Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
File: 0CE1846A9F5111EA9DED6709C4F9AE02.roa (raw, json)
Hash identifier: rOcch6/zR8ixwQuQFoCNSKb2m0W69HbtR3S/DwLEdGk=
Subject key identifier: B6:F3:A5:F4:82:65:2C:3A:E4:D8:E5:3D:C6:81:04:04:27:C3:AA:66
Certificate issuer: /CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Certificate serial: 1D24
Authority key identifier: F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
Signing time: Tue 06 Feb 2024 16:43:43 +0000
ROA not before: Tue 06 Feb 2024 16:43:43 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 23678
IP address blocks: 27.131.32.0/19 maxlen: 24
43.252.44.0/22 maxlen: 22
43.252.44.0/23 maxlen: 23
43.252.44.0/24 maxlen: 24
43.252.45.0/24 maxlen: 24
43.252.46.0/24 maxlen: 24
43.252.47.0/24 maxlen: 24
103.12.64.0/22 maxlen: 22
103.12.64.0/23 maxlen: 23
103.12.64.0/24 maxlen: 24
103.12.65.0/24 maxlen: 24
103.12.66.0/24 maxlen: 24
103.12.67.0/24 maxlen: 24
103.243.192.0/24 maxlen: 24
103.243.193.0/24 maxlen: 24
103.243.194.0/24 maxlen: 24
122.0.16.0/20 maxlen: 24
150.107.156.0/24 maxlen: 24
150.107.157.0/24 maxlen: 24
150.107.158.0/24 maxlen: 24
150.107.159.0/24 maxlen: 24
202.133.96.0/20 maxlen: 24
2405:6400::/32 maxlen: 36
2405:6400::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 May 2024 14:50:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7460 (0x1d24)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Validity
Not Before: Feb 6 16:43:43 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65c261bf-09a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:72:11:a8:ec:41:b7:80:7c:57:91:6e:4a:69:
3b:de:ef:8b:18:72:b3:05:b7:1b:a5:a2:32:0b:f1:
38:cb:7e:7b:01:cb:27:68:d8:49:3f:a6:6a:5f:ae:
b7:93:f9:c0:e2:c7:90:8e:53:c1:62:c6:ff:3d:00:
d2:32:55:5b:93:cf:2b:c9:2d:20:f7:0f:90:be:53:
66:a7:b5:51:b3:97:89:b0:d4:c4:2b:54:c4:ee:d2:
58:ec:56:17:08:a8:30:1e:78:d4:40:13:e5:b9:8a:
2c:4d:f3:b6:d1:cc:f3:1b:14:5e:f5:42:47:f7:36:
10:fd:d1:21:d5:c4:b1:06:ca:98:41:1a:61:62:9d:
53:bf:06:2d:3b:1b:c3:d6:cb:90:d4:eb:8d:77:01:
11:0f:6e:83:d9:ff:d2:e4:81:fd:8d:fd:b3:8f:40:
c0:71:14:5d:c4:26:ed:d4:0d:94:ca:7c:0d:75:e0:
f5:1c:bf:29:e1:e6:62:01:b8:23:9f:dd:74:9f:5b:
8e:8c:f5:3a:63:e7:84:28:ad:91:b4:6f:8e:37:1c:
83:a0:a4:59:bc:62:10:db:a7:d9:fd:36:02:81:a0:
76:b1:78:36:58:95:12:5d:2f:e9:80:7b:90:65:6b:
99:8f:8f:25:77:80:05:97:65:07:9a:e0:be:38:25:
46:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:F3:A5:F4:82:65:2C:3A:E4:D8:E5:3D:C6:81:04:04:27:C3:AA:66
X509v3 Authority Key Identifier:
keyid:F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/0CE1846A9F5111EA9DED6709C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.131.32.0/19
43.252.44.0/22
103.12.64.0/22
103.243.192.0-103.243.194.255
122.0.16.0/20
150.107.156.0/22
202.133.96.0/20
IPv6:
2405:6400::/32
Signature Algorithm: sha256WithRSAEncryption
36:bb:77:8d:3a:5c:bd:6b:3f:11:4a:a1:48:bc:22:3f:11:bd:
73:52:ed:42:ae:c6:77:3b:4b:77:4f:f6:6d:e5:b7:dc:c3:46:
dd:7d:3c:74:75:fb:d8:1b:f6:17:e0:6b:57:eb:68:60:9b:bf:
ce:61:fa:27:1a:9b:74:5a:5d:04:77:0d:a1:6f:32:63:b2:07:
a8:a4:a6:38:25:8d:5e:10:aa:b5:7e:c2:28:65:5b:15:9c:31:
c2:6b:a7:1f:4b:45:9b:47:18:c9:56:d9:66:b0:a7:3a:d5:1b:
c8:18:9e:74:52:0f:89:f0:7d:59:89:a8:1c:b1:6d:fc:ad:db:
2b:87:31:0f:16:9f:5b:b6:a0:da:58:de:7a:64:f4:d9:15:7e:
2c:8d:96:15:16:ab:e6:c0:91:2a:6a:c0:b8:16:4e:b6:0d:99:
4e:8b:3d:63:b6:d3:69:d4:d0:0d:34:d1:c4:61:e5:e7:b5:0d:
85:23:25:e2:ed:8a:ff:cd:5f:2d:1d:d2:9c:34:52:04:8a:fe:
e1:91:21:4f:d5:aa:1c:5e:cd:9d:22:5f:6d:3e:78:4e:96:2a:
78:69:1c:b2:6f:e0:75:56:a2:dd:30:b2:11:42:ea:8b:e4:d9:
10:cd:0b:15:60:88:5d:a7:a5:2c:44:3e:b6:4d:e4:2b:21:da:
a8:9e:cb:f6
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgICHSQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM0NkExMTAvBgNVBAUTKEY4RDRBNjMyRDA2OTk2NEM2MUEzM0U0MUQ2MjQzRDUz
NUIwMDdENTQwHhcNMjQwMjA2MTY0MzQzWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWMyNjFiZi0wOWEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs3IRqOxBt4B8V5FuSmk73u+LGHKzBbcbpaIyC/E4y357AcsnaNhJP6ZqX663
k/nA4seQjlPBYsb/PQDSMlVbk88ryS0g9w+QvlNmp7VRs5eJsNTEK1TE7tJY7FYX
CKgwHnjUQBPluYosTfO20czzGxRe9UJH9zYQ/dEh1cSxBsqYQRphYp1TvwYtOxvD
1suQ1OuNdwERD26D2f/S5IH9jf2zj0DAcRRdxCbt1A2UynwNdeD1HL8p4eZiAbgj
n910n1uOjPU6Y+eEKK2RtG+ONxyDoKRZvGIQ26fZ/TYCgaB2sXg2WJUSXS/pgHuQ
ZWuZj48ld4AFl2UHmuC+OCVGLQIDAQABo4IC0DCCAswwHQYDVR0OBBYEFLbzpfSC
ZSw65NjlPcaBBAQnw6pmMB8GA1UdIwQYMBaAFPjUpjLQaZZMYaM+QdYkPVNbAH1U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzQ2QS8wMDUwMDE2NDk0
MzIxMUU2OEMxQjgyNEFDNEY5QUUwMi8tTlNtTXRCcGxreGhvejVCMWlROVUxc0Fm
VlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1OU21NdEJwbGt4aG96NUIxaVE5VTFzQWZWUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM0NkEvMDA1MDAxNjQ5NDMyMTFFNjhDMUI4MjRBQzRGOUFFMDIvMENFMTg0NkE5
RjUxMTFFQTlERUQ2NzA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWgYIKwYBBQUHAQcBAf8E
SzBJMDgEAgABMDIDBAUbgyADBAIr/CwDBAJnDEAwDAMEBmfzwAMEAGfzwgMEBHoA
EAMEApZrnAMEBMqFYDANBAIAAjAHAwUAJAVkADANBgkqhkiG9w0BAQsFAAOCAQEA
Nrt3jTpcvWs/EUqhSLwiPxG9c1LtQq7GdztLd0/2beW33MNG3X08dHX72Bv2F+Br
V+toYJu/zmH6JxqbdFpdBHcNoW8yY7IHqKSmOCWNXhCqtX7CKGVbFZwxwmunH0tF
m0cYyVbZZrCnOtUbyBiedFIPifB9WYmoHLFt/K3bK4cxDxafW7ag2ljeemT02RV+
LI2WFRar5sCRKmrAuBZOtg2ZTos9Y7bTadTQDTTRxGHl57UNhSMl4u2K/81fLR3S
nDRSBIr+4ZEhT9WqHF7NnSJfbT54TpYqeGkcsm/gdVai3TCyEULqi+TZEM0LFWCI
XaelLEQ+tk3kKyHaqJ7L9g==
-----END CERTIFICATE-----
Generated at Sat May 18 16:57:54 2024 by rpki-client on console-fra.rpki-client.org