Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/51AAD304C72511ED9C7B9D2BC4F9AE02.roa
File: 51AAD304C72511ED9C7B9D2BC4F9AE02.roa (raw, json)
Hash identifier: Ecrp0DUfBkdR2dIWTZj26RIpRDqTrQV2Y76hyKPmUwk=
Subject key identifier: BB:24:EC:9F:6B:AA:50:81:DF:12:C9:4B:38:0E:67:38:02:76:20:87
Certificate issuer: /CN=A91778C2/serialNumber=6D4AE89FA97A716A2D92661FF2CF5BD3CCDC29FC
Certificate serial: 160A
Authority key identifier: 6D:4A:E8:9F:A9:7A:71:6A:2D:92:66:1F:F2:CF:5B:D3:CC:DC:29:FC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/51AAD304C72511ED9C7B9D2BC4F9AE02.roa
Signing time: Tue 10 Oct 2023 17:04:42 +0000
ROA not before: Tue 10 Oct 2023 17:04:42 +0000
ROA not after: Mon 30 Dec 2024 00:00:00 +0000
asID: 132817
IP address blocks: 43.242.0.0/22 maxlen: 22
45.249.104.0/22 maxlen: 22
45.252.56.0/22 maxlen: 23
59.152.84.0/22 maxlen: 22
103.66.64.0/22 maxlen: 22
103.69.156.0/22 maxlen: 22
103.73.52.0/22 maxlen: 22
103.74.132.0/22 maxlen: 22
103.74.176.0/22 maxlen: 22
103.75.220.0/22 maxlen: 22
103.76.236.0/22 maxlen: 22
103.211.144.0/22 maxlen: 22
103.214.92.0/22 maxlen: 22
103.221.56.0/22 maxlen: 22
103.228.224.0/22 maxlen: 22
116.206.48.0/22 maxlen: 22
119.42.36.0/22 maxlen: 22
144.48.96.0/22 maxlen: 22
160.238.16.0/22 maxlen: 22
192.144.88.0/22 maxlen: 22
2402:54c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.crl
rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 May 2024 17:15:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5642 (0x160a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91778C2/serialNumber=6D4AE89FA97A716A2D92661FF2CF5BD3CCDC29FC
Validity
Not Before: Oct 10 17:04:42 2023 GMT
Not After : Dec 30 00:00:00 2024 GMT
Subject: CN=6525842a-c9f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:e4:b8:82:4c:b8:5a:c8:82:54:f1:bd:b3:7f:
03:4e:bf:5b:d5:ca:5d:d7:c5:a7:11:ea:3f:ab:76:
1a:62:ec:f3:1e:60:fd:3b:c6:a8:35:50:df:4a:35:
42:0f:3b:98:6f:ac:d2:1f:6f:9a:b8:5e:b6:79:b5:
58:81:60:31:28:27:0f:97:1d:89:61:11:ce:d1:2b:
5d:31:02:8d:2e:49:8a:82:2a:57:b5:20:bc:70:99:
06:f0:d1:b5:4b:68:44:ef:e4:d0:86:13:0c:72:6e:
8f:82:e0:08:4e:17:a6:be:cd:6a:48:7f:19:f6:c8:
94:16:e0:39:da:3c:9e:74:1e:cb:a9:e3:58:b8:17:
ee:59:0d:23:b9:6d:3d:31:24:8e:dd:8b:1d:4b:ff:
c4:6f:53:98:c5:e4:2d:13:cb:5d:75:4b:4e:da:72:
01:6f:d7:f5:5a:6a:23:6f:28:0d:a7:0e:db:cd:11:
23:60:47:05:05:35:ad:36:c2:41:c5:1d:9c:b3:9c:
03:e8:93:aa:f4:ce:45:f2:83:a6:32:40:96:8c:91:
41:3d:d1:a6:39:c9:6a:3b:9b:9c:0b:a0:23:f4:28:
9c:e3:2d:97:c1:79:26:2f:33:79:1b:33:14:9d:83:
14:bb:d6:42:93:0b:7f:4e:1b:69:62:96:70:56:b0:
3e:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:24:EC:9F:6B:AA:50:81:DF:12:C9:4B:38:0E:67:38:02:76:20:87
X509v3 Authority Key Identifier:
keyid:6D:4A:E8:9F:A9:7A:71:6A:2D:92:66:1F:F2:CF:5B:D3:CC:DC:29:FC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/bUron6l6cWotkmYf8s9b08zcKfw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bUron6l6cWotkmYf8s9b08zcKfw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91778C2/ED2BBC70F88711E7921F8668C4F9AE02/51AAD304C72511ED9C7B9D2BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.242.0.0/22
45.249.104.0/22
45.252.56.0/22
59.152.84.0/22
103.66.64.0/22
103.69.156.0/22
103.73.52.0/22
103.74.132.0/22
103.74.176.0/22
103.75.220.0/22
103.76.236.0/22
103.211.144.0/22
103.214.92.0/22
103.221.56.0/22
103.228.224.0/22
116.206.48.0/22
119.42.36.0/22
144.48.96.0/22
160.238.16.0/22
192.144.88.0/22
IPv6:
2402:54c0::/32
Signature Algorithm: sha256WithRSAEncryption
93:3b:1c:44:29:94:0e:65:c2:5a:79:84:2b:9b:a5:53:1e:84:
e8:4b:e2:ef:23:97:b7:5f:07:ca:79:9a:08:ba:cd:1d:81:4f:
5d:f4:ac:0e:8d:74:02:d0:db:b8:86:de:95:ae:4b:ae:cd:50:
17:32:cd:36:13:58:06:91:92:70:bd:60:59:c7:cf:ff:15:bb:
c2:de:26:bb:e5:66:a9:04:eb:92:27:f9:34:6b:5b:96:9f:1d:
4f:76:25:f2:8c:fa:5c:d9:b3:62:7c:cf:9d:b9:61:b0:1d:94:
88:b7:ea:d6:68:05:fb:d7:46:6d:43:a1:e6:28:7f:3f:c3:ba:
05:67:ec:64:f3:6d:19:37:0c:6a:f4:83:5c:17:54:15:c0:dd:
03:a3:4f:1c:64:ed:e6:72:89:d5:d1:12:78:b2:15:06:f7:60:
44:8a:02:39:72:8a:47:7b:e4:9a:f8:65:e4:53:86:ca:88:1b:
74:9d:12:16:eb:0b:6c:f4:f4:25:b2:88:9f:75:05:cc:d8:6a:
39:31:51:07:93:44:04:f9:85:e7:47:8a:43:7c:ff:5a:28:1c:
92:be:cc:e9:a6:a4:7f:d1:f6:b0:6d:28:d4:6d:27:1c:b7:6e:
41:62:34:47:d2:3a:b1:13:73:da:d2:46:cc:6b:46:62:56:e6:
75:ce:68:34
-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgICFgowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Nzc4QzIxMTAvBgNVBAUTKDZENEFFODlGQTk3QTcxNkEyRDkyNjYxRkYyQ0Y1QkQz
Q0NEQzI5RkMwHhcNMjMxMDEwMTcwNDQyWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTI1ODQyYS1jOWY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvuS4gky4WsiCVPG9s38DTr9b1cpd18WnEeo/q3YaYuzzHmD9O8aoNVDfSjVC
DzuYb6zSH2+auF62ebVYgWAxKCcPlx2JYRHO0StdMQKNLkmKgipXtSC8cJkG8NG1
S2hE7+TQhhMMcm6PguAIThemvs1qSH8Z9siUFuA52jyedB7LqeNYuBfuWQ0juW09
MSSO3YsdS//Eb1OYxeQtE8tddUtO2nIBb9f1WmojbygNpw7bzREjYEcFBTWtNsJB
xR2cs5wD6JOq9M5F8oOmMkCWjJFBPdGmOclqO5ucC6Aj9Cic4y2XwXkmLzN5GzMU
nYMUu9ZCkwt/ThtpYpZwVrA+WQIDAQABo4IDGTCCAxUwHQYDVR0OBBYEFLsk7J9r
qlCB3xLJSzgOZzgCdiCHMB8GA1UdIwQYMBaAFG1K6J+penFqLZJmH/LPW9PM3Cn8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NzhDMi9FRDJCQkM3MEY4
ODcxMUU3OTIxRjg2NjhDNEY5QUUwMi9iVXJvbjZsNmNXb3RrbVlmOHM5YjA4emNL
ZncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JVcm9uNmw2Y1dvdGttWWY4czliMDh6Y0tmdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Nzc4QzIvRUQyQkJDNzBGODg3MTFFNzkyMUY4NjY4QzRGOUFFMDIvNTFBQUQzMDRD
NzI1MTFFRDlDN0I5RDJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaIGCCsGAQUFBwEHAQH/
BIGSMIGPMH4EAgABMHgDBAIr8gADBAIt+WgDBAIt/DgDBAI7mFQDBAJnQkADBAJn
RZwDBAJnSTQDBAJnSoQDBAJnSrADBAJnS9wDBAJnTOwDBAJn05ADBAJn1lwDBAJn
3TgDBAJn5OADBAJ0zjADBAJ3KiQDBAKQMGADBAKg7hADBALAkFgwDQQCAAIwBwMF
ACQCVMAwDQYJKoZIhvcNAQELBQADggEBAJM7HEQplA5lwlp5hCubpVMehOhL4u8j
l7dfB8p5mgi6zR2BT130rA6NdALQ27iG3pWuS67NUBcyzTYTWAaRknC9YFnHz/8V
u8LeJrvlZqkE65In+TRrW5afHU92JfKM+lzZs2J8z525YbAdlIi36tZoBfvXRm1D
oeYofz/DugVn7GTzbRk3DGr0g1wXVBXA3QOjTxxk7eZyidXREniyFQb3YESKAjly
ikd75Jr4ZeRThsqIG3SdEhbrC2z09CWyiJ91BczYajkxUQeTRAT5hedHikN8/1oo
HJK+zOmmpH/R9rBtKNRtJxy3bkFiNEfSOrETc9rSRsxrRmJW5nXOaDQ=
-----END CERTIFICATE-----
Generated at Mon May 20 19:59:41 2024 by rpki-client on console-ams.rpki-client.org