VYV3kNyNwoucg
RADQh9Q8Dw30CK20AbHSTh5Z7+9a1/D1oi9AFiKWrrX9r7Kx3fQUMfmi8a7Ny7So
xe2wNCrVCH3LFW4TMRU7MqWYiXJqt6itOWA7LTz/KI0hk05I4ADG2q1S3tdfMK2h
GfZl7SW3TSWxxXGc8gE5brVdOEvnj0t7pAh0pkm2Uxyaa/ZFBpuUb9BgXTUZ0vrS
zfNWGm0KCbDx/x7AkIIz2FnFKK5rWbbsK3xe2+Wouvjzu1PYFxePaJJjOudqJD9S
RKSth2YGoLuFy6q8QkMiTY7yrwIDAQABo4IDIDCCAxwwHQYDVR0OBBYEFDGUxedM
7KRrQnFXBfYVf/pMuRGmMB8GA1UdIwQYMBaAFHdIa2ENMzrr2o8lXFAUEbAfGP9J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMkNDNy83OTFDNkEzNDdC
MzgxMUU5QkMwRDNCMzJDNEY5QUUwMi9kMGhyWVEwek91dmFqeVZjVUJRUnNCOFlf
MGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2QwaHJZUTB6T3V2YWp5VmNVQlFSc0I4WV8way5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzJDQzcvNzkxQzZBMzQ3QjM4MTFFOUJDMEQzQjMyQzRGOUFFMDIvM0Y3NjNFNDQw
MTcyMTFFRThCMkJGNjM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgakGCCsGAQUFBwEHAQH/
BIGZMIGWMIGTBAIAAjCBjDASAwcAJAHfAAABAwcAJAHfAAACMBIDBwAkAd8AABED
BwAkAd8AABIwEgMHACQB3wAAIQMHACQB3wAAIjASAwcAJAHfAAAxAwcAJAHfAAAy
MBIDBwAkAd8AAEEDBwAkAd8AAEIwEgMHACQB3wAAUQMHACQB3wAAUjASAwcAJAHf
AABhAwcAJAHfAABiMA0GCSqGSIb3DQEBCwUAA4IBAQDRWsDsfZkwNgUnxAuU7wgA
gAoqG/kviPiRPEF1BcTiIwEvsqQqk1bbMDJH4/1w3orIKV1blKX66PxZn2j8IUu6
958XFNN6W4X/nMgb7FbcnPYW0erNRi3xxmYJ+y1Ea5Ux95O/1b+MWJ8mmxFAkFz3
tbF4XY4FswPuZeJjnd+CqO6Qyg62ZOIkzKQ1KyQyanDhwZ89sYxnjl5PHOpyYkEb
YAV+ObHzLC9k42T14ki971jEuPRghH7c9HDak9iWnKpVYlqUxkAcnySOtJi0M37B
/uJz8x+MqSqoUcji6QX0XngmYRuch0QOEMIBLLVvdxi1aQVs14mDN9xfBUgrxSEr
-----END CERTIFICATE-----
Generated at Tue Apr 30 21:38:05 2024 by rpki-client on console-fra.rpki-client.org