Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
File: BD58F50404D311E9A6452047C4F9AE02.roa (raw, json)
Hash identifier: TWEksEuTvHoK1jEg5swQTgTY9Ej5RxanBDxFGSVO0Rk=
Subject key identifier: ED:6A:55:17:6E:D6:43:33:E8:66:E5:26:CF:6E:ED:22:D6:53:DB:F5
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1E34
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
Signing time: Fri 20 Sep 2024 16:35:09 +0000
ROA not before: Fri 20 Sep 2024 16:35:09 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 63835
IP address blocks: 124.232.128.0/23 maxlen: 23
124.232.133.0/24 maxlen: 24
124.232.134.0/24 maxlen: 24
124.232.137.0/24 maxlen: 24
124.232.138.0/24 maxlen: 24
124.232.140.0/22 maxlen: 22
124.232.145.0/24 maxlen: 24
124.232.148.0/24 maxlen: 24
124.232.150.0/24 maxlen: 24
124.232.151.0/24 maxlen: 24
124.232.152.0/24 maxlen: 24
124.232.154.0/24 maxlen: 24
124.232.155.0/24 maxlen: 24
124.232.156.0/24 maxlen: 24
124.232.157.0/24 maxlen: 24
124.232.158.0/24 maxlen: 24
124.232.159.0/24 maxlen: 24
124.232.160.0/24 maxlen: 24
124.232.161.0/24 maxlen: 24
124.232.162.0/24 maxlen: 24
124.232.163.0/24 maxlen: 24
124.232.164.0/24 maxlen: 24
124.232.165.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 06:14:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7732 (0x1e34)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Sep 20 16:35:09 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66eda43c-1a7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:47:f9:ac:fc:7a:f8:72:42:b5:f5:40:76:9d:
5d:e3:10:f0:8e:a6:b6:24:cd:53:38:ef:c4:44:0f:
33:66:72:2e:08:7a:c4:1d:7f:ba:de:32:70:47:ce:
d6:06:34:a4:bc:d2:3d:44:c2:fa:6a:fa:72:8e:2a:
4d:37:63:68:f8:63:7b:9d:e6:28:0a:5b:56:51:d6:
7b:13:16:30:18:9b:58:b0:5f:ed:58:48:3e:6d:e7:
ea:1e:d5:8e:19:0f:29:db:93:4d:11:82:a1:6a:29:
de:39:e6:90:50:30:98:8e:1c:10:7d:b6:36:86:3d:
35:3b:8b:34:28:f0:1a:ff:21:af:38:79:38:4b:93:
90:c9:9f:bf:b8:94:6b:21:3e:79:94:5a:d8:ad:b0:
da:42:da:b5:7a:77:01:b1:d0:d4:21:2e:5d:28:7f:
01:c1:d1:2a:f8:b5:67:8c:ff:f9:26:43:76:d8:a5:
f7:f5:2b:57:70:26:82:73:49:52:03:3b:c0:7a:93:
50:43:db:48:3d:fe:1f:d8:9a:32:85:28:38:2c:ae:
9e:b3:9d:10:c4:9c:06:8a:52:29:3a:b1:22:37:e2:
e6:0d:79:9b:57:d9:7d:69:8d:f5:27:2d:e7:29:76:
6d:e1:82:6e:fe:34:c1:c9:35:53:50:58:36:a0:b1:
ea:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:6A:55:17:6E:D6:43:33:E8:66:E5:26:CF:6E:ED:22:D6:53:DB:F5
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
124.232.128.0/23
124.232.133.0-124.232.134.255
124.232.137.0-124.232.138.255
124.232.140.0/22
124.232.145.0/24
124.232.148.0/24
124.232.150.0-124.232.152.255
124.232.154.0-124.232.165.255
Signature Algorithm: sha256WithRSAEncryption
4b:df:d3:d9:db:05:96:ce:34:23:09:7e:da:c2:28:3d:56:9e:
b9:99:39:2f:cc:54:b2:47:77:e5:ca:a6:e7:ea:f6:c2:cc:ff:
ca:d5:73:66:54:c1:ba:a0:bc:57:e0:8c:11:c9:f2:83:e9:1f:
68:94:e5:48:e7:b5:c0:e3:fa:f5:c6:83:7f:d7:e6:35:e0:02:
08:1f:0e:89:66:2b:f1:76:07:8d:3d:ad:df:ab:88:81:33:2c:
05:a9:ff:58:a3:2e:cf:53:c2:73:1f:4f:c7:4e:1b:b2:75:3b:
b5:b1:1c:99:b0:bd:6b:9a:d4:ee:11:42:33:b8:84:f8:a2:6d:
98:fa:8d:03:2f:0a:3a:53:c3:c4:9f:2b:14:45:2c:6c:bd:83:
38:f9:d0:6a:51:5d:37:37:78:3f:b5:73:e8:c9:39:64:0a:b5:
ee:e9:28:f5:40:1b:82:0d:c2:9d:76:2f:11:3f:be:29:7c:88:
c6:41:c8:ab:31:3a:81:75:34:ef:db:7a:de:34:7e:b1:47:26:
aa:a8:e5:52:ce:f2:2d:46:ad:73:d6:5c:c9:1a:3f:dc:2a:e6:
a9:6f:47:e3:71:d5:3a:fb:c1:5a:b4:e0:3d:78:12:c2:34:a7:
ef:cb:16:31:01:2b:df:fb:fc:a3:63:2c:01:29:c8:9b:70:7f:
0e:80:44:88
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgICHjQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjQwOTIwMTYzNTA5WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVkYTQzYy0xYTdjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2Uf5rPx6+HJCtfVAdp1d4xDwjqa2JM1TOO/ERA8zZnIuCHrEHX+63jJwR87W
BjSkvNI9RML6avpyjipNN2No+GN7neYoCltWUdZ7ExYwGJtYsF/tWEg+befqHtWO
GQ8p25NNEYKhaineOeaQUDCYjhwQfbY2hj01O4s0KPAa/yGvOHk4S5OQyZ+/uJRr
IT55lFrYrbDaQtq1encBsdDUIS5dKH8BwdEq+LVnjP/5JkN22KX39StXcCaCc0lS
AzvAepNQQ9tIPf4f2JoyhSg4LK6es50QxJwGilIpOrEiN+LmDXmbV9l9aY31Jy3n
KXZt4YJu/jTByTVTUFg2oLHqlwIDAQABo4IC3zCCAtswHQYDVR0OBBYEFO1qVRdu
1kMz6GblJs9u7SLWU9v1MB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQkQ1OEY1MDQw
NEQzMTFFOUE2NDUyMDQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwaQYIKwYBBQUHAQcBAf8E
WjBYMFYEAgABMFADBAF86IAwDAMEAHzohQMEAHzohjAMAwQAfOiJAwQAfOiKAwQC
fOiMAwQAfOiRAwQAfOiUMAwDBAF86JYDBAB86JgwDAMEAXzomgMEAXzopDANBgkq
hkiG9w0BAQsFAAOCAQEAS9/T2dsFls40Iwl+2sIoPVaeuZk5L8xUskd35cqm5+r2
wsz/ytVzZlTBuqC8V+CMEcnyg+kfaJTlSOe1wOP69caDf9fmNeACCB8OiWYr8XYH
jT2t36uIgTMsBan/WKMuz1PCcx9Px04bsnU7tbEcmbC9a5rU7hFCM7iE+KJtmPqN
Ay8KOlPDxJ8rFEUsbL2DOPnQalFdNzd4P7Vz6Mk5ZAq17uko9UAbgg3CnXYvET++
KXyIxkHIqzE6gXU079t63jR+sUcmqqjlUs7yLUatc9ZcyRo/3CrmqW9H43HVOvvB
WrTgPXgSwjSn78sWMQEr3/v8o2MsASnIm3B/DoBEiA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:41:15 2024 by rpki-client on console-ams.rpki-client.org