Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
File: B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa (raw, json)
Hash identifier: oYXJQm/bjAibaz8nsXjKJt8mNmtyiHFVv07p/FS+Uv0=
Subject key identifier: B3:BF:95:3E:BC:1E:A9:05:E3:BC:54:7D:E0:07:CE:CE:04:6E:17:DB
Certificate issuer: /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial: 055F
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
Signing time: Mon 29 Jan 2024 02:18:34 +0000
ROA not before: Mon 29 Jan 2024 02:18:34 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 137872
IP address blocks: 43.252.52.0/22 maxlen: 24
58.82.192.0/19 maxlen: 24
58.82.224.0/19 maxlen: 24
103.15.84.0/22 maxlen: 24
123.136.0.0/20 maxlen: 24
161.81.0.0/16 maxlen: 24
182.239.64.0/21 maxlen: 24
182.239.96.0/21 maxlen: 24
203.142.96.0/24 maxlen: 24
203.142.100.0/22 maxlen: 24
203.142.104.0/21 maxlen: 24
203.142.112.0/21 maxlen: 24
203.142.120.0/22 maxlen: 24
203.142.124.0/23 maxlen: 24
203.142.126.0/24 maxlen: 24
223.122.0.0/18 maxlen: 24
223.122.64.0/18 maxlen: 24
223.122.128.0/17 maxlen: 24
2401:3000:a000::/36 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 May 2024 19:51:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1375 (0x55f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Validity
Not Before: Jan 29 02:18:34 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=65b70afa-ba26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:5c:f6:42:42:3c:ba:fb:85:7b:27:3e:0d:5d:
34:cf:b9:a8:15:dd:f2:78:c9:1e:9b:97:19:06:d6:
98:e0:12:c6:0e:bd:fe:54:b0:13:e6:50:b4:cb:98:
7d:50:5a:23:04:1d:2a:31:9f:26:ee:49:bc:f0:54:
ba:2f:91:84:25:43:eb:eb:61:12:5f:cf:1b:61:e4:
69:a7:7a:b5:1c:2d:dc:87:06:5a:72:84:63:06:11:
eb:e5:66:bf:8a:4d:0a:7d:0b:0c:8d:26:7f:73:44:
fe:05:be:4a:4e:00:48:69:a3:eb:4c:b8:d1:e9:ca:
df:ca:ce:22:e2:de:dd:f9:53:9a:ef:b2:8e:67:e0:
2a:4d:a7:9b:20:75:16:88:fb:77:1d:2c:a9:df:29:
fb:d7:ca:63:2b:18:a6:a2:2a:fc:69:af:1b:72:43:
08:4d:7d:29:3f:ab:a5:86:1b:de:3b:0a:30:66:c4:
c9:1b:5d:bc:2f:78:44:b3:02:c6:d0:a0:d6:04:ca:
27:36:7d:f1:b1:bd:d9:b0:92:3e:1d:8c:78:fb:a0:
32:f0:10:d8:97:df:f7:51:8a:e4:bd:c9:43:7c:59:
41:64:4e:fb:59:4b:d8:25:79:83:d1:a4:26:a1:e1:
ee:0c:45:bc:18:05:9d:84:e7:fa:3d:f5:c6:46:08:
67:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:BF:95:3E:BC:1E:A9:05:E3:BC:54:7D:E0:07:CE:CE:04:6E:17:DB
X509v3 Authority Key Identifier:
keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.52.0/22
58.82.192.0/18
103.15.84.0/22
123.136.0.0/20
161.81.0.0/16
182.239.64.0/21
182.239.96.0/21
203.142.96.0/24
203.142.100.0-203.142.126.255
223.122.0.0/16
IPv6:
2401:3000:a000::/36
Signature Algorithm: sha256WithRSAEncryption
8c:2a:0a:34:7a:3f:1d:e8:1e:b2:76:2d:8e:bc:b6:ed:05:9e:
46:2a:9d:38:0b:e1:a9:c3:3b:48:b0:f7:2f:89:c0:ab:cf:8d:
1b:f7:e6:d1:c9:65:27:9f:45:14:8f:31:d3:d7:61:5d:d9:d6:
c8:73:a2:2d:60:a5:6d:a9:26:20:c3:20:96:ff:cb:cd:b0:52:
43:84:f3:3c:54:d1:1b:a7:2c:ef:9f:28:c1:50:15:dc:18:a7:
ba:fc:38:0b:5f:3c:9d:d8:05:34:48:28:09:f6:d7:07:75:06:
75:01:19:4b:fd:15:32:65:21:ea:04:fc:f5:e0:fe:82:cd:f3:
d0:16:d0:a9:23:b6:c4:28:bf:e1:94:79:b9:6e:67:25:e0:d7:
6b:b8:c2:b9:19:d0:1a:3e:24:59:3d:31:31:fb:2c:ec:30:50:
56:b5:17:e9:13:3f:66:48:6e:05:49:8f:83:21:8e:75:d3:30:
3a:4e:2f:85:e8:1c:de:68:80:07:57:29:56:62:07:a9:77:25:
bb:08:c3:98:c0:5b:6c:87:32:cc:d8:a1:80:18:ea:e4:07:d7:
59:80:e2:b2:54:5f:74:cf:11:79:fc:71:2e:da:7b:bb:5c:ca:
6f:1b:87:1a:60:43:d8:2d:97:70:40:49:25:8a:41:90:e4:7a:
c2:21:36:0d
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICBV8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjQwMTI5MDIxODM0WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI3MGFmYS1iYTI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz1z2QkI8uvuFeyc+DV00z7moFd3yeMkem5cZBtaY4BLGDr3+VLAT5lC0y5h9
UFojBB0qMZ8m7km88FS6L5GEJUPr62ESX88bYeRpp3q1HC3chwZacoRjBhHr5Wa/
ik0KfQsMjSZ/c0T+Bb5KTgBIaaPrTLjR6crfys4i4t7d+VOa77KOZ+AqTaebIHUW
iPt3HSyp3yn718pjKximoir8aa8bckMITX0pP6ulhhveOwowZsTJG128L3hEswLG
0KDWBMonNn3xsb3ZsJI+HYx4+6Ay8BDYl9/3UYrkvclDfFlBZE77WUvYJXmD0aQm
oeHuDEW8GAWdhOf6PfXGRghn6wIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFLO/lT68
HqkF47xUfeAHzs4EbhfbMB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvQjNFNERDRjhC
RTRDMTFFRUIxMzI3QTU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMEgEAgABMEIDBAIr/DQDBAY6UsADBAJnD1QDBAR7iAADAwChUQMEA7bvQAME
A7bvYAMEAMuOYDAMAwQCy45kAwQAy45+AwMA33owDgQCAAIwCAMGBCQBMACgMA0G
CSqGSIb3DQEBCwUAA4IBAQCMKgo0ej8d6B6ydi2OvLbtBZ5GKp04C+GpwztIsPcv
icCrz40b9+bRyWUnn0UUjzHT12Fd2dbIc6ItYKVtqSYgwyCW/8vNsFJDhPM8VNEb
pyzvnyjBUBXcGKe6/DgLXzyd2AU0SCgJ9tcHdQZ1ARlL/RUyZSHqBPz14P6CzfPQ
FtCpI7bEKL/hlHm5bmcl4NdruMK5GdAaPiRZPTEx+yzsMFBWtRfpEz9mSG4FSY+D
IY510zA6Ti+F6BzeaIAHVylWYgepdyW7CMOYwFtshzLM2KGAGOrkB9dZgOKyVF90
zxF5/HEu2nu7XMpvG4caYEPYLZdwQEklikGQ5HrCITYN
-----END CERTIFICATE-----
Generated at Sun May 19 01:47:12 2024 by rpki-client on console-fra.rpki-client.org