Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/46948AC87B8511EDB9E3E055C4F9AE02.roa
File: 46948AC87B8511EDB9E3E055C4F9AE02.roa (raw, json)
Hash identifier: CL4zDNqU9EwF/cxa2DhoB4uiX7TE0Ls1qlLMeovZyR0=
Subject key identifier: A8:67:26:94:AD:D1:E4:48:58:73:C7:37:0F:75:75:B3:96:EF:29:CD
Certificate issuer: /CN=A91A546E/serialNumber=6C5A589F924CE9BED1FD89F5AFF630C927574420
Certificate serial: 08A8
Authority key identifier: 6C:5A:58:9F:92:4C:E9:BE:D1:FD:89:F5:AF:F6:30:C9:27:57:44:20
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/46948AC87B8511EDB9E3E055C4F9AE02.roa
Signing time: Fri 22 Nov 2024 11:44:18 +0000
ROA not before: Fri 22 Nov 2024 11:44:18 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 10207
IP address blocks: 101.234.128.0/23 maxlen: 23
101.234.128.0/23 maxlen: 24
101.234.130.0/23 maxlen: 23
101.234.130.0/23 maxlen: 24
101.234.135.0/24 maxlen: 24
101.234.138.0/23 maxlen: 23
101.234.138.0/23 maxlen: 24
101.234.155.0/24 maxlen: 24
101.234.159.0/24 maxlen: 24
101.234.160.0/24 maxlen: 24
101.234.170.0/24 maxlen: 24
101.234.171.0/24 maxlen: 24
114.111.152.0/23 maxlen: 24
114.111.154.0/23 maxlen: 23
114.111.154.0/23 maxlen: 24
122.100.5.0/24 maxlen: 24
122.100.12.0/23 maxlen: 24
2406:5800:1000::/40 maxlen: 48
2406:5800:1100::/40 maxlen: 48
2406:5800:1200::/40 maxlen: 48
2406:5800:1300::/40 maxlen: 48
2406:5800:ff00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.crl
rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:26:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2216 (0x8a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A546E/serialNumber=6C5A589F924CE9BED1FD89F5AFF630C927574420
Validity
Not Before: Nov 22 11:44:18 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=67406e92-42fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:27:75:14:3b:e0:29:94:1c:5a:02:6b:bf:ab:
1a:c5:c1:87:c2:64:ff:1e:f7:48:dd:7e:22:de:dd:
88:bc:6c:17:0a:62:95:11:d4:53:ec:a1:e0:06:4c:
c4:18:e7:01:de:c6:3e:ad:d8:ea:5b:b5:9a:9c:97:
22:ce:49:29:6f:df:b9:99:b1:26:f9:33:2d:d0:b7:
ce:5a:60:87:8e:ec:06:1b:81:1d:7e:6d:e0:56:8a:
ea:6e:86:bf:9c:84:1f:78:ff:24:bb:bb:8d:6b:52:
4e:00:2f:b4:6a:a5:24:7f:c1:b3:a5:8f:b2:4a:71:
21:7c:5e:12:83:b4:fa:e9:14:e5:58:d1:c2:c3:1b:
63:27:19:b5:05:a2:3b:ef:c1:ca:a8:0e:c7:84:0c:
58:d3:75:5d:73:41:4c:1c:46:6c:d9:8f:59:c6:de:
17:40:1f:c0:88:ac:40:8c:48:48:f3:91:07:77:62:
5f:5e:be:f7:51:ab:a1:0d:10:3f:3e:66:a0:44:d7:
f9:02:99:47:7c:a7:8d:0d:ae:54:86:94:34:0f:f7:
3d:bb:a5:97:f7:2a:37:6d:11:89:b7:55:c5:57:31:
3c:70:75:d4:d5:b9:67:06:d8:2e:44:94:41:32:57:
c4:de:2c:32:c6:1a:36:f1:4c:5b:ba:77:48:56:ca:
85:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:67:26:94:AD:D1:E4:48:58:73:C7:37:0F:75:75:B3:96:EF:29:CD
X509v3 Authority Key Identifier:
keyid:6C:5A:58:9F:92:4C:E9:BE:D1:FD:89:F5:AF:F6:30:C9:27:57:44:20
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/bFpYn5JM6b7R_Yn1r_YwySdXRCA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bFpYn5JM6b7R_Yn1r_YwySdXRCA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A546E/0CD41DA8B76A11EA814F5084C4F9AE02/46948AC87B8511EDB9E3E055C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.234.128.0/22
101.234.135.0/24
101.234.138.0/23
101.234.155.0/24
101.234.159.0-101.234.160.255
101.234.170.0/23
114.111.152.0/22
122.100.5.0/24
122.100.12.0/23
IPv6:
2406:5800:1000::/38
2406:5800:ff00::/48
Signature Algorithm: sha256WithRSAEncryption
29:c8:7c:06:62:5a:4e:17:1d:0e:1e:39:13:59:89:98:71:d3:
3e:8b:20:ad:7c:27:df:88:92:fe:a1:07:63:89:c3:b3:1e:0e:
07:2a:f0:17:63:90:98:ce:aa:7a:1b:42:e8:0b:26:d1:97:bf:
b3:4f:e5:3d:1e:74:b1:16:75:48:28:2a:2e:30:16:a2:68:a1:
1f:48:4f:97:61:2c:9e:34:19:ae:66:d3:02:1a:16:0e:bd:07:
dc:b9:ee:10:eb:82:93:f2:2d:e7:70:d1:3a:fb:82:c7:fe:31:
eb:c6:4e:d0:a8:6d:ea:e9:0c:e7:d0:25:2b:25:d7:15:e6:6d:
76:ec:63:1c:6d:73:05:09:8a:aa:65:4d:16:f7:37:b0:4f:97:
d2:be:22:7c:78:f9:da:df:e8:30:31:7f:8b:60:f7:81:ff:56:
20:69:16:e9:eb:4c:6d:30:b3:c1:91:7e:03:51:ef:e3:4c:72:
c3:d5:d3:4c:d8:59:6a:6c:4b:3c:dc:31:28:5f:5e:27:d0:31:
a9:43:bc:f8:ad:2c:47:1e:71:6f:0e:c0:72:fc:19:40:d3:10:
8d:09:bc:61:71:c3:ee:7b:a1:00:24:94:bf:49:f8:68:cc:49:
a3:99:6d:dd:8e:c9:9d:36:ad:e1:0c:33:65:36:6d:67:fa:60:
b9:cb:c5:17
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgICCKgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU0NkUxMTAvBgNVBAUTKDZDNUE1ODlGOTI0Q0U5QkVEMUZEODlGNUFGRjYzMEM5
Mjc1NzQ0MjAwHhcNMjQxMTIyMTE0NDE4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQwNmU5Mi00MmZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Cd1FDvgKZQcWgJrv6saxcGHwmT/HvdI3X4i3t2IvGwXCmKVEdRT7KHgBkzE
GOcB3sY+rdjqW7WanJcizkkpb9+5mbEm+TMt0LfOWmCHjuwGG4Edfm3gVorqboa/
nIQfeP8ku7uNa1JOAC+0aqUkf8GzpY+ySnEhfF4Sg7T66RTlWNHCwxtjJxm1BaI7
78HKqA7HhAxY03Vdc0FMHEZs2Y9Zxt4XQB/AiKxAjEhI85EHd2JfXr73UauhDRA/
PmagRNf5AplHfKeNDa5UhpQ0D/c9u6WX9yo3bRGJt1XFVzE8cHXU1blnBtguRJRB
MlfE3iwyxho28UxbundIVsqFWwIDAQABo4IC5jCCAuIwHQYDVR0OBBYEFKhnJpSt
0eRIWHPHNw91dbOW7ynNMB8GA1UdIwQYMBaAFGxaWJ+STOm+0f2J9a/2MMknV0Qg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTQ2RS8wQ0Q0MURBOEI3
NkExMUVBODE0RjUwODRDNEY5QUUwMi9iRnBZbjVKTTZiN1JfWW4xcl9Zd3lTZFhS
Q0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JGcFluNUpNNmI3Ul9ZbjFyX1l3eVNkWFJDQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU0NkUvMENENDFEQThCNzZBMTFFQTgxNEY1MDg0QzRGOUFFMDIvNDY5NDhBQzg3
Qjg1MTFFREI5RTNFMDU1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcAYIKwYBBQUHAQcBAf8E
YTBfMEQEAgABMD4DBAJl6oADBABl6ocDBAFl6ooDBABl6pswDAMEAGXqnwMEAGXq
oAMEAWXqqgMEAnJvmAMEAHpkBQMEAXpkDDAXBAIAAjARAwYCJAZYABADBwAkBlgA
/wAwDQYJKoZIhvcNAQELBQADggEBACnIfAZiWk4XHQ4eORNZiZhx0z6LIK18J9+I
kv6hB2OJw7MeDgcq8BdjkJjOqnobQugLJtGXv7NP5T0edLEWdUgoKi4wFqJooR9I
T5dhLJ40Ga5m0wIaFg69B9y57hDrgpPyLedw0Tr7gsf+MevGTtCoberpDOfQJSsl
1xXmbXbsYxxtcwUJiqplTRb3N7BPl9K+Inx4+drf6DAxf4tg94H/ViBpFunrTG0w
s8GRfgNR7+NMcsPV00zYWWpsSzzcMShfXifQMalDvPitLEcecW8OwHL8GUDTEI0J
vGFxw+57oQAklL9J+GjMSaOZbd2OyZ02reEMM2U2bWf6YLnLxRc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:11 2024 by rpki-client on console-fra.rpki-client.org