Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
File: BD58F50404D311E9A6452047C4F9AE02.roa (raw, json)
Hash identifier: 9NYveoFuGFiUe+UUaXDxRAMsbxFih4gC1r+nVICfGGI=
Subject key identifier: BB:FA:54:E9:1F:24:9E:84:DA:2A:D6:88:9C:26:95:CD:35:30:A5:8A
Certificate issuer: /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial: 1D3D
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
Signing time: Tue 02 Jan 2024 16:54:44 +0000
ROA not before: Tue 02 Jan 2024 16:54:44 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 63835
IP address blocks: 124.232.128.0/23 maxlen: 23
124.232.133.0/24 maxlen: 24
124.232.134.0/24 maxlen: 24
124.232.137.0/24 maxlen: 24
124.232.138.0/24 maxlen: 24
124.232.140.0/22 maxlen: 22
124.232.145.0/24 maxlen: 24
124.232.148.0/24 maxlen: 24
124.232.150.0/24 maxlen: 24
124.232.151.0/24 maxlen: 24
124.232.152.0/24 maxlen: 24
124.232.154.0/24 maxlen: 24
124.232.155.0/24 maxlen: 24
124.232.156.0/24 maxlen: 24
124.232.157.0/24 maxlen: 24
124.232.158.0/24 maxlen: 24
124.232.159.0/24 maxlen: 24
124.232.160.0/24 maxlen: 24
124.232.161.0/24 maxlen: 24
124.232.162.0/24 maxlen: 24
124.232.163.0/24 maxlen: 24
124.232.164.0/24 maxlen: 24
124.232.165.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 May 2024 14:50:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7485 (0x1d3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Validity
Not Before: Jan 2 16:54:44 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=65943fd4-4eae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:1f:31:90:a8:03:55:e5:b6:b0:5e:3a:ba:49:
18:df:19:34:17:67:2b:42:19:e4:37:68:eb:16:bc:
86:71:11:4d:45:47:29:f1:2a:f7:b3:2a:10:54:4e:
1f:4b:f8:54:19:1a:92:54:79:d3:fd:4a:d3:96:34:
92:fe:2c:47:a2:b8:8b:62:c2:3d:9e:3e:e8:e9:6c:
0a:0d:15:08:7f:c4:af:9d:29:44:e9:a4:0d:92:93:
72:cf:11:51:73:b6:bf:73:6d:c6:c8:9d:15:cb:cd:
80:ef:a8:82:b8:4b:0d:42:78:af:44:e9:13:ef:e7:
e4:e2:f8:c1:31:4d:51:24:00:7a:07:3a:45:76:f7:
bc:10:79:e2:c8:f1:62:dc:81:f6:b6:db:dc:b5:d1:
30:7f:f6:fb:f9:e1:03:af:6d:2f:a0:91:99:98:0d:
8c:13:fe:2c:f7:34:99:8e:c3:f7:96:dd:2d:92:22:
b3:1c:aa:45:b1:1f:40:3c:c9:82:61:e9:af:83:12:
c3:c6:e0:6f:c6:29:ca:4e:0a:a8:76:95:be:75:18:
56:46:0f:77:1c:fe:67:a5:46:f4:2a:78:97:25:5d:
06:2e:cf:23:76:b3:b9:48:9c:2d:b3:37:7f:da:05:
82:4d:37:29:3d:3b:f3:0e:d4:4f:32:90:d3:53:98:
0a:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:FA:54:E9:1F:24:9E:84:DA:2A:D6:88:9C:26:95:CD:35:30:A5:8A
X509v3 Authority Key Identifier:
keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/BD58F50404D311E9A6452047C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
124.232.128.0/23
124.232.133.0-124.232.134.255
124.232.137.0-124.232.138.255
124.232.140.0/22
124.232.145.0/24
124.232.148.0/24
124.232.150.0-124.232.152.255
124.232.154.0-124.232.165.255
Signature Algorithm: sha256WithRSAEncryption
07:37:18:19:74:98:31:2c:65:db:fb:b0:1e:fe:f3:7d:6a:0d:
c3:af:79:b4:53:72:4c:88:57:0a:d6:9b:de:37:7f:43:0e:38:
d5:76:60:b3:4a:31:8b:d8:6c:ae:95:e6:88:51:b2:7f:c9:93:
3d:dd:72:da:12:71:d7:bc:26:87:22:7a:b4:34:7a:89:73:6b:
ed:cc:da:09:fe:b0:9e:74:bc:a2:52:38:dd:30:a5:ea:c6:ae:
87:e7:f3:e5:18:fb:28:65:09:07:d1:2c:ec:4c:42:83:55:14:
25:86:26:9d:7f:64:5e:96:ce:a6:e7:15:30:ce:71:a9:4a:b3:
69:98:cf:3f:61:0a:f7:af:7f:cd:4a:1f:d5:d0:3d:7c:43:c4:
ba:5a:67:57:42:c4:da:46:86:e5:c6:b0:05:89:8a:66:a5:8c:
3a:20:82:79:22:b0:c7:2d:c4:05:4b:51:e1:65:14:40:22:4c:
04:7c:3e:64:7c:7b:1b:bd:08:91:67:20:76:60:76:2a:6e:41:
67:06:ff:a7:e6:12:3e:57:69:69:04:25:bc:4e:bb:38:7f:86:
42:00:5d:04:46:60:05:0c:56:a0:8a:12:81:c8:77:d2:ac:ee:
4d:22:3e:ac:15:22:d4:cf:7f:d4:ea:92:26:45:a4:b7:02:d3:
ec:61:f7:15
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgICHT0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjQwMTAyMTY1NDQ0WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk0M2ZkNC00ZWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsx8xkKgDVeW2sF46ukkY3xk0F2crQhnkN2jrFryGcRFNRUcp8Sr3syoQVE4f
S/hUGRqSVHnT/UrTljSS/ixHoriLYsI9nj7o6WwKDRUIf8SvnSlE6aQNkpNyzxFR
c7a/c23GyJ0Vy82A76iCuEsNQnivROkT7+fk4vjBMU1RJAB6BzpFdve8EHniyPFi
3IH2ttvctdEwf/b7+eEDr20voJGZmA2ME/4s9zSZjsP3lt0tkiKzHKpFsR9APMmC
YemvgxLDxuBvxinKTgqodpW+dRhWRg93HP5npUb0KniXJV0GLs8jdrO5SJwtszd/
2gWCTTcpPTvzDtRPMpDTU5gKbQIDAQABo4IC3zCCAtswHQYDVR0OBBYEFLv6VOkf
JJ6E2irWiJwmlc01MKWKMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQkQ1OEY1MDQw
NEQzMTFFOUE2NDUyMDQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwaQYIKwYBBQUHAQcBAf8E
WjBYMFYEAgABMFADBAF86IAwDAMEAHzohQMEAHzohjAMAwQAfOiJAwQAfOiKAwQC
fOiMAwQAfOiRAwQAfOiUMAwDBAF86JYDBAB86JgwDAMEAXzomgMEAXzopDANBgkq
hkiG9w0BAQsFAAOCAQEABzcYGXSYMSxl2/uwHv7zfWoNw695tFNyTIhXCtab3jd/
Qw441XZgs0oxi9hsrpXmiFGyf8mTPd1y2hJx17wmhyJ6tDR6iXNr7czaCf6wnnS8
olI43TCl6sauh+fz5Rj7KGUJB9Es7ExCg1UUJYYmnX9kXpbOpucVMM5xqUqzaZjP
P2EK969/zUof1dA9fEPEulpnV0LE2kaG5cawBYmKZqWMOiCCeSKwxy3EBUtR4WUU
QCJMBHw+ZHx7G70IkWcgdmB2Km5BZwb/p+YSPldpaQQlvE67OH+GQgBdBEZgBQxW
oIoSgch30qzuTSI+rBUi1M9/1OqSJkWktwLT7GH3FQ==
-----END CERTIFICATE-----
Generated at Sat May 18 18:21:36 2024 by rpki-client on console-ams.rpki-client.org