Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/58FDD2EA10C211EA977E7378C4F9AE02.roa
File: 58FDD2EA10C211EA977E7378C4F9AE02.roa (raw, json)
Hash identifier: ZNHHRF85+z4Is0+eLKcAwqdcHd29O7GXMUqQBRk0J/w=
Subject key identifier: D2:D2:B4:2B:D2:73:1F:10:B6:30:60:AF:8E:E1:E2:88:44:C9:5E:8D
Certificate issuer: /CN=A91BE1BC/serialNumber=429E9BDDA296620003CEC5EFABB823D303FE4F71
Certificate serial: 0FEB
Authority key identifier: 42:9E:9B:DD:A2:96:62:00:03:CE:C5:EF:AB:B8:23:D3:03:FE:4F:71
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Qp6b3aKWYgADzsXvq7gj0wP-T3E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/58FDD2EA10C211EA977E7378C4F9AE02.roa
Signing time: Tue 04 Feb 2025 17:25:35 +0000
ROA not before: Tue 04 Feb 2025 17:25:35 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 9587
IP address blocks: 103.26.20.0/22 maxlen: 22
103.26.22.0/24 maxlen: 24
103.26.23.0/24 maxlen: 24
124.40.224.0/20 maxlen: 20
124.40.230.0/24 maxlen: 24
124.40.231.0/24 maxlen: 24
124.40.233.0/24 maxlen: 24
124.40.234.0/24 maxlen: 24
124.40.235.0/24 maxlen: 24
124.40.238.0/24 maxlen: 24
2407:ed00::/32 maxlen: 32
2407:ed00:1000::/36 maxlen: 36
2407:ed00:1e00::/40 maxlen: 40
2407:ed00:1eff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/Qp6b3aKWYgADzsXvq7gj0wP-T3E.crl
rsync://rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/Qp6b3aKWYgADzsXvq7gj0wP-T3E.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Qp6b3aKWYgADzsXvq7gj0wP-T3E.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 19 Apr 2025 17:23:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4075 (0xfeb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BE1BC, serialNumber=429E9BDDA296620003CEC5EFABB823D303FE4F71
Validity
Not Before: Feb 4 17:25:35 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67a24d8f-c5dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:07:c0:78:f2:4d:d3:00:4e:c2:c5:58:71:bf:
39:0f:7c:21:66:ca:6d:8e:7f:6e:86:61:a0:e4:80:
ae:92:e5:13:b8:c6:24:22:f7:3e:e4:42:9d:c8:8c:
82:b4:54:c2:03:62:ee:ac:bd:a9:a5:cf:7f:82:68:
19:37:b9:0f:63:80:c4:f9:36:56:08:ee:97:79:50:
75:9e:6b:37:cc:1e:ea:68:75:86:50:f3:cb:17:fe:
7d:05:45:b1:92:42:48:95:8c:fc:d0:ff:a7:2b:ef:
fa:ae:ed:33:35:2b:29:a5:94:ad:eb:d4:d4:78:d7:
07:84:d4:54:16:c0:5a:d9:ac:e7:7d:a5:7b:36:39:
a5:39:f3:68:02:92:9a:e6:5e:c5:92:b6:38:df:0e:
d8:60:ed:ea:b1:5b:9f:95:23:db:c2:65:83:f7:7d:
3c:1c:b3:d4:56:8b:81:73:c3:4d:ab:3e:12:dd:00:
3d:18:69:49:a9:74:d6:5e:26:12:e4:d0:6d:bf:77:
d3:64:68:03:9f:d6:d9:3d:b6:53:3b:1b:d6:30:46:
bf:94:a8:0b:91:24:98:24:af:bb:bc:3b:14:be:c5:
db:c9:81:32:00:13:ed:39:fd:6c:3c:cd:47:74:e1:
0c:12:fa:79:30:85:40:8c:c8:5a:48:4e:68:b0:d0:
50:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:D2:B4:2B:D2:73:1F:10:B6:30:60:AF:8E:E1:E2:88:44:C9:5E:8D
X509v3 Authority Key Identifier:
keyid:42:9E:9B:DD:A2:96:62:00:03:CE:C5:EF:AB:B8:23:D3:03:FE:4F:71
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/Qp6b3aKWYgADzsXvq7gj0wP-T3E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Qp6b3aKWYgADzsXvq7gj0wP-T3E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BE1BC/896C6C4846CE11E992850A3CC4F9AE02/58FDD2EA10C211EA977E7378C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.26.20.0/22
124.40.224.0/20
IPv6:
2407:ed00::/32
Signature Algorithm: sha256WithRSAEncryption
cc:9e:29:f3:63:7e:b3:05:cf:b4:88:b3:0f:48:a4:48:d2:26:
99:f1:6c:c1:69:eb:fb:01:40:43:47:ae:e2:93:57:9f:af:98:
8f:8c:8d:95:8e:c2:47:47:db:5c:c1:8b:b8:23:db:4d:a3:64:
1d:e0:64:f6:f4:a8:99:4b:b5:c4:51:e2:00:ea:3f:82:a9:a9:
05:5c:44:26:4f:fe:51:cc:20:8d:c1:31:67:71:1d:ac:3c:c4:
df:8c:23:33:0d:d9:d4:df:8e:b1:dd:f3:e7:7c:0e:06:45:aa:
72:b6:60:37:fd:8e:9a:9b:b8:1c:dc:83:04:86:35:4d:c8:f4:
99:86:90:19:eb:e0:23:94:fe:4a:53:f5:c2:ec:fa:0b:4c:a7:
7a:ea:89:ed:5f:f6:3e:c6:0b:ce:49:6f:11:28:b7:2d:96:49:
06:b3:00:18:06:59:73:e2:f0:23:04:54:d3:ff:f6:a3:c2:ed:
81:c4:d5:da:fd:ee:5c:2c:97:e1:a1:3f:70:60:86:77:d9:f7:
66:6e:1b:c0:46:6f:15:6e:9f:e1:f6:ab:75:8a:f3:3d:4e:d4:
d1:25:76:94:f1:ba:58:57:b7:07:24:23:35:95:0a:dd:2d:ad:
f1:41:8b:42:e7:1c:6b:f9:a2:a6:c8:85:40:a8:67:82:14:30:
b8:b8:ef:9c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICD+swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkUxQkMxMTAvBgNVBAUTKDQyOUU5QkREQTI5NjYyMDAwM0NFQzVFRkFCQjgyM0Qz
MDNGRTRGNzEwHhcNMjUwMjA0MTcyNTM1WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EyNGQ4Zi1jNWRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3QfAePJN0wBOwsVYcb85D3whZsptjn9uhmGg5ICukuUTuMYkIvc+5EKdyIyC
tFTCA2LurL2ppc9/gmgZN7kPY4DE+TZWCO6XeVB1nms3zB7qaHWGUPPLF/59BUWx
kkJIlYz80P+nK+/6ru0zNSsppZSt69TUeNcHhNRUFsBa2aznfaV7NjmlOfNoApKa
5l7FkrY43w7YYO3qsVuflSPbwmWD9308HLPUVouBc8NNqz4S3QA9GGlJqXTWXiYS
5NBtv3fTZGgDn9bZPbZTOxvWMEa/lKgLkSSYJK+7vDsUvsXbyYEyABPtOf1sPM1H
dOEMEvp5MIVAjMhaSE5osNBQ/QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNLStCvS
cx8QtjBgr47h4ohEyV6NMB8GA1UdIwQYMBaAFEKem92ilmIAA87F76u4I9MD/k9x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRTFCQy84OTZDNkM0ODQ2
Q0UxMUU5OTI4NTBBM0NDNEY5QUUwMi9RcDZiM2FLV1lnQUR6c1h2cTdnajB3UC1U
M0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FwNmIzYUtXWWdBRHpzWHZxN2dqMHdQLVQzRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkUxQkMvODk2QzZDNDg0NkNFMTFFOTkyODUwQTNDQzRGOUFFMDIvNThGREQyRUEx
MEMyMTFFQTk3N0U3Mzc4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnGhQDBAR8KOAwDQQCAAIwBwMFACQH7QAwDQYJKoZIhvcN
AQELBQADggEBAMyeKfNjfrMFz7SIsw9IpEjSJpnxbMFp6/sBQENHruKTV5+vmI+M
jZWOwkdH21zBi7gj202jZB3gZPb0qJlLtcRR4gDqP4KpqQVcRCZP/lHMII3BMWdx
Haw8xN+MIzMN2dTfjrHd8+d8DgZFqnK2YDf9jpqbuBzcgwSGNU3I9JmGkBnr4COU
/kpT9cLs+gtMp3rqie1f9j7GC85JbxEoty2WSQazABgGWXPi8CMEVNP/9qPC7YHE
1dr97lwsl+GhP3BghnfZ92ZuG8BGbxVun+H2q3WK8z1O1NEldpTxulhXtwckIzWV
Ct0trfFBi0LnHGv5oqbIhUCoZ4IUMLi475w=
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:47:09 2025 by rpki-client