Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
File: 59F4A758BD2F11EBB84EE532C4F9AE02.roa (raw, json)
Hash identifier: c0Nj/EakD9jZWUmq6GYt4WJPzbB76p849p8VWNsKos4=
Subject key identifier: A6:C7:4E:84:3D:F0:BF:22:23:5B:D0:21:60:4D:A7:2C:14:C1:BD:4C
Certificate issuer: /CN=A91EA958/serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Certificate serial: 3429
Authority key identifier: FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
Signing time: Fri 02 Aug 2024 15:30:58 +0000
ROA not before: Fri 02 Aug 2024 15:30:58 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 131207
IP address blocks: 43.245.202.0/23 maxlen: 23
43.245.202.0/24 maxlen: 24
43.245.203.0/24 maxlen: 24
103.14.248.0/23 maxlen: 23
103.14.248.0/24 maxlen: 24
103.14.249.0/24 maxlen: 24
103.14.250.0/23 maxlen: 23
103.14.250.0/24 maxlen: 24
103.14.251.0/24 maxlen: 24
180.178.126.0/23 maxlen: 23
180.178.126.0/24 maxlen: 24
180.178.127.0/24 maxlen: 24
203.217.168.0/23 maxlen: 23
203.217.168.0/24 maxlen: 24
203.217.169.0/24 maxlen: 24
203.217.170.0/23 maxlen: 23
203.217.170.0/24 maxlen: 24
203.217.171.0/24 maxlen: 24
2404:b300:1::/48 maxlen: 48
2404:b300:2::/48 maxlen: 48
2404:b300:11::/48 maxlen: 48
2404:b300:12::/48 maxlen: 48
2404:b300:100::/48 maxlen: 48
2404:b300:101::/48 maxlen: 48
2404:b300:133::/48 maxlen: 48
2404:b300:400::/48 maxlen: 48
2404:b300:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:03:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13353 (0x3429)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EA958/serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Validity
Not Before: Aug 2 15:30:58 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66acfbb2-8b38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:80:eb:3d:03:37:45:f3:62:62:ff:b2:b0:dc:
51:5a:a8:69:68:ad:c4:e7:b9:43:85:69:63:d0:ca:
97:f8:4d:0e:bb:33:34:15:35:0f:93:22:16:dc:46:
0d:1c:d0:41:4f:b0:40:9d:74:44:cf:e8:38:58:24:
d7:90:62:26:e1:5b:25:53:4d:70:f1:86:41:d7:de:
a9:2e:7b:fc:1d:a5:12:1e:5e:e3:45:6c:94:dd:ab:
a3:3b:48:35:0e:f2:a4:41:db:36:c0:fb:3b:c4:dc:
6f:7e:b5:f1:2e:70:52:4e:09:61:42:d3:34:55:ec:
28:cc:a4:06:5f:3f:46:32:1b:28:c5:fb:0a:85:4d:
ac:da:78:ab:a7:60:53:a7:5a:6b:9f:a6:db:a8:93:
40:ca:a7:80:d2:ce:c3:49:b0:50:ec:af:4d:c4:7f:
5b:63:14:6e:bd:c3:af:75:8b:30:a0:82:1a:83:87:
02:ef:7c:c9:03:d7:65:06:8f:52:77:19:bf:93:c2:
db:15:c5:8f:98:93:6d:54:62:ef:54:94:2b:f7:3c:
c6:e0:65:80:9d:c1:02:77:21:c6:98:42:e2:97:6f:
9f:86:22:57:90:1b:7b:79:5d:44:7f:ae:6e:29:79:
80:47:c0:dc:1f:7c:99:f9:26:d9:da:dd:74:65:24:
44:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:C7:4E:84:3D:F0:BF:22:23:5B:D0:21:60:4D:A7:2C:14:C1:BD:4C
X509v3 Authority Key Identifier:
keyid:FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.202.0/23
103.14.248.0/22
180.178.126.0/23
203.217.168.0/22
IPv6:
2404:b300:1::-2404:b300:2:ffff:ffff:ffff:ffff:ffff
2404:b300:11::-2404:b300:12:ffff:ffff:ffff:ffff:ffff
2404:b300:100::/47
2404:b300:133::/48
2404:b300:400::/48
2404:b300:1000::/48
Signature Algorithm: sha256WithRSAEncryption
bb:39:ba:32:cc:c6:c9:4d:66:f0:75:29:6c:7f:4a:98:41:34:
f2:6a:00:5d:75:fe:3a:03:a3:2b:b8:5c:da:c4:31:f7:a0:a1:
54:46:9a:7d:1a:a0:ec:9e:8d:4d:9a:b2:68:1a:7c:c8:f4:dc:
24:6b:28:4f:fc:e0:5f:92:45:d6:03:b4:43:7b:c2:f2:f5:1b:
2e:43:00:e8:cb:41:f5:fa:52:a8:23:67:44:e8:16:9a:ed:41:
ad:76:07:8c:e2:22:ac:8d:22:27:8f:2f:bf:9e:01:cd:88:86:
06:a6:d1:a4:b4:11:a0:e1:02:9b:96:cf:57:6c:d3:17:db:bf:
5a:ae:fa:1f:1d:1c:29:63:e0:b3:9e:80:f8:8d:d7:1a:aa:48:
4b:3a:e9:e9:b3:0c:56:83:be:65:07:f5:ea:17:1c:3c:49:cb:
f7:14:a5:65:e3:c9:21:25:16:bf:b2:1f:dd:f8:65:e9:dd:d2:
71:a8:4d:57:ea:df:0c:1b:f9:c5:aa:51:28:a4:ef:2e:a1:39:
be:74:31:67:97:90:a9:0f:29:91:38:1f:2b:ca:8e:41:69:aa:
90:4a:57:38:17:2c:86:32:ed:04:db:49:7c:05:8b:8e:64:30:
ee:f9:23:64:59:16:b6:d1:dd:17:cd:6c:01:cc:61:50:08:dd:
24:4e:f1:97
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgICNCkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUE5NTgxMTAvBgNVBAUTKEZEMTYwNzE4NjM3M0U4MUY0NEQxMzdCMkEwRTk2OTU3
RTYyQUI4QTEwHhcNMjQwODAyMTUzMDU4WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmFjZmJiMi04YjM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAk4DrPQM3RfNiYv+ysNxRWqhpaK3E57lDhWlj0MqX+E0OuzM0FTUPkyIW3EYN
HNBBT7BAnXREz+g4WCTXkGIm4VslU01w8YZB196pLnv8HaUSHl7jRWyU3aujO0g1
DvKkQds2wPs7xNxvfrXxLnBSTglhQtM0VewozKQGXz9GMhsoxfsKhU2s2nirp2BT
p1prn6bbqJNAyqeA0s7DSbBQ7K9NxH9bYxRuvcOvdYswoIIag4cC73zJA9dlBo9S
dxm/k8LbFcWPmJNtVGLvVJQr9zzG4GWAncECdyHGmELil2+fhiJXkBt7eV1Ef65u
KXmAR8DcH3yZ+SbZ2t10ZSREswIDAQABo4IC/DCCAvgwHQYDVR0OBBYEFKbHToQ9
8L8iI1vQIWBNpywUwb1MMB8GA1UdIwQYMBaAFP0WBxhjc+gfRNE3sqDpaVfmKrih
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQTk1OC81QUUxOTdGNDFE
OUYxMUUyQkNCRkY3OEYwOEIwMkNEMi9fUllIR0dOejZCOUUwVGV5b09scFYtWXF1
S0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19SWUhHR056NkI5RTBUZXlvT2xwVi1ZcXVLRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUE5NTgvNUFFMTk3RjQxRDlGMTFFMkJDQkZGNzhGMDhCMDJDRDIvNTlGNEE3NThC
RDJGMTFFQkI4NEVFNTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYUGCCsGAQUFBwEHAQH/
BHYwdDAeBAIAATAYAwQBK/XKAwQCZw74AwQBtLJ+AwQCy9moMFIEAgACMEwwEgMH
ACQEswAAAQMHACQEswAAAjASAwcAJASzAAARAwcAJASzAAASAwcBJASzAAEAAwcA
JASzAAEzAwcAJASzAAQAAwcAJASzABAAMA0GCSqGSIb3DQEBCwUAA4IBAQC7Oboy
zMbJTWbwdSlsf0qYQTTyagBddf46A6MruFzaxDH3oKFURpp9GqDsno1NmrJoGnzI
9NwkayhP/OBfkkXWA7RDe8Ly9RsuQwDoy0H1+lKoI2dE6Baa7UGtdgeM4iKsjSIn
jy+/ngHNiIYGptGktBGg4QKbls9XbNMX279arvofHRwpY+CznoD4jdcaqkhLOunp
swxWg75lB/XqFxw8Scv3FKVl48khJRa/sh/d+GXp3dJxqE1X6t8MG/nFqlEopO8u
oTm+dDFnl5CpDymROB8ryo5BaaqQSlc4FyyGMu0E20l8BYuOZDDu+SNkWRa20d0X
zWwBzGFQCN0kTvGX
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:50:06 2024 by rpki-client on console-ams.rpki-client.org