Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/EEDE81122E1F11EBB84D5E5BC4F9AE02.roa
File: EEDE81122E1F11EBB84D5E5BC4F9AE02.roa (raw, json)
Hash identifier: S0cZ3UCYU+mid6af6GRVdhGlHRTv/LuOF/lRxv7Qj2c=
Subject key identifier: 71:BB:4A:FE:B3:33:9C:2D:1B:1A:A0:FB:56:AB:9B:80:F0:5E:51:86
Certificate issuer: /CN=A91CEBCA/serialNumber=FE826EE9BC12DAAD3B197471B0413F1EB2082635
Certificate serial: 33C2
Authority key identifier: FE:82:6E:E9:BC:12:DA:AD:3B:19:74:71:B0:41:3F:1E:B2:08:26:35
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/EEDE81122E1F11EBB84D5E5BC4F9AE02.roa
Signing time: Mon 08 Apr 2024 14:50:32 +0000
ROA not before: Mon 08 Apr 2024 14:50:32 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 17666
IP address blocks: 43.246.164.0/24 maxlen: 24
43.246.166.0/24 maxlen: 24
43.246.167.0/24 maxlen: 24
103.35.136.0/22 maxlen: 24
111.67.32.0/24 maxlen: 24
111.67.33.0/24 maxlen: 24
111.67.34.0/24 maxlen: 24
111.67.35.0/24 maxlen: 24
111.67.38.0/24 maxlen: 24
111.67.39.0/24 maxlen: 24
111.67.42.0/24 maxlen: 24
111.67.43.0/24 maxlen: 24
111.67.44.0/24 maxlen: 24
111.67.45.0/24 maxlen: 24
111.67.46.0/24 maxlen: 24
111.67.47.0/24 maxlen: 24
202.9.96.0/22 maxlen: 22
202.9.100.0/24 maxlen: 24
202.9.101.0/24 maxlen: 24
202.9.102.0/24 maxlen: 24
202.9.103.0/24 maxlen: 24
202.9.104.0/23 maxlen: 24
202.9.106.0/24 maxlen: 24
202.9.107.0/24 maxlen: 24
202.87.96.0/24 maxlen: 24
202.87.97.0/24 maxlen: 24
202.87.98.0/24 maxlen: 24
202.87.99.0/24 maxlen: 24
202.87.100.0/22 maxlen: 22
202.87.100.0/24 maxlen: 24
202.87.101.0/24 maxlen: 24
202.87.102.0/24 maxlen: 24
202.87.103.0/24 maxlen: 24
202.87.104.0/24 maxlen: 24
202.87.105.0/24 maxlen: 24
202.87.106.0/24 maxlen: 24
202.87.107.0/24 maxlen: 24
202.87.108.0/24 maxlen: 24
202.87.109.0/24 maxlen: 24
202.87.110.0/24 maxlen: 24
202.87.111.0/24 maxlen: 24
202.87.112.0/24 maxlen: 24
202.87.113.0/24 maxlen: 24
202.87.114.0/24 maxlen: 24
202.87.115.0/24 maxlen: 24
202.87.116.0/24 maxlen: 24
202.87.117.0/24 maxlen: 24
202.87.118.0/24 maxlen: 24
202.87.119.0/24 maxlen: 24
202.87.120.0/24 maxlen: 24
202.87.121.0/24 maxlen: 24
202.87.122.0/24 maxlen: 24
202.87.123.0/24 maxlen: 24
202.87.124.0/24 maxlen: 24
202.87.125.0/24 maxlen: 24
202.87.126.0/24 maxlen: 24
202.87.127.0/24 maxlen: 24
2401:200::/32 maxlen: 32
2401:200::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.crl
rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 23 May 2024 14:33:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13250 (0x33c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CEBCA/serialNumber=FE826EE9BC12DAAD3B197471B0413F1EB2082635
Validity
Not Before: Apr 8 14:50:32 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=66140438-7d32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:c2:b4:cf:f0:cf:92:7f:3a:f3:97:57:ca:9e:
36:a5:b3:dd:93:90:75:6a:2c:7d:77:80:c1:50:8a:
4d:54:af:7a:22:67:ee:79:04:96:80:74:c6:f3:c1:
8a:78:ce:a6:63:ee:3d:3e:ea:bc:d3:33:c5:ba:ab:
f9:2a:57:38:7c:a9:5b:f6:21:e2:73:86:8a:66:9f:
59:26:47:52:cc:9e:69:d6:0a:23:7b:1e:93:be:bd:
9b:70:59:ee:1a:81:24:8c:07:22:1a:b1:d4:15:79:
d9:c1:5c:4a:97:44:06:d2:da:85:de:ad:da:ed:84:
6d:c3:2e:82:2a:a5:18:ea:da:59:12:b2:98:97:00:
97:8e:9b:9a:d9:d8:b9:21:f0:3f:45:9e:bd:b5:0d:
43:c5:61:76:3f:4a:69:6d:1e:d1:f6:2c:80:54:a8:
48:cf:97:7d:fe:e5:c0:74:00:9f:cc:29:67:fb:a3:
fb:0b:dd:87:87:b7:47:56:c6:2a:4e:40:b9:51:ce:
a6:51:86:d5:51:bf:08:68:37:5b:10:1c:5e:af:bf:
3f:e6:3e:97:1e:c0:aa:4f:17:2c:64:c6:02:d5:1d:
a6:93:12:3b:6d:8f:4e:7c:f9:b9:2a:bb:c1:70:e3:
e1:df:1b:e4:a7:31:b3:f1:1d:46:e9:a0:ef:b9:00:
32:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:BB:4A:FE:B3:33:9C:2D:1B:1A:A0:FB:56:AB:9B:80:F0:5E:51:86
X509v3 Authority Key Identifier:
keyid:FE:82:6E:E9:BC:12:DA:AD:3B:19:74:71:B0:41:3F:1E:B2:08:26:35
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/_oJu6bwS2q07GXRxsEE_HrIIJjU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_oJu6bwS2q07GXRxsEE_HrIIJjU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEBCA/B588B4A61D8811E28CAE8FE108B02CD2/EEDE81122E1F11EBB84D5E5BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.246.164.0/24
43.246.166.0/23
103.35.136.0/22
111.67.32.0/22
111.67.38.0/23
111.67.42.0-111.67.47.255
202.9.96.0-202.9.107.255
202.87.96.0/19
IPv6:
2401:200::/32
Signature Algorithm: sha256WithRSAEncryption
9f:d1:fb:81:c7:cd:d7:4a:e5:a8:b8:95:56:b5:28:48:30:45:
a6:d4:50:ea:3d:02:28:41:03:d2:23:0d:08:7d:82:fa:ae:30:
3e:53:7c:69:80:29:64:83:92:4e:8a:ae:cc:fa:c6:2a:a7:13:
e1:ce:c6:3a:d2:73:37:6d:c6:0c:e4:0a:57:53:b5:0a:cc:b7:
5f:28:aa:bf:ef:c8:94:72:b0:0d:12:e0:e6:82:c0:3e:06:d2:
d5:e9:fb:4f:c8:c5:67:6b:39:52:85:72:fd:96:79:5e:c7:b9:
c2:99:17:80:6e:53:d8:25:a3:ab:36:dd:57:be:29:28:0e:46:
9c:72:cb:9e:e7:4b:a4:b2:44:61:08:c4:8c:34:02:82:9e:bf:
f0:f0:e2:f7:c6:b5:7c:f6:e8:b3:44:c2:19:b2:b1:f8:01:d0:
d8:66:cf:d4:ec:52:e1:3d:fa:da:e9:3d:75:6c:f6:2a:28:7e:
8a:41:f6:56:cc:a8:ea:04:2d:22:76:76:43:d6:bd:fb:e4:a1:
09:f7:41:e4:e6:03:f6:1a:e8:a6:be:7b:be:2e:63:8d:2e:fa:
a5:75:df:ad:0b:e2:a1:4d:f6:64:b0:95:de:d4:94:e3:e2:fa:
cc:79:50:24:f0:33:13:73:9f:c0:b3:3c:77:17:61:43:de:37:
43:57:be:c7
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgICM8IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0VCQ0ExMTAvBgNVBAUTKEZFODI2RUU5QkMxMkRBQUQzQjE5NzQ3MUIwNDEzRjFF
QjIwODI2MzUwHhcNMjQwNDA4MTQ1MDMyWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjE0MDQzOC03ZDMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2cK0z/DPkn8685dXyp42pbPdk5B1aix9d4DBUIpNVK96ImfueQSWgHTG88GK
eM6mY+49Puq80zPFuqv5Klc4fKlb9iHic4aKZp9ZJkdSzJ5p1gojex6Tvr2bcFnu
GoEkjAciGrHUFXnZwVxKl0QG0tqF3q3a7YRtwy6CKqUY6tpZErKYlwCXjpua2di5
IfA/RZ69tQ1DxWF2P0ppbR7R9iyAVKhIz5d9/uXAdACfzCln+6P7C92Hh7dHVsYq
TkC5Uc6mUYbVUb8IaDdbEBxer78/5j6XHsCqTxcsZMYC1R2mkxI7bY9OfPm5KrvB
cOPh3xvkpzGz8R1G6aDvuQAyBwIDAQABo4IC3jCCAtowHQYDVR0OBBYEFHG7Sv6z
M5wtGxqg+1arm4DwXlGGMB8GA1UdIwQYMBaAFP6Cbum8EtqtOxl0cbBBPx6yCCY1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRUJDQS9CNTg4QjRBNjFE
ODgxMUUyOENBRThGRTEwOEIwMkNEMi9fb0p1NmJ3UzJxMDdHWFJ4c0VFX0hySUlK
alUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19vSnU2YndTMnEwN0dYUnhzRUVfSHJJSUpqVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0VCQ0EvQjU4OEI0QTYxRDg4MTFFMjhDQUU4RkUxMDhCMDJDRDIvRUVERTgxMTIy
RTFGMTFFQkI4NEQ1RTVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwaAYIKwYBBQUHAQcBAf8E
WTBXMEYEAgABMEADBAAr9qQDBAEr9qYDBAJnI4gDBAJvQyADBAFvQyYwDAMEAW9D
KgMEBG9DIDAMAwQFyglgAwQCygloAwQFyldgMA0EAgACMAcDBQAkAQIAMA0GCSqG
SIb3DQEBCwUAA4IBAQCf0fuBx83XSuWouJVWtShIMEWm1FDqPQIoQQPSIw0IfYL6
rjA+U3xpgClkg5JOiq7M+sYqpxPhzsY60nM3bcYM5ApXU7UKzLdfKKq/78iUcrAN
EuDmgsA+BtLV6ftPyMVnazlShXL9lnlex7nCmReAblPYJaOrNt1XvikoDkaccsue
50ukskRhCMSMNAKCnr/w8OL3xrV89uizRMIZsrH4AdDYZs/U7FLhPfra6T11bPYq
KH6KQfZWzKjqBC0idnZD1r375KEJ90Hk5gP2Guimvnu+LmONLvqldd+tC+KhTfZk
sJXe1JTj4vrMeVAk8DMTc5/Aszx3F2FD3jdDV77H
-----END CERTIFICATE-----
Generated at Thu May 16 16:14:59 2024 by rpki-client on console-fra.rpki-client.org