Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
File: 236D4FF0FD9D11EC868CDF5DC4F9AE02.roa (raw, json)
Hash identifier: G4VXW6vDMBEED4R1MSQ7McJNectJ6DVXEAqaeW3eyU0=
Subject key identifier: 81:75:4B:89:79:85:70:DC:BD:30:31:7B:B8:8A:5A:EB:BB:A7:DA:E4
Certificate issuer: /CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Certificate serial: 01F0
Authority key identifier: C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
Signing time: Fri 29 Sep 2023 02:44:34 +0000
ROA not before: Fri 29 Sep 2023 02:44:34 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 6262
IP address blocks: 150.229.0.0/16 maxlen: 24
202.6.3.0/24 maxlen: 24
202.6.4.0/24 maxlen: 24
202.6.82.0/23 maxlen: 24
202.8.32.0/21 maxlen: 24
202.9.0.0/20 maxlen: 24
202.12.120.0/23 maxlen: 24
202.14.0.0/22 maxlen: 24
203.0.88.0/24 maxlen: 24
203.0.100.0/24 maxlen: 24
203.6.255.0/24 maxlen: 24
203.7.128.0/24 maxlen: 24
203.7.170.0/24 maxlen: 24
203.12.40.0/23 maxlen: 24
203.18.60.0/23 maxlen: 24
203.25.92.0/22 maxlen: 24
203.143.160.0/20 maxlen: 24
221.199.208.0/20 maxlen: 24
2402:1800::/32 maxlen: 40
2405:b000::/32 maxlen: 40
2405:b000:410::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 24 May 2024 02:53:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 496 (0x1f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Validity
Not Before: Sep 29 02:44:34 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=65163a11-d345
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:a0:65:b4:c3:aa:b3:09:f4:a3:fc:ba:a7:74:
c5:53:62:6c:f0:0f:00:a8:fd:4b:3f:71:c0:d6:a2:
86:4f:58:11:17:ac:a0:05:5a:58:85:d7:5a:e4:81:
1d:71:1f:2b:2a:cc:40:b5:9c:07:88:b6:a8:f2:77:
31:ef:66:0e:e8:6b:ca:63:ff:c4:c1:10:8d:b7:0c:
a5:f7:63:0f:d2:0f:5e:f6:32:45:9e:c9:cf:3f:b5:
55:84:ab:b7:d0:57:9f:48:f8:4d:4b:c5:37:ed:b1:
84:17:5b:20:7f:4c:ab:a7:82:7d:5f:88:d5:8e:0d:
ee:0a:a2:ee:70:60:c6:40:b8:4a:1c:bf:85:03:5b:
d4:56:e2:0e:bf:7c:71:d0:a0:31:8f:8f:2b:cd:c2:
3c:65:96:0c:8b:27:3a:b4:12:d9:5c:b7:70:56:0e:
fe:48:cc:da:a4:94:25:2e:07:cf:c5:da:77:6d:fe:
30:7b:4e:87:08:a3:c4:53:c4:02:00:89:46:47:e0:
f4:2a:2d:0b:d6:f5:09:c6:02:2d:08:ac:a9:b5:74:
f1:76:f3:f5:b2:b7:b5:48:62:37:4b:b0:a6:49:2d:
4a:85:8e:31:2e:84:4b:26:18:c6:48:98:e2:3e:f2:
32:46:3d:f5:24:2d:fc:07:ff:d9:36:b6:40:e2:63:
14:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:75:4B:89:79:85:70:DC:BD:30:31:7B:B8:8A:5A:EB:BB:A7:DA:E4
X509v3 Authority Key Identifier:
keyid:C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.229.0.0/16
202.6.3.0-202.6.4.255
202.6.82.0/23
202.8.32.0/21
202.9.0.0/20
202.12.120.0/23
202.14.0.0/22
203.0.88.0/24
203.0.100.0/24
203.6.255.0/24
203.7.128.0/24
203.7.170.0/24
203.12.40.0/23
203.18.60.0/23
203.25.92.0/22
203.143.160.0/20
221.199.208.0/20
IPv6:
2402:1800::/32
2405:b000::/32
Signature Algorithm: sha256WithRSAEncryption
21:5b:87:d3:01:06:3e:41:51:8c:51:a1:2b:5f:d1:61:b6:eb:
27:2a:71:65:75:47:3c:bf:82:14:a8:46:24:e1:bb:87:1b:ee:
12:6c:2a:ae:01:b0:32:33:44:f7:f3:c8:4d:7b:02:4e:c5:ce:
e6:35:15:09:d0:96:fa:75:4f:a7:d6:71:2f:b5:37:9e:a1:fb:
4f:e5:51:3c:e8:6d:f8:f0:37:0a:9f:1c:f8:fc:3e:18:f8:04:
a7:c6:5e:96:c1:78:36:9a:41:75:eb:67:c6:91:b3:46:70:81:
a1:0a:a6:9a:08:25:9c:50:11:0b:54:b1:5d:ad:5a:fc:c6:8d:
e5:e0:15:2d:97:0f:45:6f:ab:38:1b:fb:8b:34:e1:d0:93:ce:
37:33:fa:2a:67:d2:89:1e:90:79:04:0b:93:7f:a6:4d:6f:87:
f5:0a:ac:28:06:02:17:c3:97:78:13:0e:88:d2:c2:79:10:3c:
5d:eb:42:94:5c:af:d8:22:65:cd:77:d5:68:49:15:a4:fc:0d:
49:ee:2c:f1:7a:b3:eb:9a:6e:54:fe:4b:52:8b:93:26:29:3f:
31:93:22:37:a0:6c:f7:d7:b4:dc:fa:10:cf:0b:89:85:5c:95:
99:9b:d8:90:1f:ca:33:de:d1:05:e1:41:8c:9f:0b:64:e2:f2:
f9:14:e0:c5
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgICAfAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjMzQTUxMTAvBgNVBAUTKEM0RjYzOEMwOUUzNzIwNDZDMDFERjQ2MDRDMjgxMTY0
RjZBQzE2MjIwHhcNMjMwOTI5MDI0NDM0WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE2M2ExMS1kMzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4KBltMOqswn0o/y6p3TFU2Js8A8AqP1LP3HA1qKGT1gRF6ygBVpYhdda5IEd
cR8rKsxAtZwHiLao8ncx72YO6GvKY//EwRCNtwyl92MP0g9e9jJFnsnPP7VVhKu3
0FefSPhNS8U37bGEF1sgf0yrp4J9X4jVjg3uCqLucGDGQLhKHL+FA1vUVuIOv3xx
0KAxj48rzcI8ZZYMiyc6tBLZXLdwVg7+SMzapJQlLgfPxdp3bf4we06HCKPEU8QC
AIlGR+D0Ki0L1vUJxgItCKyptXTxdvP1sre1SGI3S7CmSS1KhY4xLoRLJhjGSJji
PvIyRj31JC38B//ZNrZA4mMUCwIDAQABo4IDFTCCAxEwHQYDVR0OBBYEFIF1S4l5
hXDcvTAxe7iKWuu7p9rkMB8GA1UdIwQYMBaAFMT2OMCeNyBGwB30YEwoEWT2rBYi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMzNBNS8xQzBFNzA2QUQ0
RDgxMUVDQTQyNDVGMTBDNEY5QUUwMi94UFk0d0o0M0lFYkFIZlJnVENnUlpQYXNG
aUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hQWTR3SjQzSUViQUhmUmdUQ2dSWlBhc0ZpSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjMzQTUvMUMwRTcwNkFENEQ4MTFFQ0E0MjQ1RjEwQzRGOUFFMDIvMjM2RDRGRjBG
RDlEMTFFQzg2OENERjVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZ4GCCsGAQUFBwEHAQH/
BIGOMIGLMHMEAgABMG0DAwCW5TAMAwQAygYDAwQAygYEAwQBygZSAwQDygggAwQE
ygkAAwQBygx4AwQCyg4AAwQAywBYAwQAywBkAwQAywb/AwQAyweAAwQAyweqAwQB
ywwoAwQByxI8AwQCyxlcAwQEy4+gAwQE3cfQMBQEAgACMA4DBQAkAhgAAwUAJAWw
ADANBgkqhkiG9w0BAQsFAAOCAQEAIVuH0wEGPkFRjFGhK1/RYbbrJypxZXVHPL+C
FKhGJOG7hxvuEmwqrgGwMjNE9/PITXsCTsXO5jUVCdCW+nVPp9ZxL7U3nqH7T+VR
POht+PA3Cp8c+Pw+GPgEp8ZelsF4NppBdetnxpGzRnCBoQqmmgglnFARC1SxXa1a
/MaN5eAVLZcPRW+rOBv7izTh0JPONzP6KmfSiR6QeQQLk3+mTW+H9QqsKAYCF8OX
eBMOiNLCeRA8XetClFyv2CJlzXfVaEkVpPwNSe4s8Xqz65puVP5LUouTJik/MZMi
N6Bs99e03PoQzwuJhVyVmZvYkB/KM97RBeFBjJ8LZOLy+RTgxQ==
-----END CERTIFICATE-----
Generated at Fri May 17 04:44:33 2024 by rpki-client on console-ams.rpki-client.org