Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/8CD3563C9B8311EC9ABB0A40C4F9AE02.roa
File: 8CD3563C9B8311EC9ABB0A40C4F9AE02.roa (raw, json)
Hash identifier: BcQipEJLw413YV8cLD6RtcHTePVRPNOQ114pN4ttsBQ=
Subject key identifier: 26:4F:C7:5F:05:C8:96:C1:8A:92:7A:8C:E6:FA:D4:51:25:EF:F6:83
Certificate issuer: /CN=A91EA198/serialNumber=9E1C3531D0045EA389B68CFF9286A08FBCBBD8BD
Certificate serial: 1DBB
Authority key identifier: 9E:1C:35:31:D0:04:5E:A3:89:B6:8C:FF:92:86:A0:8F:BC:BB:D8:BD
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nhw1MdAEXqOJtoz_koagj7y72L0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/8CD3563C9B8311EC9ABB0A40C4F9AE02.roa
Signing time: Mon 29 Jan 2024 16:26:01 +0000
ROA not before: Mon 29 Jan 2024 16:26:01 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 45102
IP address blocks: 14.1.112.0/22 maxlen: 24
43.0.0.0/9 maxlen: 15
43.91.0.0/16 maxlen: 24
43.96.0.0/16 maxlen: 24
43.97.0.0/16 maxlen: 24
43.98.0.0/16 maxlen: 24
43.99.0.0/16 maxlen: 24
43.100.0.0/16 maxlen: 24
43.101.0.0/16 maxlen: 24
43.102.0.0/16 maxlen: 24
43.103.0.0/16 maxlen: 24
43.104.0.0/16 maxlen: 24
43.105.0.0/16 maxlen: 24
43.106.0.0/16 maxlen: 24
43.107.0.0/16 maxlen: 16
43.107.0.0/16 maxlen: 24
43.108.0.0/16 maxlen: 24
43.109.0.0/16 maxlen: 24
43.110.0.0/16 maxlen: 24
43.111.0.0/16 maxlen: 16
43.111.0.0/16 maxlen: 24
43.112.0.0/16 maxlen: 16
43.112.0.0/16 maxlen: 24
43.113.0.0/16 maxlen: 24
43.114.0.0/16 maxlen: 24
43.115.0.0/16 maxlen: 24
43.116.0.0/16 maxlen: 24
43.117.0.0/16 maxlen: 24
43.118.0.0/16 maxlen: 24
43.119.0.0/16 maxlen: 24
43.120.0.0/16 maxlen: 24
43.121.0.0/16 maxlen: 24
43.122.0.0/16 maxlen: 24
43.123.0.0/16 maxlen: 24
43.124.0.0/16 maxlen: 24
43.125.0.0/16 maxlen: 24
43.126.0.0/16 maxlen: 24
43.127.0.0/16 maxlen: 24
103.206.40.0/22 maxlen: 24
2404:2280::/32 maxlen: 40
240b:4000::/22 maxlen: 31
240b:4000::/32 maxlen: 40
240b:4001::/32 maxlen: 40
240b:4002::/32 maxlen: 48
240b:4003::/32 maxlen: 48
240b:4004::/32 maxlen: 48
240b:4005::/32 maxlen: 48
240b:4006::/32 maxlen: 48
240b:4007::/32 maxlen: 48
240b:4008::/32 maxlen: 48
240b:4009::/32 maxlen: 48
240b:400a::/32 maxlen: 48
240b:400b::/32 maxlen: 48
240b:400c::/32 maxlen: 48
240b:400d::/32 maxlen: 48
240b:400e::/32 maxlen: 48
240b:400f::/32 maxlen: 48
240b:4010::/32 maxlen: 48
240b:4011::/32 maxlen: 48
240b:4012::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/nhw1MdAEXqOJtoz_koagj7y72L0.crl
rsync://rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/nhw1MdAEXqOJtoz_koagj7y72L0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nhw1MdAEXqOJtoz_koagj7y72L0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 15 May 2024 02:42:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7611 (0x1dbb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EA198/serialNumber=9E1C3531D0045EA389B68CFF9286A08FBCBBD8BD
Validity
Not Before: Jan 29 16:26:01 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=65b7d198-462b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:e9:8f:29:8f:f5:37:5e:00:2c:da:cd:36:e6:
5e:37:e7:de:d4:4f:28:d0:2e:37:ab:64:29:cc:b6:
75:c5:1e:4d:10:12:0f:d8:61:ca:55:d5:c9:af:a8:
de:b3:ff:64:33:b3:95:91:ca:61:4b:d7:9f:f7:7d:
de:10:3c:e9:8d:b7:4f:16:02:c2:76:66:e4:ad:83:
e2:9d:b9:67:4f:63:76:e7:87:d5:65:e4:4d:3a:a3:
48:1d:35:31:41:7f:c6:de:19:51:1e:96:ee:90:d8:
5e:93:bf:4f:1a:93:90:e9:55:94:39:1f:78:06:fc:
2f:1a:55:b3:1d:85:33:9e:fd:fd:37:62:dd:e6:da:
24:d9:e7:2a:c9:c7:ac:8c:b5:dc:33:5a:68:75:c4:
1a:5c:2f:f7:36:56:50:e9:e2:b6:0f:f3:61:a8:43:
20:4f:51:11:c7:ce:fa:35:58:28:db:9b:78:92:7e:
e6:8f:49:2f:b1:fd:5f:d9:72:b8:b2:16:8c:38:c9:
ca:26:4c:1c:e2:ef:85:c1:ee:c0:94:ce:d8:1f:2c:
35:06:d1:d3:a8:80:df:c4:57:a2:b3:ae:48:3a:39:
3e:a4:37:be:59:ca:57:14:4c:ff:a8:c0:28:0f:f1:
cc:88:4d:58:54:a6:20:67:b9:60:d5:99:aa:17:89:
7f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:4F:C7:5F:05:C8:96:C1:8A:92:7A:8C:E6:FA:D4:51:25:EF:F6:83
X509v3 Authority Key Identifier:
keyid:9E:1C:35:31:D0:04:5E:A3:89:B6:8C:FF:92:86:A0:8F:BC:BB:D8:BD
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/nhw1MdAEXqOJtoz_koagj7y72L0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nhw1MdAEXqOJtoz_koagj7y72L0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EA198/993F2090ABC411E6BD6BED14C4F9AE02/8CD3563C9B8311EC9ABB0A40C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.1.112.0/22
43.0.0.0/9
103.206.40.0/22
IPv6:
2404:2280::/32
240b:4000::/22
Signature Algorithm: sha256WithRSAEncryption
ae:b5:db:5f:ac:22:20:00:72:3a:e4:b1:91:81:06:c4:d6:fc:
a3:a8:e2:79:a3:39:84:6d:4c:0d:d7:22:0b:94:df:f4:e6:a0:
73:fa:ce:f5:91:c0:d4:f7:68:4d:21:22:1e:72:9f:f8:bd:79:
01:54:95:c5:40:75:7f:a0:c9:9c:27:05:ed:1b:f4:72:eb:4a:
19:87:c5:5a:1d:ad:4f:ab:42:3c:f4:4d:f8:c2:cc:9c:8a:f8:
b9:bf:ba:d9:a5:00:07:8d:67:9a:2e:6b:9c:e0:5e:1b:e4:6b:
6a:7a:8c:d9:b5:25:66:b1:47:23:f9:8f:34:6b:e5:e0:9d:5c:
99:dc:39:89:4d:54:96:23:39:15:a8:86:11:6b:cd:00:a3:1e:
62:39:4b:ac:7f:a9:e6:48:b8:ec:a5:39:7c:20:cc:62:8b:3e:
81:a3:8b:36:e2:02:2a:08:37:43:46:b6:fc:09:4f:0b:4c:76:
fd:6d:61:9f:42:a7:16:7a:7f:aa:53:f5:b3:c5:43:70:cc:81:
37:c6:31:0e:37:9d:ef:b9:1b:76:97:bd:25:9c:e8:c1:6d:c0:
de:ce:d2:67:60:33:be:df:90:63:79:b8:47:66:ec:f9:75:46:
3a:45:38:45:bb:e7:19:2f:f5:2e:1c:14:35:db:6c:91:6b:85:
3e:e6:d8:c9
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgICHbswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUExOTgxMTAvBgNVBAUTKDlFMUMzNTMxRDAwNDVFQTM4OUI2OENGRjkyODZBMDhG
QkNCQkQ4QkQwHhcNMjQwMTI5MTYyNjAxWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI3ZDE5OC00NjJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr+mPKY/1N14ALNrNNuZeN+fe1E8o0C43q2QpzLZ1xR5NEBIP2GHKVdXJr6je
s/9kM7OVkcphS9ef933eEDzpjbdPFgLCdmbkrYPinblnT2N254fVZeRNOqNIHTUx
QX/G3hlRHpbukNhek79PGpOQ6VWUOR94BvwvGlWzHYUznv39N2Ld5tok2ecqyces
jLXcM1podcQaXC/3NlZQ6eK2D/NhqEMgT1ERx876NVgo25t4kn7mj0kvsf1f2XK4
shaMOMnKJkwc4u+Fwe7AlM7YHyw1BtHTqIDfxFeis65IOjk+pDe+WcpXFEz/qMAo
D/HMiE1YVKYgZ7lg1ZmqF4l/iwIDAQABo4ICtTCCArEwHQYDVR0OBBYEFCZPx18F
yJbBipJ6jOb61FEl7/aDMB8GA1UdIwQYMBaAFJ4cNTHQBF6jibaM/5KGoI+8u9i9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQTE5OC85OTNGMjA5MEFC
QzQxMUU2QkQ2QkVEMTRDNEY5QUUwMi9uaHcxTWRBRVhxT0p0b3pfa29hZ2o3eTcy
TDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25odzFNZEFFWHFPSnRvel9rb2Fnajd5NzJMMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUExOTgvOTkzRjIwOTBBQkM0MTFFNkJENkJFRDE0QzRGOUFFMDIvOENEMzU2M0M5
QjgzMTFFQzlBQkIwQTQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPwYIKwYBBQUHAQcBAf8E
MDAuMBcEAgABMBEDBAIOAXADAwcrAAMEAmfOKDATBAIAAjANAwUAJAQigAMEAiQL
QDANBgkqhkiG9w0BAQsFAAOCAQEArrXbX6wiIAByOuSxkYEGxNb8o6jieaM5hG1M
DdciC5Tf9Oagc/rO9ZHA1PdoTSEiHnKf+L15AVSVxUB1f6DJnCcF7Rv0cutKGYfF
Wh2tT6tCPPRN+MLMnIr4ub+62aUAB41nmi5rnOBeG+RranqM2bUlZrFHI/mPNGvl
4J1cmdw5iU1UliM5FaiGEWvNAKMeYjlLrH+p5ki47KU5fCDMYos+gaOLNuICKgg3
Q0a2/AlPC0x2/W1hn0KnFnp/qlP1s8VDcMyBN8YxDjed77kbdpe9JZzowW3A3s7S
Z2Azvt+QY3m4R2bs+XVGOkU4RbvnGS/1LhwUNdtskWuFPubYyQ==
-----END CERTIFICATE-----
Generated at Fri May 10 19:18:49 2024 by rpki-client on console-ams.rpki-client.org