Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
File: 0BA74CC46EF111EEB2AAC928C4F9AE02.roa (raw, json)
Hash identifier: 146wjUzavXDL5O8lQ6ztyUPBz/qnf0f/Xp00a+G9s1E=
Subject key identifier: DE:BF:43:C7:4A:D5:83:9F:CF:DA:90:DE:D0:52:43:A9:DF:D8:DF:DB
Certificate issuer: /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial: 4724
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
Signing time: Tue 08 Oct 2024 08:15:14 +0000
ROA not before: Tue 08 Oct 2024 08:15:14 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 38733
IP address blocks: 42.96.33.0/24 maxlen: 24
42.96.36.0/23 maxlen: 24
42.96.62.0/24 maxlen: 24
42.96.63.0/24 maxlen: 24
45.122.244.0/24 maxlen: 24
103.82.32.0/22 maxlen: 24
115.165.161.0/24 maxlen: 24
115.165.162.0/23 maxlen: 24
115.165.164.0/23 maxlen: 24
115.165.167.0/24 maxlen: 24
119.82.133.0/24 maxlen: 24
124.158.8.0/21 maxlen: 24
124.158.8.0/24 maxlen: 24
124.158.9.0/24 maxlen: 24
124.158.10.0/24 maxlen: 24
124.158.11.0/24 maxlen: 24
124.158.12.0/24 maxlen: 24
124.158.13.0/24 maxlen: 24
124.158.15.0/24 maxlen: 24
2402:5300:4020::/48 maxlen: 48
2402:5300:4021::/48 maxlen: 48
2402:5300:4e00::/40 maxlen: 48
2402:5300:7100::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 06 Dec 2024 04:20:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18212 (0x4724)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Validity
Not Before: Oct 8 08:15:14 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=6704ea12-cb96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:09:9e:cb:a5:81:2c:a9:4e:36:cc:4a:19:04:
ed:76:05:ea:7c:86:78:5e:21:0b:c9:6a:5c:7a:eb:
09:b8:51:4d:46:2e:f9:8c:9f:08:93:0c:dd:c8:62:
79:e6:d0:19:eb:7a:2a:ac:fc:72:f8:00:1d:e5:a5:
93:68:8f:2c:b7:88:55:19:08:c2:f0:1d:d3:1d:8d:
82:64:f9:29:8c:8e:f7:d7:db:7a:56:f9:78:7e:f6:
65:54:97:ef:ac:7f:ea:e2:e1:93:d2:f5:0c:46:c8:
0a:4a:73:3b:7f:b6:93:bc:fb:1f:fc:42:8a:2b:a5:
b5:8d:30:3c:ef:b6:4b:8a:ba:b3:b5:e3:f5:2d:2c:
43:f5:6d:5f:00:05:a1:a1:49:1b:98:47:96:c6:e8:
fe:63:8d:23:cf:1a:09:0b:f2:c2:9d:54:3f:b4:ba:
9e:4c:3d:70:d1:32:a3:53:63:c9:d5:95:7c:9c:a8:
f7:a2:94:db:4c:fa:92:2b:e2:64:c9:7d:6a:d1:95:
93:66:cb:41:79:39:16:55:19:bd:b1:59:e9:a9:1a:
f6:2d:ec:08:b2:c8:f7:2a:18:c0:3e:3f:a9:81:2d:
1a:d2:49:8e:bd:a5:75:69:fd:cb:fe:c5:c7:73:29:
b2:d8:44:eb:34:fb:4a:3e:f9:72:b7:e7:98:f8:31:
a9:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:BF:43:C7:4A:D5:83:9F:CF:DA:90:DE:D0:52:43:A9:DF:D8:DF:DB
X509v3 Authority Key Identifier:
keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/0BA74CC46EF111EEB2AAC928C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
42.96.33.0/24
42.96.36.0/23
42.96.62.0/23
45.122.244.0/24
103.82.32.0/22
115.165.161.0-115.165.165.255
115.165.167.0/24
119.82.133.0/24
124.158.8.0/21
IPv6:
2402:5300:4020::/47
2402:5300:4e00::/40
2402:5300:7100::/40
Signature Algorithm: sha256WithRSAEncryption
07:76:8d:e5:48:f0:80:17:b2:c8:7e:31:b0:bd:f6:3f:bb:4c:
bf:8a:66:bb:d2:29:10:8f:14:7a:76:41:9b:37:d6:ec:f4:dc:
73:2d:66:78:ae:3a:ac:86:91:aa:30:8a:fd:be:79:d7:55:2c:
0d:05:85:ba:46:6d:43:ef:f9:d2:e5:6d:0f:25:37:88:6f:d3:
2c:85:46:8a:2f:73:8b:3a:94:d0:b8:c0:df:59:a1:d2:f6:4a:
9b:b9:88:ee:eb:84:96:a6:85:cb:0e:e3:d8:1f:d6:39:59:4f:
59:a3:d2:49:ad:a0:80:65:b3:e5:9c:2a:17:43:67:fa:c4:16:
b0:e1:bb:c8:22:99:4f:45:9b:b8:ee:98:b1:22:62:1f:da:74:
e9:b9:3e:99:bd:b2:63:2e:7c:ac:a1:8e:29:92:2f:0c:96:aa:
9a:f9:a2:1c:3a:6a:3f:5d:47:ee:b2:07:79:1a:f7:c0:57:ef:
b8:c3:19:ab:cb:f4:86:2a:2a:2e:2f:e0:88:bd:c5:94:38:f1:
32:0e:56:8b:fe:09:d2:ac:66:69:7d:35:8c:74:75:af:6e:9f:
12:1a:f3:73:b1:f0:6c:8a:31:3f:89:d1:e0:27:21:62:62:38:
0e:db:39:64:f0:0d:82:b4:cd:6f:d4:b1:cc:8f:51:b8:b2:2f:
16:6d:2d:57
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgICRyQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjQxMDA4MDgxNTE0WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzA0ZWExMi1jYjk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4wmey6WBLKlONsxKGQTtdgXqfIZ4XiELyWpceusJuFFNRi75jJ8IkwzdyGJ5
5tAZ63oqrPxy+AAd5aWTaI8st4hVGQjC8B3THY2CZPkpjI7319t6Vvl4fvZlVJfv
rH/q4uGT0vUMRsgKSnM7f7aTvPsf/EKKK6W1jTA877ZLirqzteP1LSxD9W1fAAWh
oUkbmEeWxuj+Y40jzxoJC/LCnVQ/tLqeTD1w0TKjU2PJ1ZV8nKj3opTbTPqSK+Jk
yX1q0ZWTZstBeTkWVRm9sVnpqRr2LewIssj3KhjAPj+pgS0a0kmOvaV1af3L/sXH
cymy2ETrNPtKPvlyt+eY+DGpTQIDAQABo4IC7jCCAuowHQYDVR0OBBYEFN6/Q8dK
1YOfz9qQ3tBSQ6nf2N/bMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvMEJBNzRDQzQ2
RUYxMTFFRUIyQUFDOTI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwweAYIKwYBBQUHAQcBAf8E
aTBnMEQEAgABMD4DBAAqYCEDBAEqYCQDBAEqYD4DBAAtevQDBAJnUiAwDAMEAHOl
oQMEAXOlpAMEAHOlpwMEAHdShQMEA3yeCDAfBAIAAjAZAwcBJAJTAEAgAwYAJAJT
AE4DBgAkAlMAcTANBgkqhkiG9w0BAQsFAAOCAQEAB3aN5UjwgBeyyH4xsL32P7tM
v4pmu9IpEI8UenZBmzfW7PTccy1meK46rIaRqjCK/b5511UsDQWFukZtQ+/50uVt
DyU3iG/TLIVGii9zizqU0LjA31mh0vZKm7mI7uuElqaFyw7j2B/WOVlPWaPSSa2g
gGWz5ZwqF0Nn+sQWsOG7yCKZT0WbuO6YsSJiH9p06bk+mb2yYy58rKGOKZIvDJaq
mvmiHDpqP11H7rIHeRr3wFfvuMMZq8v0hioqLi/giL3FlDjxMg5Wi/4J0qxmaX01
jHR1r26fEhrzc7HwbIoxP4nR4CchYmI4Dts5ZPANgrTNb9SxzI9RuLIvFm0tVw==
-----END CERTIFICATE-----
Generated at Fri Nov 29 05:58:39 2024 by rpki-client on console-fra.rpki-client.org