Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/9025B7B4173611EEBCEA943CC4F9AE02.roa
File: 9025B7B4173611EEBCEA943CC4F9AE02.roa (raw, json)
Hash identifier: gNGui0FKnL0TzPEERbK39Y8omn7G5Bci2JEvNtgDHdE=
Subject key identifier: 1C:1C:FC:BB:0D:61:13:7E:E6:F9:59:BF:A3:D7:B0:3A:BB:C7:E3:48
Certificate issuer: /CN=A91F731E/serialNumber=2585243D6805F2EA8BC3F63B82364BA991F330B9
Certificate serial: 1F09
Authority key identifier: 25:85:24:3D:68:05:F2:EA:8B:C3:F6:3B:82:36:4B:A9:91:F3:30:B9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/9025B7B4173611EEBCEA943CC4F9AE02.roa
Signing time: Mon 04 Nov 2024 10:08:45 +0000
ROA not before: Mon 04 Nov 2024 10:08:45 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 17501
IP address blocks: 27.34.0.0/17 maxlen: 24
103.211.148.0/22 maxlen: 22
103.211.148.0/23 maxlen: 24
103.254.184.0/22 maxlen: 22
103.254.184.0/24 maxlen: 24
103.254.185.0/24 maxlen: 24
103.254.186.0/24 maxlen: 24
103.254.187.0/24 maxlen: 24
124.41.192.0/18 maxlen: 20
124.41.192.0/19 maxlen: 24
124.41.224.0/20 maxlen: 24
124.41.240.0/22 maxlen: 24
124.41.248.0/21 maxlen: 21
124.41.248.0/22 maxlen: 22
124.41.248.0/23 maxlen: 24
124.41.250.0/24 maxlen: 24
124.41.251.0/24 maxlen: 24
124.41.252.0/24 maxlen: 24
124.41.253.0/24 maxlen: 24
124.41.254.0/24 maxlen: 24
124.41.255.0/24 maxlen: 24
139.5.68.0/22 maxlen: 24
139.5.72.0/22 maxlen: 24
202.79.32.0/19 maxlen: 24
202.129.248.0/22 maxlen: 24
202.166.192.0/19 maxlen: 24
2400:1a00::/32 maxlen: 32
2400:1a00::/36 maxlen: 36
2400:1a00::/48 maxlen: 48
2400:1a00:4::/48 maxlen: 48
2400:1a00:8000::/36 maxlen: 36
2400:1a00:8000::/48 maxlen: 48
2400:1a00:8002::/48 maxlen: 48
2400:1a00:8004::/48 maxlen: 48
2400:1a00:8010::/48 maxlen: 48
2400:1a00:b000::/36 maxlen: 36
2400:1a00:b010::/48 maxlen: 48
2400:1a00:b011::/48 maxlen: 48
2400:1a00:b012::/48 maxlen: 48
2400:1a00:b013::/48 maxlen: 48
2400:1a00:b020::/48 maxlen: 48
2400:1a00:b021::/48 maxlen: 48
2400:1a00:b022::/48 maxlen: 48
2400:1a00:b030::/48 maxlen: 48
2400:1a00:b031::/48 maxlen: 48
2400:1a00:b032::/48 maxlen: 48
2400:1a00:b040::/48 maxlen: 48
2400:1a00:b041::/48 maxlen: 48
2400:1a00:b050::/48 maxlen: 48
2400:1a00:b051::/48 maxlen: 48
2400:1a00:b060::/48 maxlen: 48
2400:1a00:b061::/48 maxlen: 48
2400:1a00:b070::/48 maxlen: 48
2400:1a00:b071::/48 maxlen: 48
2400:1a00:b080::/48 maxlen: 48
2400:1a00:b081::/48 maxlen: 48
2400:1a00:b111::/48 maxlen: 48
2400:1a00:b112::/48 maxlen: 48
2400:1a00:b1a6::/48 maxlen: 48
2400:1a00:b1af::/48 maxlen: 48
2400:1a00:b1ba::/48 maxlen: 48
2400:1a00:b1c0::/48 maxlen: 48
2400:1a00:b1c1::/48 maxlen: 48
2400:1a00:b1e0::/48 maxlen: 48
2400:1a00:b1e1::/48 maxlen: 48
2400:1a00:b1fa::/48 maxlen: 48
2400:1a00:ba10::/48 maxlen: 48
2400:1a00:ba11::/48 maxlen: 48
2400:1a00:baa0::/48 maxlen: 48
2400:1a00:baa1::/48 maxlen: 48
2400:1a00:bb10::/48 maxlen: 48
2400:1a00:bb11::/48 maxlen: 48
2400:1a00:bb20::/48 maxlen: 48
2400:1a00:bb21::/48 maxlen: 48
2400:1a00:bc10::/48 maxlen: 48
2400:1a00:bc11::/48 maxlen: 48
2400:1a00:bd11::/48 maxlen: 48
2400:1a00:bd12::/48 maxlen: 48
2400:1a00:bd20::/48 maxlen: 48
2400:1a00:bd21::/48 maxlen: 48
2400:1a00:bda0::/48 maxlen: 48
2400:1a00:bda1::/48 maxlen: 48
2400:1a00:bde0::/48 maxlen: 48
2400:1a00:bde1::/48 maxlen: 48
2400:1a00:cd11::/48 maxlen: 48
2400:1a00:d000::/36 maxlen: 36
2400:1a00:d000::/40 maxlen: 40
2400:1a00:d100::/40 maxlen: 40
2400:1a00:d200::/40 maxlen: 48
2400:1a00:d300::/40 maxlen: 40
2400:1a00:d400::/40 maxlen: 40
2400:1a00:d500::/40 maxlen: 40
2400:1a00:d600::/40 maxlen: 40
2400:1a00:efff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.crl
rsync://rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 15:57:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7945 (0x1f09)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F731E/serialNumber=2585243D6805F2EA8BC3F63B82364BA991F330B9
Validity
Not Before: Nov 4 10:08:45 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=67289d2d-d1ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:69:84:5a:73:fa:61:0d:60:15:dd:ee:98:b5:
3f:21:a2:68:64:0f:3a:ba:72:59:24:48:48:97:e7:
ad:10:35:5a:04:d3:9f:52:cd:06:9b:8e:c5:39:ba:
e7:87:ff:6c:af:36:c1:4e:ca:aa:16:ac:52:0b:7d:
b9:b3:73:c7:8c:8a:7d:03:56:06:7d:68:71:4b:94:
a6:e7:0e:72:b4:26:a5:55:99:0f:74:47:5f:c5:97:
07:a1:a5:4a:7c:19:84:9c:a0:d7:56:a9:04:e0:35:
c9:ed:ba:93:fd:c2:f8:3f:c3:84:de:0f:ff:b2:50:
dd:1f:02:90:66:5d:fc:e0:9f:47:bb:5c:54:c8:dd:
eb:33:c7:41:7b:bb:af:18:c3:b0:5d:46:df:6b:f9:
b8:4a:5e:ee:81:4e:27:9b:8a:91:b3:62:c4:09:90:
6c:0b:ed:a8:28:ab:e3:6c:50:e1:b2:82:d0:4d:f7:
41:2e:0c:03:7d:54:26:9f:96:57:ad:8e:a5:2e:77:
41:68:f4:01:9e:d5:c6:eb:5f:24:98:7e:3b:61:d9:
ae:78:05:f7:6a:14:3b:dd:53:8b:f7:7b:e6:cd:29:
27:98:91:1f:c2:0c:b1:b8:19:db:93:b8:35:7b:96:
9c:94:35:38:f3:13:ef:2d:53:b5:61:62:ac:88:cc:
8f:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:1C:FC:BB:0D:61:13:7E:E6:F9:59:BF:A3:D7:B0:3A:BB:C7:E3:48
X509v3 Authority Key Identifier:
keyid:25:85:24:3D:68:05:F2:EA:8B:C3:F6:3B:82:36:4B:A9:91:F3:30:B9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JYUkPWgF8uqLw_Y7gjZLqZHzMLk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F731E/F5967E6C5EF111E6A7D1AF26C4F9AE02/9025B7B4173611EEBCEA943CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.34.0.0/17
103.211.148.0/22
103.254.184.0/22
124.41.192.0/18
139.5.68.0-139.5.75.255
202.79.32.0/19
202.129.248.0/22
202.166.192.0/19
IPv6:
2400:1a00::/32
Signature Algorithm: sha256WithRSAEncryption
ad:6f:28:26:12:b3:c3:69:5e:7f:9c:56:c2:44:c2:e2:5d:e9:
77:6c:12:6a:ae:bd:67:e4:ae:7e:97:31:8f:92:b0:44:97:a2:
71:1b:b3:75:8b:63:e9:4e:af:6b:56:fa:f0:86:f9:8a:af:2e:
fa:a0:42:bd:9f:2f:35:59:1e:29:7f:31:ca:2c:42:01:f7:ef:
0b:e1:47:69:be:b7:34:8f:8f:ee:23:fc:62:69:b5:7a:9c:4c:
2c:85:f1:74:68:1a:3c:07:63:27:45:61:38:fc:25:dd:1d:21:
82:af:22:7a:ed:01:70:65:22:28:17:1b:65:c3:20:cc:9c:c7:
cf:e8:d8:34:71:a4:d4:3d:74:a9:a8:24:49:90:85:d0:27:b2:
62:36:88:fc:64:db:10:7f:96:6f:d7:8c:72:73:bf:f3:d7:20:
80:7d:f7:ae:d9:fc:be:75:7f:7c:91:7c:d0:c5:83:5f:24:3c:
60:35:6d:90:ad:fb:59:32:0a:01:23:93:d4:1a:c9:60:26:25:
7c:7e:2f:60:33:c5:44:18:e5:66:fa:7b:e4:78:a9:cc:cb:9e:
7b:b3:19:7a:b5:9c:04:37:5d:dc:80:6d:0f:67:0b:39:6b:fa:
06:92:98:0f:01:c5:a6:25:db:83:21:0d:35:48:a8:62:ea:3f:
e3:1f:a3:02
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgICHwkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjczMUUxMTAvBgNVBAUTKDI1ODUyNDNENjgwNUYyRUE4QkMzRjYzQjgyMzY0QkE5
OTFGMzMwQjkwHhcNMjQxMTA0MTAwODQ1WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzI4OWQyZC1kMWFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0mmEWnP6YQ1gFd3umLU/IaJoZA86unJZJEhIl+etEDVaBNOfUs0Gm47FObrn
h/9srzbBTsqqFqxSC325s3PHjIp9A1YGfWhxS5Sm5w5ytCalVZkPdEdfxZcHoaVK
fBmEnKDXVqkE4DXJ7bqT/cL4P8OE3g//slDdHwKQZl384J9Hu1xUyN3rM8dBe7uv
GMOwXUbfa/m4Sl7ugU4nm4qRs2LECZBsC+2oKKvjbFDhsoLQTfdBLgwDfVQmn5ZX
rY6lLndBaPQBntXG618kmH47YdmueAX3ahQ73VOL93vmzSknmJEfwgyxuBnbk7g1
e5aclDU48xPvLVO1YWKsiMyPsQIDAQABo4IC1jCCAtIwHQYDVR0OBBYEFBwc/LsN
YRN+5vlZv6PXsDq7x+NIMB8GA1UdIwQYMBaAFCWFJD1oBfLqi8P2O4I2S6mR8zC5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNzMxRS9GNTk2N0U2QzVF
RjExMUU2QTdEMUFGMjZDNEY5QUUwMi9KWVVrUFdnRjh1cUx3X1k3Z2paTHFaSHpN
TGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0pZVWtQV2dGOHVxTHdfWTdnalpMcVpIek1May5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjczMUUvRjU5NjdFNkM1RUYxMTFFNkE3RDFBRjI2QzRGOUFFMDIvOTAyNUI3QjQx
NzM2MTFFRUJDRUE5NDNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYAYIKwYBBQUHAQcBAf8E
UTBPMD4EAgABMDgDBAcbIgADBAJn05QDBAJn/rgDBAZ8KcAwDAMEAosFRAMEAosF
SAMEBcpPIAMEAsqB+AMEBcqmwDANBAIAAjAHAwUAJAAaADANBgkqhkiG9w0BAQsF
AAOCAQEArW8oJhKzw2lef5xWwkTC4l3pd2wSaq69Z+Sufpcxj5KwRJeicRuzdYtj
6U6va1b68Ib5iq8u+qBCvZ8vNVkeKX8xyixCAffvC+FHab63NI+P7iP8Ymm1epxM
LIXxdGgaPAdjJ0VhOPwl3R0hgq8ieu0BcGUiKBcbZcMgzJzHz+jYNHGk1D10qagk
SZCF0CeyYjaI/GTbEH+Wb9eMcnO/89cggH33rtn8vnV/fJF80MWDXyQ8YDVtkK37
WTIKASOT1BrJYCYlfH4vYDPFRBjlZvp75HipzMuee7MZerWcBDdd3IBtD2cLOWv6
BpKYDwHFpiXbgyENNUioYuo/4x+jAg==
-----END CERTIFICATE-----
Generated at Sun Nov 24 18:24:59 2024 by rpki-client on console-ams.rpki-client.org