Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
File: 485D694A454911EEB8718378C4F9AE02.roa (raw, json)
Hash identifier: DpNVsF8S1R1VahxgyAnkQsdhv9Y/GOwsBJQM35rMSJ0=
Subject key identifier: 78:0C:62:46:A0:D6:67:B4:BD:45:7D:7A:FB:AA:A0:D1:F8:FA:25:24
Certificate issuer: /CN=A9125C22/serialNumber=C70B4E047CAA737724B89D584DB5C0C1A858D28E
Certificate serial: 05FA
Authority key identifier: C7:0B:4E:04:7C:AA:73:77:24:B8:9D:58:4D:B5:C0:C1:A8:58:D2:8E
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
Signing time: Fri 18 Oct 2024 22:42:21 +0000
ROA not before: Fri 18 Oct 2024 22:42:21 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 133771
IP address blocks: 207.174.176.0/20 maxlen: 20
207.174.176.0/22 maxlen: 22
207.174.176.0/24 maxlen: 24
207.174.177.0/24 maxlen: 24
207.174.178.0/24 maxlen: 24
207.174.179.0/24 maxlen: 24
207.174.180.0/22 maxlen: 22
207.174.180.0/24 maxlen: 24
207.174.181.0/24 maxlen: 24
207.174.182.0/24 maxlen: 24
207.174.183.0/24 maxlen: 24
207.174.184.0/22 maxlen: 22
207.174.184.0/24 maxlen: 24
207.174.185.0/24 maxlen: 24
207.174.186.0/24 maxlen: 24
207.174.187.0/24 maxlen: 24
207.174.188.0/22 maxlen: 22
207.174.188.0/24 maxlen: 24
207.174.189.0/24 maxlen: 24
207.174.190.0/24 maxlen: 24
207.174.191.0/24 maxlen: 24
216.108.240.0/20 maxlen: 20
216.108.240.0/22 maxlen: 24
216.108.244.0/22 maxlen: 22
216.108.244.0/24 maxlen: 24
216.108.245.0/24 maxlen: 24
216.108.246.0/24 maxlen: 24
216.108.247.0/24 maxlen: 24
216.108.248.0/22 maxlen: 22
216.108.248.0/24 maxlen: 24
216.108.249.0/24 maxlen: 24
216.108.250.0/24 maxlen: 24
216.108.251.0/24 maxlen: 24
216.108.252.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.crl
rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 19:45:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1530 (0x5fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9125C22/serialNumber=C70B4E047CAA737724B89D584DB5C0C1A858D28E
Validity
Not Before: Oct 18 22:42:21 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=6712e44d-8f59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:1f:5a:6c:6a:1f:85:f5:c6:85:5d:8f:d7:fb:
f8:6f:60:f5:4b:44:92:e4:11:17:37:ff:60:bc:6e:
d0:9f:b0:cf:c4:49:c2:88:09:20:87:02:4b:fb:6a:
00:e3:ed:bd:62:72:8e:95:04:83:cf:fb:0c:d8:5b:
5b:38:0a:68:af:4b:bf:ed:a0:65:cf:ca:be:62:05:
3c:bb:2a:5d:d8:d5:a4:42:36:03:ed:ca:5d:a8:22:
a7:e0:6a:b2:1e:52:e1:92:a8:3f:ea:ad:6e:97:73:
80:9c:8b:e9:e5:4f:15:38:c1:1b:b0:6d:a9:6a:41:
4d:26:65:84:f2:88:c7:df:1d:ed:82:1f:1b:80:95:
d3:08:60:22:32:0f:ec:5a:3f:ba:50:e5:cb:c0:4c:
6a:a3:b1:2d:27:cc:4c:03:68:5f:35:c4:57:57:61:
be:38:e4:4e:04:02:e0:43:6d:f3:03:93:83:9a:2c:
4f:df:79:d3:6a:d3:aa:b6:1b:7e:bc:a5:cc:d5:ce:
e8:71:d7:07:91:45:cc:c0:3e:f3:32:c7:8c:65:7d:
0e:81:11:4a:1e:fa:7d:9a:5d:b1:bd:d1:c0:67:9f:
49:5c:b7:a5:94:17:a6:bf:2a:26:ee:6f:97:30:d0:
3a:bf:9c:56:3a:87:c1:0e:c3:00:22:dc:af:71:78:
47:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:0C:62:46:A0:D6:67:B4:BD:45:7D:7A:FB:AA:A0:D1:F8:FA:25:24
X509v3 Authority Key Identifier:
keyid:C7:0B:4E:04:7C:AA:73:77:24:B8:9D:58:4D:B5:C0:C1:A8:58:D2:8E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/xwtOBHyqc3ckuJ1YTbXAwahY0o4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/xwtOBHyqc3ckuJ1YTbXAwahY0o4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9125C22/FACCBC5C7FAD11EB977B5335C4F9AE02/485D694A454911EEB8718378C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
207.174.176.0/20
216.108.240.0/20
Signature Algorithm: sha256WithRSAEncryption
17:09:f6:85:37:31:63:23:54:3a:b5:bf:88:c5:aa:aa:7d:c6:
95:da:b9:e6:27:74:9d:75:09:b3:9c:34:f2:47:8f:74:9d:14:
3e:b2:6e:ef:eb:e1:0a:d8:86:4a:1f:1f:fb:99:45:3c:bc:54:
a4:42:ac:c9:38:08:39:6f:54:77:f0:ea:f9:66:d5:09:cb:2c:
27:1b:53:fb:24:4e:56:b5:9f:35:32:c5:ce:85:6a:09:6a:a5:
fe:9f:61:27:bd:90:8f:9d:5b:27:2a:16:88:fb:57:ea:57:ac:
3f:b8:b3:34:ce:74:3b:44:99:d5:a4:42:30:bf:72:63:43:f8:
0d:a1:b7:d6:e9:9f:75:d6:ad:dc:53:49:ea:51:6a:f5:f2:c2:
8a:5c:5d:28:5e:20:60:15:38:77:ae:8d:95:9b:e1:2c:b3:95:
81:53:23:f3:1c:59:ac:5e:35:e9:40:bb:0d:53:55:cd:41:4d:
96:6f:b4:41:69:b6:55:2e:d8:43:f0:9b:68:6d:fd:80:96:be:
2d:38:db:96:6a:27:af:4f:cd:58:fc:a7:48:a5:24:b1:dc:ee:
b1:3b:8a:40:08:5b:72:85:d6:06:c3:24:d0:b6:8a:a1:5f:92:
29:21:44:e7:9a:43:6f:a0:fb:07:3c:a7:92:0c:b9:72:97:d2:
e6:2e:bc:9a
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBfowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjVDMjIxMTAvBgNVBAUTKEM3MEI0RTA0N0NBQTczNzcyNEI4OUQ1ODREQjVDMEMx
QTg1OEQyOEUwHhcNMjQxMDE4MjI0MjIxWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzEyZTQ0ZC04ZjU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqB9abGofhfXGhV2P1/v4b2D1S0SS5BEXN/9gvG7Qn7DPxEnCiAkghwJL+2oA
4+29YnKOlQSDz/sM2FtbOApor0u/7aBlz8q+YgU8uypd2NWkQjYD7cpdqCKn4Gqy
HlLhkqg/6q1ul3OAnIvp5U8VOMEbsG2pakFNJmWE8ojH3x3tgh8bgJXTCGAiMg/s
Wj+6UOXLwExqo7EtJ8xMA2hfNcRXV2G+OOROBALgQ23zA5ODmixP33nTatOqtht+
vKXM1c7ocdcHkUXMwD7zMseMZX0OgRFKHvp9ml2xvdHAZ59JXLellBemvyom7m+X
MNA6v5xWOofBDsMAItyvcXhHGwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFHgMYkag
1me0vUV9evuqoNH4+iUkMB8GA1UdIwQYMBaAFMcLTgR8qnN3JLidWE21wMGoWNKO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNUMyMi9GQUNDQkM1QzdG
QUQxMUVCOTc3QjUzMzVDNEY5QUUwMi94d3RPQkh5cWMzY2t1SjFZVGJYQXdhaFkw
bzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3h3dE9CSHlxYzNja3VKMVlUYlhBd2FoWTBvNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjVDMjIvRkFDQ0JDNUM3RkFEMTFFQjk3N0I1MzM1QzRGOUFFMDIvNDg1RDY5NEE0
NTQ5MTFFRUI4NzE4Mzc4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBATPrrADBATYbPAwDQYJKoZIhvcNAQELBQADggEBABcJ9oU3
MWMjVDq1v4jFqqp9xpXaueYndJ11CbOcNPJHj3SdFD6ybu/r4QrYhkofH/uZRTy8
VKRCrMk4CDlvVHfw6vlm1QnLLCcbU/skTla1nzUyxc6Faglqpf6fYSe9kI+dWycq
Foj7V+pXrD+4szTOdDtEmdWkQjC/cmND+A2ht9bpn3XWrdxTSepRavXywopcXShe
IGAVOHeujZWb4SyzlYFTI/McWaxeNelAuw1TVc1BTZZvtEFptlUu2EPwm2ht/YCW
vi0425ZqJ69PzVj8p0ilJLHc7rE7ikAIW3KF1gbDJNC2iqFfkikhROeaQ2+g+wc8
p5IMuXKX0uYuvJo=
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:11:43 2024 by rpki-client on console-fra.rpki-client.org