Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
File: 5FD09C68393C11EFB8A9065BC4F9AE02.roa (raw, json)
Hash identifier: L3oo3WwbXDM/suf25S9ZfGKmbEMta5yJxrHpRj7RBoA=
Subject key identifier: C2:40:7F:47:59:21:B3:9B:CF:6F:BB:62:14:46:81:AB:82:51:B0:F3
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 066D
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
Signing time: Wed 03 Jul 2024 13:01:34 +0000
ROA not before: Wed 03 Jul 2024 13:01:34 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 55441
IP address blocks: 14.194.192.0/20 maxlen: 24
14.194.224.0/20 maxlen: 24
14.195.64.0/20 maxlen: 24
14.195.80.0/20 maxlen: 24
14.195.200.0/21 maxlen: 24
49.200.64.0/19 maxlen: 24
49.200.112.0/20 maxlen: 24
49.200.128.0/18 maxlen: 24
49.200.240.0/21 maxlen: 24
49.200.248.0/22 maxlen: 24
49.200.252.0/22 maxlen: 24
49.202.168.0/21 maxlen: 24
49.202.176.0/20 maxlen: 24
49.202.212.0/22 maxlen: 24
49.202.224.0/22 maxlen: 24
49.202.228.0/23 maxlen: 24
49.248.224.0/20 maxlen: 24
49.248.240.0/22 maxlen: 24
182.156.96.0/23 maxlen: 24
2407:8c00:90::/44 maxlen: 44
2407:8c00:a0::/44 maxlen: 44
2407:8c00:b0::/44 maxlen: 44
2407:8c00:1b0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1645 (0x66d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: Jul 3 13:01:34 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=66854bae-db25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:6f:50:4d:28:6e:12:0d:db:03:84:43:06:4f:
5d:96:98:ac:3e:da:c3:eb:b0:68:4f:e9:6e:1e:67:
42:07:35:f2:e6:ec:ed:9e:c5:6a:1d:5a:15:d5:d1:
5e:4b:d6:8c:e5:65:14:11:f6:74:71:a6:d9:8b:d6:
0d:c6:9a:f7:38:97:59:eb:fe:0d:d0:62:6b:0e:bc:
d1:fe:9e:fc:28:af:2a:43:73:5c:6b:ba:12:04:79:
47:3a:dd:e6:08:f7:0d:d6:f5:8c:ac:d9:a2:c2:b9:
46:65:51:11:92:92:3a:69:67:78:23:42:93:0a:8f:
a3:4b:5c:5c:fc:e4:61:20:ec:60:6a:12:e2:27:17:
93:67:b5:ff:95:ae:50:ae:73:61:38:f8:e8:54:73:
a8:c2:fd:64:b2:92:24:47:ae:c6:09:89:4c:6f:1f:
28:a3:45:3c:be:ee:fa:bb:ae:83:ce:6e:07:78:66:
b6:4c:e7:1b:84:9c:a0:ec:ee:22:76:cf:5d:50:70:
2f:9b:cc:53:02:c6:6e:55:b8:2b:36:81:65:8e:f4:
09:40:15:5b:a1:a2:3e:46:c2:7d:f3:50:0d:cf:ea:
b9:5d:bc:36:e1:62:0f:3d:75:5c:aa:39:0b:77:6d:
d4:fb:6b:5a:29:b5:35:8f:21:1e:91:7d:8a:96:45:
4d:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:40:7F:47:59:21:B3:9B:CF:6F:BB:62:14:46:81:AB:82:51:B0:F3
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.192.0/20
14.194.224.0/20
14.195.64.0/19
14.195.200.0/21
49.200.64.0/19
49.200.112.0-49.200.191.255
49.200.240.0/20
49.202.168.0-49.202.191.255
49.202.212.0/22
49.202.224.0-49.202.229.255
49.248.224.0-49.248.243.255
182.156.96.0/23
IPv6:
2407:8c00:90::-2407:8c00:bf:ffff:ffff:ffff:ffff:ffff
2407:8c00:1b0::/44
Signature Algorithm: sha256WithRSAEncryption
45:f5:1d:e5:8c:7b:36:2d:0a:bc:ff:f8:b8:a5:9c:4a:98:ec:
ca:fd:59:c2:06:b0:74:ff:ca:8e:a7:85:11:bf:9e:61:80:cd:
19:c9:34:79:7c:63:9c:18:67:8a:db:0b:76:1b:73:86:db:ec:
55:2b:44:4b:99:ff:39:e0:fe:89:f3:ca:1c:8e:fc:da:45:c7:
63:36:65:20:af:b1:b3:de:88:f6:cb:de:99:24:0d:cb:9a:53:
68:3e:33:32:46:70:25:8b:b7:ae:fe:53:d6:28:aa:23:81:d9:
38:5d:6f:a0:c7:89:6c:f4:15:32:23:a8:ce:52:fd:10:c9:85:
33:22:be:ca:ae:fa:8c:26:fc:8c:53:fd:96:54:99:39:a1:e0:
4e:26:43:29:3c:3f:ca:53:be:c3:be:88:64:1f:50:bd:89:c1:
bc:97:f4:0a:61:be:e0:e3:39:0f:84:29:17:5c:b1:6d:4d:20:
0b:f7:40:5a:27:74:92:02:58:45:f6:47:30:1a:bc:75:c7:a9:
30:23:3c:ed:eb:ba:9d:05:ce:47:3c:a6:31:30:3e:4b:a7:f8:
50:6f:5a:d8:f6:d2:73:c4:1d:88:4f:3b:f0:cc:e0:c7:61:b3:
7a:49:f3:c3:30:2e:81:16:c2:9a:57:7f:69:e0:63:70:98:f5:
62:78:20:ee
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgICBm0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjQwNzAzMTMwMTM0WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg1NGJhZS1kYjI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0m9QTShuEg3bA4RDBk9dlpisPtrD67BoT+luHmdCBzXy5uztnsVqHVoV1dFe
S9aM5WUUEfZ0cabZi9YNxpr3OJdZ6/4N0GJrDrzR/p78KK8qQ3Nca7oSBHlHOt3m
CPcN1vWMrNmiwrlGZVERkpI6aWd4I0KTCo+jS1xc/ORhIOxgahLiJxeTZ7X/la5Q
rnNhOPjoVHOowv1kspIkR67GCYlMbx8oo0U8vu76u66Dzm4HeGa2TOcbhJyg7O4i
ds9dUHAvm8xTAsZuVbgrNoFljvQJQBVboaI+RsJ981ANz+q5Xbw24WIPPXVcqjkL
d23U+2taKbU1jyEekX2KlkVNVwIDAQABo4IDHzCCAxswHQYDVR0OBBYEFMJAf0dZ
IbObz2+7YhRGgauCUbDzMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvNUZEMDlDNjgz
OTNDMTFFRkI4QTkwNjVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgagGCCsGAQUFBwEHAQH/
BIGYMIGVMG4EAgABMGgDBAQOwsADBAQOwuADBAUOw0ADBAMOw8gDBAUxyEAwDAME
BDHIcAMEBjHIgAMEBDHI8DAMAwQDMcqoAwQGMcqAAwQCMcrUMAwDBAUxyuADBAEx
yuQwDAMEBTH44AMEAjH48AMEAbacYDAjBAIAAjAdMBIDBwQkB4wAAJADBwYkB4wA
AIADBwQkB4wAAbAwDQYJKoZIhvcNAQELBQADggEBAEX1HeWMezYtCrz/+LilnEqY
7Mr9WcIGsHT/yo6nhRG/nmGAzRnJNHl8Y5wYZ4rbC3Ybc4bb7FUrREuZ/zng/onz
yhyO/NpFx2M2ZSCvsbPeiPbL3pkkDcuaU2g+MzJGcCWLt67+U9YoqiOB2Thdb6DH
iWz0FTIjqM5S/RDJhTMivsqu+owm/IxT/ZZUmTmh4E4mQyk8P8pTvsO+iGQfUL2J
wbyX9AphvuDjOQ+EKRdcsW1NIAv3QFondJICWEX2RzAavHXHqTAjPO3rup0Fzkc8
pjEwPkun+FBvWtj20nPEHYhPO/DM4Mdhs3pJ88MwLoEWwppXf2ngY3CY9WJ4IO4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:39:25 2024 by rpki-client on console-fra.rpki-client.org