Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
File: 24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa (raw, json)
Hash identifier: EKgbTwvRylsbqxeRajIn7ze6UKSmEpVK8Vh5H0DigpA=
Subject key identifier: 8A:92:00:6C:17:F7:A3:B3:45:40:C5:D5:BC:1C:18:A2:FF:8F:46:1E
Certificate issuer: /CN=A9123E38/serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Certificate serial: 1629
Authority key identifier: D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
Signing time: Tue 16 Jul 2024 10:11:25 +0000
ROA not before: Tue 16 Jul 2024 10:11:25 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 24337
IP address blocks: 103.228.252.0/24 maxlen: 24
103.228.253.0/24 maxlen: 24
103.228.254.0/24 maxlen: 24
103.228.255.0/24 maxlen: 24
139.5.156.0/22 maxlen: 22
139.5.156.0/24 maxlen: 24
139.5.157.0/24 maxlen: 24
139.5.158.0/24 maxlen: 24
139.5.159.0/24 maxlen: 24
141.164.96.0/20 maxlen: 20
141.164.96.0/24 maxlen: 24
141.164.97.0/24 maxlen: 24
141.164.98.0/24 maxlen: 24
141.164.99.0/24 maxlen: 24
141.164.103.0/24 maxlen: 24
141.164.104.0/24 maxlen: 24
141.164.105.0/24 maxlen: 24
141.164.107.0/24 maxlen: 24
141.164.108.0/24 maxlen: 24
141.164.109.0/24 maxlen: 24
141.164.110.0/24 maxlen: 24
141.164.111.0/24 maxlen: 24
202.123.176.0/21 maxlen: 21
202.123.176.0/24 maxlen: 24
202.123.177.0/24 maxlen: 24
202.123.178.0/24 maxlen: 24
202.123.179.0/24 maxlen: 24
202.123.180.0/24 maxlen: 24
202.123.181.0/24 maxlen: 24
202.123.182.0/24 maxlen: 24
202.123.183.0/24 maxlen: 24
2400:c180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 16:44:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5673 (0x1629)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123E38/serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Validity
Not Before: Jul 16 10:11:25 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=6696474d-4b21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:dc:b0:cf:9b:7a:b4:82:cb:c3:f6:fd:c0:27:
1a:89:d1:1f:4e:57:30:68:93:30:d6:ee:be:f4:52:
fa:4d:e2:17:e8:cb:f7:9d:97:7d:65:94:dd:22:15:
98:c9:ba:b8:5d:e5:72:4a:61:bf:68:03:9b:a5:a5:
cf:0b:cc:e4:1b:63:c6:b5:01:08:14:b5:d1:78:63:
30:27:c4:31:51:ed:8a:98:48:91:31:55:ce:e0:b2:
92:9d:a9:6a:2f:b5:26:b8:9a:e7:0b:2c:d0:d8:0d:
3e:dc:c4:ce:11:fd:a9:f0:2e:20:ab:02:e3:20:a0:
27:63:e9:33:d1:9b:cd:63:cb:e5:e2:69:ec:04:ef:
60:af:f4:24:4d:5d:3a:6a:27:8a:aa:22:3e:d0:30:
2c:45:cf:0e:1a:3c:27:2a:df:14:ad:e2:f7:ab:1e:
f7:7e:89:b9:d0:3d:9a:16:57:04:8f:87:df:81:c6:
f7:3e:02:80:dc:57:05:42:85:22:b4:b7:18:2a:95:
a4:67:7a:fc:c8:bc:00:34:4f:1e:cf:68:7b:1f:8d:
f2:b8:00:ad:8a:4a:ce:38:73:d0:a6:d9:79:88:4e:
f0:3e:92:83:44:22:99:3d:2b:b5:af:2a:43:84:44:
e8:62:5a:7c:ee:fb:5a:99:c6:ea:34:0f:71:cb:55:
92:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:92:00:6C:17:F7:A3:B3:45:40:C5:D5:BC:1C:18:A2:FF:8F:46:1E
X509v3 Authority Key Identifier:
keyid:D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.228.252.0/22
139.5.156.0/22
141.164.96.0/20
202.123.176.0/21
IPv6:
2400:c180::/32
Signature Algorithm: sha256WithRSAEncryption
18:c0:0f:3c:71:93:13:84:6f:d0:b0:95:cd:b8:62:c3:80:b1:
7f:2e:29:a3:23:7c:cf:10:7c:d6:12:a8:56:17:07:c0:89:71:
4f:dd:59:a2:f8:99:8d:ac:3b:55:c7:18:7d:2d:09:b2:93:38:
8e:93:2b:09:77:f8:1f:9a:08:9a:5b:e5:46:55:12:7c:7e:63:
ec:2b:a5:f7:35:a7:62:6d:86:68:87:95:85:c2:e3:42:22:db:
c0:78:fa:0f:bf:e1:b5:e8:86:b5:32:2d:2e:d9:fb:66:07:6e:
f3:1d:65:f5:ed:4c:4b:11:1d:03:a3:76:a1:c1:17:66:60:91:
19:77:d0:49:9e:42:d9:9c:7a:10:8b:f3:cb:5e:ef:e7:1d:73:
a1:7a:48:13:6d:4c:80:62:f8:61:3d:90:46:6b:30:3b:fd:4d:
1c:c6:e9:0d:e0:a1:95:4f:3d:16:db:4a:a5:9e:a5:ba:77:4f:
98:19:5d:fa:1c:b7:41:dc:e1:3b:6a:ed:a9:58:a8:1c:17:ab:
18:31:96:4e:53:98:79:03:bb:8d:af:23:d8:1a:c3:c4:2a:78:
cc:5e:b9:55:83:5f:a4:86:6c:e6:fe:3d:f2:d8:d5:db:5a:d9:
38:a1:92:dd:0a:d0:93:d2:01:29:c5:c8:76:3d:db:30:8f:96:
68:be:35:85
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICFikwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNFMzgxMTAvBgNVBAUTKEQ1NEJGMzk5QkUxQjY1OUIxMzIzMTRCODIxOTMzQTIw
QkEzOEI5NkEwHhcNMjQwNzE2MTAxMTI1WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njk2NDc0ZC00YjIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm9ywz5t6tILLw/b9wCcaidEfTlcwaJMw1u6+9FL6TeIX6Mv3nZd9ZZTdIhWY
ybq4XeVySmG/aAObpaXPC8zkG2PGtQEIFLXReGMwJ8QxUe2KmEiRMVXO4LKSnalq
L7UmuJrnCyzQ2A0+3MTOEf2p8C4gqwLjIKAnY+kz0ZvNY8vl4mnsBO9gr/QkTV06
aieKqiI+0DAsRc8OGjwnKt8UreL3qx73fom50D2aFlcEj4ffgcb3PgKA3FcFQoUi
tLcYKpWkZ3r8yLwANE8ez2h7H43yuACtikrOOHPQptl5iE7wPpKDRCKZPSu1rypD
hEToYlp87vtamcbqNA9xy1WSQQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFIqSAGwX
96OzRUDF1bwcGKL/j0YeMB8GA1UdIwQYMBaAFNVL85m+G2WbEyMUuCGTOiC6OLlq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0UzOC9BMTA4N0QzNjAw
RUExMUU4QkM5M0IxNkJDNEY5QUUwMi8xVXZ6bWI0Ylpac1RJeFM0SVpNNklMbzR1
V28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFVdnptYjRiWlpzVEl4UzRJWk02SUxvNHVXby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNFMzgvQTEwODdEMzYwMEVBMTFFOEJDOTNCMTZCQzRGOUFFMDIvMjRDRkRBQkUw
MEVDMTFFOEFBQzRERDZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJn5PwDBAKLBZwDBASNpGADBAPKe7AwDQQCAAIwBwMFACQA
wYAwDQYJKoZIhvcNAQELBQADggEBABjADzxxkxOEb9Cwlc24YsOAsX8uKaMjfM8Q
fNYSqFYXB8CJcU/dWaL4mY2sO1XHGH0tCbKTOI6TKwl3+B+aCJpb5UZVEnx+Y+wr
pfc1p2JthmiHlYXC40Ii28B4+g+/4bXohrUyLS7Z+2YHbvMdZfXtTEsRHQOjdqHB
F2ZgkRl30EmeQtmcehCL88te7+cdc6F6SBNtTIBi+GE9kEZrMDv9TRzG6Q3goZVP
PRbbSqWepbp3T5gZXfoct0Hc4Ttq7alYqBwXqxgxlk5TmHkDu42vI9gaw8QqeMxe
uVWDX6SGbOb+PfLY1dta2Tihkt0K0JPSASnFyHY92zCPlmi+NYU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:49:57 2024 by rpki-client on console-ams.rpki-client.org