Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/6C368C72DDA511E8A2E85E73C4F9AE02.roa
File: 6C368C72DDA511E8A2E85E73C4F9AE02.roa (raw, json)
Hash identifier: BfHCcmDRH2x6FKjW3N1wI2QIrmE5Zsm6o2AOX8pURVs=
Subject key identifier: AF:9E:00:8D:79:3D:59:84:B0:91:33:97:D4:F7:C1:6B:8C:E6:BB:62
Certificate issuer: /CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Certificate serial: 11A4
Authority key identifier: F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/6C368C72DDA511E8A2E85E73C4F9AE02.roa
Signing time: Fri 02 Aug 2024 18:05:39 +0000
ROA not before: Fri 02 Aug 2024 18:05:39 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 7600
IP address blocks: 14.102.136.0/21 maxlen: 24
43.247.116.0/22 maxlen: 24
103.237.160.0/22 maxlen: 22
103.237.160.0/22 maxlen: 24
103.237.160.0/24 maxlen: 24
115.42.0.0/20 maxlen: 24
115.42.16.0/20 maxlen: 24
123.136.32.0/20 maxlen: 24
123.136.48.0/20 maxlen: 24
203.18.23.0/24 maxlen: 24
203.25.185.0/24 maxlen: 24
203.57.0.0/23 maxlen: 23
210.56.80.0/20 maxlen: 20
210.56.80.0/21 maxlen: 24
210.56.88.0/21 maxlen: 21
210.56.88.0/24 maxlen: 24
210.56.90.0/24 maxlen: 24
210.56.90.192/26 maxlen: 26
210.56.91.0/24 maxlen: 24
210.56.95.0/24 maxlen: 24
2404:9600::/32 maxlen: 32
2404:9600:300::/40 maxlen: 40
2404:9601::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 05 Oct 2024 17:10:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4516 (0x11a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Validity
Not Before: Aug 2 18:05:39 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66ad1ff3-30aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:c6:2b:73:ee:99:6e:9e:4f:50:fe:22:7d:1e:
e3:84:b7:c5:ce:f1:43:83:c2:ed:f7:3d:e0:b7:5f:
fe:d9:60:48:e0:43:39:c9:d9:03:0a:ab:a1:4b:13:
36:28:e0:a5:38:6f:ed:20:77:a9:86:33:30:b7:da:
5c:22:14:00:35:eb:83:fa:32:aa:9a:52:b4:82:e2:
9d:76:d3:9c:a6:ed:25:65:f7:f8:90:04:c0:82:10:
8e:dd:17:95:72:b7:4e:0f:e1:3f:e9:74:33:1d:50:
bb:fc:db:3b:d0:ad:f7:11:ed:27:f8:56:58:ec:7b:
33:79:fb:47:a9:ba:8d:76:22:00:89:4c:49:23:f5:
3f:9f:53:02:ab:e7:57:cf:06:fd:5f:12:9e:37:40:
5e:b9:70:9b:2e:04:d4:bd:7c:a3:fe:36:bc:5c:01:
a7:19:3a:f6:aa:e7:a9:4a:78:af:e7:59:22:90:ff:
5d:58:cd:b7:84:a4:9b:a0:3e:49:98:d1:69:1b:d0:
6e:50:f7:b8:1c:34:fe:bd:ae:ce:c8:8b:6d:0b:c2:
f4:63:03:1b:90:69:49:c9:90:74:24:f3:e4:a4:1c:
2b:40:13:65:82:6a:ef:2b:1a:a5:d9:2f:08:2a:1d:
02:f9:f7:a9:b8:1d:59:9a:9c:b3:06:04:ab:6e:ec:
c7:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:9E:00:8D:79:3D:59:84:B0:91:33:97:D4:F7:C1:6B:8C:E6:BB:62
X509v3 Authority Key Identifier:
keyid:F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/6C368C72DDA511E8A2E85E73C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.136.0/21
43.247.116.0/22
103.237.160.0/22
115.42.0.0/19
123.136.32.0/19
203.18.23.0/24
203.25.185.0/24
203.57.0.0/23
210.56.80.0/20
IPv6:
2404:9600::/31
Signature Algorithm: sha256WithRSAEncryption
66:dc:fd:f9:74:1e:5d:88:1c:48:c5:97:47:23:f8:69:e7:2f:
35:ad:76:66:08:23:fb:9e:e6:a7:1a:28:d4:75:c4:d1:b0:61:
9e:06:50:2c:16:b6:b7:c6:d1:de:b7:79:ea:f9:55:5d:9b:70:
1d:96:06:12:c7:1c:aa:d2:1a:c4:f7:20:90:0d:82:a9:5c:bf:
15:95:38:96:56:87:f0:67:b6:96:d2:32:f6:fe:81:d0:c2:c5:
f6:ea:65:cb:85:34:7b:73:37:03:fb:73:a2:01:e4:a4:0b:33:
61:a3:7d:35:09:0e:b2:97:4d:69:5b:de:46:cb:2f:83:65:98:
94:a3:ef:dc:5e:72:2b:f0:d3:0c:ee:46:24:4e:6a:2f:eb:e4:
b9:4e:2e:49:94:46:29:35:46:61:b2:d3:0a:c1:65:f3:4f:25:
60:4a:89:f4:5b:88:b0:03:87:a4:10:f8:2b:4e:6f:b0:74:b0:
28:ef:b2:34:0d:c3:05:8f:10:24:9d:9c:f3:42:f2:b2:f4:81:
15:c0:df:55:9e:a8:87:f4:8e:57:01:f2:e1:ca:21:2f:da:07:
19:6d:68:28:b7:66:fa:dd:3d:a9:3e:54:1d:f7:4c:09:1a:d9:
72:96:4a:16:85:17:57:43:d3:c8:ad:72:ea:20:2d:a0:39:4a:
15:9a:51:47
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICEaQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI2OEExMTAvBgNVBAUTKEY4RUVDRTdEM0MwQ0Y1OTIyRUEzRDgwMzU1MzYzODgy
M0ZBRUVBMDgwHhcNMjQwODAyMTgwNTM5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmFkMWZmMy0zMGFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA68Yrc+6Zbp5PUP4ifR7jhLfFzvFDg8Lt9z3gt1/+2WBI4EM5ydkDCquhSxM2
KOClOG/tIHephjMwt9pcIhQANeuD+jKqmlK0guKddtOcpu0lZff4kATAghCO3ReV
crdOD+E/6XQzHVC7/Ns70K33Ee0n+FZY7HszeftHqbqNdiIAiUxJI/U/n1MCq+dX
zwb9XxKeN0BeuXCbLgTUvXyj/ja8XAGnGTr2quepSniv51kikP9dWM23hKSboD5J
mNFpG9BuUPe4HDT+va7OyIttC8L0YwMbkGlJyZB0JPPkpBwrQBNlgmrvKxql2S8I
Kh0C+fepuB1ZmpyzBgSrbuzHxQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFK+eAI15
PVmEsJEzl9T3wWuM5rtiMB8GA1UdIwQYMBaAFPjuzn08DPWSLqPYA1U2OII/ruoI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjY4QS84NEZCNEM5Q0RE
QTExMUU4QTJFNzhBNjlDNEY5QUUwMi8tTzdPZlR3TTlaSXVvOWdEVlRZNGdqLXU2
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1PN09mVHdNOVpJdW85Z0RWVFk0Z2otdTZnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI2OEEvODRGQjRDOUNEREExMTFFOEEyRTc4QTY5QzRGOUFFMDIvNkMzNjhDNzJE
REE1MTFFOEEyRTg1RTczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMDwEAgABMDYDBAMOZogDBAIr93QDBAJn7aADBAVzKgADBAV7iCADBADLEhcD
BADLGbkDBAHLOQADBATSOFAwDQQCAAIwBwMFASQElgAwDQYJKoZIhvcNAQELBQAD
ggEBAGbc/fl0Hl2IHEjFl0cj+GnnLzWtdmYII/ue5qcaKNR1xNGwYZ4GUCwWtrfG
0d63eer5VV2bcB2WBhLHHKrSGsT3IJANgqlcvxWVOJZWh/BntpbSMvb+gdDCxfbq
ZcuFNHtzNwP7c6IB5KQLM2GjfTUJDrKXTWlb3kbLL4NlmJSj79xecivw0wzuRiRO
ai/r5LlOLkmURik1RmGy0wrBZfNPJWBKifRbiLADh6QQ+CtOb7B0sCjvsjQNwwWP
ECSdnPNC8rL0gRXA31WeqIf0jlcB8uHKIS/aBxltaCi3ZvrdPak+VB33TAka2XKW
ShaFF1dD08itcuogLaA5ShWaUUc=
-----END CERTIFICATE-----
Generated at Sat Sep 28 18:36:40 2024 by rpki-client on console-fra.rpki-client.org