Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
File: 7D2A30D22CD111ECBE97C117C4F9AE02.roa (raw, json)
Hash identifier: 4Cfi8enYLubX2wFBBV7Fm3xiJ/Lbq6nGpawgJqzCyB0=
Subject key identifier: 2B:4A:10:1C:CC:DB:36:25:7F:6F:32:5B:13:CC:E8:7B:91:BC:A3:1B
Certificate issuer: /CN=A9185344/serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
Certificate serial: 342D
Authority key identifier: 89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
Signing time: Wed 16 Oct 2024 15:31:07 +0000
ROA not before: Wed 16 Oct 2024 15:31:07 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 131284
IP address blocks: 103.13.64.0/24 maxlen: 24
103.13.65.0/24 maxlen: 24
103.13.66.0/24 maxlen: 24
103.13.67.0/24 maxlen: 24
137.59.120.0/24 maxlen: 24
137.59.121.0/24 maxlen: 24
137.59.122.0/24 maxlen: 24
137.59.123.0/24 maxlen: 24
180.222.136.0/21 maxlen: 21
180.222.136.0/24 maxlen: 24
180.222.137.0/24 maxlen: 24
180.222.138.0/24 maxlen: 24
180.222.139.0/24 maxlen: 24
180.222.140.0/24 maxlen: 24
180.222.141.0/24 maxlen: 24
180.222.142.0/24 maxlen: 24
180.222.143.0/24 maxlen: 24
203.171.96.0/22 maxlen: 23
203.171.96.0/24 maxlen: 24
203.171.97.0/24 maxlen: 24
203.171.98.0/24 maxlen: 24
203.171.99.0/24 maxlen: 24
203.171.100.0/24 maxlen: 24
203.171.101.0/24 maxlen: 24
203.171.102.0/23 maxlen: 24
203.171.104.0/22 maxlen: 24
203.171.108.0/22 maxlen: 24
203.171.112.0/22 maxlen: 24
203.171.116.0/22 maxlen: 24
203.171.120.0/22 maxlen: 24
203.171.124.0/24 maxlen: 24
203.171.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl
rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 15:03:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13357 (0x342d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9185344/serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
Validity
Not Before: Oct 16 15:31:07 2024 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=670fdc3b-dd59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d4:49:ec:f8:b7:ed:27:6d:43:30:66:d3:40:
25:3e:88:0e:07:02:6c:f2:09:cc:fd:86:6d:cc:03:
52:9f:75:7f:42:fe:c0:fc:f7:b0:f6:f7:3c:d2:65:
7a:48:a7:f3:a4:e5:6f:ba:96:00:60:02:d8:ea:54:
8c:81:d3:17:55:24:ef:50:50:1a:fa:3d:e8:1b:79:
5e:0e:5b:f5:86:3b:28:99:bf:1b:54:1e:45:2f:0c:
c4:8b:d9:05:fd:ac:ad:ca:38:c7:7b:76:96:4b:89:
2c:0f:5d:15:b0:12:55:11:4b:2a:9a:2e:8c:59:de:
9d:1a:36:4b:1d:56:9b:d9:42:c0:e2:4a:10:33:5d:
82:69:18:b6:ec:bd:b6:57:67:d1:d3:3c:b3:6a:8f:
a3:16:55:5c:1a:01:3d:72:a9:89:72:00:43:9d:6e:
00:ee:da:d1:23:ba:17:6d:00:f1:0a:bd:c5:5b:a7:
58:8d:6d:0c:ad:d4:56:35:db:47:50:9d:e6:85:bc:
83:74:34:b0:92:a4:fd:24:8a:3f:fc:0d:f1:bf:c6:
91:6c:c4:1f:b8:55:b8:71:d3:9f:1c:b7:03:5a:5e:
a6:3d:4c:9c:14:05:13:81:9e:85:b1:b6:95:7c:63:
c3:a3:02:55:a2:8b:b9:c6:f3:78:3c:f2:41:ba:5b:
8a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:4A:10:1C:CC:DB:36:25:7F:6F:32:5B:13:CC:E8:7B:91:BC:A3:1B
X509v3 Authority Key Identifier:
keyid:89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/7D2A30D22CD111ECBE97C117C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.13.64.0/22
137.59.120.0/22
180.222.136.0/21
203.171.96.0-203.171.125.255
Signature Algorithm: sha256WithRSAEncryption
13:45:ff:e1:e4:1f:75:aa:45:a2:e0:70:fc:28:75:b6:e1:35:
29:c9:cf:97:51:3d:4e:8c:c7:5f:25:a4:3f:2c:07:fc:e8:60:
24:a5:df:ef:1c:63:9f:e2:6e:7c:fa:55:e6:de:6d:b4:54:91:
30:7e:a3:d3:26:a7:01:62:d6:b0:b6:47:2b:b2:60:dd:05:30:
48:2d:7f:01:72:dc:c6:a8:34:ed:09:7a:a4:7b:19:02:b6:2f:
b0:d5:64:2b:72:3f:ce:5f:ca:2b:bf:43:69:2d:6d:07:3f:ea:
99:92:89:6d:ee:ef:62:ae:05:a2:c5:4f:15:8f:ba:51:dd:8c:
44:21:22:a6:b6:7e:b8:4a:4f:9b:3f:66:3c:0c:9c:8f:8c:c0:
58:f3:18:5f:5f:bf:42:14:b3:89:4c:4c:61:09:61:ee:1a:9f:
d1:63:3e:3d:27:74:1e:fd:ff:eb:66:7f:97:0e:51:ce:44:87:
dd:d2:08:15:82:0a:fb:44:2a:1a:6a:53:f5:ae:b8:3c:2b:97:
37:9d:bd:20:23:ed:e7:fc:ea:d7:a1:5d:6a:6c:5a:8f:67:53:
bd:3b:fb:e7:f7:ee:d1:a2:10:e1:88:34:79:d2:6b:e0:35:76:
9c:aa:78:38:a2:5b:d8:3e:df:18:0f:de:fd:9e:f7:2b:6c:99:
be:a0:d9:e4
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICNC0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODUzNDQxMTAvBgNVBAUTKDg5RkQyN0M1MDY3QjRDRjQxMjI5NkZFQkE2Q0U2RDgz
MTE4NTgwMEIwHhcNMjQxMDE2MTUzMTA3WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzBmZGMzYi1kZDU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAotRJ7Pi37SdtQzBm00AlPogOBwJs8gnM/YZtzANSn3V/Qv7A/Pew9vc80mV6
SKfzpOVvupYAYALY6lSMgdMXVSTvUFAa+j3oG3leDlv1hjsomb8bVB5FLwzEi9kF
/aytyjjHe3aWS4ksD10VsBJVEUsqmi6MWd6dGjZLHVab2ULA4koQM12CaRi27L22
V2fR0zyzao+jFlVcGgE9cqmJcgBDnW4A7trRI7oXbQDxCr3FW6dYjW0MrdRWNdtH
UJ3mhbyDdDSwkqT9JIo//A3xv8aRbMQfuFW4cdOfHLcDWl6mPUycFAUTgZ6FsbaV
fGPDowJVoou5xvN4PPJBuluKxQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFCtKEBzM
2zYlf28yWxPM6HuRvKMbMB8GA1UdIwQYMBaAFIn9J8UGe0z0Eilv66bObYMRhYAL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NTM0NC81MTVDQUJFMDFE
QTExMUUyQjJDRDZEOTMwOEIwMkNEMi9pZjBueFFaN1RQUVNLV19ycHM1dGd4R0Zn
QXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lmMG54UVo3VFBRU0tXX3JwczV0Z3hHRmdBcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODUzNDQvNTE1Q0FCRTAxREExMTFFMkIyQ0Q2RDkzMDhCMDJDRDIvN0QyQTMwRDIy
Q0QxMTFFQ0JFOTdDMTE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAJnDUADBAKJO3gDBAO03ogwDAMEBcurYAMEAcurfDANBgkq
hkiG9w0BAQsFAAOCAQEAE0X/4eQfdapFouBw/Ch1tuE1KcnPl1E9TozHXyWkPywH
/OhgJKXf7xxjn+JufPpV5t5ttFSRMH6j0yanAWLWsLZHK7Jg3QUwSC1/AXLcxqg0
7Ql6pHsZArYvsNVkK3I/zl/KK79DaS1tBz/qmZKJbe7vYq4FosVPFY+6Ud2MRCEi
prZ+uEpPmz9mPAycj4zAWPMYX1+/QhSziUxMYQlh7hqf0WM+PSd0Hv3/62Z/lw5R
zkSH3dIIFYIK+0QqGmpT9a64PCuXN529ICPt5/zq16Fdamxaj2dTvTv75/fu0aIQ
4Yg0edJr4DV2nKp4OKJb2D7fGA/e/Z73K2yZvqDZ5A==
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:20:09 2024 by rpki-client on console-fra.rpki-client.org