Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
File: 236D4FF0FD9D11EC868CDF5DC4F9AE02.roa (raw, json)
Hash identifier: 6J35YVUmzZ1s4Ice2keaYAnPdVe/zMmpQD23cIxvFqc=
Subject key identifier: 0A:C5:33:B1:DA:35:A9:DC:84:00:9C:7F:B7:5E:A5:12:6A:D5:68:FA
Certificate issuer: /CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Certificate serial: 02A2
Authority key identifier: C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
Signing time: Thu 05 Sep 2024 02:45:30 +0000
ROA not before: Thu 05 Sep 2024 02:45:30 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 6262
IP address blocks: 150.229.0.0/16 maxlen: 24
202.6.3.0/24 maxlen: 24
202.6.4.0/24 maxlen: 24
202.6.82.0/23 maxlen: 24
202.8.32.0/21 maxlen: 24
202.9.0.0/20 maxlen: 24
202.12.120.0/23 maxlen: 24
202.14.0.0/22 maxlen: 24
203.0.88.0/24 maxlen: 24
203.0.100.0/24 maxlen: 24
203.6.255.0/24 maxlen: 24
203.7.128.0/24 maxlen: 24
203.7.170.0/24 maxlen: 24
203.12.40.0/23 maxlen: 24
203.18.60.0/23 maxlen: 24
203.25.92.0/22 maxlen: 24
203.143.160.0/20 maxlen: 24
221.199.208.0/20 maxlen: 24
2402:1800::/32 maxlen: 40
2405:b000::/32 maxlen: 40
2405:b000:410::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 674 (0x2a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Validity
Not Before: Sep 5 02:45:30 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66d91b4a-affa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d0:0a:59:50:5a:bb:4d:49:d6:d5:2e:68:fa:
91:36:41:90:e4:2c:74:89:6e:23:78:42:3b:8a:b4:
4a:6e:d9:55:95:f9:b7:a6:b7:51:2a:ce:85:45:0f:
d7:9a:24:f8:f4:ea:d5:d0:a0:21:ed:3a:28:6c:5b:
67:24:53:76:1f:b2:9d:a9:d4:fc:2a:ed:67:04:df:
31:64:99:2e:25:d2:fd:34:c0:4a:d8:cd:6b:80:4c:
d5:77:77:e8:96:e4:e4:54:20:94:b3:6a:0f:e7:9a:
42:b4:f0:d4:3f:d8:64:a6:df:66:21:9d:8f:c1:e4:
68:c8:2f:cf:ab:44:a0:a1:2d:3d:35:55:fa:ee:73:
59:bf:1d:ca:aa:c1:21:fd:78:8b:ae:7c:3f:9a:f2:
fe:7d:36:7c:77:46:4b:59:90:93:9a:b2:ad:8b:b4:
ad:45:c3:0e:9f:2c:3f:7d:59:bb:7c:09:5b:a7:cf:
7d:dd:74:f7:54:ed:ed:f9:7c:f1:cf:4e:4e:e4:ae:
fd:c7:fb:df:6f:43:ba:95:23:cd:fd:2e:d6:77:f5:
7f:68:08:3f:01:c5:2e:8c:32:7d:f0:15:5b:6c:16:
0d:f7:35:d6:2c:05:8a:e4:fa:83:e2:16:bb:ff:30:
d0:52:bc:1b:58:41:57:64:76:9d:7e:53:61:c2:34:
35:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:C5:33:B1:DA:35:A9:DC:84:00:9C:7F:B7:5E:A5:12:6A:D5:68:FA
X509v3 Authority Key Identifier:
keyid:C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.229.0.0/16
202.6.3.0-202.6.4.255
202.6.82.0/23
202.8.32.0/21
202.9.0.0/20
202.12.120.0/23
202.14.0.0/22
203.0.88.0/24
203.0.100.0/24
203.6.255.0/24
203.7.128.0/24
203.7.170.0/24
203.12.40.0/23
203.18.60.0/23
203.25.92.0/22
203.143.160.0/20
221.199.208.0/20
IPv6:
2402:1800::/32
2405:b000::/32
Signature Algorithm: sha256WithRSAEncryption
3a:88:f3:46:2f:71:c8:a8:72:bf:68:66:f3:e3:b2:b9:00:cc:
7f:7b:22:c4:ac:2d:2d:00:3c:27:e7:f3:82:c3:23:fa:75:fd:
df:1b:26:f5:d6:af:df:b4:fc:18:65:42:ad:32:d3:f1:67:d2:
dc:68:a6:a8:8d:3b:bf:9d:fc:ee:3e:45:0e:50:cd:dd:6a:11:
1b:8d:9b:2d:60:96:b1:02:bb:b9:46:49:14:ff:cb:82:ab:73:
1e:7b:5c:f6:e8:7e:69:bd:a5:06:e3:c0:65:10:9f:e2:29:0c:
10:1b:48:04:a2:07:95:bd:e0:51:be:bd:e2:a5:14:04:f9:8f:
57:b4:ba:b3:49:cc:0d:69:82:1c:4b:c8:ef:a9:4a:3b:20:72:
26:8c:97:35:f0:07:9e:b3:10:62:31:3b:88:ba:91:8b:5a:a6:
7e:41:85:d6:41:0f:d6:f6:9e:d4:21:6c:5a:cf:63:8c:be:6f:
9b:b6:b0:cf:26:3d:36:93:f2:26:fa:14:8d:c5:b9:83:1e:f5:
20:78:15:cc:d2:fd:47:19:d7:0d:b8:c3:64:d9:55:a0:b8:af:
29:8e:f0:1b:a2:8d:31:33:e3:f7:c5:7a:91:01:01:18:e2:02:
d9:73:a8:26:a6:b5:cf:3f:f9:05:ab:28:b1:7b:74:67:cd:91:
fb:50:e4:ef
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgICAqIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjMzQTUxMTAvBgNVBAUTKEM0RjYzOEMwOUUzNzIwNDZDMDFERjQ2MDRDMjgxMTY0
RjZBQzE2MjIwHhcNMjQwOTA1MDI0NTMwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQ5MWI0YS1hZmZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAydAKWVBau01J1tUuaPqRNkGQ5Cx0iW4jeEI7irRKbtlVlfm3prdRKs6FRQ/X
miT49OrV0KAh7ToobFtnJFN2H7KdqdT8Ku1nBN8xZJkuJdL9NMBK2M1rgEzVd3fo
luTkVCCUs2oP55pCtPDUP9hkpt9mIZ2PweRoyC/Pq0SgoS09NVX67nNZvx3KqsEh
/XiLrnw/mvL+fTZ8d0ZLWZCTmrKti7StRcMOnyw/fVm7fAlbp8993XT3VO3t+Xzx
z05O5K79x/vfb0O6lSPN/S7Wd/V/aAg/AcUujDJ98BVbbBYN9zXWLAWK5PqD4ha7
/zDQUrwbWEFXZHadflNhwjQ1vwIDAQABo4IDFTCCAxEwHQYDVR0OBBYEFArFM7Ha
NanchACcf7depRJq1Wj6MB8GA1UdIwQYMBaAFMT2OMCeNyBGwB30YEwoEWT2rBYi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMzNBNS8xQzBFNzA2QUQ0
RDgxMUVDQTQyNDVGMTBDNEY5QUUwMi94UFk0d0o0M0lFYkFIZlJnVENnUlpQYXNG
aUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hQWTR3SjQzSUViQUhmUmdUQ2dSWlBhc0ZpSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjMzQTUvMUMwRTcwNkFENEQ4MTFFQ0E0MjQ1RjEwQzRGOUFFMDIvMjM2RDRGRjBG
RDlEMTFFQzg2OENERjVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZ4GCCsGAQUFBwEHAQH/
BIGOMIGLMHMEAgABMG0DAwCW5TAMAwQAygYDAwQAygYEAwQBygZSAwQDygggAwQE
ygkAAwQBygx4AwQCyg4AAwQAywBYAwQAywBkAwQAywb/AwQAyweAAwQAyweqAwQB
ywwoAwQByxI8AwQCyxlcAwQEy4+gAwQE3cfQMBQEAgACMA4DBQAkAhgAAwUAJAWw
ADANBgkqhkiG9w0BAQsFAAOCAQEAOojzRi9xyKhyv2hm8+OyuQDMf3sixKwtLQA8
J+fzgsMj+nX93xsm9dav37T8GGVCrTLT8WfS3GimqI07v5387j5FDlDN3WoRG42b
LWCWsQK7uUZJFP/LgqtzHntc9uh+ab2lBuPAZRCf4ikMEBtIBKIHlb3gUb694qUU
BPmPV7S6s0nMDWmCHEvI76lKOyByJoyXNfAHnrMQYjE7iLqRi1qmfkGF1kEP1vae
1CFsWs9jjL5vm7awzyY9NpPyJvoUjcW5gx71IHgVzNL9RxnXDbjDZNlVoLivKY7w
G6KNMTPj98V6kQEBGOIC2XOoJqa1zz/5BasosXt0Z82R+1Dk7w==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:33:51 2024 by rpki-client on console-fra.rpki-client.org