Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/4AB8D38E178811EF95C8DF41C4F9AE02.roa
File: 4AB8D38E178811EF95C8DF41C4F9AE02.roa (raw, json)
Hash identifier: S63Oxee1UbGeUPi4S36EtuT4tk3HjaeKeahILvMpTdM=
Subject key identifier: 0E:39:8A:EB:50:4F:C3:FA:18:EC:23:CC:4E:19:F8:99:CA:62:1D:24
Certificate issuer: /CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
Certificate serial: 21BE
Authority key identifier: BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/4AB8D38E178811EF95C8DF41C4F9AE02.roa
Signing time: Tue 21 May 2024 15:41:21 +0000
ROA not before: Tue 21 May 2024 15:41:21 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 133334
IP address blocks: 45.124.56.0/22 maxlen: 22
45.124.56.0/24 maxlen: 24
45.124.57.0/24 maxlen: 24
45.124.58.0/24 maxlen: 24
45.124.59.0/24 maxlen: 24
103.31.72.0/22 maxlen: 22
103.31.72.0/24 maxlen: 24
103.31.73.0/24 maxlen: 24
103.31.74.0/24 maxlen: 24
103.31.75.0/24 maxlen: 24
103.61.220.0/22 maxlen: 22
103.61.220.0/24 maxlen: 24
103.61.221.0/24 maxlen: 24
103.61.222.0/24 maxlen: 24
103.61.223.0/24 maxlen: 24
103.200.32.0/22 maxlen: 22
103.200.32.0/24 maxlen: 24
103.200.33.0/24 maxlen: 24
103.200.34.0/24 maxlen: 24
103.200.35.0/24 maxlen: 24
103.203.52.0/22 maxlen: 22
103.203.52.0/24 maxlen: 24
103.203.53.0/24 maxlen: 24
103.203.54.0/24 maxlen: 24
103.203.55.0/24 maxlen: 24
103.225.136.0/22 maxlen: 22
103.225.136.0/24 maxlen: 24
103.225.137.0/24 maxlen: 24
103.225.138.0/24 maxlen: 24
103.225.139.0/24 maxlen: 24
2401:b80::/32 maxlen: 32
2401:b80:1000::/36 maxlen: 36
2401:b80:2000::/36 maxlen: 36
2401:b80:3000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.crl
rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:53:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8638 (0x21be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
Validity
Not Before: May 21 15:41:21 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=664cc0a0-7715
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:fe:c4:15:6f:41:10:98:a8:40:20:98:13:16:
55:3f:78:3a:bd:3d:20:69:e0:24:8c:2d:df:95:68:
5d:a8:df:e9:ad:29:69:aa:d3:1c:e3:88:55:e2:ce:
71:0c:de:32:e0:ee:96:a2:a7:b9:8c:a4:cf:42:a0:
b0:5c:82:3b:43:e9:1a:2e:73:04:22:25:fc:6b:36:
49:c9:3c:8b:fc:ae:d4:0a:9e:11:6d:e7:7f:52:5c:
92:73:e9:ba:9a:32:39:ce:e9:7f:54:95:a5:ae:a2:
49:5f:22:a9:fd:71:65:7b:a9:15:76:5c:00:c7:34:
f4:00:ac:77:21:b2:1c:44:66:b3:1e:94:ef:c4:4c:
bb:35:2e:d4:c0:97:f8:e3:a7:9e:32:10:67:5c:10:
57:1d:0e:97:e9:f8:3f:51:3e:1a:4e:5e:0e:a1:5f:
e6:6e:a6:0f:8e:e4:e3:28:c0:51:68:59:76:57:29:
0f:5b:fe:06:df:90:77:4c:ee:93:6b:76:0c:56:89:
0f:d6:c7:c1:72:9f:d0:55:10:3f:3e:d0:14:98:e1:
af:ac:69:9a:86:8f:7d:0f:3f:cf:6d:28:8e:3a:cc:
78:36:f1:0e:19:68:c4:0c:ed:2a:a4:87:60:ca:a4:
d8:55:44:2d:0b:b9:6e:bf:9f:5e:9d:cc:9c:ca:e3:
25:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:39:8A:EB:50:4F:C3:FA:18:EC:23:CC:4E:19:F8:99:CA:62:1D:24
X509v3 Authority Key Identifier:
keyid:BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/4AB8D38E178811EF95C8DF41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.124.56.0/22
103.31.72.0/22
103.61.220.0/22
103.200.32.0/22
103.203.52.0/22
103.225.136.0/22
IPv6:
2401:b80::/32
Signature Algorithm: sha256WithRSAEncryption
4f:c0:76:91:45:63:5d:ad:4a:c6:1b:06:77:3e:34:9e:66:db:
98:74:01:7c:bf:4c:93:ed:8c:6a:34:db:56:b6:88:c4:8c:b0:
1e:60:58:59:2c:19:4f:ef:b2:5e:86:7b:d7:3f:1c:c9:69:e0:
31:66:e5:0d:83:7c:cb:e9:f6:5a:07:86:e0:3a:2e:72:a4:b1:
f5:cc:82:fa:d2:cd:3c:6d:d8:87:7a:e5:24:17:c1:3c:9e:95:
d9:17:a6:c2:f0:3b:bc:02:41:76:6d:29:86:ba:ed:e7:96:50:
28:fd:19:b2:49:26:e7:c9:43:2a:13:f4:69:50:b8:40:14:34:
26:19:2b:ff:4f:1d:0e:7d:af:65:91:d7:16:cd:38:74:18:b0:
2a:71:c7:b4:c9:0a:cb:88:3e:29:35:83:75:c0:d9:44:9b:c8:
f2:9d:ad:1f:c7:29:40:16:1d:53:f3:8f:af:42:b0:30:58:41:
c2:2e:45:1a:c5:ee:b7:aa:29:bd:53:38:93:da:67:06:23:97:
71:86:9e:58:5e:23:0e:8c:30:10:58:eb:2d:a5:63:b7:51:73:
64:fc:15:e9:55:00:7f:bd:2c:cb:b7:43:33:eb:85:88:e7:21:
46:91:ae:49:20:0e:cd:dd:ab:0c:83:c0:ba:33:3a:bf:10:21:
54:24:b3:af
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICIb4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QURFMEExMTAvBgNVBAUTKEJFNDg4QjRFNjBBQzZBNzNBNjU2RUZEQkM1RkE2N0Ex
QThERTgxMkEwHhcNMjQwNTIxMTU0MTIxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjRjYzBhMC03NzE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7f7EFW9BEJioQCCYExZVP3g6vT0gaeAkjC3flWhdqN/prSlpqtMc44hV4s5x
DN4y4O6Woqe5jKTPQqCwXII7Q+kaLnMEIiX8azZJyTyL/K7UCp4Rbed/UlySc+m6
mjI5zul/VJWlrqJJXyKp/XFle6kVdlwAxzT0AKx3IbIcRGazHpTvxEy7NS7UwJf4
46eeMhBnXBBXHQ6X6fg/UT4aTl4OoV/mbqYPjuTjKMBRaFl2VykPW/4G35B3TO6T
a3YMVokP1sfBcp/QVRA/PtAUmOGvrGmaho99Dz/PbSiOOsx4NvEOGWjEDO0qpIdg
yqTYVUQtC7luv59encycyuMlWwIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFA45iutQ
T8P6GOwjzE4Z+JnKYh0kMB8GA1UdIwQYMBaAFL5Ii05grGpzplbv28X6Z6Go3oEq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBREUwQS8zMEQ4MDEyNkMx
MTMxMUU1QjAxQTcyNjlDNEY5QUUwMi92a2lMVG1Dc2FuT21WdV9ieGZwbm9hamVn
U28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZraUxUbUNzYW5PbVZ1X2J4ZnBub2FqZWdTby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QURFMEEvMzBEODAxMjZDMTEzMTFFNUIwMUE3MjY5QzRGOUFFMDIvNEFCOEQzOEUx
Nzg4MTFFRjk1QzhERjQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAItfDgDBAJnH0gDBAJnPdwDBAJnyCADBAJnyzQDBAJn4Ygw
DQQCAAIwBwMFACQBC4AwDQYJKoZIhvcNAQELBQADggEBAE/AdpFFY12tSsYbBnc+
NJ5m25h0AXy/TJPtjGo021a2iMSMsB5gWFksGU/vsl6Ge9c/HMlp4DFm5Q2DfMvp
9loHhuA6LnKksfXMgvrSzTxt2Id65SQXwTyeldkXpsLwO7wCQXZtKYa67eeWUCj9
GbJJJufJQyoT9GlQuEAUNCYZK/9PHQ59r2WR1xbNOHQYsCpxx7TJCsuIPik1g3XA
2USbyPKdrR/HKUAWHVPzj69CsDBYQcIuRRrF7reqKb1TOJPaZwYjl3GGnlheIw6M
MBBY6y2lY7dRc2T8FelVAH+9LMu3QzPrhYjnIUaRrkkgDs3dqwyDwLozOr8QIVQk
s68=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:15 2024 by rpki-client on console-ams.rpki-client.org