Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: K+apE7KDf5o39FxCOR6cLYMmMMs/J5i74Me/NwHSUTc=
Subject key identifier: 20:5E:44:3A:8C:C4:B4:A7:42:38:DE:60:38:B4:3E:89:C9:5F:80:BB
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: A0
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Thu 05 Dec 2024 10:58:11 +0000
ROA not before: Thu 05 Dec 2024 10:58:11 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
2403:ad80:8100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 12 Apr 2025 05:10:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 160 (0xa0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777
Validity
Not Before: Dec 5 10:58:11 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=67518742-e02c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9f:ee:fc:e8:3d:11:38:d4:bc:01:30:f5:cc:
57:6b:0b:46:84:8f:d4:25:9b:03:7c:da:c7:a1:64:
35:63:4a:d7:62:2c:1b:9c:ee:84:8b:ac:5c:ad:bf:
94:67:10:b7:51:f8:7b:aa:bd:35:bc:a7:8d:4b:52:
17:6b:17:5f:0c:8d:ca:e8:a3:7b:10:9e:de:49:86:
59:b8:c7:a7:23:a5:11:ac:6a:68:9d:35:2c:4e:9f:
c9:31:c9:c0:2a:a5:33:77:3c:fc:ac:fb:68:02:9f:
bd:9e:3c:ce:7e:86:fa:e1:37:61:e1:94:21:b9:6f:
f6:17:eb:4a:1d:e6:0c:a4:32:e2:b8:31:e3:a9:8b:
bf:95:27:98:ae:b0:0c:da:2a:03:73:ee:04:b2:bf:
f1:d6:4c:f2:29:e3:2b:18:8d:9d:d6:5a:92:f6:5d:
06:3b:96:c7:fb:de:20:df:d1:32:5c:bc:9d:ee:3b:
8c:7c:59:aa:cb:8a:c9:d9:36:d4:6e:2b:f2:42:18:
85:85:42:68:87:d4:81:3f:d3:02:34:8b:3f:9f:d1:
f3:36:4c:c1:2c:63:d3:48:77:27:ba:d2:fa:bb:fd:
94:37:fb:15:e2:ac:bd:61:09:62:84:f6:64:3b:98:
a6:0f:0c:62:dc:eb:bb:69:04:fe:6e:a9:6e:df:84:
8e:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:5E:44:3A:8C:C4:B4:A7:42:38:DE:60:38:B4:3E:89:C9:5F:80:BB
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/24
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::/38
2403:ad80:8100::/40
Signature Algorithm: sha256WithRSAEncryption
41:f6:7f:a5:c8:1a:df:c1:7a:da:ba:fa:4f:7d:76:62:64:26:
bb:f3:dc:9e:a2:97:7c:62:a2:08:55:16:d3:a6:dd:0f:62:5f:
37:23:dd:da:03:23:c7:a5:2c:e8:d5:5b:35:6d:95:30:2c:25:
aa:0f:87:0e:bb:30:b8:73:f8:20:3d:7e:62:36:71:c6:f6:b1:
47:e4:15:56:f8:41:3d:81:d3:ce:3f:3a:27:03:45:53:ef:4f:
9d:89:34:6a:d2:9d:a1:06:09:7a:ba:ee:cf:2a:c2:d8:66:fe:
31:17:4f:f8:88:af:21:3f:5a:3f:37:0d:1d:2f:91:59:f7:7b:
b0:3e:9f:9c:10:01:63:76:30:1a:f7:0b:46:50:43:b3:92:14:
b9:91:34:66:61:bc:63:80:0e:78:c3:a1:0b:30:97:a4:83:f9:
00:66:ef:62:4f:3a:40:44:e0:f0:08:22:30:a7:73:56:85:bc:
24:d6:4b:16:72:36:a1:0a:00:e5:c7:ef:6c:d4:16:5b:12:e6:
ae:af:d5:c8:52:30:b1:a6:61:47:55:8f:28:92:79:e9:85:3f:
4c:fa:59:8c:40:82:34:43:90:5f:c5:22:c4:84:b5:e6:7f:f0:
3e:71:bd:e0:c6:b3:67:45:22:44:5a:3d:e5:3d:c9:74:c8:97:
0b:3f:30:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgICAKAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjQxMjA1MTA1ODExWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzUxODc0Mi1lMDJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx5/u/Og9ETjUvAEw9cxXawtGhI/UJZsDfNrHoWQ1Y0rXYiwbnO6Ei6xcrb+U
ZxC3Ufh7qr01vKeNS1IXaxdfDI3K6KN7EJ7eSYZZuMenI6URrGponTUsTp/JMcnA
KqUzdzz8rPtoAp+9njzOfob64Tdh4ZQhuW/2F+tKHeYMpDLiuDHjqYu/lSeYrrAM
2ioDc+4Esr/x1kzyKeMrGI2d1lqS9l0GO5bH+94g39EyXLyd7juMfFmqy4rJ2TbU
bivyQhiFhUJoh9SBP9MCNIs/n9HzNkzBLGPTSHcnutL6u/2UN/sV4qy9YQlihPZk
O5imDwxi3Ou7aQT+bqlu34SOpQIDAQABo4IDHDCCAxgwHQYDVR0OBBYEFCBeRDqM
xLSnQjjeYDi0PonJX4C7MB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaUGCCsGAQUFBwEHAQH/
BIGVMIGSMEoEAgABMEQDBAEteJwDBAAteJ8DBAItfaQDBABnONkDBABnONswDAME
AGfCKQMEAmfCKAMEAWfIYAMEAmfMrAMEAHqAYAMEAHqAYzBEBAIAAjA+AwcDJAOt
gABgAwcEJAOtgACAMBIDBwMkA62AAJgDBwMkA62AAKADBgIkA62APAMGAiQDrYBM
AwYAJAOtgIEwDQYJKoZIhvcNAQELBQADggEBAEH2f6XIGt/Betq6+k99dmJkJrvz
3J6il3xioghVFtOm3Q9iXzcj3doDI8elLOjVWzVtlTAsJaoPhw67MLhz+CA9fmI2
ccb2sUfkFVb4QT2B084/OicDRVPvT52JNGrSnaEGCXq67s8qwthm/jEXT/iIryE/
Wj83DR0vkVn3e7A+n5wQAWN2MBr3C0ZQQ7OSFLmRNGZhvGOADnjDoQswl6SD+QBm
72JPOkBE4PAIIjCnc1aFvCTWSxZyNqEKAOXH72zUFlsS5q6v1chSMLGmYUdVjyiS
eemFP0z6WYxAgjRDkF/FIsSEteZ/8D5xveDGs2dFIkRaPeU9yXTIlws/MDg=
-----END CERTIFICATE-----
Generated at Sun Apr 6 06:48:40 2025 by rpki-client