Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
File: C2F7AE40C03111EA9777314AC4F9AE02.roa (raw, json)
Hash identifier: tPW/Egh8IR3GEd0uZMXbPh6pBpBuAbmcNv5np6TmcRc=
Subject key identifier: B9:A6:59:C4:C7:CE:DD:1E:E3:0F:E8:49:EB:26:E3:FD:72:3B:04:2B
Certificate issuer: /CN=A91577DD/serialNumber=95D1BEF3900B416584164BB74631771302291688
Certificate serial: 339A
Authority key identifier: 95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
Signing time: Thu 04 Jan 2024 15:10:47 +0000
ROA not before: Thu 04 Jan 2024 15:10:47 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 132196
IP address blocks: 43.254.76.0/22 maxlen: 22
43.254.76.0/24 maxlen: 24
43.254.77.0/24 maxlen: 24
43.254.78.0/24 maxlen: 24
43.254.79.0/24 maxlen: 24
103.238.124.0/22 maxlen: 22
103.238.124.0/24 maxlen: 24
103.238.125.0/24 maxlen: 24
103.238.126.0/24 maxlen: 24
103.238.127.0/24 maxlen: 24
120.50.48.0/20 maxlen: 20
120.50.48.0/24 maxlen: 24
120.50.49.0/24 maxlen: 24
120.50.50.0/24 maxlen: 24
120.50.51.0/24 maxlen: 24
120.50.52.0/24 maxlen: 24
120.50.53.0/24 maxlen: 24
120.50.54.0/24 maxlen: 24
120.50.55.0/24 maxlen: 24
120.50.56.0/24 maxlen: 24
120.50.57.0/24 maxlen: 24
120.50.58.0/24 maxlen: 24
120.50.59.0/24 maxlen: 24
120.50.60.0/24 maxlen: 24
120.50.61.0/24 maxlen: 24
120.50.62.0/24 maxlen: 24
120.50.63.0/24 maxlen: 24
202.176.13.0/24 maxlen: 24
2404:99c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 14:52:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13210 (0x339a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91577DD/serialNumber=95D1BEF3900B416584164BB74631771302291688
Validity
Not Before: Jan 4 15:10:47 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=6596ca77-b5a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:e5:dd:b1:d8:4e:4c:2d:7c:4e:a7:d8:9b:7e:
2d:b5:29:a5:9e:ba:6b:ab:75:b5:d5:4d:3f:bc:39:
82:95:7f:35:c8:55:b8:e2:1c:1d:90:7d:74:9e:aa:
b8:8c:1a:0d:b0:5f:5a:3f:7a:fa:6b:b6:a5:e9:03:
a2:14:b7:49:be:de:c7:1e:1d:5c:ef:d0:a2:5a:bc:
ed:8b:bb:87:c4:35:e1:2f:05:37:d6:f5:9a:7c:d9:
c8:14:6c:92:0c:d2:e9:5f:b9:0d:51:78:fa:a3:c9:
0e:e5:55:88:4b:43:ad:48:ba:bd:c0:a6:2a:e1:23:
44:eb:c7:2e:44:48:83:b3:b3:38:b2:de:de:d1:5c:
ba:3e:26:a3:2e:04:42:bc:08:e7:9a:11:de:fe:3d:
59:d1:f8:cb:43:6e:63:f0:dd:f4:5b:91:c7:1c:f1:
16:41:54:6d:5e:0c:aa:2c:c8:e9:c8:9e:c7:8e:ce:
71:30:0d:e8:10:d3:94:27:4e:83:39:20:2f:49:da:
44:70:d4:83:99:40:0a:d2:9a:36:ed:5f:ba:1c:96:
be:46:ad:38:a4:c2:81:f8:f7:8e:84:76:b0:9a:0b:
bb:f1:27:c8:ba:4e:61:ab:61:96:46:86:62:bd:31:
46:c2:ad:b2:ad:fe:a0:be:a5:66:10:9b:c2:7b:53:
24:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:A6:59:C4:C7:CE:DD:1E:E3:0F:E8:49:EB:26:E3:FD:72:3B:04:2B
X509v3 Authority Key Identifier:
keyid:95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.76.0/22
103.238.124.0/22
120.50.48.0/20
202.176.13.0/24
IPv6:
2404:99c0::/32
Signature Algorithm: sha256WithRSAEncryption
8a:cc:0c:53:28:70:64:00:81:e1:07:94:dc:7c:ed:13:24:fb:
c4:cc:ac:3f:7a:0c:1d:f0:a3:b1:69:ca:dd:39:e2:94:78:bc:
96:11:4d:52:7e:95:18:ca:f2:37:0d:b9:1b:7f:25:81:cb:da:
21:c2:b7:e7:15:61:ef:be:4c:c0:3b:6a:3f:84:34:06:97:74:
ff:2d:4e:45:ab:06:5b:e4:94:4a:27:44:3d:fd:0a:d2:e0:a0:
56:0d:13:9d:fe:49:c1:4a:df:d9:64:82:57:07:90:6c:8a:99:
10:82:20:8f:70:07:1c:a8:a0:6a:01:8e:a0:0e:36:ee:3d:c2:
38:19:0b:81:b8:66:67:9c:f7:c6:25:80:64:34:ad:cb:de:4f:
29:93:cd:36:2d:58:a9:1c:05:2a:95:b3:52:11:1c:68:ed:a9:
07:cc:65:80:3c:61:c5:31:56:56:c3:9d:82:7c:66:e5:5a:84:
eb:7b:ec:92:c0:e5:20:2f:d9:44:ed:5e:cb:ba:67:aa:d8:fd:
47:ea:7f:c4:bc:6b:91:6f:e4:a5:96:b6:d1:17:d6:83:81:83:
49:00:27:96:83:42:44:04:2e:66:fc:87:1c:c1:80:19:cd:7f:
5d:57:f2:62:b2:f9:c9:03:d8:94:7d:ce:7e:96:f1:7e:17:e8:
37:3b:55:ca
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICM5owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTc3REQxMTAvBgNVBAUTKDk1RDFCRUYzOTAwQjQxNjU4NDE2NEJCNzQ2MzE3NzEz
MDIyOTE2ODgwHhcNMjQwMTA0MTUxMDQ3WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk2Y2E3Ny1iNWE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzuXdsdhOTC18TqfYm34ttSmlnrprq3W11U0/vDmClX81yFW44hwdkH10nqq4
jBoNsF9aP3r6a7al6QOiFLdJvt7HHh1c79CiWrzti7uHxDXhLwU31vWafNnIFGyS
DNLpX7kNUXj6o8kO5VWIS0OtSLq9wKYq4SNE68cuREiDs7M4st7e0Vy6PiajLgRC
vAjnmhHe/j1Z0fjLQ25j8N30W5HHHPEWQVRtXgyqLMjpyJ7Hjs5xMA3oENOUJ06D
OSAvSdpEcNSDmUAK0po27V+6HJa+Rq04pMKB+PeOhHawmgu78SfIuk5hq2GWRoZi
vTFGwq2yrf6gvqVmEJvCe1MkLQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFLmmWcTH
zt0e4w/oSesm4/1yOwQrMB8GA1UdIwQYMBaAFJXRvvOQC0FlhBZLt0YxdxMCKRaI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NzdERC9EMUM1QjAyQTFE
OTYxMUUyQTFDQUI0N0YwOEIwMkNEMi9sZEctODVBTFFXV0VGa3UzUmpGM0V3SXBG
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xkRy04NUFMUVdXRUZrdTNSakYzRXdJcEZvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTc3REQvRDFDNUIwMkExRDk2MTFFMkExQ0FCNDdGMDhCMDJDRDIvQzJGN0FFNDBD
MDMxMTFFQTk3NzczMTRBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr/kwDBAJn7nwDBAR4MjADBADKsA0wDQQCAAIwBwMFACQE
mcAwDQYJKoZIhvcNAQELBQADggEBAIrMDFMocGQAgeEHlNx87RMk+8TMrD96DB3w
o7Fpyt054pR4vJYRTVJ+lRjK8jcNuRt/JYHL2iHCt+cVYe++TMA7aj+ENAaXdP8t
TkWrBlvklEonRD39CtLgoFYNE53+ScFK39lkglcHkGyKmRCCII9wBxyooGoBjqAO
Nu49wjgZC4G4Zmec98YlgGQ0rcveTymTzTYtWKkcBSqVs1IRHGjtqQfMZYA8YcUx
VlbDnYJ8ZuVahOt77JLA5SAv2UTtXsu6Z6rY/Ufqf8S8a5Fv5KWWttEX1oOBg0kA
J5aDQkQELmb8hxzBgBnNf11X8mKy+ckD2JR9zn6W8X4X6Dc7Vco=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:49:20 2024 by rpki-client on console-ams.rpki-client.org