Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/ABAFD772A7CB11EF9A4A1B27C4F9AE02.roa
File: ABAFD772A7CB11EF9A4A1B27C4F9AE02.roa (raw, json)
Hash identifier: i+a1PBDmBDRyzT9dxdzFsG/3l+UakRbosYuf/8ubsp0=
Subject key identifier: F9:E3:F0:D6:81:B2:C7:8B:F9:0D:9A:E3:24:B3:99:7C:C7:9D:9C:1B
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0B86
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/ABAFD772A7CB11EF9A4A1B27C4F9AE02.roa
Signing time: Thu 21 Nov 2024 05:44:28 +0000
ROA not before: Thu 21 Nov 2024 05:44:28 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 45814
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.133.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.144.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.149.0/24 maxlen: 24
14.192.150.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.158.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
111.92.128.0/19 maxlen: 19
2403:7980::/32 maxlen: 32
2403:7980::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 28 Nov 2024 05:18:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2950 (0xb86)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Validity
Not Before: Nov 21 05:44:28 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=673ec8bb-d9fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:f1:57:eb:7e:17:13:8b:9c:86:57:8e:ac:ec:
17:f0:d2:47:68:f4:e3:79:a9:35:91:cd:c0:60:b8:
6a:37:7f:48:93:f2:06:cc:f7:a4:6d:c0:fb:7d:0b:
52:60:aa:1b:68:d8:50:e2:57:15:fa:7b:79:93:c3:
62:1e:81:3a:f5:d0:30:fb:0a:45:3f:26:58:fa:06:
5f:23:79:a2:7d:13:e2:fd:a7:7e:55:11:ce:46:cc:
12:8b:33:02:4b:95:b9:ed:ba:ab:ab:af:47:a7:a9:
cd:eb:f8:ff:6f:1d:de:0e:11:eb:aa:6d:cc:36:2a:
a5:58:6c:6f:e5:f4:d2:8b:fe:2f:9e:7a:aa:fb:48:
e2:78:e7:6c:bf:09:b3:0d:be:93:53:83:39:53:a8:
4f:a4:c3:d7:4e:6e:5e:a7:8b:15:9a:80:52:2d:f0:
05:8f:b1:d3:5a:87:b5:88:82:50:b3:98:13:54:04:
98:fd:7d:42:7b:5c:75:4d:e7:c3:19:37:31:5f:82:
bc:12:b5:fb:8c:13:af:aa:48:b5:f3:de:78:f1:12:
a0:18:06:97:21:03:f1:24:02:94:5d:d2:10:08:81:
c3:d5:32:00:2a:74:2e:67:6c:a1:a9:cb:94:00:bd:
85:0e:1a:7a:c8:1c:98:ec:1d:e6:a8:f6:d8:31:58:
44:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:E3:F0:D6:81:B2:C7:8B:F9:0D:9A:E3:24:B3:99:7C:C7:9D:9C:1B
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/ABAFD772A7CB11EF9A4A1B27C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0/23
14.192.131.0/24
14.192.133.0/24
14.192.136.0/24
14.192.143.0-14.192.144.255
14.192.147.0-14.192.150.255
14.192.153.0/24
14.192.155.0-14.192.156.255
14.192.158.0/23
43.247.120.0-43.247.122.255
103.20.132.0/24
103.20.134.0/24
111.92.128.0/19
IPv6:
2403:7980::/32
Signature Algorithm: sha256WithRSAEncryption
08:d3:d5:92:02:63:41:90:73:41:42:c1:39:a0:36:e8:6e:d3:
f3:af:14:a2:04:4a:be:c5:a0:3e:de:5f:c6:b1:a0:69:6e:af:
06:40:73:12:56:7c:2f:e3:35:c2:fb:3d:a6:7a:89:14:aa:c1:
1c:be:37:b9:6b:6e:46:31:b1:c2:f6:9f:34:68:f3:55:16:f9:
3e:8d:82:d1:41:1f:ac:91:3c:83:18:02:4b:7c:b3:4d:b9:d0:
f7:a5:32:fb:5e:77:a3:e7:b7:7e:c4:19:14:f1:83:fa:fd:a1:
57:35:d6:1d:28:ab:a7:7c:e8:5e:74:52:1f:96:e5:9f:8f:87:
27:0f:eb:8c:7f:6b:b2:ef:22:d2:9c:e8:66:2a:48:44:0c:6e:
ac:d3:60:7c:5a:14:d4:5b:50:74:4a:d2:83:51:8e:41:34:3d:
48:03:4b:3d:c6:bc:dd:7a:d4:74:10:05:46:59:03:79:b5:2d:
26:a2:b9:2b:39:32:d7:3e:23:1c:74:6b:90:f1:41:a6:29:a8:
f2:f1:70:fb:a1:05:e5:4b:58:f6:0a:c5:c5:93:18:1d:21:0f:
60:11:30:a8:64:6b:ee:5a:7c:56:d0:4b:b9:a9:0a:81:e4:6c:
a7:6c:91:2e:a9:4a:7e:ae:bf:18:0e:fd:73:ab:1f:dc:60:9f:
3b:78:3f:d7
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgICC4YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMTIxMDU0NDI4WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNlYzhiYi1kOWZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsPFX634XE4uchleOrOwX8NJHaPTjeak1kc3AYLhqN39Ik/IGzPekbcD7fQtS
YKobaNhQ4lcV+nt5k8NiHoE69dAw+wpFPyZY+gZfI3mifRPi/ad+VRHORswSizMC
S5W57bqrq69Hp6nN6/j/bx3eDhHrqm3MNiqlWGxv5fTSi/4vnnqq+0jieOdsvwmz
Db6TU4M5U6hPpMPXTm5ep4sVmoBSLfAFj7HTWoe1iIJQs5gTVASY/X1Ce1x1TefD
GTcxX4K8ErX7jBOvqki189548RKgGAaXIQPxJAKUXdIQCIHD1TIAKnQuZ2yhqcuU
AL2FDhp6yByY7B3mqPbYMVhEIQIDAQABo4IDDzCCAwswHQYDVR0OBBYEFPnj8NaB
sseL+Q2a4ySzmXzHnZwbMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQUJBRkQ3NzJB
N0NCMTFFRjlBNEExQjI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZgGCCsGAQUFBwEHAQH/
BIGIMIGFMHQEAgABMG4DBAEOwIADBAAOwIMDBAAOwIUDBAAOwIgwDAMEAA7AjwME
AA7AkDAMAwQADsCTAwQADsCWAwQADsCZMAwDBAAOwJsDBAAOwJwDBAEOwJ4wDAME
Ayv3eAMEACv3egMEAGcUhAMEAGcUhgMEBW9cgDANBAIAAjAHAwUAJAN5gDANBgkq
hkiG9w0BAQsFAAOCAQEACNPVkgJjQZBzQULBOaA26G7T868UogRKvsWgPt5fxrGg
aW6vBkBzElZ8L+M1wvs9pnqJFKrBHL43uWtuRjGxwvafNGjzVRb5Po2C0UEfrJE8
gxgCS3yzTbnQ96Uy+153o+e3fsQZFPGD+v2hVzXWHSirp3zoXnRSH5bln4+HJw/r
jH9rsu8i0pzoZipIRAxurNNgfFoU1FtQdErSg1GOQTQ9SANLPca83XrUdBAFRlkD
ebUtJqK5Kzky1z4jHHRrkPFBpimo8vFw+6EF5UtY9grFxZMYHSEPYBEwqGRr7lp8
VtBLuakKgeRsp2yRLqlKfq6/GA79c6sf3GCfO3g/1w==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:16 2024 by rpki-client on console-fra.rpki-client.org