Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: NHVNQ/s9udoHncEpuz1YWJq9uPzeecTtXQ+pJZl0YP0=
Subject key identifier: ED:B7:49:AE:55:75:20:02:C7:C4:B7:DD:6C:52:A5:1C:34:1D:5C:76
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: 02
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Wed 27 Mar 2024 15:36:13 +0000
ROA not before: Wed 27 Mar 2024 15:36:13 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 08 Jun 2024 08:57:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: Mar 27 15:36:13 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=66043ced-979a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:81:2e:3b:df:b8:58:d4:9e:8d:a2:8d:82:73:
00:c0:f0:f5:c3:de:fe:f0:00:66:e5:de:4e:33:8a:
13:7a:7b:b4:ef:de:30:c4:5c:bf:46:fe:78:36:9e:
68:34:41:6f:c0:f0:3a:46:fc:05:81:f4:7b:fd:83:
bf:8a:89:ec:a7:78:31:05:94:ba:fc:44:3a:67:88:
23:cf:7b:19:ed:77:c5:e7:d2:cf:8e:66:37:ab:c0:
b6:8d:56:0d:04:7a:ba:50:b8:cb:ea:30:73:40:cb:
fa:9c:0f:11:96:c6:67:f6:5f:6e:7a:da:f6:91:bb:
43:6d:7e:4c:19:bb:80:e1:da:2f:b8:d8:3e:19:5d:
28:85:67:c0:18:9c:cf:1d:c9:06:cd:79:a6:02:5a:
58:b5:b5:c1:4c:13:46:b1:88:53:1c:ab:1c:d4:58:
8b:5a:25:18:8d:6d:0b:48:4e:d3:ab:f5:06:c0:f6:
83:ff:fa:d0:00:90:6d:ca:10:5c:c3:9a:cc:a3:4e:
8b:77:09:3a:99:e7:a0:c2:69:88:f9:53:75:75:f2:
2b:36:06:19:3a:9d:89:40:6d:0c:73:40:3f:f2:08:
40:c2:60:be:eb:78:9e:ce:cd:a8:99:a3:d3:02:e1:
10:ef:51:6c:a7:7a:83:6d:88:91:9b:d2:42:67:6d:
db:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:B7:49:AE:55:75:20:02:C7:C4:B7:DD:6C:52:A5:1C:34:1D:5C:76
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/23
103.204.175.0/24
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::/38
Signature Algorithm: sha256WithRSAEncryption
20:52:55:c6:a2:74:c2:99:d4:15:2f:19:a6:f7:71:64:89:52:
83:f3:ec:73:af:86:ed:51:30:0f:e5:3f:ff:be:85:ee:1f:1c:
1c:d4:b0:be:11:d9:c8:41:ae:ba:55:34:fd:f2:9c:fd:db:56:
e7:0c:60:1f:7b:9b:a2:dd:d3:fe:ce:11:8d:de:27:ce:79:20:
cc:47:d2:5b:86:af:63:08:7b:e1:88:24:98:f2:13:59:68:a9:
0b:8a:7c:b3:ab:19:9b:f2:dd:55:43:c2:ef:21:18:81:75:ab:
fb:57:3b:36:aa:b1:e0:90:01:d5:b3:bd:52:3c:ee:c0:cc:4e:
a5:dd:86:f4:af:47:7d:20:aa:08:96:c2:4a:2e:ce:61:bc:e6:
87:19:9f:c3:83:91:86:ee:c2:2d:5d:d0:9a:ca:d8:dc:8f:37:
2d:87:75:d2:e4:14:a1:14:8c:21:4f:bc:c5:06:b2:97:e3:e6:
b1:c0:5f:a1:27:5b:0f:4f:1b:f7:a9:aa:f9:ac:b7:f4:13:b1:
03:1d:8c:0a:31:f6:80:aa:07:80:f9:21:35:b6:95:38:10:2f:
0c:cd:bd:ab:90:bb:2d:3d:2a:b3:51:d8:ee:dc:81:0c:cb:5f:
c4:fc:e6:d9:98:41:bf:18:c8:7b:59:77:3f:64:40:1b:c4:f5:
ae:91:fa:23
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
QTc3NzExMC8GA1UEBRMoNjQ3RDA5MjdEQjNCMTc4RTJGNjU0QTMyNjg1NTdGRTVC
NUQ2NzI5QzAeFw0yNDAzMjcxNTM2MTNaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2MDQzY2VkLTk3OWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDhgS4737hY1J6Noo2CcwDA8PXD3v7wAGbl3k4zihN6e7Tv3jDEXL9G/ng2nmg0
QW/A8DpG/AWB9Hv9g7+KieyneDEFlLr8RDpniCPPexntd8Xn0s+OZjerwLaNVg0E
erpQuMvqMHNAy/qcDxGWxmf2X2562vaRu0NtfkwZu4Dh2i+42D4ZXSiFZ8AYnM8d
yQbNeaYCWli1tcFME0axiFMcqxzUWItaJRiNbQtITtOr9QbA9oP/+tAAkG3KEFzD
msyjTot3CTqZ56DCaYj5U3V18is2Bhk6nYlAbQxzQD/yCEDCYL7reJ7OzaiZo9MC
4RDvUWyneoNtiJGb0kJnbdvnAgMBAAGjggMUMIIDEDAdBgNVHQ4EFgQU7bdJrlV1
IALHxLfdbFKlHDQdXHYwHwYDVR0jBBgwFoAUZH0JJ9s7F44vZUoyaFV/5bXWcpww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlBNzc3LzBCQTU3MkIwRUM0
RjExRUVBMUIzODg2NkM0RjlBRTAyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nw
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWkgwSko5czdGNDR2WlVveWFGVl81YlhXY3B3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
QTc3Ny8wQkE1NzJCMEVDNEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9CREVDQjk0Q0VD
NEYxMUVFQjBCOUI0NjdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDCBnQYIKwYBBQUHAQcBAf8E
gY0wgYowSgQCAAEwRAMEAS14nAMEAC14nwMEAi19pAMEAGc42QMEAGc42zAMAwQA
Z8IpAwQCZ8IoAwQBZ8hgAwQBZ8ysAwQAZ8yvAwQAeoBjMDwEAgACMDYDBwMkA62A
AGADBwQkA62AAIAwEgMHAyQDrYAAmAMHAyQDrYAAoAMGAiQDrYA8AwYCJAOtgEww
DQYJKoZIhvcNAQELBQADggEBACBSVcaidMKZ1BUvGab3cWSJUoPz7HOvhu1RMA/l
P/++he4fHBzUsL4R2chBrrpVNP3ynP3bVucMYB97m6Ld0/7OEY3eJ855IMxH0luG
r2MIe+GIJJjyE1loqQuKfLOrGZvy3VVDwu8hGIF1q/tXOzaqseCQAdWzvVI87sDM
TqXdhvSvR30gqgiWwkouzmG85ocZn8ODkYbuwi1d0JrK2NyPNy2HddLkFKEUjCFP
vMUGspfj5rHAX6EnWw9PG/epqvmst/QTsQMdjAox9oCqB4D5ITW2lTgQLwzNvauQ
uy09KrNR2O7cgQzLX8T85tmYQb8YyHtZdz9kQBvE9a6R+iM=
-----END CERTIFICATE-----
Generated at Sat Jun 1 11:47:28 2024 by rpki-client on console-ams.rpki-client.org