Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/73462B74643C11EB9E7DF918C4F9AE02.roa
File: 73462B74643C11EB9E7DF918C4F9AE02.roa (raw, json)
Hash identifier: OiW89qQFovmBoY5voLYQMPJS/gYyS8nvSRtkPJR5YIU=
Subject key identifier: EC:B1:3E:75:45:5D:E2:59:67:26:FB:74:B0:FF:1A:47:9D:B8:A3:54
Certificate issuer: /CN=A919819A/serialNumber=358399C736EF055D5D592CAB19016FE3816F6608
Certificate serial: 33FC
Authority key identifier: 35:83:99:C7:36:EF:05:5D:5D:59:2C:AB:19:01:6F:E3:81:6F:66:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NYOZxzbvBV1dWSyrGQFv44FvZgg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/73462B74643C11EB9E7DF918C4F9AE02.roa
Signing time: Tue 02 Jul 2024 15:31:11 +0000
ROA not before: Tue 02 Jul 2024 15:31:11 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 45780
IP address blocks: 103.23.0.0/22 maxlen: 24
110.173.232.0/22 maxlen: 22
110.173.232.0/23 maxlen: 24
110.173.234.0/23 maxlen: 23
110.173.235.0/24 maxlen: 24
110.173.236.0/22 maxlen: 24
111.118.216.0/24 maxlen: 24
111.118.217.0/24 maxlen: 24
111.118.218.0/24 maxlen: 24
111.118.219.0/24 maxlen: 24
119.17.32.0/19 maxlen: 24
123.254.112.0/20 maxlen: 24
163.47.52.0/22 maxlen: 23
175.103.16.0/20 maxlen: 20
175.103.16.0/23 maxlen: 23
175.103.18.0/24 maxlen: 24
175.103.19.0/24 maxlen: 24
175.103.20.0/24 maxlen: 24
175.103.21.0/24 maxlen: 24
175.103.22.0/24 maxlen: 24
175.103.23.0/24 maxlen: 24
175.103.24.0/23 maxlen: 23
175.103.26.0/23 maxlen: 23
175.103.28.0/22 maxlen: 24
2404:fa00::/36 maxlen: 36
2404:fa00::/40 maxlen: 40
2404:fa00:1000::/36 maxlen: 36
2404:fa00:2000::/36 maxlen: 36
2404:fa00:5000::/36 maxlen: 36
2404:fa00:d000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/NYOZxzbvBV1dWSyrGQFv44FvZgg.crl
rsync://rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/NYOZxzbvBV1dWSyrGQFv44FvZgg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NYOZxzbvBV1dWSyrGQFv44FvZgg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:02:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13308 (0x33fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919819A/serialNumber=358399C736EF055D5D592CAB19016FE3816F6608
Validity
Not Before: Jul 2 15:31:11 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=66841d3f-f09e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:4e:1f:de:7d:d8:13:0b:b1:a6:d2:5b:cd:9d:
5e:bb:eb:68:5b:28:30:3e:b3:b0:7b:ec:07:1a:d5:
73:5f:7c:7c:ce:cd:a7:d6:33:a6:7d:8b:09:66:8e:
4a:35:1d:aa:70:55:ee:bb:d2:68:64:52:8b:f0:28:
ee:09:71:2c:ee:d1:97:ce:ee:13:d9:ee:b1:95:f7:
7c:20:20:02:e2:a9:33:5d:73:3f:7f:56:64:d6:0f:
d0:6b:4c:da:0c:46:5a:23:0c:2d:dd:71:ea:23:27:
fd:cc:e5:b5:da:ab:a6:fe:9f:b6:62:d9:6c:7a:8c:
24:a1:74:c1:bc:ce:10:c0:45:6a:96:28:25:5a:83:
08:c5:79:3f:f7:0f:d0:59:49:07:b2:71:21:87:6e:
8f:d1:66:d2:78:a8:7a:b8:91:30:e2:c6:71:bc:03:
64:62:51:d6:a8:f2:54:75:9b:35:b3:d9:79:07:02:
f4:f6:85:06:d4:ad:43:70:09:b3:ef:ce:fa:c8:99:
1b:de:17:45:fb:1a:1c:70:48:0e:89:88:7e:ae:9e:
4f:66:8a:4b:c1:64:37:1d:65:8c:5f:9c:17:8f:d1:
53:dd:8c:87:12:3e:e5:13:b3:93:4b:0c:bd:73:d7:
ea:78:3f:12:8d:59:a8:2f:98:5c:9e:65:2e:2b:4b:
b8:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:B1:3E:75:45:5D:E2:59:67:26:FB:74:B0:FF:1A:47:9D:B8:A3:54
X509v3 Authority Key Identifier:
keyid:35:83:99:C7:36:EF:05:5D:5D:59:2C:AB:19:01:6F:E3:81:6F:66:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/NYOZxzbvBV1dWSyrGQFv44FvZgg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NYOZxzbvBV1dWSyrGQFv44FvZgg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919819A/63EA20921D9E11E2ADB73F8E08B02CD2/73462B74643C11EB9E7DF918C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.23.0.0/22
110.173.232.0/21
111.118.216.0/22
119.17.32.0/19
123.254.112.0/20
163.47.52.0/22
175.103.16.0/20
IPv6:
2404:fa00::-2404:fa00:2fff:ffff:ffff:ffff:ffff:ffff
2404:fa00:5000::/36
2404:fa00:d000::/36
Signature Algorithm: sha256WithRSAEncryption
1a:3e:69:05:75:d4:5f:89:e7:24:e8:b6:ce:de:b9:4e:88:c2:
68:fe:56:9c:81:88:d7:fd:96:2f:8e:b4:ae:0c:f7:7d:4c:fc:
3b:a0:b1:68:a5:0d:4c:93:b3:97:3e:d7:f3:62:21:00:36:c4:
71:4e:1f:3e:07:2f:81:89:10:62:32:bc:01:b2:bf:f5:40:db:
91:58:44:c6:d0:5f:74:f3:00:55:20:91:29:a5:6c:10:38:c7:
2e:b0:6d:b4:c9:36:f9:46:a8:80:07:49:f4:3d:12:fd:a5:10:
4b:a3:25:b2:27:b7:24:d5:e8:51:3a:c9:3f:45:8b:d3:5d:19:
93:39:4b:50:8e:3c:57:62:1f:d2:1d:b3:e4:ec:32:38:0d:b0:
7b:ba:80:f4:1b:f9:10:28:2a:fa:bc:b0:03:fb:69:ed:e6:20:
39:1b:26:06:d4:6f:ce:7c:e2:f8:1f:32:3f:60:8b:26:51:d5:
b4:be:1e:3c:c9:b5:07:f1:08:ba:fe:24:80:0d:f0:95:a2:e0:
6a:dc:16:19:ab:fd:e7:20:d4:15:08:32:4d:fd:a8:5f:b2:21:
27:21:b7:7e:f6:56:cb:63:f4:a0:78:8e:60:06:5a:22:19:02:
50:4e:2b:c6:72:99:6f:73:51:59:6f:74:c9:41:e6:07:28:54:
0d:34:d0:05
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICM/wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTgxOUExMTAvBgNVBAUTKDM1ODM5OUM3MzZFRjA1NUQ1RDU5MkNBQjE5MDE2RkUz
ODE2RjY2MDgwHhcNMjQwNzAyMTUzMTExWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg0MWQzZi1mMDllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwk4f3n3YEwuxptJbzZ1eu+toWygwPrOwe+wHGtVzX3x8zs2n1jOmfYsJZo5K
NR2qcFXuu9JoZFKL8CjuCXEs7tGXzu4T2e6xlfd8ICAC4qkzXXM/f1Zk1g/Qa0za
DEZaIwwt3XHqIyf9zOW12qum/p+2YtlseowkoXTBvM4QwEVqliglWoMIxXk/9w/Q
WUkHsnEhh26P0WbSeKh6uJEw4sZxvANkYlHWqPJUdZs1s9l5BwL09oUG1K1DcAmz
7876yJkb3hdF+xoccEgOiYh+rp5PZopLwWQ3HWWMX5wXj9FT3YyHEj7lE7OTSwy9
c9fqeD8SjVmoL5hcnmUuK0u4wQIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFOyxPnVF
XeJZZyb7dLD/GkeduKNUMB8GA1UdIwQYMBaAFDWDmcc27wVdXVksqxkBb+OBb2YI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5ODE5QS82M0VBMjA5MjFE
OUUxMUUyQURCNzNGOEUwOEIwMkNEMi9OWU9aeHpidkJWMWRXU3lyR1FGdjQ0RnZa
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05ZT1p4emJ2QlYxZFdTeXJHUUZ2NDRGdlpnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTgxOUEvNjNFQTIwOTIxRDlFMTFFMkFEQjczRjhFMDhCMDJDRDIvNzM0NjJCNzQ2
NDNDMTFFQjlFN0RGOTE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMDAEAgABMCoDBAJnFwADBANuregDBAJvdtgDBAV3ESADBAR7/nADBAKjLzQD
BASvZxAwJgQCAAIwIDAOAwQBJAT6AwYEJAT6ACADBgQkBPoAUAMGBCQE+gDQMA0G
CSqGSIb3DQEBCwUAA4IBAQAaPmkFddRfieck6LbO3rlOiMJo/lacgYjX/ZYvjrSu
DPd9TPw7oLFopQ1Mk7OXPtfzYiEANsRxTh8+By+BiRBiMrwBsr/1QNuRWETG0F90
8wBVIJEppWwQOMcusG20yTb5RqiAB0n0PRL9pRBLoyWyJ7ck1ehROsk/RYvTXRmT
OUtQjjxXYh/SHbPk7DI4DbB7uoD0G/kQKCr6vLAD+2nt5iA5GyYG1G/OfOL4HzI/
YIsmUdW0vh48ybUH8Qi6/iSADfCVouBq3BYZq/3nINQVCDJN/ahfsiEnIbd+9lbL
Y/SgeI5gBloiGQJQTivGcplvc1FZb3TJQeYHKFQNNNAF
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:56:18 2024 by rpki-client on console-fra.rpki-client.org