Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
File: 0CE1846A9F5111EA9DED6709C4F9AE02.roa (raw, json)
Hash identifier: B/bCJO6T7u46j6kLkR9XNeEfqPoDNHNxyEx5pB7FwHs=
Subject key identifier: B9:12:C6:BE:6D:31:A3:9D:9A:52:FB:24:F0:AF:2E:1E:B3:D7:CD:DE
Certificate issuer: /CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Certificate serial: 1D65
Authority key identifier: F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
Signing time: Tue 04 Jun 2024 10:40:11 +0000
ROA not before: Tue 04 Jun 2024 10:40:11 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 23678
IP address blocks: 27.131.32.0/19 maxlen: 24
43.252.44.0/22 maxlen: 22
43.252.44.0/23 maxlen: 23
43.252.44.0/24 maxlen: 24
43.252.45.0/24 maxlen: 24
43.252.46.0/24 maxlen: 24
43.252.47.0/24 maxlen: 24
103.12.64.0/22 maxlen: 22
103.12.64.0/23 maxlen: 23
103.12.64.0/24 maxlen: 24
103.12.65.0/24 maxlen: 24
103.12.66.0/24 maxlen: 24
103.12.67.0/24 maxlen: 24
103.243.192.0/22 maxlen: 22
103.243.192.0/24 maxlen: 24
103.243.193.0/24 maxlen: 24
103.243.194.0/24 maxlen: 24
122.0.16.0/20 maxlen: 24
150.107.156.0/22 maxlen: 22
150.107.156.0/24 maxlen: 24
150.107.157.0/24 maxlen: 24
150.107.158.0/24 maxlen: 24
150.107.159.0/24 maxlen: 24
202.133.96.0/20 maxlen: 24
2405:6400::/32 maxlen: 36
2405:6400::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 16:08:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7525 (0x1d65)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Validity
Not Before: Jun 4 10:40:11 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=665eef0b-48e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:50:c6:87:63:ea:cb:17:5e:9e:7e:7f:08:14:
13:72:e9:8e:aa:e5:56:74:5b:27:f2:72:50:a8:e0:
88:66:8f:2c:86:61:cd:c6:49:48:f3:79:7b:92:b8:
c3:bb:88:12:d6:13:71:53:ea:a0:71:44:30:79:c5:
b5:3e:2d:e5:ee:49:ca:ff:0d:24:cf:ec:30:f9:8c:
38:cb:f6:d2:67:8f:2d:37:3a:b1:e6:cf:f9:d3:ca:
e3:83:21:06:fd:12:3a:d0:bb:8b:85:57:c0:77:9b:
34:92:f9:f4:63:8a:5e:4a:1d:39:c0:0b:61:26:a9:
24:ba:ee:94:9b:c7:96:2e:3d:16:f5:12:31:6f:dc:
16:9f:30:fd:0f:5c:73:83:ff:2b:11:68:4f:4a:31:
5d:6f:d4:05:45:72:15:50:f4:c4:a6:28:bf:97:36:
0f:f1:32:05:80:4d:79:e1:0d:df:73:58:a8:9a:cf:
4c:aa:e5:4b:87:74:58:77:20:5d:30:de:37:11:7d:
bb:18:c4:f1:21:78:7a:77:72:af:58:32:1d:3f:38:
28:fa:46:44:81:34:db:23:07:16:4e:da:d9:d6:dc:
2d:dd:13:b2:51:6f:ce:1b:71:ce:7c:2a:8d:aa:ea:
93:43:2b:16:11:df:9c:40:6c:c9:b9:81:3a:31:aa:
ff:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:12:C6:BE:6D:31:A3:9D:9A:52:FB:24:F0:AF:2E:1E:B3:D7:CD:DE
X509v3 Authority Key Identifier:
keyid:F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.131.32.0/19
43.252.44.0/22
103.12.64.0/22
103.243.192.0/22
122.0.16.0/20
150.107.156.0/22
202.133.96.0/20
IPv6:
2405:6400::/32
Signature Algorithm: sha256WithRSAEncryption
8b:f1:40:a9:82:2f:20:88:5b:9c:f2:f8:1a:48:b4:ae:c4:99:
54:ab:f6:0e:62:d1:64:48:7c:12:3c:36:97:1b:e6:9e:be:4c:
42:22:48:08:6d:fe:c4:b8:06:d3:90:af:64:5d:35:a9:1c:59:
7b:81:f6:b1:6c:2e:15:58:ae:d5:c8:fb:89:ce:4a:0f:bd:35:
7a:9e:a7:b6:06:13:2d:d8:62:6a:d6:79:cf:1f:af:2d:d7:54:
56:d5:84:8b:bd:bc:7a:0d:08:fd:8b:a7:9d:4e:25:c5:93:bf:
c1:c1:9c:78:1e:3e:89:18:61:d8:e4:db:f6:9e:1e:11:e1:cc:
e1:4a:36:6a:3e:f1:78:d1:6f:cf:75:06:51:97:e3:e2:4a:56:
3d:cf:bb:98:60:fe:b0:0f:37:20:f7:04:25:3e:47:bd:74:88:
3e:08:e0:c4:49:9a:b2:4f:56:61:55:a7:ca:eb:71:3a:a8:44:
db:4f:14:ce:60:b0:a5:b4:11:f3:18:77:9d:2b:21:bb:47:d4:
da:ad:30:4e:e7:3d:31:80:a1:d3:10:b7:26:74:77:aa:8b:a4:
be:12:52:e9:76:a3:a6:ac:f4:bb:96:1e:7c:8a:03:38:4e:60:
19:6d:4a:a1:5a:66:ec:94:40:42:f7:98:b6:98:e7:38:c1:24:
cb:44:4c:c7
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICHWUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM0NkExMTAvBgNVBAUTKEY4RDRBNjMyRDA2OTk2NEM2MUEzM0U0MUQ2MjQzRDUz
NUIwMDdENTQwHhcNMjQwNjA0MTA0MDExWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVlZWYwYi00OGU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA11DGh2Pqyxdenn5/CBQTcumOquVWdFsn8nJQqOCIZo8shmHNxklI83l7krjD
u4gS1hNxU+qgcUQwecW1Pi3l7knK/w0kz+ww+Yw4y/bSZ48tNzqx5s/508rjgyEG
/RI60LuLhVfAd5s0kvn0Y4peSh05wAthJqkkuu6Um8eWLj0W9RIxb9wWnzD9D1xz
g/8rEWhPSjFdb9QFRXIVUPTEpii/lzYP8TIFgE154Q3fc1ioms9MquVLh3RYdyBd
MN43EX27GMTxIXh6d3KvWDIdPzgo+kZEgTTbIwcWTtrZ1twt3ROyUW/OG3HOfCqN
quqTQysWEd+cQGzJuYE6Mar/WwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFLkSxr5t
MaOdmlL7JPCvLh6z183eMB8GA1UdIwQYMBaAFPjUpjLQaZZMYaM+QdYkPVNbAH1U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzQ2QS8wMDUwMDE2NDk0
MzIxMUU2OEMxQjgyNEFDNEY5QUUwMi8tTlNtTXRCcGxreGhvejVCMWlROVUxc0Fm
VlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1OU21NdEJwbGt4aG96NUIxaVE5VTFzQWZWUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM0NkEvMDA1MDAxNjQ5NDMyMTFFNjhDMUI4MjRBQzRGOUFFMDIvMENFMTg0NkE5
RjUxMTFFQTlERUQ2NzA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMDAEAgABMCoDBAUbgyADBAIr/CwDBAJnDEADBAJn88ADBAR6ABADBAKWa5wD
BATKhWAwDQQCAAIwBwMFACQFZAAwDQYJKoZIhvcNAQELBQADggEBAIvxQKmCLyCI
W5zy+BpItK7EmVSr9g5i0WRIfBI8Npcb5p6+TEIiSAht/sS4BtOQr2RdNakcWXuB
9rFsLhVYrtXI+4nOSg+9NXqep7YGEy3YYmrWec8fry3XVFbVhIu9vHoNCP2Lp51O
JcWTv8HBnHgePokYYdjk2/aeHhHhzOFKNmo+8XjRb891BlGX4+JKVj3Pu5hg/rAP
NyD3BCU+R710iD4I4MRJmrJPVmFVp8rrcTqoRNtPFM5gsKW0EfMYd50rIbtH1Nqt
ME7nPTGAodMQtyZ0d6qLpL4SUul2o6as9LuWHnyKAzhOYBltSqFaZuyUQEL3mLaY
5zjBJMtETMc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:56:21 2024 by rpki-client on console-fra.rpki-client.org