Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
File: D3EAE1500B5911EA8CC1114BC4F9AE02.roa (raw, json)
Hash identifier: 6kshU0HtAchRgiTjP8s8Hd2WuIT7tJbRCmHqG1erYdU=
Subject key identifier: DB:70:92:B2:DA:63:E0:EA:4A:46:DE:EA:86:68:B1:6C:CD:1D:9F:34
Certificate issuer: /CN=A9168B03/serialNumber=BA51D09E1393E70A05873203FF7CC4E1FD7EA70F
Certificate serial: 1B6B
Authority key identifier: BA:51:D0:9E:13:93:E7:0A:05:87:32:03:FF:7C:C4:E1:FD:7E:A7:0F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
Signing time: Thu 24 Oct 2024 16:55:06 +0000
ROA not before: Thu 24 Oct 2024 16:55:06 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 9832
IP address blocks: 103.9.132.0/22 maxlen: 24
180.92.224.0/20 maxlen: 22
180.92.224.0/21 maxlen: 24
180.92.232.0/22 maxlen: 24
180.92.236.0/24 maxlen: 24
180.92.237.0/24 maxlen: 24
180.92.238.0/24 maxlen: 24
180.92.239.0/24 maxlen: 24
203.148.88.0/22 maxlen: 24
203.188.240.0/20 maxlen: 20
203.188.240.0/21 maxlen: 21
203.188.240.0/22 maxlen: 22
203.188.240.0/24 maxlen: 24
203.188.241.0/24 maxlen: 24
203.188.242.0/24 maxlen: 24
203.188.243.0/24 maxlen: 24
203.188.244.0/22 maxlen: 22
203.188.244.0/24 maxlen: 24
203.188.245.0/24 maxlen: 24
203.188.246.0/24 maxlen: 24
203.188.247.0/24 maxlen: 24
203.188.248.0/21 maxlen: 21
203.188.248.0/24 maxlen: 24
203.188.249.0/24 maxlen: 24
203.188.250.0/24 maxlen: 24
203.188.251.0/24 maxlen: 24
203.188.252.0/24 maxlen: 24
203.188.253.0/24 maxlen: 24
203.188.254.0/24 maxlen: 24
203.188.255.0/24 maxlen: 24
2403:bf80::/32 maxlen: 32
2403:bf80::/48 maxlen: 48
2403:bf80:1::/48 maxlen: 48
2403:bf80:2::/48 maxlen: 48
2403:bf80:3::/48 maxlen: 48
2403:bf80:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.crl
rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 16:15:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7019 (0x1b6b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9168B03/serialNumber=BA51D09E1393E70A05873203FF7CC4E1FD7EA70F
Validity
Not Before: Oct 24 16:55:06 2024 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=671a7be9-5097
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:bd:bf:ce:55:26:64:e3:27:05:cc:5c:3b:46:
62:d1:67:d4:ac:bc:35:f2:33:13:65:fe:8c:20:06:
05:1a:fb:84:8c:d9:2d:74:d7:5e:68:31:a7:2d:c6:
85:c2:ee:85:da:85:3a:16:c6:3b:cf:3c:07:90:87:
08:43:47:37:f9:e8:8a:ba:12:df:59:82:ff:77:71:
3f:53:bf:65:68:80:0d:fa:ee:0e:76:c7:3a:03:7f:
bc:82:5c:32:b1:3b:5a:a2:d1:ee:96:b2:62:1d:e8:
93:f4:ad:36:2e:56:ba:f3:ed:5b:e4:00:09:87:43:
92:4c:a8:93:64:85:13:1a:33:d5:4b:4a:fd:fe:a2:
b2:2e:3e:53:a6:cd:57:2a:cd:8d:90:d4:52:2a:5c:
1d:80:99:12:3b:b9:51:f6:2b:ee:0b:83:3e:9c:03:
88:3b:e2:e8:f3:76:05:21:f5:db:58:eb:65:4d:45:
bc:35:66:e3:d0:eb:07:ac:1d:a7:92:8e:2f:af:d7:
e6:fc:68:e3:4c:63:cd:4e:34:99:e3:8b:79:16:96:
9d:b6:f0:55:fa:53:2a:67:05:93:c9:87:ff:fb:9c:
5c:af:3f:de:7b:51:d7:96:e5:a6:81:7b:38:5e:ff:
9c:21:ec:89:e2:84:d2:8b:2e:42:d3:5e:a1:a0:b3:
aa:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:70:92:B2:DA:63:E0:EA:4A:46:DE:EA:86:68:B1:6C:CD:1D:9F:34
X509v3 Authority Key Identifier:
keyid:BA:51:D0:9E:13:93:E7:0A:05:87:32:03:FF:7C:C4:E1:FD:7E:A7:0F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/ulHQnhOT5woFhzID_3zE4f1-pw8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ulHQnhOT5woFhzID_3zE4f1-pw8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9168B03/D118E678F99D11E6B8727013C4F9AE02/D3EAE1500B5911EA8CC1114BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.9.132.0/22
180.92.224.0/20
203.148.88.0/22
203.188.240.0/20
IPv6:
2403:bf80::/32
Signature Algorithm: sha256WithRSAEncryption
4d:4c:92:bd:f9:a2:02:6a:90:46:ae:24:a7:d2:f6:e7:1e:d2:
a0:47:bd:57:4e:b3:e7:31:0d:34:cf:65:c9:68:6b:e1:3a:69:
3d:98:af:3b:60:f4:ed:3f:3f:c5:36:d3:2a:97:07:4a:33:40:
87:8c:63:b7:fc:40:fd:8a:22:39:ce:b0:fa:5e:32:8e:69:03:
34:ba:f9:66:b6:9f:85:39:0c:35:fb:bd:34:b3:4c:82:6a:0d:
f5:b0:22:fb:09:27:a4:fc:18:59:50:9f:b7:9d:7f:5f:88:4f:
c9:4c:08:b3:ab:55:16:bb:34:32:b0:38:f3:6c:fe:dd:69:e5:
05:8e:83:50:d4:d6:01:6b:c8:a1:3b:4f:c7:1d:ba:7a:0a:6e:
d6:a0:45:ba:33:36:aa:8f:e8:a4:3d:48:72:80:4f:d6:a0:f3:
67:60:9d:28:11:2d:16:7a:86:33:68:b7:2a:5b:f0:20:36:bd:
4a:ea:2b:63:cf:50:e4:b2:4b:19:81:b9:9e:10:24:c4:04:f3:
65:32:3e:b5:cd:5b:67:89:9a:43:79:c4:f2:89:71:ec:39:d9:
ad:d6:7b:85:c9:6b:44:1d:dc:0a:e2:34:5a:ce:9b:cf:5b:6d:
97:49:21:ae:a2:32:b1:aa:4b:79:fa:2b:26:aa:f2:b3:dc:fb:
d0:44:57:cf
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICG2swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjhCMDMxMTAvBgNVBAUTKEJBNTFEMDlFMTM5M0U3MEEwNTg3MzIwM0ZGN0NDNEUx
RkQ3RUE3MEYwHhcNMjQxMDI0MTY1NTA2WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzFhN2JlOS01MDk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzb2/zlUmZOMnBcxcO0Zi0WfUrLw18jMTZf6MIAYFGvuEjNktdNdeaDGnLcaF
wu6F2oU6FsY7zzwHkIcIQ0c3+eiKuhLfWYL/d3E/U79laIAN+u4Odsc6A3+8glwy
sTtaotHulrJiHeiT9K02Lla68+1b5AAJh0OSTKiTZIUTGjPVS0r9/qKyLj5Tps1X
Ks2NkNRSKlwdgJkSO7lR9ivuC4M+nAOIO+Lo83YFIfXbWOtlTUW8NWbj0OsHrB2n
ko4vr9fm/GjjTGPNTjSZ44t5FpadtvBV+lMqZwWTyYf/+5xcrz/ee1HXluWmgXs4
Xv+cIeyJ4oTSiy5C016hoLOqCwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFNtwkrLa
Y+DqSkbe6oZosWzNHZ80MB8GA1UdIwQYMBaAFLpR0J4Tk+cKBYcyA/98xOH9fqcP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OEIwMy9EMTE4RTY3OEY5
OUQxMUU2Qjg3MjcwMTNDNEY5QUUwMi91bEhRbmhPVDV3b0ZoeklEXzN6RTRmMS1w
dzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VsSFFuaE9UNXdvRmh6SURfM3pFNGYxLXB3OC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjhCMDMvRDExOEU2NzhGOTlEMTFFNkI4NzI3MDEzQzRGOUFFMDIvRDNFQUUxNTAw
QjU5MTFFQThDQzExMTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJnCYQDBAS0XOADBALLlFgDBATLvPAwDQQCAAIwBwMFACQD
v4AwDQYJKoZIhvcNAQELBQADggEBAE1Mkr35ogJqkEauJKfS9uce0qBHvVdOs+cx
DTTPZcloa+E6aT2Yrztg9O0/P8U20yqXB0ozQIeMY7f8QP2KIjnOsPpeMo5pAzS6
+Wa2n4U5DDX7vTSzTIJqDfWwIvsJJ6T8GFlQn7edf1+IT8lMCLOrVRa7NDKwOPNs
/t1p5QWOg1DU1gFryKE7T8cdunoKbtagRbozNqqP6KQ9SHKAT9ag82dgnSgRLRZ6
hjNotypb8CA2vUrqK2PPUOSySxmBuZ4QJMQE82UyPrXNW2eJmkN5xPKJcew52a3W
e4XJa0Qd3AriNFrOm89bbZdJIa6iMrGqS3n6Kyaq8rPc+9BEV88=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:55:48 2024 by rpki-client on console-fra.rpki-client.org