Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
File: B80AFEB204D311E9A6452047C4F9AE02.roa (raw, json)
Hash identifier: lcZBJc0SseZ2msItGbn45fGKCw+QLyWMQGHYhse6IS0=
Subject key identifier: B4:90:91:4A:CF:10:EA:C6:98:BE:8F:F8:3F:09:DB:DE:01:C9:4C:5F
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1E2A
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
Signing time: Fri 20 Sep 2024 16:34:59 +0000
ROA not before: Fri 20 Sep 2024 16:34:58 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 4816
IP address blocks: 121.11.96.0/20 maxlen: 20
121.11.112.0/21 maxlen: 21
121.12.80.0/21 maxlen: 21
121.14.72.0/21 maxlen: 21
121.14.80.0/21 maxlen: 21
121.14.88.0/21 maxlen: 21
121.14.96.0/21 maxlen: 21
121.14.104.0/21 maxlen: 21
121.14.112.0/21 maxlen: 21
121.14.120.0/21 maxlen: 21
121.35.254.0/24 maxlen: 24
125.91.16.0/20 maxlen: 20
125.91.32.0/19 maxlen: 19
125.91.64.0/19 maxlen: 19
125.91.104.0/21 maxlen: 21
125.91.112.0/20 maxlen: 20
125.91.128.0/21 maxlen: 21
125.91.136.0/22 maxlen: 22
125.91.140.0/23 maxlen: 23
202.104.128.0/24 maxlen: 24
202.104.139.0/24 maxlen: 24
218.18.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 15:54:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7722 (0x1e2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Sep 20 16:34:58 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66eda432-9e75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:50:9f:0b:f6:07:f2:54:99:05:be:84:a6:0d:
fb:42:27:3b:0b:29:a0:64:b1:20:7f:8c:a8:06:c0:
0f:0f:cd:8c:1b:0d:6e:20:ca:e5:d7:bd:a5:9e:46:
71:f6:f7:a0:6e:53:d9:05:47:c2:1b:98:3f:b7:01:
e7:a1:c7:1a:ee:3c:b4:7f:dc:72:aa:ed:15:a3:93:
a5:bb:f0:4f:0c:65:69:fc:c0:6b:4a:83:3c:8e:5e:
88:2b:6f:a4:01:05:b1:4a:72:ca:dc:2b:dc:36:cb:
75:4d:af:af:a5:5e:04:27:d8:a0:e7:58:cd:8f:03:
c1:2b:5a:fe:e1:57:f4:2f:a1:a4:0c:dc:11:21:30:
f2:54:ce:62:66:17:4e:b3:2d:15:24:5a:53:4c:47:
29:86:fc:13:43:4b:cd:7b:cc:25:c7:51:47:1d:18:
e6:b1:ec:76:97:9b:4c:5d:67:60:e5:d5:a9:7c:b8:
cc:7b:a6:2a:58:06:9c:f7:06:48:20:ae:27:1a:b6:
ae:06:4e:07:21:ba:24:a6:22:a3:39:4a:b2:d3:d8:
cb:9b:10:f7:d2:db:2f:5a:ff:42:d4:f0:ed:19:a0:
8a:da:2a:f8:0b:69:d2:a3:c2:ee:ce:e8:e6:da:88:
60:62:cc:84:f7:e6:27:df:85:d4:be:92:4d:48:f5:
4d:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:90:91:4A:CF:10:EA:C6:98:BE:8F:F8:3F:09:DB:DE:01:C9:4C:5F
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B80AFEB204D311E9A6452047C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
121.11.96.0-121.11.119.255
121.12.80.0/21
121.14.72.0-121.14.127.255
121.35.254.0/24
125.91.16.0-125.91.95.255
125.91.104.0-125.91.141.255
202.104.128.0/24
202.104.139.0/24
218.18.95.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:dc:2c:6c:de:71:6c:1b:e7:e6:34:97:ad:20:3a:ba:27:a0:
39:e9:fe:6a:a6:a0:e9:03:d0:41:54:99:2f:5c:26:a4:a5:d1:
ac:12:16:e7:4e:2b:f5:d4:4d:d2:5c:cc:18:5f:cc:63:01:45:
92:03:f4:19:72:6f:e3:45:7e:2a:40:fe:21:1f:78:71:89:34:
ff:85:8d:3c:8c:83:c6:bd:56:b7:97:5a:10:64:78:e7:f4:49:
37:ad:c5:ed:dd:8b:97:8c:52:d8:81:06:5f:b5:c0:aa:7b:fe:
b2:15:96:d4:1c:30:f0:34:c1:1c:b7:f5:b3:e6:f9:a3:2a:10:
67:b6:7d:18:9e:31:7a:04:f6:6b:b4:af:87:59:6d:01:36:30:
0c:b0:41:7c:73:f3:dc:b2:f7:29:16:77:49:67:33:3a:cf:be:
4d:73:cf:7c:5c:27:5a:a0:09:2b:e8:b0:6d:b1:3d:d2:64:8c:
a3:81:c6:71:e6:e3:a0:10:b1:06:02:7e:b4:0c:10:9c:fc:92:
3f:38:d8:71:04:b5:ff:56:55:05:fb:7d:c5:fb:66:a6:79:6b:
24:e3:d4:aa:be:6b:81:06:8b:be:fc:f7:c3:9d:c0:5e:5a:51:
c7:78:e1:e1:05:92:b9:4e:70:5c:a7:28:c3:ce:e7:8d:e4:ac:
77:2c:3d:3d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICHiowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjQwOTIwMTYzNDU4WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVkYTQzMi05ZTc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5lCfC/YH8lSZBb6Epg37Qic7CymgZLEgf4yoBsAPD82MGw1uIMrl172lnkZx
9vegblPZBUfCG5g/twHnocca7jy0f9xyqu0Vo5Olu/BPDGVp/MBrSoM8jl6IK2+k
AQWxSnLK3CvcNst1Ta+vpV4EJ9ig51jNjwPBK1r+4Vf0L6GkDNwRITDyVM5iZhdO
sy0VJFpTTEcphvwTQ0vNe8wlx1FHHRjmsex2l5tMXWdg5dWpfLjMe6YqWAac9wZI
IK4nGrauBk4HIbokpiKjOUqy09jLmxD30tsvWv9C1PDtGaCK2ir4C2nSo8Luzujm
2ohgYsyE9+Yn34XUvpJNSPVNnwIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFLSQkUrP
EOrGmL6P+D8J294ByUxfMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQjgwQUZFQjIw
NEQzMTFFOUE2NDUyMDQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMFwEAgABMFYwDAMEBXkLYAMEA3kLcAMEA3kMUDAMAwQDeQ5IAwQHeQ4AAwQA
eSP+MAwDBAR9WxADBAV9W0AwDAMEA31baAMEAX1bjAMEAMpogAMEAMpoiwMEANoS
XzANBgkqhkiG9w0BAQsFAAOCAQEArNwsbN5xbBvn5jSXrSA6uiegOen+aqag6QPQ
QVSZL1wmpKXRrBIW504r9dRN0lzMGF/MYwFFkgP0GXJv40V+KkD+IR94cYk0/4WN
PIyDxr1Wt5daEGR45/RJN63F7d2Ll4xS2IEGX7XAqnv+shWW1Bww8DTBHLf1s+b5
oyoQZ7Z9GJ4xegT2a7Svh1ltATYwDLBBfHPz3LL3KRZ3SWczOs++TXPPfFwnWqAJ
K+iwbbE90mSMo4HGcebjoBCxBgJ+tAwQnPySPzjYcQS1/1ZVBft9xftmpnlrJOPU
qr5rgQaLvvz3w53AXlpRx3jh4QWSuU5wXKcow87njeSsdyw9PQ==
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:20:03 2024 by rpki-client on console-fra.rpki-client.org