Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B56E0C2C736D11EE99AC962DC4F9AE02.roa
File: B56E0C2C736D11EE99AC962DC4F9AE02.roa (raw, json)
Hash identifier: E+jnFcUFJJTEBKEPwzeSJ5qG3RU1Fvl99XFO3wYHXRw=
Subject key identifier: 02:B5:AE:FF:D1:60:32:63:D7:43:D0:3E:FA:CC:C7:E4:8F:16:DB:67
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9B82
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B56E0C2C736D11EE99AC962DC4F9AE02.roa
Signing time: Wed 09 Oct 2024 11:43:48 +0000
ROA not before: Wed 09 Oct 2024 11:43:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133283
IP address blocks: 45.114.36.0/22 maxlen: 24
103.44.156.0/22 maxlen: 24
103.86.95.0/24 maxlen: 24
103.252.240.0/24 maxlen: 24
103.252.241.0/24 maxlen: 24
2001:df7:6300::/48 maxlen: 48
2401:4aa0::/36 maxlen: 36
2401:4aa0:1000::/36 maxlen: 36
2401:4aa0:2000::/36 maxlen: 36
2401:4aa0:3000::/36 maxlen: 36
2401:4aa0:4000::/36 maxlen: 36
2401:4aa0:5000::/36 maxlen: 36
2401:4aa0:6000::/36 maxlen: 36
2401:4aa0:7000::/36 maxlen: 36
2401:4aa0:8000::/36 maxlen: 36
2401:4aa0:9000::/36 maxlen: 36
2401:4aa0:a000::/36 maxlen: 36
2401:4aa0:b000::/36 maxlen: 36
2401:4aa0:c000::/36 maxlen: 36
2401:4aa0:d000::/36 maxlen: 36
2401:4aa0:e000::/36 maxlen: 36
2401:4aa0:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 06:14:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39810 (0x9b82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Oct 9 11:43:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67066c74-f924
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:71:02:ac:b5:e1:8a:c3:cd:9a:50:bd:94:0f:
73:68:52:2d:a2:be:44:72:e5:c9:f9:ba:2b:05:10:
aa:e4:20:23:95:94:e2:20:4a:f9:22:c9:83:57:c6:
2b:05:ca:ab:f3:f4:c8:c4:c3:46:dd:e1:4c:0f:7c:
e0:f8:7b:12:77:7f:34:5e:7c:b8:07:df:fd:84:90:
f6:71:2a:0d:8e:58:cc:07:de:ee:4e:6c:7f:fc:90:
9b:96:d7:93:7f:f4:24:c9:72:b3:00:5f:00:7a:90:
a9:90:7d:08:40:99:e8:14:58:04:6e:9c:92:cf:35:
a4:58:73:ec:96:d4:4a:b1:e8:74:1d:24:84:42:5c:
08:87:4a:9a:99:eb:25:00:af:27:2b:7b:cd:3d:dc:
ec:d1:d3:b3:ee:b0:bd:e5:e3:7f:7b:be:c6:d5:4c:
ef:11:b5:fa:cb:a5:15:a3:b5:3a:3b:90:5a:63:0d:
1b:2e:27:84:cf:a2:54:a0:cd:6d:0d:7d:a5:8b:17:
3c:aa:7e:04:bf:73:f1:52:4e:ef:b6:ad:83:dc:a1:
83:a8:d2:15:25:c9:da:cd:32:1d:7b:24:08:b8:1c:
5f:e3:89:d0:80:bc:f9:a4:bb:25:4b:d2:bc:1c:05:
4f:8f:01:07:cb:98:c7:cf:ab:8b:24:d8:7e:a5:ac:
2b:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:B5:AE:FF:D1:60:32:63:D7:43:D0:3E:FA:CC:C7:E4:8F:16:DB:67
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B56E0C2C736D11EE99AC962DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.114.36.0/22
103.44.156.0/22
103.86.95.0/24
103.252.240.0/23
IPv6:
2001:df7:6300::/48
2401:4aa0::/32
Signature Algorithm: sha256WithRSAEncryption
5c:17:28:87:c1:51:7a:f4:27:00:3c:c5:0c:56:1b:3a:67:21:
9c:bb:3d:b1:bf:49:2b:92:47:d9:54:5d:d7:53:b9:dd:4c:99:
35:5d:fa:6f:66:4e:ca:22:df:83:5f:87:1f:29:9c:b8:61:89:
34:d0:43:ac:71:15:0e:65:62:af:ed:86:ed:ce:21:18:9a:02:
3f:3e:d1:1e:f0:2e:3a:20:ac:49:89:a5:0e:0e:18:16:32:2e:
a5:a0:4c:3a:d2:b0:45:4d:94:6e:3e:fb:1a:ff:ac:88:49:1f:
d8:71:77:ba:97:fd:fb:90:57:03:ba:ce:f5:62:8b:0f:90:01:
13:c6:9a:30:42:70:3f:6c:71:a6:94:e5:88:f6:74:3f:3f:34:
e8:aa:a0:11:5a:43:53:31:09:bb:ff:6a:9a:29:9a:b8:1f:e3:
e9:b2:26:50:94:d2:b2:d4:86:a6:d1:e9:ae:f4:56:2e:7d:bd:
5b:69:71:9b:2a:83:1f:b2:a8:62:ea:3c:3e:a9:dc:52:6d:01:
0a:7b:58:ca:83:0b:db:d0:76:3b:40:96:2e:0e:e7:de:85:8a:
89:38:7d:45:55:d6:7c:d6:bf:66:e1:0b:2b:89:6f:44:81:7f:
be:45:05:02:6f:0d:d3:c7:c2:7b:b7:28:ba:88:77:78:81:2a:
f5:83:89:41
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIDAJuCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTAwOTExNDM0OFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcwNjZjNzQtZjkyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5xAqy14YrDzZpQvZQPc2hSLaK+RHLlyfm6KwUQquQgI5WU4iBK+SLJg1fG
KwXKq/P0yMTDRt3hTA984Ph7End/NF58uAff/YSQ9nEqDY5YzAfe7k5sf/yQm5bX
k3/0JMlyswBfAHqQqZB9CECZ6BRYBG6cks81pFhz7JbUSrHodB0khEJcCIdKmpnr
JQCvJyt7zT3c7NHTs+6wveXjf3u+xtVM7xG1+sulFaO1OjuQWmMNGy4nhM+iVKDN
bQ19pYsXPKp+BL9z8VJO77atg9yhg6jSFSXJ2s0yHXskCLgcX+OJ0IC8+aS7JUvS
vBwFT48BB8uYx8+riyTYfqWsK58CAwEAAaOCAr8wggK7MB0GA1UdDgQWBBQCta7/
0WAyY9dD0D76zMfkjxbbZzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I1NkUwQzJD
NzM2RDExRUU5OUFDOTYyREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMEkGCCsGAQUFBwEHAQH/
BDowODAeBAIAATAYAwQCLXIkAwQCZyycAwQAZ1ZfAwQBZ/zwMBYEAgACMBADBwAg
AQ33YwADBQAkAUqgMA0GCSqGSIb3DQEBCwUAA4IBAQBcFyiHwVF69CcAPMUMVhs6
ZyGcuz2xv0krkkfZVF3XU7ndTJk1XfpvZk7KIt+DX4cfKZy4YYk00EOscRUOZWKv
7YbtziEYmgI/PtEe8C46IKxJiaUODhgWMi6loEw60rBFTZRuPvsa/6yISR/YcXe6
l/37kFcDus71YosPkAETxpowQnA/bHGmlOWI9nQ/PzToqqARWkNTMQm7/2qaKZq4
H+PpsiZQlNKy1Iam0emu9FYufb1baXGbKoMfsqhi6jw+qdxSbQEKe1jKgwvb0HY7
QJYuDufehYqJOH1FVdZ81r9m4QsriW9EgX++RQUCbw3Tx8J7tyi6iHd4gSr1g4lB
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:47:59 2024 by rpki-client on console-ams.rpki-client.org