Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/665751CE169B11ECB2AD5F80C4F9AE02.roa
File: 665751CE169B11ECB2AD5F80C4F9AE02.roa (raw, json)
Hash identifier: x50EXoRMcbgUsPqht4MqNyeMvFs8BpjXJn0McQSK97g=
Subject key identifier: AF:9D:70:17:E5:26:A5:DB:33:99:41:47:56:BE:77:14:A5:96:BD:DB
Certificate issuer: /CN=A91CE558/serialNumber=B36B971724A3BABD890B754598933720F972FEAF
Certificate serial: 09F9
Authority key identifier: B3:6B:97:17:24:A3:BA:BD:89:0B:75:45:98:93:37:20:F9:72:FE:AF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s2uXFySjur2JC3VFmJM3IPly_q8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/665751CE169B11ECB2AD5F80C4F9AE02.roa
Signing time: Mon 08 Jan 2024 06:57:51 +0000
ROA not before: Mon 08 Jan 2024 06:57:51 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 17819
IP address blocks: 27.111.240.0/20 maxlen: 20
101.97.32.0/23 maxlen: 23
101.97.33.0/24 maxlen: 24
101.97.34.0/23 maxlen: 23
101.97.37.0/24 maxlen: 24
101.97.38.0/23 maxlen: 23
101.97.38.0/24 maxlen: 24
101.97.52.0/23 maxlen: 23
101.97.54.0/23 maxlen: 23
101.97.56.0/22 maxlen: 22
103.13.68.0/22 maxlen: 22
180.189.16.0/22 maxlen: 22
180.189.24.0/21 maxlen: 21
183.177.52.0/22 maxlen: 22
202.177.208.0/22 maxlen: 22
202.177.208.0/24 maxlen: 24
202.177.212.0/22 maxlen: 22
202.177.216.0/24 maxlen: 24
202.177.217.0/24 maxlen: 24
202.177.218.0/23 maxlen: 23
202.177.219.0/24 maxlen: 24
202.177.220.0/23 maxlen: 23
202.177.221.0/24 maxlen: 24
202.177.222.0/23 maxlen: 23
2404:4f00::/32 maxlen: 32
2404:4f00::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/s2uXFySjur2JC3VFmJM3IPly_q8.crl
rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/s2uXFySjur2JC3VFmJM3IPly_q8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s2uXFySjur2JC3VFmJM3IPly_q8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 21 May 2024 20:34:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2553 (0x9f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE558/serialNumber=B36B971724A3BABD890B754598933720F972FEAF
Validity
Not Before: Jan 8 06:57:51 2024 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=659b9cef-a116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d3:bf:02:20:79:32:b8:f7:a9:a7:55:28:a7:
62:a1:0a:aa:87:a0:c3:51:60:cb:a1:99:fe:0f:db:
67:41:87:b0:19:c8:d5:5e:6e:f6:87:50:e8:02:66:
5d:6d:78:f3:24:de:38:b7:69:11:79:8b:85:bf:d4:
66:87:ae:47:79:ef:b1:9c:b2:41:6e:4e:ae:9b:94:
17:67:17:82:1e:63:c1:07:45:9c:8e:72:bd:f5:cb:
94:f6:22:18:76:ba:d4:4f:72:a8:cd:b7:7d:40:67:
cc:c8:72:5e:e0:47:23:27:91:ef:32:36:7b:df:5b:
34:a2:9a:5b:0c:30:b6:a8:8e:a0:83:db:2e:9a:5a:
e9:4d:a3:ea:23:76:00:dc:4b:a7:93:ca:71:4c:a7:
8f:b5:e5:e0:45:9e:75:1c:e2:7a:3d:52:e0:dc:f5:
4e:a4:05:28:48:df:2d:95:e2:18:92:0a:8d:93:20:
ed:0d:78:c4:a4:07:dc:cd:04:20:03:7d:62:d4:8c:
fc:d0:e9:81:89:d5:3a:3f:a6:6f:63:81:40:10:93:
66:e1:55:a6:a7:25:78:d1:6e:9b:0c:85:da:61:4e:
69:e2:37:cf:a8:24:4f:f3:77:28:2d:a2:97:af:a2:
4a:25:e5:62:ff:a1:6f:5b:ba:2a:78:29:e4:ee:0c:
d4:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:9D:70:17:E5:26:A5:DB:33:99:41:47:56:BE:77:14:A5:96:BD:DB
X509v3 Authority Key Identifier:
keyid:B3:6B:97:17:24:A3:BA:BD:89:0B:75:45:98:93:37:20:F9:72:FE:AF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/s2uXFySjur2JC3VFmJM3IPly_q8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s2uXFySjur2JC3VFmJM3IPly_q8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/665751CE169B11ECB2AD5F80C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.111.240.0/20
101.97.32.0/22
101.97.37.0-101.97.39.255
101.97.52.0-101.97.59.255
103.13.68.0/22
180.189.16.0/22
180.189.24.0/21
183.177.52.0/22
202.177.208.0/20
IPv6:
2404:4f00::/32
Signature Algorithm: sha256WithRSAEncryption
72:75:45:ee:6a:81:8b:8a:ad:64:dd:92:15:8f:c3:7b:70:64:
09:7c:f4:2d:84:cb:31:f5:81:44:48:cd:d5:20:73:e4:99:f1:
4d:23:f1:e5:c3:c4:a8:88:0c:cf:7b:9b:95:15:da:43:c1:d9:
98:3e:e7:a9:31:bc:d7:e7:7f:2d:7d:88:b6:0f:0c:ca:ba:5b:
41:ae:52:c7:c8:37:f4:28:5e:30:65:e7:14:c0:59:00:16:67:
3f:81:b6:83:f0:ce:9d:cd:a0:8a:ee:91:8b:5d:c7:0c:52:bb:
46:51:55:35:9b:87:62:08:85:b4:63:63:e4:32:98:91:ef:53:
87:f8:a8:9d:ce:10:d2:fd:4e:75:a6:35:6f:fa:c3:23:39:3d:
65:1a:84:35:73:1d:65:59:cb:dd:06:5b:99:97:b7:fe:db:a3:
3a:ae:a0:e5:19:f6:63:0b:c7:53:bd:8e:12:c7:85:f6:9d:71:
c3:61:97:f6:0b:20:6e:7e:f4:5a:8f:33:1e:69:8b:c0:b9:67:
85:33:f6:dd:aa:71:a9:b3:9a:55:b4:77:1c:0a:a4:f9:93:e6:
dd:a6:76:c0:39:c0:15:d8:92:89:b5:9a:f3:88:07:a7:72:9f:
96:dd:c2:09:1c:56:e2:a3:e5:df:fb:d4:af:f1:14:c1:33:66:
ee:37:b3:af
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgICCfkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U1NTgxMTAvBgNVBAUTKEIzNkI5NzE3MjRBM0JBQkQ4OTBCNzU0NTk4OTMzNzIw
Rjk3MkZFQUYwHhcNMjQwMTA4MDY1NzUxWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTliOWNlZi1hMTE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1NO/AiB5Mrj3qadVKKdioQqqh6DDUWDLoZn+D9tnQYewGcjVXm72h1DoAmZd
bXjzJN44t2kReYuFv9Rmh65Hee+xnLJBbk6um5QXZxeCHmPBB0WcjnK99cuU9iIY
drrUT3Kozbd9QGfMyHJe4EcjJ5HvMjZ731s0oppbDDC2qI6gg9sumlrpTaPqI3YA
3Eunk8pxTKePteXgRZ51HOJ6PVLg3PVOpAUoSN8tleIYkgqNkyDtDXjEpAfczQQg
A31i1Iz80OmBidU6P6ZvY4FAEJNm4VWmpyV40W6bDIXaYU5p4jfPqCRP83coLaKX
r6JKJeVi/6FvW7oqeCnk7gzUmQIDAQABo4IC5DCCAuAwHQYDVR0OBBYEFK+dcBfl
JqXbM5lBR1a+dxSllr3bMB8GA1UdIwQYMBaAFLNrlxcko7q9iQt1RZiTNyD5cv6v
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTU1OC8zREYxNEYwODUz
OTQxMUVBQkY2QjRGNUZDNEY5QUUwMi9zMnVYRnlTanVyMkpDM1ZGbUpNM0lQbHlf
cTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3MydVhGeVNqdXIySkMzVkZtSk0zSVBseV9xOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U1NTgvM0RGMTRGMDg1Mzk0MTFFQUJGNkI0RjVGQzRGOUFFMDIvNjY1NzUxQ0Ux
NjlCMTFFQ0IyQUQ1RjgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbgYIKwYBBQUHAQcBAf8E
XzBdMEwEAgABMEYDBAQbb/ADBAJlYSAwDAMEAGVhJQMEA2VhIDAMAwQCZWE0AwQC
ZWE4AwQCZw1EAwQCtL0QAwQDtL0YAwQCt7E0AwQEyrHQMA0EAgACMAcDBQAkBE8A
MA0GCSqGSIb3DQEBCwUAA4IBAQBydUXuaoGLiq1k3ZIVj8N7cGQJfPQthMsx9YFE
SM3VIHPkmfFNI/Hlw8SoiAzPe5uVFdpDwdmYPuepMbzX538tfYi2DwzKultBrlLH
yDf0KF4wZecUwFkAFmc/gbaD8M6dzaCK7pGLXccMUrtGUVU1m4diCIW0Y2PkMpiR
71OH+KidzhDS/U51pjVv+sMjOT1lGoQ1cx1lWcvdBluZl7f+26M6rqDlGfZjC8dT
vY4Sx4X2nXHDYZf2CyBufvRajzMeaYvAuWeFM/bdqnGps5pVtHccCqT5k+bdpnbA
OcAV2JKJtZrziAencp+W3cIJHFbio+Xf+9Sv8RTBM2buN7Ov
-----END CERTIFICATE-----
Generated at Tue May 14 21:36:57 2024 by rpki-client on console-fra.rpki-client.org