Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/EF0BF59A39BF11EDA8838D3AC4F9AE02.roa
File: EF0BF59A39BF11EDA8838D3AC4F9AE02.roa (raw, json)
Hash identifier: 6aok0ni7ls4Xmr8xNQwlSADkjqsC8vKakPIl+CEMLrw=
Subject key identifier: 59:3D:39:8D:E4:0F:9C:99:00:82:65:64:46:C3:5D:B5:13:F2:C8:89
Certificate issuer: /CN=A91C6833/serialNumber=45C808A8ACDE24AC9613E01A49596100ED5E8CF1
Certificate serial: 1D0C
Authority key identifier: 45:C8:08:A8:AC:DE:24:AC:96:13:E0:1A:49:59:61:00:ED:5E:8C:F1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RcgIqKzeJKyWE-AaSVlhAO1ejPE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/EF0BF59A39BF11EDA8838D3AC4F9AE02.roa
Signing time: Thu 14 Sep 2023 16:33:32 +0000
ROA not before: Thu 14 Sep 2023 16:33:32 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 58893
IP address blocks: 43.242.176.0/24 maxlen: 24
43.242.177.0/24 maxlen: 24
43.242.178.0/24 maxlen: 24
43.242.179.0/24 maxlen: 24
103.11.220.0/24 maxlen: 24
103.12.58.0/24 maxlen: 24
103.18.243.0/24 maxlen: 24
103.29.163.0/24 maxlen: 24
103.75.244.0/22 maxlen: 22
103.75.244.0/24 maxlen: 24
103.75.245.0/24 maxlen: 24
103.75.246.0/24 maxlen: 24
103.75.247.0/24 maxlen: 24
103.93.95.0/24 maxlen: 24
103.97.154.0/24 maxlen: 24
103.97.168.0/23 maxlen: 23
116.206.64.0/22 maxlen: 22
116.206.64.0/24 maxlen: 24
116.206.65.0/24 maxlen: 24
116.206.66.0/24 maxlen: 24
116.206.67.0/24 maxlen: 24
203.80.128.0/24 maxlen: 24
203.80.130.0/24 maxlen: 24
2407:5b80::/32 maxlen: 32
2407:5b80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/RcgIqKzeJKyWE-AaSVlhAO1ejPE.crl
rsync://rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/RcgIqKzeJKyWE-AaSVlhAO1ejPE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RcgIqKzeJKyWE-AaSVlhAO1ejPE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 09 Jun 2024 16:38:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7436 (0x1d0c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C6833/serialNumber=45C808A8ACDE24AC9613E01A49596100ED5E8CF1
Validity
Not Before: Sep 14 16:33:32 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=650335dc-3418
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d8:d5:d3:9a:9d:60:a4:29:6c:39:90:a7:1e:
50:71:f3:d8:39:67:5b:b2:bb:4b:63:14:47:06:88:
96:50:48:23:8b:b4:86:6a:eb:60:c9:f2:29:9f:0a:
ff:24:d4:e7:a8:da:85:d1:55:bf:19:68:47:53:71:
50:3b:61:43:19:6b:07:0d:23:07:78:24:78:f3:65:
b8:a1:df:66:f4:bb:bd:5c:54:6f:1d:99:85:f0:a6:
1d:da:20:f3:7b:b6:00:63:6e:52:11:51:59:ff:9a:
6c:f2:2e:9e:2d:57:0e:6d:44:1f:34:89:dc:1e:20:
1c:5b:9c:3d:45:e8:ca:0d:91:38:c7:37:d0:66:9d:
43:6a:b1:11:77:fd:61:a9:35:19:a0:25:69:fe:f9:
b9:ba:94:8e:b5:8e:1c:2a:f7:8d:48:03:b8:96:ca:
bf:56:48:14:ee:e6:c1:80:d0:bd:a9:e9:e3:8f:45:
93:f6:41:85:66:a8:ad:f1:a6:fa:7d:05:e3:3a:62:
36:5e:3d:14:0e:66:21:a1:51:51:a4:7d:da:e8:ba:
80:eb:cf:9a:51:78:bd:a1:b9:be:ae:01:03:bd:7b:
1f:11:1b:76:c8:66:ae:c0:6f:e9:22:fa:d3:ab:bb:
b8:ad:46:1f:7f:4f:ae:b4:f3:a9:fe:35:7e:c3:d9:
f5:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:3D:39:8D:E4:0F:9C:99:00:82:65:64:46:C3:5D:B5:13:F2:C8:89
X509v3 Authority Key Identifier:
keyid:45:C8:08:A8:AC:DE:24:AC:96:13:E0:1A:49:59:61:00:ED:5E:8C:F1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/RcgIqKzeJKyWE-AaSVlhAO1ejPE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RcgIqKzeJKyWE-AaSVlhAO1ejPE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C6833/F3D480EC83B311E69DD86730C4F9AE02/EF0BF59A39BF11EDA8838D3AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.242.176.0/22
103.11.220.0/24
103.12.58.0/24
103.18.243.0/24
103.29.163.0/24
103.75.244.0/22
103.93.95.0/24
103.97.154.0/24
103.97.168.0/23
116.206.64.0/22
203.80.128.0/24
203.80.130.0/24
IPv6:
2407:5b80::/32
Signature Algorithm: sha256WithRSAEncryption
64:18:fd:10:45:a5:b3:c0:9c:4d:5c:b1:a6:bb:fe:6d:f3:6f:
5f:0f:c3:21:c6:a1:eb:d6:5d:93:4a:0c:dd:da:9d:0f:b3:97:
3c:00:80:85:89:39:ed:4e:f8:57:fb:c6:43:ef:ab:92:3c:48:
65:c0:18:dc:0c:d7:8c:21:b9:b2:49:c1:98:87:8a:e3:98:59:
60:ab:88:40:0d:7c:22:ea:82:ee:7a:73:8a:3b:30:e6:b9:8a:
f1:88:f5:49:4d:97:59:7e:33:7b:28:d6:9c:b8:b0:2a:0a:b3:
ae:43:27:b2:bf:09:0b:9b:33:76:23:d9:5d:98:ae:d4:c8:e3:
ed:83:25:55:e3:88:92:1d:76:56:ba:5a:f1:4e:ae:be:c7:2d:
96:a6:d1:06:49:c5:5e:53:de:b9:b6:47:3d:b3:dd:ce:ba:12:
3f:9d:c0:b2:72:77:9f:ec:76:f8:e5:8e:e9:87:9c:b9:05:90:
2a:2e:c7:f7:29:ba:3f:51:f2:9f:a3:f0:86:d3:87:9b:79:07:
b7:31:7a:2a:67:eb:d7:d7:cb:62:c0:cb:73:25:89:02:df:d3:
bc:f8:8b:52:cf:d9:9f:67:04:fa:d7:f5:27:bd:4c:6c:4b:3d:
5d:04:f4:34:f6:eb:51:01:5d:d3:29:3c:f2:2c:e2:13:0b:93:
e5:b7:77:84
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgICHQwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzY4MzMxMTAvBgNVBAUTKDQ1QzgwOEE4QUNERTI0QUM5NjEzRTAxQTQ5NTk2MTAw
RUQ1RThDRjEwHhcNMjMwOTE0MTYzMzMyWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTAzMzVkYy0zNDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAttjV05qdYKQpbDmQpx5QcfPYOWdbsrtLYxRHBoiWUEgji7SGautgyfIpnwr/
JNTnqNqF0VW/GWhHU3FQO2FDGWsHDSMHeCR482W4od9m9Lu9XFRvHZmF8KYd2iDz
e7YAY25SEVFZ/5ps8i6eLVcObUQfNIncHiAcW5w9RejKDZE4xzfQZp1DarERd/1h
qTUZoCVp/vm5upSOtY4cKveNSAO4lsq/VkgU7ubBgNC9qenjj0WT9kGFZqit8ab6
fQXjOmI2Xj0UDmYhoVFRpH3a6LqA68+aUXi9obm+rgEDvXsfERt2yGauwG/pIvrT
q7u4rUYff0+utPOp/jV+w9n1/QIDAQABo4IC5jCCAuIwHQYDVR0OBBYEFFk9OY3k
D5yZAIJlZEbDXbUT8siJMB8GA1UdIwQYMBaAFEXICKis3iSslhPgGklZYQDtXozx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNjgzMy9GM0Q0ODBFQzgz
QjMxMUU2OUREODY3MzBDNEY5QUUwMi9SY2dJcUt6ZUpLeVdFLUFhU1ZsaEFPMWVq
UEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JjZ0lxS3plSkt5V0UtQWFTVmxoQU8xZWpQRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzY4MzMvRjNENDgwRUM4M0IzMTFFNjlERDg2NzMwQzRGOUFFMDIvRUYwQkY1OUEz
OUJGMTFFREE4ODM4RDNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcAYIKwYBBQUHAQcBAf8E
YTBfME4EAgABMEgDBAIr8rADBABnC9wDBABnDDoDBABnEvMDBABnHaMDBAJnS/QD
BABnXV8DBABnYZoDBAFnYagDBAJ0zkADBADLUIADBADLUIIwDQQCAAIwBwMFACQH
W4AwDQYJKoZIhvcNAQELBQADggEBAGQY/RBFpbPAnE1csaa7/m3zb18PwyHGoevW
XZNKDN3anQ+zlzwAgIWJOe1O+Ff7xkPvq5I8SGXAGNwM14whubJJwZiHiuOYWWCr
iEANfCLqgu56c4o7MOa5ivGI9UlNl1l+M3so1py4sCoKs65DJ7K/CQubM3Yj2V2Y
rtTI4+2DJVXjiJIddla6WvFOrr7HLZam0QZJxV5T3rm2Rz2z3c66Ej+dwLJyd5/s
dvjljumHnLkFkCoux/cpuj9R8p+j8IbTh5t5B7cxeipn69fXy2LAy3MliQLf07z4
i1LP2Z9nBPrX9Se9TGxLPV0E9DT261EBXdMpPPIs4hMLk+W3d4Q=
-----END CERTIFICATE-----
Generated at Sun Jun 2 18:47:16 2024 by rpki-client on console-ams.rpki-client.org