Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/24AD9F38E5EE11EE88941343C4F9AE02.roa
File: 24AD9F38E5EE11EE88941343C4F9AE02.roa (raw, json)
Hash identifier: QIiQW4nGLyW4oM79YMIJHRdB7OFHYli1B2ogK0jmj0Q=
Subject key identifier: F5:75:3C:CD:51:C8:EB:63:B2:9A:7B:D9:F4:11:59:AB:60:BD:80:90
Certificate issuer: /CN=A915D03A/serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Certificate serial: 18A0
Authority key identifier: 61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/24AD9F38E5EE11EE88941343C4F9AE02.roa
Signing time: Wed 10 Apr 2024 13:54:20 +0000
ROA not before: Wed 10 Apr 2024 13:54:20 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 16625
IP address blocks: 59.151.128.0/22 maxlen: 22
59.151.136.0/22 maxlen: 22
59.151.172.0/22 maxlen: 22
59.151.176.0/22 maxlen: 22
60.254.132.0/22 maxlen: 22
60.254.168.0/22 maxlen: 22
103.238.150.0/23 maxlen: 23
118.214.32.0/20 maxlen: 20
118.214.64.0/20 maxlen: 20
118.214.96.0/20 maxlen: 20
118.214.128.0/20 maxlen: 20
118.214.240.0/20 maxlen: 20
118.215.8.0/21 maxlen: 21
118.215.80.0/21 maxlen: 21
118.215.88.0/21 maxlen: 21
118.215.96.0/21 maxlen: 21
118.215.176.0/20 maxlen: 20
125.56.212.0/23 maxlen: 23
125.252.212.0/22 maxlen: 22
125.252.216.0/22 maxlen: 22
125.252.228.0/22 maxlen: 22
125.252.232.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 09 Jun 2024 17:09:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6304 (0x18a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915D03A/serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Validity
Not Before: Apr 10 13:54:20 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=66169a0c-d9a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:fa:2a:16:5c:3a:bb:d1:d0:9c:89:a7:b8:fc:
c6:fa:be:8e:53:cd:e7:c6:7e:64:1d:fd:8b:36:37:
e1:6c:1b:2b:06:7f:a4:94:2d:99:84:53:67:19:81:
6b:7d:22:0b:80:bd:15:77:d3:9a:23:e4:ed:44:87:
27:f4:64:70:ec:ad:55:bb:40:51:e2:da:d4:74:f8:
63:c7:77:2c:5a:53:7c:98:f4:3a:6a:7b:51:62:26:
72:e2:3e:28:8b:c8:9f:92:3a:75:af:55:e4:bb:56:
84:be:f0:c8:bc:45:e9:06:9c:49:dd:0c:60:16:7e:
96:da:d9:a8:31:51:40:9d:ee:81:fd:02:e0:22:6b:
e2:ea:b5:e6:8b:24:9c:1f:c9:71:c9:a8:3b:18:12:
8d:2f:b7:94:cb:bb:b9:37:c6:ec:1b:53:5d:89:bc:
1c:c1:c8:e7:5a:e7:66:a6:c8:b8:2a:99:c0:68:fb:
2d:28:52:e8:b9:1e:51:23:f6:b3:3b:c1:d1:52:ea:
7d:01:af:24:c8:3f:e4:48:dd:31:85:94:e7:5a:c5:
e2:71:6a:b7:89:89:2a:ac:40:dc:fb:a4:bd:7a:d6:
6c:87:72:35:0d:42:40:d9:cd:20:60:c1:b6:11:09:
bb:b3:eb:72:96:48:4c:8b:0f:f9:bd:9b:06:fe:49:
ac:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:75:3C:CD:51:C8:EB:63:B2:9A:7B:D9:F4:11:59:AB:60:BD:80:90
X509v3 Authority Key Identifier:
keyid:61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/24AD9F38E5EE11EE88941343C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.151.128.0/22
59.151.136.0/22
59.151.172.0-59.151.179.255
60.254.132.0/22
60.254.168.0/22
103.238.150.0/23
118.214.32.0/20
118.214.64.0/20
118.214.96.0/20
118.214.128.0/20
118.214.240.0/20
118.215.8.0/21
118.215.80.0-118.215.103.255
118.215.176.0/20
125.56.212.0/23
125.252.212.0-125.252.219.255
125.252.228.0-125.252.239.255
Signature Algorithm: sha256WithRSAEncryption
b3:44:cb:f1:11:09:a6:4c:57:7d:d4:6a:c5:b7:7b:dc:8a:89:
53:5f:59:c3:ed:e6:10:3e:d9:41:fb:09:58:a8:e7:27:38:e8:
df:cc:a9:ac:08:79:01:39:a8:11:ff:d1:60:cf:9e:64:15:45:
a7:a8:fb:ae:2c:9c:ef:f8:78:d0:67:01:f6:bc:3b:72:fe:4f:
46:00:0e:60:ca:5e:3f:7b:1d:9f:e8:59:67:bb:bb:01:77:b6:
6b:f3:26:b3:2b:8d:8f:5f:84:69:18:01:66:9d:dc:05:ec:2d:
20:3a:0c:45:1b:36:6b:c8:7b:9d:09:f2:88:3b:f4:8b:8e:42:
57:2c:f5:32:e4:54:fb:ba:7c:fa:df:b9:b2:ce:31:48:57:54:
b5:30:4c:4b:05:3d:21:df:27:a9:3e:49:23:6d:d8:ba:54:dd:
38:36:e7:94:b8:bc:10:d1:d0:1e:c2:f6:62:33:35:f5:71:fd:
73:81:d8:38:a0:8a:08:77:2c:bc:84:fd:de:bc:aa:bf:8e:51:
81:69:1a:85:d8:3f:c7:50:f3:8c:2e:f3:37:2a:fa:8b:94:13:
9c:6d:42:2c:05:5f:6a:eb:4f:9e:9a:fd:a7:23:10:25:4d:eb:
89:5e:77:df:3e:0f:58:06:60:4b:8d:2b:f6:a2:61:a3:bb:ae:
6d:1f:2f:8b
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgICGKAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUQwM0ExMTAvBgNVBAUTKDYxNUVEODRDNDRFNjU3RjcwOTVFMDIxMkFGRUEwNTJD
NTQyQTBEOTEwHhcNMjQwNDEwMTM1NDIwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjE2OWEwYy1kOWE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqPoqFlw6u9HQnImnuPzG+r6OU83nxn5kHf2LNjfhbBsrBn+klC2ZhFNnGYFr
fSILgL0Vd9OaI+TtRIcn9GRw7K1Vu0BR4trUdPhjx3csWlN8mPQ6antRYiZy4j4o
i8ifkjp1r1Xku1aEvvDIvEXpBpxJ3QxgFn6W2tmoMVFAne6B/QLgImvi6rXmiySc
H8lxyag7GBKNL7eUy7u5N8bsG1NdibwcwcjnWudmpsi4KpnAaPstKFLouR5RI/az
O8HRUup9Aa8kyD/kSN0xhZTnWsXicWq3iYkqrEDc+6S9etZsh3I1DUJA2c0gYMG2
EQm7s+tylkhMiw/5vZsG/kmsEQIDAQABo4IDGjCCAxYwHQYDVR0OBBYEFPV1PM1R
yOtjspp72fQRWatgvYCQMB8GA1UdIwQYMBaAFGFe2ExE5lf3CV4CEq/qBSxUKg2R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1RDAzQS8xQjY0NzcxMDky
NDYxMUU3OUFBRUJFMTBDNEY5QUUwMi9ZVjdZVEVUbVZfY0pYZ0lTci1vRkxGUXFE
WkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lWN1lURVRtVl9jSlhnSVNyLW9GTEZRcURaRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUQwM0EvMUI2NDc3MTA5MjQ2MTFFNzlBQUVCRTEwQzRGOUFFMDIvMjRBRDlGMzhF
NUVFMTFFRTg4OTQxMzQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaMGCCsGAQUFBwEHAQH/
BIGTMIGQMIGNBAIAATCBhgMEAjuXgAMEAjuXiDAMAwQCO5esAwQCO5ewAwQCPP6E
AwQCPP6oAwQBZ+6WAwQEdtYgAwQEdtZAAwQEdtZgAwQEdtaAAwQEdtbwAwQDdtcI
MAwDBAR211ADBAN212ADBAR217ADBAF9ONQwDAMEAn381AMEAn382DAMAwQCffzk
AwQEffzgMA0GCSqGSIb3DQEBCwUAA4IBAQCzRMvxEQmmTFd91GrFt3vciolTX1nD
7eYQPtlB+wlYqOcnOOjfzKmsCHkBOagR/9Fgz55kFUWnqPuuLJzv+HjQZwH2vDty
/k9GAA5gyl4/ex2f6Flnu7sBd7Zr8yazK42PX4RpGAFmndwF7C0gOgxFGzZryHud
CfKIO/SLjkJXLPUy5FT7unz637myzjFIV1S1MExLBT0h3yepPkkjbdi6VN04NueU
uLwQ0dAewvZiMzX1cf1zgdg4oIoIdyy8hP3evKq/jlGBaRqF2D/HUPOMLvM3KvqL
lBOcbUIsBV9q60+emv2nIxAlTeuJXnffPg9YBmBLjSv2omGju65tHy+L
-----END CERTIFICATE-----
Generated at Sun Jun 2 17:59:43 2024 by rpki-client on console-fra.rpki-client.org