Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
File: 4DFBA2EA066011EEA5F59657C4F9AE02.roa (raw, json)
Hash identifier: unxtCMYXbar1K6YHCa1OoSbjJp6cS8a153CowC3ifZI=
Subject key identifier: 0A:4E:AF:58:05:60:66:27:F6:BB:73:3A:93:A1:5D:EE:3E:58:6B:ED
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1D2E
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
Signing time: Tue 02 Jan 2024 16:54:29 +0000
ROA not before: Tue 02 Jan 2024 16:54:29 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 38283
IP address blocks: 125.64.0.0/24 maxlen: 24
125.64.1.0/24 maxlen: 24
125.64.2.0/24 maxlen: 24
125.64.3.0/24 maxlen: 24
125.64.4.0/24 maxlen: 24
125.64.5.0/24 maxlen: 24
125.64.6.0/24 maxlen: 24
125.64.8.0/24 maxlen: 24
125.64.9.0/24 maxlen: 24
125.64.10.0/24 maxlen: 24
125.64.11.0/24 maxlen: 24
125.64.12.0/24 maxlen: 24
125.64.13.0/24 maxlen: 24
125.64.14.0/24 maxlen: 24
125.64.15.0/24 maxlen: 24
125.64.16.0/24 maxlen: 24
125.64.17.0/24 maxlen: 24
125.64.18.0/24 maxlen: 24
125.64.19.0/24 maxlen: 24
125.64.20.0/24 maxlen: 24
125.64.21.0/24 maxlen: 24
125.64.23.0/24 maxlen: 24
125.64.24.0/24 maxlen: 24
125.64.25.0/24 maxlen: 24
125.64.26.0/24 maxlen: 24
125.64.27.0/24 maxlen: 24
125.64.28.0/24 maxlen: 24
125.64.29.0/24 maxlen: 24
125.64.30.0/23 maxlen: 23
125.64.40.0/24 maxlen: 24
125.64.41.0/24 maxlen: 24
125.64.43.0/24 maxlen: 24
125.64.92.0/24 maxlen: 24
125.64.93.0/24 maxlen: 24
125.64.94.0/24 maxlen: 24
125.64.95.0/24 maxlen: 24
125.64.96.0/24 maxlen: 24
125.64.97.0/24 maxlen: 24
125.64.98.0/24 maxlen: 24
125.64.99.0/24 maxlen: 24
125.64.100.0/24 maxlen: 24
125.64.101.0/24 maxlen: 24
125.64.102.0/24 maxlen: 24
125.64.103.0/24 maxlen: 24
125.64.128.0/20 maxlen: 20
125.64.144.0/22 maxlen: 22
125.65.46.0/24 maxlen: 24
125.65.114.0/24 maxlen: 24
125.65.134.0/24 maxlen: 24
125.65.135.0/24 maxlen: 24
125.65.153.0/24 maxlen: 24
125.65.154.0/24 maxlen: 24
125.65.216.0/22 maxlen: 22
125.65.245.0/24 maxlen: 24
125.65.247.0/24 maxlen: 24
125.67.234.0/24 maxlen: 24
125.67.235.0/24 maxlen: 24
202.98.123.0/24 maxlen: 24
218.6.168.0/24 maxlen: 24
218.6.169.0/24 maxlen: 24
218.6.170.0/24 maxlen: 24
218.6.171.0/24 maxlen: 24
218.6.172.0/24 maxlen: 24
218.6.173.0/24 maxlen: 24
218.6.174.0/24 maxlen: 24
218.6.175.0/24 maxlen: 24
218.6.196.0/24 maxlen: 24
218.6.197.0/24 maxlen: 24
218.6.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 May 2024 14:50:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7470 (0x1d2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Jan 2 16:54:29 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=65943fc5-e9dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ff:95:fc:44:81:95:53:fb:08:43:ac:94:a1:
16:11:c7:d4:d7:33:5d:2e:fd:34:7c:cd:95:98:55:
e2:db:aa:e6:c9:d6:ab:3c:ba:c7:f7:cc:ad:64:8b:
0a:39:70:83:74:a1:43:41:74:dc:f3:f2:3f:7b:20:
d6:8a:d2:35:31:88:a9:4c:40:14:84:87:d1:f8:e5:
5b:f4:eb:21:b0:28:64:2b:8c:1a:f6:2c:93:2e:f3:
15:89:0d:06:07:8a:e4:ce:8b:89:3b:42:4e:0c:1f:
62:37:16:75:87:aa:24:fd:62:50:e6:0f:20:9b:fd:
6e:4f:b8:79:38:62:f0:7f:71:42:db:9d:9e:8f:1b:
50:87:e4:b5:0c:1f:d5:6e:41:b3:ea:35:84:df:52:
8b:ec:df:5c:d1:b0:ef:93:eb:9f:26:31:3b:a4:93:
8a:a9:6c:3d:16:5a:8e:16:cb:9c:88:76:b7:83:01:
00:c0:13:0d:d3:c7:dc:79:ff:a0:51:dd:32:30:94:
8d:df:23:14:43:4e:1b:0d:8f:0d:b5:e1:c0:bb:9c:
9a:f1:24:53:2f:a2:bd:0f:76:6c:35:d5:08:43:5e:
7f:9d:ea:77:66:dc:34:3e:ef:94:60:0e:d4:ce:3f:
51:fb:c5:04:93:33:58:b4:c3:27:b0:bc:8e:41:d6:
db:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:4E:AF:58:05:60:66:27:F6:BB:73:3A:93:A1:5D:EE:3E:58:6B:ED
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4DFBA2EA066011EEA5F59657C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
125.64.0.0-125.64.6.255
125.64.8.0-125.64.21.255
125.64.23.0-125.64.31.255
125.64.40.0/23
125.64.43.0/24
125.64.92.0-125.64.103.255
125.64.128.0-125.64.147.255
125.65.46.0/24
125.65.114.0/24
125.65.134.0/23
125.65.153.0-125.65.154.255
125.65.216.0/22
125.65.245.0/24
125.65.247.0/24
125.67.234.0/23
202.98.123.0/24
218.6.168.0/21
218.6.196.0-218.6.198.255
Signature Algorithm: sha256WithRSAEncryption
16:73:de:f9:5f:a8:bb:d2:3b:f9:be:19:a9:2e:31:5f:5c:91:
d8:b0:60:02:a3:70:46:e7:28:1a:aa:62:ed:64:2a:d1:f3:c8:
7a:63:4a:8b:f4:33:3f:a3:72:aa:26:2a:c4:f6:0b:f1:6b:2f:
b1:8a:ad:06:45:d1:70:26:75:97:d2:ce:f8:63:18:99:bb:ae:
3d:99:f3:82:53:cc:01:86:2f:9e:29:4f:c6:4f:cb:b3:63:3d:
3e:c3:c1:28:0b:9b:46:ef:42:d7:f4:2a:87:ab:55:f1:b6:3e:
9f:ba:8e:32:f0:44:5b:80:36:90:2c:6e:fe:29:33:ab:66:9a:
c1:76:66:24:af:a7:0c:a0:74:69:96:e1:68:9c:18:97:4f:b1:
30:94:2d:80:6a:0f:29:3d:37:f9:ec:49:77:7f:c1:5f:53:8b:
a4:da:eb:2b:b4:8f:03:79:0c:e7:08:f5:91:b5:22:a7:19:78:
24:99:09:0b:a4:77:9b:76:4b:1f:f5:8d:b1:17:f7:61:ca:ae:
48:72:fe:0a:3c:4f:90:48:0e:74:46:a5:72:57:f0:b2:8a:2d:
36:fe:93:76:d6:6a:91:d8:b0:ad:8a:66:16:52:23:34:43:29:
5a:1a:46:a3:d7:b9:84:e7:f1:d2:c9:a2:e2:75:a4:61:ef:b3:
a0:22:87:e6
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgICHS4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjQwMTAyMTY1NDI5WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk0M2ZjNS1lOWRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm/+V/ESBlVP7CEOslKEWEcfU1zNdLv00fM2VmFXi26rmydarPLrH98ytZIsK
OXCDdKFDQXTc8/I/eyDWitI1MYipTEAUhIfR+OVb9OshsChkK4wa9iyTLvMViQ0G
B4rkzouJO0JODB9iNxZ1h6ok/WJQ5g8gm/1uT7h5OGLwf3FC252ejxtQh+S1DB/V
bkGz6jWE31KL7N9c0bDvk+ufJjE7pJOKqWw9FlqOFsuciHa3gwEAwBMN08fcef+g
Ud0yMJSN3yMUQ04bDY8NteHAu5ya8SRTL6K9D3ZsNdUIQ15/nep3Ztw0Pu+UYA7U
zj9R+8UEkzNYtMMnsLyOQdbblwIDAQABo4IDNzCCAzMwHQYDVR0OBBYEFApOr1gF
YGYn9rtzOpOhXe4+WGvtMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNERGQkEyRUEw
NjYwMTFFRUE1RjU5NjU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgcAGCCsGAQUFBwEHAQH/
BIGwMIGtMIGqBAIAATCBozALAwMGfUADBAB9QAYwDAMEA31ACAMEAX1AFDAMAwQA
fUAXAwQFfUAAAwQBfUAoAwQAfUArMAwDBAJ9QFwDBAN9QGAwDAMEB31AgAMEAn1A
kAMEAH1BLgMEAH1BcgMEAX1BhjAMAwQAfUGZAwQAfUGaAwQCfUHYAwQAfUH1AwQA
fUH3AwQBfUPqAwQAymJ7AwQD2gaoMAwDBALaBsQDBADaBsYwDQYJKoZIhvcNAQEL
BQADggEBABZz3vlfqLvSO/m+GakuMV9ckdiwYAKjcEbnKBqqYu1kKtHzyHpjSov0
Mz+jcqomKsT2C/FrL7GKrQZF0XAmdZfSzvhjGJm7rj2Z84JTzAGGL54pT8ZPy7Nj
PT7DwSgLm0bvQtf0KoerVfG2Pp+6jjLwRFuANpAsbv4pM6tmmsF2ZiSvpwygdGmW
4WicGJdPsTCULYBqDyk9N/nsSXd/wV9Ti6Ta6yu0jwN5DOcI9ZG1IqcZeCSZCQuk
d5t2Sx/1jbEX92HKrkhy/go8T5BIDnRGpXJX8LKKLTb+k3bWapHYsK2KZhZSIzRD
KVoaRqPXuYTn8dLJouJ1pGHvs6Aih+Y=
-----END CERTIFICATE-----
Generated at Sat May 18 17:37:32 2024 by rpki-client on console-fra.rpki-client.org