Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: mSOklUnaiy8SK/FfFJGwlI3WJcVIKNR78eJJYjas9Z8=
Subject key identifier: 4B:70:14:DA:CC:88:DE:62:ED:C0:A3:B2:8C:B2:F4:D9:08:F1:0A:CC
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: 77
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Wed 25 Sep 2024 05:49:00 +0000
ROA not before: Wed 25 Sep 2024 05:49:00 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 28 Nov 2024 04:50:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 119 (0x77)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: Sep 25 05:49:00 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66f3a44c-9b9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:b7:5a:c6:3b:0b:e8:87:1f:40:39:87:59:54:
58:9e:b9:7a:04:aa:75:74:a2:71:0e:d4:00:46:77:
98:a3:17:ba:b9:c1:30:70:a4:75:04:db:21:64:66:
ee:94:0c:e8:ed:aa:30:05:78:8f:e9:70:97:34:99:
b6:22:c5:a7:5e:97:98:f5:90:0d:3a:1b:45:ae:a5:
74:1a:1e:69:5e:5e:c0:66:ce:a2:e3:c3:00:c1:7d:
c8:0a:d4:e8:e1:e1:ea:b9:bd:cf:75:1d:ae:83:4f:
ae:5c:f3:17:d5:17:aa:a5:47:2c:15:cc:f8:a6:57:
a0:25:8f:87:e5:22:e5:76:8f:df:b5:de:e6:ef:a6:
42:8b:be:a2:8d:97:0d:07:7f:98:ba:43:e6:9a:4c:
8d:18:f4:a8:54:21:af:02:6b:1e:9f:71:ff:a5:0a:
44:a8:36:f4:2b:59:89:90:27:62:79:fe:79:8e:d8:
01:4c:12:52:4d:fd:f0:6b:86:c1:c7:ed:9c:bd:6a:
ea:bb:a9:33:6d:66:6e:20:6b:05:2d:75:6c:ce:ff:
e2:fe:75:9e:23:9b:8c:45:9f:04:d8:cb:e8:94:1a:
30:9c:77:af:a7:49:b9:b3:e1:38:49:bd:ca:66:6d:
f7:c0:47:b2:0a:a1:64:7e:16:6e:e8:5e:59:66:8c:
46:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:70:14:DA:CC:88:DE:62:ED:C0:A3:B2:8C:B2:F4:D9:08:F1:0A:CC
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.217.0/24
103.56.219.0/24
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/24
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::/38
Signature Algorithm: sha256WithRSAEncryption
84:c6:17:27:40:8d:ee:6b:28:22:a1:92:38:4e:78:a4:96:f2:
cd:a6:b8:d3:1b:61:9d:e4:43:c5:71:5c:58:d7:8b:80:d8:90:
1e:dc:dc:71:7e:11:23:ed:3f:1f:d9:ae:8e:8e:5e:fe:82:f5:
9a:6c:12:62:47:56:f1:34:79:3a:e7:a4:23:7c:ce:0f:6e:d0:
f2:c1:dc:c4:5e:91:b9:95:87:68:73:0c:4f:9c:13:13:05:48:
30:3c:5b:2c:aa:aa:0e:d0:01:b1:7a:f3:a6:4b:de:bd:7c:e8:
a1:6a:50:bd:8c:f2:6c:46:85:3e:1e:91:74:23:a3:8e:c6:a0:
a0:51:7e:72:ad:41:dd:37:5e:89:a6:30:bc:13:e7:95:8d:90:
e5:55:6a:66:f5:6a:47:f4:f7:f2:5c:ac:7d:f6:10:9f:b8:13:
da:da:01:ed:3b:80:71:74:ed:3e:34:4a:c9:db:c3:25:f4:14:
49:e9:9b:60:83:df:72:28:04:a4:e6:ca:54:0e:2e:a3:4c:bf:
ed:d0:30:a1:dd:c9:a6:a3:00:a3:bd:86:bc:8c:50:0f:45:fb:
e8:20:83:55:bf:26:c8:7a:d6:0b:7f:a1:a2:d0:7e:58:05:15:
6f:7c:46:e1:dc:61:fc:54:f9:27:57:6d:4f:1b:41:cf:ba:38:
7c:b2:43:96
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgIBdzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
QTc3NzExMC8GA1UEBRMoNjQ3RDA5MjdEQjNCMTc4RTJGNjU0QTMyNjg1NTdGRTVC
NUQ2NzI5QzAeFw0yNDA5MjUwNTQ5MDBaFw0yNTEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2ZjNhNDRjLTliOWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCet1rGOwvohx9AOYdZVFieuXoEqnV0onEO1ABGd5ijF7q5wTBwpHUE2yFkZu6U
DOjtqjAFeI/pcJc0mbYixadel5j1kA06G0WupXQaHmleXsBmzqLjwwDBfcgK1Ojh
4eq5vc91Ha6DT65c8xfVF6qlRywVzPimV6Alj4flIuV2j9+13ubvpkKLvqKNlw0H
f5i6Q+aaTI0Y9KhUIa8Cax6fcf+lCkSoNvQrWYmQJ2J5/nmO2AFMElJN/fBrhsHH
7Zy9auq7qTNtZm4gawUtdWzO/+L+dZ4jm4xFnwTYy+iUGjCcd6+nSbmz4ThJvcpm
bffAR7IKoWR+Fm7oXllmjEapAgMBAAGjggMUMIIDEDAdBgNVHQ4EFgQUS3AU2syI
3mLtwKOyjLL02QjxCswwHwYDVR0jBBgwFoAUZH0JJ9s7F44vZUoyaFV/5bXWcpww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlBNzc3LzBCQTU3MkIwRUM0
RjExRUVBMUIzODg2NkM0RjlBRTAyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nw
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWkgwSko5czdGNDR2WlVveWFGVl81YlhXY3B3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
QTc3Ny8wQkE1NzJCMEVDNEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9CREVDQjk0Q0VD
NEYxMUVFQjBCOUI0NjdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDCBnQYIKwYBBQUHAQcBAf8E
gY0wgYowSgQCAAEwRAMEAS14nAMEAC14nwMEAi19pAMEAGc42QMEAGc42zAMAwQA
Z8IpAwQCZ8IoAwQBZ8hgAwQCZ8ysAwQAeoBgAwQAeoBjMDwEAgACMDYDBwMkA62A
AGADBwQkA62AAIAwEgMHAyQDrYAAmAMHAyQDrYAAoAMGAiQDrYA8AwYCJAOtgEww
DQYJKoZIhvcNAQELBQADggEBAITGFydAje5rKCKhkjhOeKSW8s2muNMbYZ3kQ8Vx
XFjXi4DYkB7c3HF+ESPtPx/Zro6OXv6C9ZpsEmJHVvE0eTrnpCN8zg9u0PLB3MRe
kbmVh2hzDE+cExMFSDA8Wyyqqg7QAbF686ZL3r186KFqUL2M8mxGhT4ekXQjo47G
oKBRfnKtQd03XommMLwT55WNkOVVamb1akf09/JcrH32EJ+4E9raAe07gHF07T40
SsnbwyX0FEnpm2CD33IoBKTmylQOLqNMv+3QMKHdyaajAKO9hryMUA9F++ggg1W/
Jsh61gt/oaLQflgFFW98RuHcYfxU+SdXbU8bQc+6OHyyQ5Y=
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:47 2024 by rpki-client on console-fra.rpki-client.org