Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
File: 4CEAFBC829C311ED8D2F0870C4F9AE02.roa (raw, json)
Hash identifier: F3wtYNT10j2sdrda5cVxOLVDb60MIDg4+cSDX4cOdc4=
Subject key identifier: 19:B2:B8:DC:03:B6:84:AA:91:5B:19:52:3A:8D:46:1C:C5:1F:79:93
Certificate issuer: /CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
Certificate serial: 0734
Authority key identifier: BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
Signing time: Thu 21 Mar 2024 10:17:24 +0000
ROA not before: Thu 21 Mar 2024 10:17:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 137542
IP address blocks: 103.112.128.0/22 maxlen: 22
103.112.128.0/24 maxlen: 24
103.112.129.0/24 maxlen: 24
103.112.130.0/24 maxlen: 24
103.112.131.0/24 maxlen: 24
2402:a940::/32 maxlen: 32
2402:a940::/36 maxlen: 36
2402:a940:1000::/36 maxlen: 36
2402:a940:2000::/36 maxlen: 36
2402:a940:3000::/36 maxlen: 36
2402:a940:4000::/36 maxlen: 36
2402:a940:5000::/36 maxlen: 36
2402:a940:6000::/36 maxlen: 36
2402:a940:7000::/36 maxlen: 36
2402:a940:8000::/36 maxlen: 36
2402:a940:9000::/36 maxlen: 36
2402:a940:a000::/36 maxlen: 36
2402:a940:b000::/36 maxlen: 36
2402:a940:c000::/36 maxlen: 36
2402:a940:d000::/36 maxlen: 36
2402:a940:e000::/36 maxlen: 36
2402:a940:f000::/36 maxlen: 36
2402:a940:f000::/48 maxlen: 48
2402:a940:f001::/48 maxlen: 48
2402:a940:f002::/48 maxlen: 48
2402:a940:f003::/48 maxlen: 48
2402:a940:f004::/48 maxlen: 48
2402:a940:f005::/48 maxlen: 48
2402:a940:f006::/48 maxlen: 48
2402:a940:f007::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.crl
rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 May 2024 18:26:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1844 (0x734)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
Validity
Not Before: Mar 21 10:17:24 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65fc0933-1877
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:86:f0:85:c7:d3:6c:d7:b5:41:d0:88:ac:80:
84:8f:84:71:b0:a4:9f:96:56:8e:5f:91:ef:3e:af:
78:9e:b2:6b:ee:8a:8d:9b:29:28:1b:2a:33:21:6c:
4b:42:d0:d4:7d:54:17:c4:fe:8a:aa:0a:7b:f4:0b:
12:d4:21:95:57:b2:b7:fb:77:62:cb:76:75:04:62:
8e:d1:bb:98:b6:65:03:fa:9c:25:2c:e7:fc:75:8d:
d5:1a:b4:21:00:6e:96:a3:2b:20:77:3d:19:18:60:
08:45:ab:11:27:74:dc:3a:c6:f6:74:7c:f5:48:92:
d1:a0:99:64:7a:30:fe:05:b9:e8:cf:ae:37:be:de:
78:4e:51:23:9d:83:6a:9a:48:b2:fb:4d:c8:b3:eb:
08:3e:d1:db:5f:b9:78:f0:6c:0d:08:4f:79:75:0a:
f3:a8:e0:aa:54:d7:01:e3:9a:77:fb:61:ad:b7:a2:
53:8c:54:6a:26:d9:7e:12:5b:fe:f6:01:ae:e3:89:
10:d4:84:08:6f:c2:67:31:21:a4:dd:bc:f2:41:08:
cc:aa:55:43:2e:ad:25:dd:22:d9:af:3e:c2:ab:8d:
0b:a1:03:d8:ba:ab:a3:b4:f1:f0:9a:f6:9f:20:73:
d6:52:cc:20:55:21:68:f4:55:c7:ed:32:d5:88:3f:
e7:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:B2:B8:DC:03:B6:84:AA:91:5B:19:52:3A:8D:46:1C:C5:1F:79:93
X509v3 Authority Key Identifier:
keyid:BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.112.128.0/22
IPv6:
2402:a940::/32
Signature Algorithm: sha256WithRSAEncryption
47:d1:14:0d:71:22:6d:6f:c0:dc:24:4a:59:77:02:61:7d:49:
09:5c:4f:04:0c:1e:6c:99:dd:61:3b:74:a4:42:80:33:77:9c:
9a:f9:f6:e2:0a:f5:40:98:5f:61:a7:10:fb:dc:ae:57:58:f3:
a6:c9:1a:8b:f9:90:7e:05:40:87:99:43:d1:5f:25:8f:82:0c:
d2:90:9b:27:e6:d4:ba:38:aa:5e:ce:01:58:ea:1b:09:30:f3:
36:37:0b:89:11:99:8f:8b:44:bb:56:9b:70:36:a3:3d:51:4c:
93:cf:b7:ab:fa:55:40:22:89:80:93:4c:66:1b:81:24:60:60:
f5:a9:e2:ed:11:81:77:f5:60:84:75:9e:ac:00:b6:ce:c6:73:
4b:52:85:f3:e5:63:25:d3:26:36:70:af:56:19:fb:44:06:e2:
4b:4f:6c:5f:33:dd:7d:2f:cd:f3:b6:7d:c3:b8:07:09:91:16:
63:84:65:85:4c:ee:6d:f4:3c:47:54:54:48:21:5e:7b:fa:89:
bf:cc:8d:d5:0a:18:2e:46:35:b2:bc:fb:29:0d:97:a2:ba:90:
81:6e:3b:91:0b:83:c9:b4:ad:78:a2:dd:ef:8a:e4:b9:4a:d0:
d4:08:d7:e0:32:60:87:90:ca:60:37:7c:5e:38:f4:c7:77:aa:
8a:01:6d:a0
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICBzQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUFCRjQxMTAvBgNVBAUTKEJCRTIzMzU2MEVGRDQwOUIzOENEQjgwQTAwNTc1QTM3
QkE4OTY0MzUwHhcNMjQwMzIxMTAxNzI0WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWZjMDkzMy0xODc3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsIbwhcfTbNe1QdCIrICEj4RxsKSfllaOX5HvPq94nrJr7oqNmykoGyozIWxL
QtDUfVQXxP6Kqgp79AsS1CGVV7K3+3diy3Z1BGKO0buYtmUD+pwlLOf8dY3VGrQh
AG6Woysgdz0ZGGAIRasRJ3TcOsb2dHz1SJLRoJlkejD+Bbnoz643vt54TlEjnYNq
mkiy+03Is+sIPtHbX7l48GwNCE95dQrzqOCqVNcB45p3+2Gtt6JTjFRqJtl+Elv+
9gGu44kQ1IQIb8JnMSGk3bzyQQjMqlVDLq0l3SLZrz7Cq40LoQPYuqujtPHwmvaf
IHPWUswgVSFo9FXH7TLViD/nlQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFBmyuNwD
toSqkVsZUjqNRhzFH3mTMB8GA1UdIwQYMBaAFLviM1YO/UCbOM24CgBXWje6iWQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQUJGNC9FQTg3MTg1Qzcy
MUIxMUU5QkI3NDgxNTBDNEY5QUUwMi91LUl6Vmc3OVFKczR6YmdLQUZkYU43cUpa
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3UtSXpWZzc5UUpzNHpiZ0tBRmRhTjdxSlpEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUFCRjQvRUE4NzE4NUM3MjFCMTFFOUJCNzQ4MTUwQzRGOUFFMDIvNENFQUZCQzgy
OUMzMTFFRDhEMkYwODcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJncIAwDQQCAAIwBwMFACQCqUAwDQYJKoZIhvcNAQELBQAD
ggEBAEfRFA1xIm1vwNwkSll3AmF9SQlcTwQMHmyZ3WE7dKRCgDN3nJr59uIK9UCY
X2GnEPvcrldY86bJGov5kH4FQIeZQ9FfJY+CDNKQmyfm1Lo4ql7OAVjqGwkw8zY3
C4kRmY+LRLtWm3A2oz1RTJPPt6v6VUAiiYCTTGYbgSRgYPWp4u0RgXf1YIR1nqwA
ts7Gc0tShfPlYyXTJjZwr1YZ+0QG4ktPbF8z3X0vzfO2fcO4BwmRFmOEZYVM7m30
PEdUVEghXnv6ib/MjdUKGC5GNbK8+ykNl6K6kIFuO5ELg8m0rXii3e+K5LlK0NQI
1+AyYIeQymA3fF449Md3qooBbaA=
-----END CERTIFICATE-----
Generated at Mon May 20 19:20:03 2024 by rpki-client on console-fra.rpki-client.org