Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/C4662D3A5FD311EDAE56DD7FC4F9AE02.roa
File: C4662D3A5FD311EDAE56DD7FC4F9AE02.roa (raw, json)
Hash identifier: bdZg40gcDuasqdcf5c9xcUlQkygEWmmH+OxQDYlQCTY=
Subject key identifier: 3A:18:B1:C6:72:38:DE:57:5B:10:29:0C:B2:CE:2D:F7:45:02:15:C4
Certificate issuer: /CN=A91F8A41/serialNumber=CDFEDF2D411C84C36DC3BB6A02FDF1AC50B5BA14
Certificate serial: 0628
Authority key identifier: CD:FE:DF:2D:41:1C:84:C3:6D:C3:BB:6A:02:FD:F1:AC:50:B5:BA:14
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zf7fLUEchMNtw7tqAv3xrFC1uhQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/C4662D3A5FD311EDAE56DD7FC4F9AE02.roa
Signing time: Wed 01 May 2024 01:03:41 +0000
ROA not before: Wed 01 May 2024 01:03:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 10101
IP address blocks: 202.152.64.0/24 maxlen: 24
202.152.65.0/24 maxlen: 24
202.152.66.0/24 maxlen: 24
202.152.67.0/24 maxlen: 24
202.152.69.0/24 maxlen: 24
202.152.70.0/24 maxlen: 24
202.152.71.0/24 maxlen: 24
202.152.72.0/24 maxlen: 24
202.152.73.0/24 maxlen: 24
202.152.76.0/24 maxlen: 24
202.152.77.0/24 maxlen: 24
202.152.78.0/24 maxlen: 24
202.152.80.0/24 maxlen: 24
202.152.81.0/24 maxlen: 24
202.152.82.0/24 maxlen: 24
202.152.83.0/24 maxlen: 24
202.152.84.0/24 maxlen: 24
202.152.85.0/24 maxlen: 24
202.152.86.0/24 maxlen: 24
202.152.87.0/24 maxlen: 24
202.152.88.0/22 maxlen: 22
202.152.92.0/24 maxlen: 24
202.152.93.0/24 maxlen: 24
202.152.94.0/24 maxlen: 24
202.152.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/zf7fLUEchMNtw7tqAv3xrFC1uhQ.crl
rsync://rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/zf7fLUEchMNtw7tqAv3xrFC1uhQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zf7fLUEchMNtw7tqAv3xrFC1uhQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 28 May 2024 00:30:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1576 (0x628)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F8A41/serialNumber=CDFEDF2D411C84C36DC3BB6A02FDF1AC50B5BA14
Validity
Not Before: May 1 01:03:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=663194ed-4aae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7b:13:17:74:67:5b:b4:d3:b5:21:1c:fe:ee:
10:65:c2:23:a2:b7:cd:ad:2f:d1:ff:06:69:75:14:
99:7a:a4:54:57:93:00:27:05:33:01:73:29:ce:a0:
6b:e8:d4:29:eb:ad:94:ef:12:f3:d8:61:e6:b5:14:
41:5b:c5:db:ae:63:08:09:f6:e0:53:be:99:71:93:
98:93:b2:4f:bf:3a:70:d9:46:c4:cc:dc:e0:b3:fb:
25:21:55:3d:96:15:98:f2:50:fe:6a:76:ae:0b:60:
6b:2a:b8:00:87:91:5c:11:31:d8:60:22:c4:7d:d9:
e9:35:ed:5e:9c:a8:1c:2f:a1:92:5a:96:69:46:5f:
08:2f:70:2b:72:8c:59:33:d6:ec:d6:53:2e:0e:ba:
6c:d6:49:90:f1:3f:0e:65:5d:02:6b:10:a9:d1:57:
c1:1c:4d:dc:5c:9f:dd:5c:63:f0:39:05:67:ac:19:
80:9a:2a:17:78:83:44:f3:f9:1b:c5:86:10:bc:13:
50:fa:ff:e9:ae:07:2e:77:1f:ce:d7:18:21:6d:e6:
f0:3d:31:92:19:99:38:f7:0a:81:70:2e:ca:52:f4:
2d:ea:77:a2:e7:d2:c6:90:51:06:bc:36:64:5f:79:
22:e9:8e:ec:60:a7:5a:74:c1:e5:5d:cd:b5:0f:0b:
00:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:18:B1:C6:72:38:DE:57:5B:10:29:0C:B2:CE:2D:F7:45:02:15:C4
X509v3 Authority Key Identifier:
keyid:CD:FE:DF:2D:41:1C:84:C3:6D:C3:BB:6A:02:FD:F1:AC:50:B5:BA:14
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/zf7fLUEchMNtw7tqAv3xrFC1uhQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zf7fLUEchMNtw7tqAv3xrFC1uhQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F8A41/554140DE87BC11EBB3C08272C4F9AE02/C4662D3A5FD311EDAE56DD7FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.152.64.0/22
202.152.69.0-202.152.73.255
202.152.76.0-202.152.78.255
202.152.80.0/20
Signature Algorithm: sha256WithRSAEncryption
58:f3:de:36:5d:96:a6:ae:94:7c:76:dd:fd:26:99:40:b1:c7:
3a:04:09:5e:e5:45:cf:6a:14:17:69:01:8d:5f:71:62:89:df:
3d:b5:a2:3d:c4:8f:ee:9b:12:46:9f:30:c0:9f:e2:75:4f:bf:
3c:ab:d3:5c:52:bc:92:5b:29:dd:c1:94:af:cf:e3:a4:c4:9a:
f5:50:05:59:7c:bf:65:a8:a7:10:af:db:e7:15:83:b1:f0:8c:
9a:1d:a6:15:97:17:4f:6a:3a:73:a2:bd:92:3b:12:e1:eb:fd:
9f:ce:20:77:a4:be:4a:84:e7:63:97:81:40:d1:df:34:c1:b4:
2a:9d:b9:08:07:68:ef:35:94:35:62:eb:2d:23:bd:03:77:6b:
9c:e2:8d:71:65:97:9d:bb:a4:d4:d5:d9:26:23:ce:d7:7a:78:
cc:be:c2:70:f0:38:ac:2c:d4:d3:29:16:2e:09:81:7a:f2:e4:
28:9c:97:46:c5:2b:fc:0a:8c:b9:6d:d3:ab:55:df:e5:40:74:
5f:ae:2f:2f:14:07:44:d0:86:b9:22:2f:ab:f8:57:dc:56:d8:
4d:a7:2c:2d:b8:32:c7:07:39:fc:ae:97:7f:18:fa:1d:c4:c8:
e7:c5:f2:4c:a0:46:f1:4f:ed:b9:a6:fa:a0:1f:a6:c8:7d:1c:
92:04:3c:02
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICBigwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjhBNDExMTAvBgNVBAUTKENERkVERjJENDExQzg0QzM2REMzQkI2QTAyRkRGMUFD
NTBCNUJBMTQwHhcNMjQwNTAxMDEwMzQxWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMxOTRlZC00YWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuXsTF3RnW7TTtSEc/u4QZcIjorfNrS/R/wZpdRSZeqRUV5MAJwUzAXMpzqBr
6NQp662U7xLz2GHmtRRBW8XbrmMICfbgU76ZcZOYk7JPvzpw2UbEzNzgs/slIVU9
lhWY8lD+anauC2BrKrgAh5FcETHYYCLEfdnpNe1enKgcL6GSWpZpRl8IL3ArcoxZ
M9bs1lMuDrps1kmQ8T8OZV0CaxCp0VfBHE3cXJ/dXGPwOQVnrBmAmioXeINE8/kb
xYYQvBNQ+v/prgcudx/O1xghbebwPTGSGZk49wqBcC7KUvQt6nei59LGkFEGvDZk
X3ki6Y7sYKdadMHlXc21DwsAtQIDAQABo4ICtzCCArMwHQYDVR0OBBYEFDoYscZy
ON5XWxApDLLOLfdFAhXEMB8GA1UdIwQYMBaAFM3+3y1BHITDbcO7agL98axQtboU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGOEE0MS81NTQxNDBERTg3
QkMxMUVCQjNDMDgyNzJDNEY5QUUwMi96ZjdmTFVFY2hNTnR3N3RxQXYzeHJGQzF1
aFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3pmN2ZMVUVjaE1OdHc3dHFBdjN4ckZDMXVoUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjhBNDEvNTU0MTQwREU4N0JDMTFFQkIzQzA4MjcyQzRGOUFFMDIvQzQ2NjJEM0E1
RkQzMTFFREFFNTZERDdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMC4EAgABMCgDBALKmEAwDAMEAMqYRQMEAcqYSDAMAwQCyphMAwQAyphOAwQE
yphQMA0GCSqGSIb3DQEBCwUAA4IBAQBY8942XZamrpR8dt39JplAscc6BAle5UXP
ahQXaQGNX3Fiid89taI9xI/umxJGnzDAn+J1T788q9NcUrySWyndwZSvz+OkxJr1
UAVZfL9lqKcQr9vnFYOx8IyaHaYVlxdPajpzor2SOxLh6/2fziB3pL5KhOdjl4FA
0d80wbQqnbkIB2jvNZQ1YustI70Dd2uc4o1xZZedu6TU1dkmI87XenjMvsJw8Dis
LNTTKRYuCYF68uQonJdGxSv8Coy5bdOrVd/lQHRfri8vFAdE0Ia5Ii+r+FfcVthN
pywtuDLHBzn8rpd/GPodxMjnxfJMoEbxT+25pvqgH6bIfRySBDwC
-----END CERTIFICATE-----
Generated at Tue May 21 01:47:06 2024 by rpki-client on console-fra.rpki-client.org