Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
File: 002DDDC22B9D11EA92F3094CC4F9AE02.roa (raw, json)
Hash identifier: QZ3wK9JvZw5jGFht0yCLYyrcYMQS8ULZWSvBoaszAK8=
Subject key identifier: 1C:B3:B3:02:89:5D:1C:75:24:F7:36:F3:36:0F:3E:6D:55:C9:D1:AA
Certificate issuer: /CN=A91722A3/serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Certificate serial: 0AA2
Authority key identifier: 70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
Signing time: Mon 18 Mar 2024 20:18:20 +0000
ROA not before: Mon 18 Mar 2024 20:18:20 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 133421
IP address blocks: 45.117.236.0/22 maxlen: 22
45.117.236.0/24 maxlen: 24
45.117.237.0/24 maxlen: 24
45.117.238.0/24 maxlen: 24
45.117.239.0/24 maxlen: 24
101.78.16.0/20 maxlen: 20
101.78.16.0/24 maxlen: 24
101.78.17.0/24 maxlen: 24
101.78.18.0/24 maxlen: 24
101.78.19.0/24 maxlen: 24
101.78.20.0/24 maxlen: 24
101.78.21.0/24 maxlen: 24
101.78.22.0/24 maxlen: 24
101.78.23.0/24 maxlen: 24
101.78.24.0/24 maxlen: 24
101.78.25.0/24 maxlen: 24
101.78.26.0/24 maxlen: 24
101.78.27.0/24 maxlen: 24
101.78.28.0/24 maxlen: 24
101.78.29.0/24 maxlen: 24
101.78.30.0/24 maxlen: 24
101.78.31.0/24 maxlen: 24
103.228.56.0/22 maxlen: 22
103.228.56.0/24 maxlen: 24
103.228.57.0/24 maxlen: 24
103.228.58.0/24 maxlen: 24
103.228.59.0/24 maxlen: 24
2403:1380::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 19:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2722 (0xaa2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91722A3/serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Validity
Not Before: Mar 18 20:18:20 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=65f8a18c-df9e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:57:cb:98:e5:d6:7e:79:42:b5:bd:66:13:3a:
a4:1c:fe:a3:6f:05:54:6c:c1:bd:a7:27:37:71:c8:
99:db:b1:04:5b:e6:7b:99:69:57:8e:ad:0c:71:5f:
c2:35:29:56:d6:3d:a4:7e:d0:bd:e6:63:5f:a2:03:
1b:ff:44:0e:ac:c7:c7:9d:61:15:0d:1c:64:bf:0a:
b4:8e:99:36:76:6b:2b:7d:ef:62:4c:80:19:83:3a:
40:09:a6:e7:3c:3e:6e:4c:31:f5:a8:91:f7:3d:25:
62:d9:41:a9:71:2c:2e:b1:ba:61:0f:fa:e6:bd:29:
ad:c9:d0:40:53:d1:2a:52:fa:55:7e:3d:e0:24:5f:
89:56:74:1e:47:96:98:49:9b:bd:c3:02:16:3b:4e:
99:4c:94:35:3d:81:df:92:57:8e:9c:ed:11:f2:ce:
73:c1:55:60:e9:3d:eb:e6:0d:4a:c3:43:fe:10:67:
6c:00:ac:43:34:63:5e:74:aa:69:90:37:19:d8:fb:
29:79:54:60:1f:0b:78:45:e4:f9:c0:31:08:81:a3:
82:a5:30:93:0f:91:79:1d:07:74:1a:68:c8:25:9f:
24:ee:59:67:0d:65:0f:da:1b:bc:e2:2b:fa:13:e7:
1b:43:05:d9:ac:23:23:c5:99:a7:73:08:8d:27:e6:
fd:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:B3:B3:02:89:5D:1C:75:24:F7:36:F3:36:0F:3E:6D:55:C9:D1:AA
X509v3 Authority Key Identifier:
keyid:70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.117.236.0/22
101.78.16.0/20
103.228.56.0/22
IPv6:
2403:1380::/32
Signature Algorithm: sha256WithRSAEncryption
b0:ed:02:05:35:34:27:58:bd:94:83:25:cd:bc:45:66:f5:f2:
77:d8:ec:4d:68:f6:68:be:ce:b2:ca:6a:10:37:b9:de:5e:30:
b7:a3:f3:99:d2:1d:c0:80:b3:91:b7:1c:5b:b3:6d:54:f7:a3:
ee:f4:24:3c:b4:45:b5:0a:ab:d4:14:ac:cd:ea:ae:19:9c:7c:
46:4e:af:18:22:c9:3c:6b:56:b1:b9:75:1c:bf:eb:01:4f:ac:
40:58:47:d4:fb:5b:39:5b:36:5a:40:df:e6:de:61:c5:ea:02:
6c:1b:aa:e3:5e:01:6f:f3:a9:16:65:a7:24:00:26:b9:bd:82:
9d:63:c7:c6:56:c8:40:a4:25:e4:81:68:8f:5e:66:e0:85:f4:
d6:bb:9b:69:07:a1:da:b5:88:ee:d1:c6:a2:99:e4:c6:84:cc:
2a:41:f2:60:c4:1d:06:0a:3c:ef:f9:3f:fc:ed:46:56:96:6e:
02:23:d1:fc:8d:53:77:c7:86:4a:42:31:e1:95:10:00:e1:3e:
25:fd:ba:fd:56:7a:57:fa:92:42:c9:ec:38:7f:1d:a9:8f:dd:
35:74:34:c2:2b:1e:9f:f5:5a:7e:40:ab:c1:d8:fe:c1:6a:c2:
2d:c8:b9:2c:b9:e2:51:38:de:56:f1:c2:68:73:43:44:d1:ea:
57:d8:6e:09
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCqIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzIyQTMxMTAvBgNVBAUTKDcwODVCNUI0NTQ5QUNEQjVCNkMyNzA0Qzg1QkE3ODg3
NjBGODhBMjcwHhcNMjQwMzE4MjAxODIwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY4YTE4Yy1kZjllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxlfLmOXWfnlCtb1mEzqkHP6jbwVUbMG9pyc3cciZ27EEW+Z7mWlXjq0McV/C
NSlW1j2kftC95mNfogMb/0QOrMfHnWEVDRxkvwq0jpk2dmsrfe9iTIAZgzpACabn
PD5uTDH1qJH3PSVi2UGpcSwusbphD/rmvSmtydBAU9EqUvpVfj3gJF+JVnQeR5aY
SZu9wwIWO06ZTJQ1PYHfkleOnO0R8s5zwVVg6T3r5g1Kw0P+EGdsAKxDNGNedKpp
kDcZ2PspeVRgHwt4ReT5wDEIgaOCpTCTD5F5HQd0GmjIJZ8k7llnDWUP2hu84iv6
E+cbQwXZrCMjxZmncwiNJ+b9bQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFByzswKJ
XRx1JPc28zYPPm1VydGqMB8GA1UdIwQYMBaAFHCFtbRUms21tsJwTIW6eIdg+Ion
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MjJBMy9DMDJEODVERTJC
OUIxMUVBOTcyQ0RGNDZDNEY5QUUwMi9jSVcxdEZTYXpiVzJ3bkJNaGJwNGgyRDRp
aWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NJVzF0RlNhemJXMnduQk1oYnA0aDJENGlpYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzIyQTMvQzAyRDg1REUyQjlCMTFFQTk3MkNERjQ2QzRGOUFFMDIvMDAyREREQzIy
QjlEMTFFQTkyRjMwOTRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAItdewDBARlThADBAJn5DgwDQQCAAIwBwMFACQDE4AwDQYJ
KoZIhvcNAQELBQADggEBALDtAgU1NCdYvZSDJc28RWb18nfY7E1o9mi+zrLKahA3
ud5eMLej85nSHcCAs5G3HFuzbVT3o+70JDy0RbUKq9QUrM3qrhmcfEZOrxgiyTxr
VrG5dRy/6wFPrEBYR9T7WzlbNlpA3+beYcXqAmwbquNeAW/zqRZlpyQAJrm9gp1j
x8ZWyECkJeSBaI9eZuCF9Na7m2kHodq1iO7RxqKZ5MaEzCpB8mDEHQYKPO/5P/zt
RlaWbgIj0fyNU3fHhkpCMeGVEADhPiX9uv1Welf6kkLJ7Dh/HamP3TV0NMIrHp/1
Wn5Aq8HY/sFqwi3IuSy54lE43lbxwmhzQ0TR6lfYbgk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:14:30 2024 by rpki-client on console-ams.rpki-client.org