Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/CA2F11AE8F0511ECB2497B14C4F9AE02.roa
File: CA2F11AE8F0511ECB2497B14C4F9AE02.roa (raw, json)
Hash identifier: 2wBvjopI6Vu44IOAbgZoKB38msMcdFtbrAtro1uYtcs=
Subject key identifier: 9A:27:7F:57:5C:E9:CA:DC:B9:1B:E4:9E:DE:87:89:6F:50:7F:CA:16
Certificate issuer: /CN=A917F247/serialNumber=904A235CB4747E08600FC1D26B93F51C4674EBAA
Certificate serial: 037C
Authority key identifier: 90:4A:23:5C:B4:74:7E:08:60:0F:C1:D2:6B:93:F5:1C:46:74:EB:AA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kEojXLR0fghgD8HSa5P1HEZ066o.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/CA2F11AE8F0511ECB2497B14C4F9AE02.roa
Signing time: Sun 01 Dec 2024 01:04:10 +0000
ROA not before: Sun 01 Dec 2024 01:04:10 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 6453
IP address blocks: 14.137.32.0/19 maxlen: 24
103.70.64.0/22 maxlen: 24
103.103.60.0/22 maxlen: 24
182.54.144.0/22 maxlen: 24
182.255.28.0/22 maxlen: 24
202.5.112.0/20 maxlen: 24
203.2.130.0/23 maxlen: 24
203.8.206.0/23 maxlen: 24
203.21.140.0/22 maxlen: 24
203.24.104.0/22 maxlen: 24
203.27.96.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/kEojXLR0fghgD8HSa5P1HEZ066o.crl
rsync://rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/kEojXLR0fghgD8HSa5P1HEZ066o.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kEojXLR0fghgD8HSa5P1HEZ066o.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 16 Apr 2025 00:26:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 892 (0x37c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917F247
Validity
Not Before: Dec 1 01:04:10 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=674bb60a-69f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:40:70:b5:48:f1:7e:71:1f:70:08:33:11:81:
e1:6b:91:8c:37:be:91:3a:c2:48:cd:24:b3:e4:ea:
b4:4d:9f:9a:16:bc:4e:e9:3f:26:09:67:8c:8e:54:
71:17:79:f8:7c:ef:c2:c4:5d:e0:93:f9:00:19:f9:
9c:53:08:d8:26:4e:4d:a0:19:6e:50:99:a0:07:4a:
bd:a9:54:46:46:c0:59:77:6b:eb:09:1b:0e:0c:44:
ed:8e:36:e4:43:ff:a6:99:79:ec:f0:1a:38:25:18:
18:8b:f7:07:04:8b:2e:b2:5e:3a:08:df:cf:a7:3b:
0d:05:b4:3c:a0:54:57:a4:3f:61:d3:b0:ab:e7:94:
b1:6e:8c:8e:88:bd:6e:c0:9d:87:6f:fa:0b:4e:24:
05:ae:a3:99:81:39:23:e2:3f:a2:c5:34:79:ce:41:
3e:d4:13:3a:5d:14:e5:97:83:d6:47:8e:df:80:a9:
dd:05:2e:90:10:6d:40:30:1b:b4:6c:65:d6:f3:5c:
6d:0f:68:f0:a0:cd:ce:aa:ae:c6:0d:05:86:98:b6:
78:bb:34:d3:41:d1:3f:d3:60:38:5c:a0:40:02:df:
6c:b1:3c:b5:72:79:97:9e:2b:7b:8d:b7:47:79:1c:
4b:51:99:a4:97:6b:01:bf:79:6a:d6:5d:df:43:ed:
0f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:27:7F:57:5C:E9:CA:DC:B9:1B:E4:9E:DE:87:89:6F:50:7F:CA:16
X509v3 Authority Key Identifier:
keyid:90:4A:23:5C:B4:74:7E:08:60:0F:C1:D2:6B:93:F5:1C:46:74:EB:AA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/kEojXLR0fghgD8HSa5P1HEZ066o.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kEojXLR0fghgD8HSa5P1HEZ066o.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917F247/6D22EAF08F0311ECA5C9FE12C4F9AE02/CA2F11AE8F0511ECB2497B14C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.137.32.0/19
103.70.64.0/22
103.103.60.0/22
182.54.144.0/22
182.255.28.0/22
202.5.112.0/20
203.2.130.0/23
203.8.206.0/23
203.21.140.0/22
203.24.104.0/22
203.27.96.0/23
Signature Algorithm: sha256WithRSAEncryption
bb:f3:94:99:77:08:2e:7a:b5:cd:37:9c:47:92:b9:e9:77:eb:
f5:e5:44:90:3e:45:73:b2:78:9f:bc:40:53:22:48:7b:28:dc:
f4:43:5e:9b:60:4e:d1:10:67:69:30:47:c2:26:fe:46:ea:df:
31:56:4b:0a:2b:78:4f:35:cd:ab:67:78:f2:fc:9b:4c:d7:a6:
2d:09:f2:73:ea:df:3f:59:3b:f8:ca:a9:22:52:bf:bf:30:3a:
c3:6e:b6:30:57:dd:16:42:ef:d8:eb:ee:69:7d:f5:46:00:ac:
96:79:26:cc:e6:80:c0:8d:7b:39:29:8b:d7:15:9f:90:77:bf:
68:96:77:dd:f7:80:5c:40:03:8c:0c:af:ae:f4:b5:7f:8e:e1:
16:2a:5a:71:27:6a:16:51:c7:d1:88:02:c9:bd:54:ff:2f:99:
81:3f:c1:40:7b:37:42:fd:89:e5:8f:7e:bd:e1:42:65:ea:a2:
ce:bd:4d:dc:28:3d:d3:80:0a:78:4b:ec:ba:a8:bd:3c:63:c6:
1d:77:cd:d5:32:bd:6a:2e:1e:d1:df:b6:68:0e:f4:34:f1:c1:
01:a6:f9:23:d7:a2:97:ae:75:71:56:06:ef:5d:1f:73:10:50:
73:61:fe:ef:01:56:8a:bd:1e:3a:bf:07:7a:d9:bc:25:8a:4b:
67:db:cf:0e
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICA3wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0YyNDcxMTAvBgNVBAUTKDkwNEEyMzVDQjQ3NDdFMDg2MDBGQzFEMjZCOTNGNTFD
NDY3NEVCQUEwHhcNMjQxMjAxMDEwNDEwWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzRiYjYwYS02OWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr0BwtUjxfnEfcAgzEYHha5GMN76ROsJIzSSz5Oq0TZ+aFrxO6T8mCWeMjlRx
F3n4fO/CxF3gk/kAGfmcUwjYJk5NoBluUJmgB0q9qVRGRsBZd2vrCRsODETtjjbk
Q/+mmXns8Bo4JRgYi/cHBIsusl46CN/PpzsNBbQ8oFRXpD9h07Cr55SxboyOiL1u
wJ2Hb/oLTiQFrqOZgTkj4j+ixTR5zkE+1BM6XRTll4PWR47fgKndBS6QEG1AMBu0
bGXW81xtD2jwoM3Oqq7GDQWGmLZ4uzTTQdE/02A4XKBAAt9ssTy1cnmXnit7jbdH
eRxLUZmkl2sBv3lq1l3fQ+0P2wIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFJonf1dc
6crcuRvknt6HiW9Qf8oWMB8GA1UdIwQYMBaAFJBKI1y0dH4IYA/B0muT9RxGdOuq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RjI0Ny82RDIyRUFGMDhG
MDMxMUVDQTVDOUZFMTJDNEY5QUUwMi9rRW9qWExSMGZnaGdEOEhTYTVQMUhFWjA2
Nm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tFb2pYTFIwZmdoZ0Q4SFNhNVAxSEVaMDY2by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0YyNDcvNkQyMkVBRjA4RjAzMTFFQ0E1QzlGRTEyQzRGOUFFMDIvQ0EyRjExQUU4
RjA1MTFFQ0IyNDk3QjE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgABMEIDBAUOiSADBAJnRkADBAJnZzwDBAK2NpADBAK2/xwDBATKBXAD
BAHLAoIDBAHLCM4DBALLFYwDBALLGGgDBAHLG2AwDQYJKoZIhvcNAQELBQADggEB
ALvzlJl3CC56tc03nEeSuel36/XlRJA+RXOyeJ+8QFMiSHso3PRDXptgTtEQZ2kw
R8Im/kbq3zFWSworeE81zatnePL8m0zXpi0J8nPq3z9ZO/jKqSJSv78wOsNutjBX
3RZC79jr7ml99UYArJZ5JszmgMCNezkpi9cVn5B3v2iWd933gFxAA4wMr670tX+O
4RYqWnEnahZRx9GIAsm9VP8vmYE/wUB7N0L9ieWPfr3hQmXqos69TdwoPdOACnhL
7LqovTxjxh13zdUyvWouHtHftmgO9DTxwQGm+SPXopeudXFWBu9dH3MQUHNh/u8B
Voq9Hjq/B3rZvCWKS2fbzw4=
-----END CERTIFICATE-----
Generated at Fri Apr 11 07:54:02 2025 by rpki-client