Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
File: EFE8CDF6C8D111EE95249F25C4F9AE02.roa (raw, json)
Hash identifier: tFtn/VHQEvDcsoWqBX4q0RUPrGxjEwECyPDacA7Txlo=
Subject key identifier: 08:91:03:4D:6F:54:BE:5B:06:21:F4:AF:02:9F:38:32:11:AD:D2:E0
Certificate issuer: /CN=A9167D07/serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
Certificate serial: 1542
Authority key identifier: 03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
Signing time: Sat 02 Mar 2024 17:25:13 +0000
ROA not before: Sat 02 Mar 2024 17:25:13 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 55427
IP address blocks: 43.245.92.0/22 maxlen: 22
43.245.92.0/23 maxlen: 23
43.245.92.0/24 maxlen: 24
43.245.93.0/24 maxlen: 24
43.245.94.0/23 maxlen: 23
43.245.94.0/24 maxlen: 24
43.245.95.0/24 maxlen: 24
103.232.228.0/22 maxlen: 22
103.232.228.0/23 maxlen: 23
103.232.228.0/24 maxlen: 24
103.232.229.0/24 maxlen: 24
103.232.230.0/23 maxlen: 23
103.232.230.0/24 maxlen: 24
103.232.231.0/24 maxlen: 24
182.50.64.0/22 maxlen: 24
2402:a300::/32 maxlen: 32
2402:a300:3e6::/48 maxlen: 48
2402:a300:3e7::/48 maxlen: 48
2402:a300:3e8::/48 maxlen: 48
2402:a300:13e6::/48 maxlen: 48
2402:a300:13e7::/48 maxlen: 48
2402:a300:13e8::/48 maxlen: 48
2402:a300:23e8::/48 maxlen: 48
2402:a300:4000::/36 maxlen: 36
2402:a300:4005::/48 maxlen: 48
2402:a300:8000::/36 maxlen: 36
2402:a300:8005::/48 maxlen: 48
2402:a300:800a::/48 maxlen: 48
2402:a300:c000::/36 maxlen: 36
2402:a300:c005::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl
rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 15:54:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5442 (0x1542)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9167D07/serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
Validity
Not Before: Mar 2 17:25:13 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=65e360f9-912f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:41:fa:8f:c4:19:b6:8a:30:a0:97:fe:0b:6c:
4a:72:af:ed:41:32:a2:59:e0:50:7b:d0:ed:7e:3d:
65:ca:10:39:12:6d:fb:09:f7:78:86:b4:43:71:2a:
78:ad:c8:e4:32:6d:08:98:5c:18:94:12:5b:6e:be:
8b:b8:17:76:61:88:58:d8:d9:6c:df:ec:94:0c:83:
9c:c6:de:bb:26:0f:89:5d:39:c6:b8:2c:38:a0:72:
01:7b:63:3f:95:1d:3d:19:a1:ec:df:a3:ca:6f:f3:
7a:ff:2b:6b:9f:f6:7b:e5:3d:08:4f:6e:df:5e:7b:
29:ff:29:28:84:dc:0c:1a:04:35:f8:87:51:64:59:
06:a2:0b:d6:e1:37:c4:4a:79:de:59:8e:df:0f:5e:
a8:b6:ce:dd:ff:70:84:7f:70:d9:f7:95:d8:05:9b:
a1:d9:c5:1a:85:d1:53:07:10:7b:7c:57:49:33:42:
1f:a9:b0:28:c8:ad:92:69:ec:3b:37:8b:19:17:9d:
6c:b8:db:ac:2a:d4:f1:2d:7b:0c:58:6d:8b:1a:1d:
d5:4d:3d:85:02:d9:5b:a6:43:22:4c:90:e4:a7:71:
88:11:91:51:fe:77:e8:00:2d:68:01:e1:34:41:53:
90:86:ec:fd:0b:7a:28:71:e2:02:33:10:66:12:84:
08:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:91:03:4D:6F:54:BE:5B:06:21:F4:AF:02:9F:38:32:11:AD:D2:E0
X509v3 Authority Key Identifier:
keyid:03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.92.0/22
103.232.228.0/22
182.50.64.0/22
IPv6:
2402:a300::/32
Signature Algorithm: sha256WithRSAEncryption
64:ce:b6:84:c0:a8:12:b9:b3:1c:a5:23:61:26:e2:af:88:88:
ea:19:d4:40:dd:e9:82:07:8b:58:da:97:d6:bd:71:bb:8a:0d:
7c:51:3a:6e:dc:97:13:d5:d0:68:29:ff:50:8b:fe:fe:92:28:
ad:e1:63:b1:34:fb:31:42:e4:46:c4:9a:e6:e5:93:e6:c2:03:
f9:00:72:67:7d:fe:38:69:20:13:21:42:16:a6:c6:3d:83:e3:
f3:67:14:f2:de:e7:61:ca:25:53:51:9c:a2:f9:b8:41:75:8d:
11:6c:9c:39:41:28:39:57:94:1d:cc:4f:6b:e1:a4:99:24:12:
ee:24:00:f5:94:12:b2:9b:d9:73:d5:7d:a7:df:4d:97:b6:ab:
d3:ec:a3:f3:d8:ab:cb:65:e9:e9:fc:5b:87:fd:45:85:b9:39:
40:51:b8:e1:49:02:ea:2e:75:22:76:a5:ed:af:d1:17:dc:98:
36:90:c6:db:27:6b:0e:e6:24:c8:98:89:3a:50:33:b8:79:7a:
62:02:d9:37:72:6a:32:90:1a:a4:f6:c8:b2:bc:89:dc:2a:c1:
a2:2f:ce:a3:72:57:13:01:05:3f:0a:61:4c:0b:30:a0:c8:6d:
00:57:b2:a8:3c:6c:01:e9:07:2d:86:bc:82:da:57:b5:96:1d:
b2:56:09:f9
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICFUIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdEMDcxMTAvBgNVBAUTKDAzN0I4RjA1RjQ5MDJEOURBOEI0MjRDMzkzNDA4NjVG
M0RBQzlCMjYwHhcNMjQwMzAyMTcyNTEzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzNjBmOS05MTJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA60H6j8QZtoowoJf+C2xKcq/tQTKiWeBQe9Dtfj1lyhA5Em37Cfd4hrRDcSp4
rcjkMm0ImFwYlBJbbr6LuBd2YYhY2Nls3+yUDIOcxt67Jg+JXTnGuCw4oHIBe2M/
lR09GaHs36PKb/N6/ytrn/Z75T0IT27fXnsp/ykohNwMGgQ1+IdRZFkGogvW4TfE
SnneWY7fD16ots7d/3CEf3DZ95XYBZuh2cUahdFTBxB7fFdJM0IfqbAoyK2Saew7
N4sZF51suNusKtTxLXsMWG2LGh3VTT2FAtlbpkMiTJDkp3GIEZFR/nfoAC1oAeE0
QVOQhuz9C3ooceICMxBmEoQIgQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFAiRA01v
VL5bBiH0rwKfODIRrdLgMB8GA1UdIwQYMBaAFAN7jwX0kC2dqLQkw5NAhl89rJsm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0QwNy9ENzRBRTI3NDFC
QTkxMUU4QThGNTc4NjVDNEY5QUUwMi9BM3VQQmZTUUxaMm90Q1REazBDR1h6MnNt
eVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0EzdVBCZlNRTFoyb3RDVERrMENHWHoyc215WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdEMDcvRDc0QUUyNzQxQkE5MTFFOEE4RjU3ODY1QzRGOUFFMDIvRUZFOENERjZD
OEQxMTFFRTk1MjQ5RjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIr9VwDBAJn6OQDBAK2MkAwDQQCAAIwBwMFACQCowAwDQYJ
KoZIhvcNAQELBQADggEBAGTOtoTAqBK5sxylI2Em4q+IiOoZ1EDd6YIHi1jal9a9
cbuKDXxROm7clxPV0Ggp/1CL/v6SKK3hY7E0+zFC5EbEmublk+bCA/kAcmd9/jhp
IBMhQhamxj2D4/NnFPLe52HKJVNRnKL5uEF1jRFsnDlBKDlXlB3MT2vhpJkkEu4k
APWUErKb2XPVfaffTZe2q9Pso/PYq8tl6en8W4f9RYW5OUBRuOFJAuoudSJ2pe2v
0RfcmDaQxtsnaw7mJMiYiTpQM7h5emIC2TdyajKQGqT2yLK8idwqwaIvzqNyVxMB
BT8KYUwLMKDIbQBXsqg8bAHpBy2GvILaV7WWHbJWCfk=
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:20:06 2024 by rpki-client on console-fra.rpki-client.org