Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/5F2A9412249D11EEBA491E2FC4F9AE02.roa
File: 5F2A9412249D11EEBA491E2FC4F9AE02.roa (raw, json)
Hash identifier: XO+ovYusa98O6Q3KkBzQvqDMuTM/UJhKVecdDlKB0Ds=
Subject key identifier: 9F:B4:ED:8C:BA:E9:1C:67:49:7A:03:E2:65:E1:74:FF:EF:0B:0E:10
Certificate issuer: /CN=A91DA2D5/serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Certificate serial: 2BFD
Authority key identifier: 3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/5F2A9412249D11EEBA491E2FC4F9AE02.roa
Signing time: Sun 26 May 2024 09:31:59 +0000
ROA not before: Sun 26 May 2024 09:31:59 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 58717
IP address blocks: 43.245.140.0/22 maxlen: 22
43.245.140.0/22 maxlen: 24
43.245.140.0/23 maxlen: 23
43.245.140.0/24 maxlen: 24
43.245.141.0/24 maxlen: 24
43.245.142.0/23 maxlen: 23
43.245.142.0/24 maxlen: 24
43.245.143.0/24 maxlen: 24
103.15.244.0/22 maxlen: 24
103.15.246.64/26 maxlen: 26
103.75.238.0/23 maxlen: 24
103.96.70.0/23 maxlen: 24
103.108.144.0/22 maxlen: 24
103.199.84.0/22 maxlen: 24
103.242.216.0/24 maxlen: 24
103.242.217.0/24 maxlen: 24
103.242.218.0/23 maxlen: 24
144.48.148.0/23 maxlen: 23
144.48.148.0/24 maxlen: 24
144.48.149.0/24 maxlen: 24
2405:1500::/32 maxlen: 32
2405:1500::/32 maxlen: 48
2405:1500::/48 maxlen: 48
2405:1500:12::/48 maxlen: 48
2405:1500:30::/48 maxlen: 48
2405:1500:40::/48 maxlen: 48
2405:1500:60::/48 maxlen: 48
2405:1500:70::/48 maxlen: 48
2405:1500:80::/48 maxlen: 48
2405:1500:82::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 07 Jun 2024 15:53:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11261 (0x2bfd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DA2D5/serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Validity
Not Before: May 26 09:31:59 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=6653018e-ef88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:b9:09:14:e4:43:4e:d6:73:71:c0:4b:70:eb:
cc:ac:2f:15:f3:40:ae:f2:5c:a8:30:86:f2:17:91:
16:27:38:2a:05:44:8d:10:ab:c4:c2:d2:19:d6:4b:
40:60:ef:3f:39:9b:b6:b5:d1:45:ac:de:35:ab:46:
fb:63:9d:3e:3a:63:84:d0:1a:a3:07:f3:97:f8:9a:
08:2f:33:c9:33:04:90:1c:32:33:dd:91:10:be:63:
2e:df:df:d8:8f:ba:f2:8e:5b:b5:53:f7:ed:e4:22:
c3:79:cb:d5:66:f3:a4:37:a4:71:03:db:6e:53:5c:
00:71:ae:24:35:d4:16:5c:9a:22:23:1a:a1:bf:45:
1b:d2:ad:8a:b4:64:27:9d:f6:a9:70:45:9d:23:b3:
c6:e5:2e:03:8a:93:df:93:c8:92:01:f6:89:36:24:
6c:d2:6d:f4:bd:61:35:f0:26:e7:d7:89:cd:90:ae:
25:1e:05:94:1f:ef:d8:a7:4f:08:b1:30:05:93:c1:
00:8d:66:b5:18:50:c9:7e:93:cd:7f:23:e0:a1:af:
9b:78:92:c3:2c:4d:78:f8:8d:3b:84:af:a2:d1:19:
37:3a:9e:17:01:4d:81:39:23:01:65:b0:43:18:3e:
8e:f2:61:93:ec:21:68:74:7e:86:6a:e4:87:a0:cd:
62:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:B4:ED:8C:BA:E9:1C:67:49:7A:03:E2:65:E1:74:FF:EF:0B:0E:10
X509v3 Authority Key Identifier:
keyid:3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/5F2A9412249D11EEBA491E2FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.140.0/22
103.15.244.0/22
103.75.238.0/23
103.96.70.0/23
103.108.144.0/22
103.199.84.0/22
103.242.216.0/22
144.48.148.0/23
IPv6:
2405:1500::/32
Signature Algorithm: sha256WithRSAEncryption
ce:1e:cb:58:f7:9a:ae:f0:c8:9c:e3:01:eb:fa:ed:d2:19:72:
10:ce:7e:9b:be:f5:b0:e5:53:e6:f4:68:54:c0:ac:9f:f2:7b:
b5:89:cd:1d:b5:c4:8f:73:c0:b3:ac:29:3b:00:e1:87:78:aa:
8c:60:6e:da:f5:74:84:f7:1c:ce:f0:b7:cf:31:4c:f0:07:35:
55:52:e5:59:a1:6a:25:da:c6:b2:f7:98:ce:66:31:88:84:48:
5b:44:7f:bd:15:b8:9c:7c:8a:97:0b:31:11:81:ef:07:dc:d3:
d6:da:84:7e:38:71:78:5c:1e:53:3c:97:ef:be:6f:07:ec:ba:
ff:84:03:4a:85:8a:49:c6:19:27:34:31:8d:c7:5c:af:b4:b1:
c1:ca:c9:1c:93:36:9b:27:11:ac:83:18:e5:ca:72:9f:65:55:
eb:e8:b3:06:72:e5:77:9d:2c:42:5d:c3:4b:11:51:16:c1:90:
96:b0:df:67:10:ff:52:bb:8b:7c:20:45:82:f6:c7:5f:bf:68:
59:27:49:63:08:bb:71:18:02:c4:2a:36:9e:37:84:d1:5c:37:
d1:a5:b4:6d:52:96:3d:c5:8c:0a:ec:ca:0f:3a:7e:7b:65:93:
bf:70:e7:6d:3f:9b:28:5b:c5:61:92:7c:f4:3d:49:d8:14:50:
9c:7c:aa:c5
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICK/0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REEyRDUxMTAvBgNVBAUTKDNDMUM4NzczNDdFRTgyNzI5NjM2QUYwRjNBMzc1RDM5
MTA5MEY5MjEwHhcNMjQwNTI2MDkzMTU5WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjUzMDE4ZS1lZjg4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAprkJFORDTtZzccBLcOvMrC8V80Cu8lyoMIbyF5EWJzgqBUSNEKvEwtIZ1ktA
YO8/OZu2tdFFrN41q0b7Y50+OmOE0BqjB/OX+JoILzPJMwSQHDIz3ZEQvmMu39/Y
j7ryjlu1U/ft5CLDecvVZvOkN6RxA9tuU1wAca4kNdQWXJoiIxqhv0Ub0q2KtGQn
nfapcEWdI7PG5S4DipPfk8iSAfaJNiRs0m30vWE18Cbn14nNkK4lHgWUH+/Yp08I
sTAFk8EAjWa1GFDJfpPNfyPgoa+beJLDLE14+I07hK+i0Rk3Op4XAU2BOSMBZbBD
GD6O8mGT7CFodH6GauSHoM1iVQIDAQABo4ICzjCCAsowHQYDVR0OBBYEFJ+07Yy6
6RxnSXoD4mXhdP/vCw4QMB8GA1UdIwQYMBaAFDwch3NH7oJyljavDzo3XTkQkPkh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQTJENS81Rjg2MUVFNkI4
OUExMUUzQjRBQzdFNzg1OTExRUEzMi9QQnlIYzBmdWduS1dOcThQT2pkZE9SQ1Et
U0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BCeUhjMGZ1Z25LV05xOFBPamRkT1JDUS1TRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REEyRDUvNUY4NjFFRTZCODlBMTFFM0I0QUM3RTc4NTkxMUVBMzIvNUYyQTk0MTIy
NDlEMTFFRUJBNDkxRTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMDYEAgABMDADBAIr9YwDBAJnD/QDBAFnS+4DBAFnYEYDBAJnbJADBAJnx1QD
BAJn8tgDBAGQMJQwDQQCAAIwBwMFACQFFQAwDQYJKoZIhvcNAQELBQADggEBAM4e
y1j3mq7wyJzjAev67dIZchDOfpu+9bDlU+b0aFTArJ/ye7WJzR21xI9zwLOsKTsA
4Yd4qoxgbtr1dIT3HM7wt88xTPAHNVVS5VmhaiXaxrL3mM5mMYiESFtEf70VuJx8
ipcLMRGB7wfc09bahH44cXhcHlM8l+++bwfsuv+EA0qFiknGGSc0MY3HXK+0scHK
yRyTNpsnEayDGOXKcp9lVevoswZy5XedLEJdw0sRURbBkJaw32cQ/1K7i3wgRYL2
x1+/aFknSWMIu3EYAsQqNp43hNFcN9GltG1Slj3FjArsyg86fntlk79w520/myhb
xWGSfPQ9SdgUUJx8qsU=
-----END CERTIFICATE-----
Generated at Fri May 31 17:44:52 2024 by rpki-client on console-fra.rpki-client.org