Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
File: 7E0AB01C782C11EBB0B71971C4F9AE02.roa (raw, json)
Hash identifier: sCPCAo6oOyI04KFQDiQhCrcCuUDUQK3vYg13iEMSJ6U=
Subject key identifier: D1:EB:0B:35:08:36:8E:F2:C2:F0:17:FC:02:C8:29:1B:4C:73:E5:E0
Certificate issuer: /CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Certificate serial: 05F5
Authority key identifier: 05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
Signing time: Fri 17 May 2024 00:02:55 +0000
ROA not before: Fri 17 May 2024 00:02:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56201
IP address blocks: 169.148.132.0/24 maxlen: 24
169.148.133.0/24 maxlen: 24
169.148.134.0/23 maxlen: 23
169.148.134.0/24 maxlen: 24
169.148.135.0/24 maxlen: 24
169.148.136.0/23 maxlen: 23
169.148.136.0/24 maxlen: 24
169.148.137.0/24 maxlen: 24
169.148.138.0/23 maxlen: 24
169.148.140.0/23 maxlen: 24
169.148.142.0/23 maxlen: 23
169.148.142.0/24 maxlen: 24
169.148.143.0/24 maxlen: 24
169.148.144.0/23 maxlen: 23
169.148.144.0/24 maxlen: 24
169.148.145.0/24 maxlen: 24
169.148.146.0/23 maxlen: 23
169.148.148.0/23 maxlen: 23
169.148.148.0/24 maxlen: 24
169.148.149.0/24 maxlen: 24
169.148.150.0/24 maxlen: 24
199.67.76.0/23 maxlen: 23
199.67.76.0/24 maxlen: 24
199.67.77.0/24 maxlen: 24
199.67.78.0/23 maxlen: 23
199.67.78.0/24 maxlen: 24
199.67.79.0/24 maxlen: 24
199.67.94.0/23 maxlen: 23
199.67.94.0/24 maxlen: 24
199.67.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1525 (0x5f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Validity
Not Before: May 17 00:02:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66469eaf-bd84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:75:7a:bd:3c:a1:c3:c5:df:e5:35:df:0e:68:
a6:24:5f:d6:30:b1:df:11:0b:da:91:d8:e2:d5:6b:
4f:1b:11:b1:54:ef:18:6c:be:ac:a6:53:62:7a:32:
c6:da:95:a7:b9:ba:4f:b7:4c:30:ec:f8:09:b3:25:
94:27:96:a2:68:d5:26:a6:df:51:c0:fe:03:68:68:
30:5e:43:0d:23:8d:78:bd:f2:9f:6c:80:3b:73:74:
b2:f2:85:19:19:3b:2b:3b:e7:e4:d7:c1:d1:07:b0:
b3:45:6b:32:bd:95:dd:40:bd:bb:70:70:70:a8:52:
22:71:3d:c2:27:d6:ce:f3:a9:2a:3a:1c:04:3d:b9:
7b:88:d6:b0:fb:9c:ac:37:e6:4f:ef:5e:9b:20:6b:
bb:ab:49:f6:77:b4:a8:22:7d:7a:63:6a:38:2b:f1:
e1:4a:47:e3:15:d7:dc:01:bf:bb:83:af:ea:b4:f3:
3c:cb:a6:f5:76:11:32:26:49:54:ba:ab:65:a0:0d:
49:ca:87:7d:49:3a:1b:e4:a0:52:91:1f:53:70:47:
32:4d:81:fe:2d:28:f1:5b:7d:63:50:60:dc:a1:bb:
0f:02:b7:d8:d6:ef:41:50:46:c3:dd:85:ef:85:24:
37:88:1a:fe:df:fe:3b:c0:9a:db:d5:09:ec:25:db:
28:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:EB:0B:35:08:36:8E:F2:C2:F0:17:FC:02:C8:29:1B:4C:73:E5:E0
X509v3 Authority Key Identifier:
keyid:05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
169.148.132.0-169.148.150.255
199.67.76.0/22
199.67.94.0/23
Signature Algorithm: sha256WithRSAEncryption
46:dd:75:ac:31:23:0e:58:70:81:c8:2d:c8:42:6d:bf:2e:08:
11:8f:1c:63:79:94:68:25:9e:e1:6a:3f:ba:4c:c3:43:2e:4f:
37:6c:4e:6a:2d:4a:2e:9d:4c:f9:9c:5d:a1:c7:d5:bb:c4:cf:
84:91:98:a3:e6:32:34:04:81:31:19:b6:0a:ef:cd:9b:1c:78:
b1:fd:f6:1d:85:cc:f7:14:06:3b:8e:b3:66:f3:2c:b8:2f:48:
96:7a:cd:51:a6:54:b3:dc:ad:50:59:07:b4:5d:e7:a8:f5:5e:
82:db:85:9e:06:a4:ac:1a:10:f4:24:38:41:61:b4:e8:ee:8c:
6e:87:20:7d:f2:86:5e:71:56:0d:2c:7e:b1:34:51:0e:b1:a5:
3a:fb:4f:4a:3c:f9:07:31:f1:ca:46:99:d1:ed:53:9c:ec:16:
25:78:32:87:45:c3:3e:de:c2:d5:83:c1:20:1f:d2:4b:96:bb:
e2:fb:67:9f:89:64:70:90:82:2f:6a:67:d2:c0:8f:ab:46:18:
3e:03:13:a7:cb:cf:89:23:5e:83:0c:62:aa:fd:cd:e6:9d:28:
cc:4e:bc:08:92:cf:b5:d9:b5:31:4d:ff:0a:85:fd:13:4d:d9:
b7:a5:e3:2b:9f:6e:5c:6a:ef:8f:da:6e:ad:a5:4c:be:75:86:
21:46:21:64
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBfUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY3NEIxMTAvBgNVBAUTKDA1OUU2RjAzQUU3Njc2QTlEMEYwOUQ1RjZDQkRCOTA4
NjE4NTVBNTcwHhcNMjQwNTE3MDAwMjU1WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQ2OWVhZi1iZDg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAynV6vTyhw8Xf5TXfDmimJF/WMLHfEQvakdji1WtPGxGxVO8YbL6splNiejLG
2pWnubpPt0ww7PgJsyWUJ5aiaNUmpt9RwP4DaGgwXkMNI414vfKfbIA7c3Sy8oUZ
GTsrO+fk18HRB7CzRWsyvZXdQL27cHBwqFIicT3CJ9bO86kqOhwEPbl7iNaw+5ys
N+ZP716bIGu7q0n2d7SoIn16Y2o4K/HhSkfjFdfcAb+7g6/qtPM8y6b1dhEyJklU
uqtloA1Jyod9STob5KBSkR9TcEcyTYH+LSjxW31jUGDcobsPArfY1u9BUEbD3YXv
hSQ3iBr+3/47wJrb1QnsJdsolwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFNHrCzUI
No7ywvAX/ALIKRtMc+XgMB8GA1UdIwQYMBaAFAWebwOudnap0PCdX2y9uQhhhVpX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjc0Qi82MUEzMzg0QTc4
MkMxMUVCQUMwNEY2NzJDNEY5QUUwMi9CWjV2QTY1MmRxblE4SjFmYkwyNUNHR0ZX
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0JaNXZBNjUyZHFuUThKMWZiTDI1Q0dHRldsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY3NEIvNjFBMzM4NEE3ODJDMTFFQkFDMDRGNjcyQzRGOUFFMDIvN0UwQUIwMUM3
ODJDMTFFQkIwQjcxOTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAqmUhAMEAKmUlgMEAsdDTAMEAcdDXjANBgkqhkiG9w0B
AQsFAAOCAQEARt11rDEjDlhwgcgtyEJtvy4IEY8cY3mUaCWe4Wo/ukzDQy5PN2xO
ai1KLp1M+ZxdocfVu8TPhJGYo+YyNASBMRm2Cu/Nmxx4sf32HYXM9xQGO46zZvMs
uC9IlnrNUaZUs9ytUFkHtF3nqPVegtuFngakrBoQ9CQ4QWG06O6MbocgffKGXnFW
DSx+sTRRDrGlOvtPSjz5BzHxykaZ0e1TnOwWJXgyh0XDPt7C1YPBIB/SS5a74vtn
n4lkcJCCL2pn0sCPq0YYPgMTp8vPiSNegwxiqv3N5p0ozE68CJLPtdm1MU3/CoX9
E03Zt6XjK59uXGrvj9puraVMvnWGIUYhZA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:08:54 2024 by rpki-client on console-ams.rpki-client.org