Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
File: B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa (raw, json)
Hash identifier: /zbyHciIwndBXlxJhKITEkhA9vsFIRYPFElbWadsiXw=
Subject key identifier: E7:D3:3A:08:A8:1F:B9:89:4E:DC:CF:91:BE:1D:B3:14:99:18:DF:EC
Certificate issuer: /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial: 05A1
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
Signing time: Fri 31 May 2024 01:46:20 +0000
ROA not before: Fri 31 May 2024 01:46:20 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 137872
IP address blocks: 43.252.52.0/22 maxlen: 24
58.82.192.0/19 maxlen: 24
58.82.224.0/19 maxlen: 24
103.15.84.0/22 maxlen: 24
123.136.0.0/20 maxlen: 24
161.81.0.0/16 maxlen: 24
182.239.64.0/21 maxlen: 24
182.239.96.0/21 maxlen: 24
203.142.96.0/24 maxlen: 24
203.142.100.0/22 maxlen: 24
203.142.104.0/21 maxlen: 24
203.142.112.0/21 maxlen: 24
203.142.120.0/22 maxlen: 24
203.142.124.0/23 maxlen: 24
203.142.126.0/24 maxlen: 24
223.122.0.0/18 maxlen: 24
223.122.64.0/18 maxlen: 24
223.122.128.0/17 maxlen: 24
2401:3000:a000::/36 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 20:33:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1441 (0x5a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Validity
Not Before: May 31 01:46:20 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=66592bec-abfe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:2b:06:37:03:04:a6:11:32:2f:62:d8:f5:12:
8e:50:35:56:d0:94:09:b9:90:43:94:c4:e8:c6:32:
2e:d9:64:a8:51:ac:42:f8:72:eb:fe:ef:85:71:e1:
6d:24:d9:0b:f1:3a:30:36:99:f0:7b:8b:b6:bf:c1:
0d:ea:00:d0:0a:6e:9d:40:57:f0:c1:06:e4:10:6e:
02:be:fd:e4:57:4e:cb:6f:5c:47:fc:9c:34:61:13:
6e:ad:3f:21:cb:26:13:69:b8:b0:f3:77:64:2f:03:
c3:a8:8f:42:f9:14:75:ec:1b:41:17:b2:79:c9:cd:
eb:99:00:95:b5:1f:53:69:83:6d:1d:bd:4f:3f:6f:
e1:7f:3f:28:ec:65:68:36:4a:3b:ab:7e:5c:ff:91:
93:89:d8:db:86:94:4c:8e:51:7d:aa:c8:a5:a0:d0:
b7:d2:8a:df:bc:aa:51:24:2d:9c:95:4b:c1:af:c2:
c5:7f:7a:6b:7a:fb:ba:91:dc:04:95:b3:ec:8b:80:
19:61:1f:fc:2c:05:37:09:c6:16:2f:0d:58:b3:55:
e9:db:f2:f2:63:c0:1e:89:a6:40:35:ed:2b:a3:29:
05:6f:1f:6e:04:52:a7:19:96:ee:f1:c1:4e:19:04:
14:5f:2d:c8:0b:c8:91:b7:c1:f1:12:8e:f1:28:be:
70:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:D3:3A:08:A8:1F:B9:89:4E:DC:CF:91:BE:1D:B3:14:99:18:DF:EC
X509v3 Authority Key Identifier:
keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/B3E4DCF8BE4C11EEB1327A54C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.52.0/22
58.82.192.0/18
103.15.84.0/22
123.136.0.0/20
161.81.0.0/16
182.239.64.0/21
182.239.96.0/21
203.142.96.0/24
203.142.100.0-203.142.126.255
223.122.0.0/16
IPv6:
2401:3000:a000::/36
Signature Algorithm: sha256WithRSAEncryption
32:86:f9:9b:6e:31:57:ad:17:e0:57:53:6e:0b:97:04:75:35:
fc:05:af:7d:64:c3:af:cb:3f:ac:14:0b:cc:78:2c:1a:66:28:
96:55:01:1b:b9:b9:93:18:19:5e:ca:f5:f9:eb:2c:ad:d8:eb:
03:28:fb:80:8f:d5:9d:22:89:74:be:65:2f:ac:1a:d4:8f:26:
99:2d:e4:47:ed:f0:70:1a:e6:cc:23:90:35:03:f9:fe:2a:6c:
da:3d:df:38:dd:5e:02:b6:16:6c:94:18:fb:b7:8e:b8:0a:e3:
16:73:c8:e1:11:d0:b2:05:51:91:2c:63:87:f7:76:6f:46:62:
50:0f:40:9c:53:cd:4e:b0:6e:88:46:44:0a:2b:19:c7:05:69:
70:39:00:0c:0f:46:3e:7d:9e:96:1f:34:8e:aa:1b:b0:6a:54:
b3:7a:22:88:c1:64:1f:49:e4:3f:1d:dd:ee:20:72:5f:ef:bf:
bc:80:51:56:fd:12:60:2c:dd:8b:a8:c0:04:38:d3:1b:6d:65:
29:68:5b:91:73:ba:d2:5d:e6:9c:99:ff:2b:2c:08:d4:5c:86:
88:cb:59:3a:9c:d9:7e:e6:5c:d8:4c:b2:68:72:6c:7a:4a:ba:
f6:6a:05:2e:4b:ae:00:dd:c3:17:db:c8:50:0a:de:bb:25:31:
01:a7:c7:49
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICBaEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjQwNTMxMDE0NjIwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU5MmJlYy1hYmZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnCsGNwMEphEyL2LY9RKOUDVW0JQJuZBDlMToxjIu2WSoUaxC+HLr/u+FceFt
JNkL8TowNpnwe4u2v8EN6gDQCm6dQFfwwQbkEG4Cvv3kV07Lb1xH/Jw0YRNurT8h
yyYTabiw83dkLwPDqI9C+RR17BtBF7J5yc3rmQCVtR9TaYNtHb1PP2/hfz8o7GVo
Nko7q35c/5GTidjbhpRMjlF9qsiloNC30orfvKpRJC2clUvBr8LFf3prevu6kdwE
lbPsi4AZYR/8LAU3CcYWLw1Ys1Xp2/LyY8AeiaZANe0roykFbx9uBFKnGZbu8cFO
GQQUXy3IC8iRt8HxEo7xKL5wjQIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFOfTOgio
H7mJTtzPkb4dsxSZGN/sMB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvQjNFNERDRjhC
RTRDMTFFRUIxMzI3QTU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMEgEAgABMEIDBAIr/DQDBAY6UsADBAJnD1QDBAR7iAADAwChUQMEA7bvQAME
A7bvYAMEAMuOYDAMAwQCy45kAwQAy45+AwMA33owDgQCAAIwCAMGBCQBMACgMA0G
CSqGSIb3DQEBCwUAA4IBAQAyhvmbbjFXrRfgV1NuC5cEdTX8Ba99ZMOvyz+sFAvM
eCwaZiiWVQEbubmTGBleyvX56yyt2OsDKPuAj9WdIol0vmUvrBrUjyaZLeRH7fBw
GubMI5A1A/n+KmzaPd843V4CthZslBj7t464CuMWc8jhEdCyBVGRLGOH93ZvRmJQ
D0CcU81OsG6IRkQKKxnHBWlwOQAMD0Y+fZ6WHzSOqhuwalSzeiKIwWQfSeQ/Hd3u
IHJf77+8gFFW/RJgLN2LqMAEONMbbWUpaFuRc7rSXeacmf8rLAjUXIaIy1k6nNl+
5lzYTLJocmx6Srr2agUuS64A3cMX28hQCt67JTEBp8dJ
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:55:37 2024 by rpki-client on console-ams.rpki-client.org