Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
File: 82BB885E4B9811EB85F74960C4F9AE02.roa (raw, json)
Hash identifier: S+zmz0lzc9XhqMVgirIgdwAZVw1zr2aY+glnbB9byB4=
Subject key identifier: BA:F8:08:CD:7D:7F:7F:96:B3:7E:9A:E4:2F:08:F7:91:AE:EF:D1:43
Certificate issuer: /CN=A91AB20B/serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Certificate serial: 074E
Authority key identifier: 5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
Signing time: Wed 04 Sep 2024 22:41:27 +0000
ROA not before: Wed 04 Sep 2024 22:41:27 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 38193
IP address blocks: 110.93.192.0/18 maxlen: 23
110.93.192.0/24 maxlen: 24
110.93.194.0/23 maxlen: 24
110.93.196.0/22 maxlen: 24
110.93.200.0/21 maxlen: 24
110.93.208.0/21 maxlen: 24
110.93.216.0/22 maxlen: 24
110.93.220.0/23 maxlen: 24
110.93.222.0/24 maxlen: 24
110.93.224.0/23 maxlen: 24
110.93.229.0/24 maxlen: 24
110.93.231.0/24 maxlen: 24
110.93.232.0/22 maxlen: 24
110.93.238.0/23 maxlen: 24
110.93.241.0/24 maxlen: 24
110.93.242.0/23 maxlen: 24
110.93.248.0/21 maxlen: 24
117.20.16.0/20 maxlen: 23
117.20.16.0/21 maxlen: 24
117.20.24.0/22 maxlen: 24
117.20.28.0/24 maxlen: 24
117.20.30.0/23 maxlen: 24
119.63.128.0/20 maxlen: 23
119.63.128.0/21 maxlen: 24
119.63.136.0/23 maxlen: 24
119.63.140.0/22 maxlen: 24
221.132.112.0/21 maxlen: 23
221.132.112.0/22 maxlen: 24
221.132.116.0/23 maxlen: 24
221.132.118.0/24 maxlen: 24
2404:d400::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1870 (0x74e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB20B/serialNumber=5EC1A6AD76A3ABFDC1E1329EB2637C01864B4808
Validity
Not Before: Sep 4 22:41:27 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=66d8e217-91ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:0a:3e:20:83:8a:ac:35:f1:f8:a5:1f:d1:63:
bc:b9:f8:7e:3d:66:02:f6:a3:d4:75:9b:91:0f:47:
c7:20:d8:0b:f1:8c:be:56:19:77:f3:fe:d9:1e:dc:
b3:7a:c4:83:9f:f8:a3:be:2d:00:d4:28:0e:ce:34:
83:64:47:08:03:2b:76:5b:d2:aa:15:3f:1e:1f:06:
17:93:71:fa:52:e9:dd:6f:dd:55:8f:12:ba:6c:d4:
2a:1a:45:11:54:68:d0:71:4c:0b:c6:3f:ee:25:1d:
a0:84:fa:2c:c6:21:43:b1:ae:c9:fa:5f:c6:aa:2b:
56:36:15:30:f9:5c:06:3f:6f:72:55:ef:fa:c8:e7:
d3:6e:a4:e5:1f:7d:77:84:85:ac:4b:e8:4b:39:b5:
ad:e5:22:17:33:03:4d:46:4f:ea:00:b5:f2:a0:8c:
ee:f8:a7:55:57:d0:35:81:14:b3:09:d0:a2:49:1a:
c0:e7:e0:71:9d:a7:29:75:37:97:a6:b9:01:d0:5a:
fe:dd:79:ba:bb:f4:b2:6a:c4:cf:cc:17:7d:41:ac:
1d:1f:c4:35:b9:a4:fd:b7:a3:86:06:27:61:15:64:
52:3c:01:95:ce:c1:68:3c:ff:28:79:51:75:7c:19:
2e:1a:e0:94:45:2f:cf:ce:58:dc:64:64:34:e8:0d:
5b:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:F8:08:CD:7D:7F:7F:96:B3:7E:9A:E4:2F:08:F7:91:AE:EF:D1:43
X509v3 Authority Key Identifier:
keyid:5E:C1:A6:AD:76:A3:AB:FD:C1:E1:32:9E:B2:63:7C:01:86:4B:48:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/XsGmrXajq_3B4TKesmN8AYZLSAg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XsGmrXajq_3B4TKesmN8AYZLSAg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB20B/BA71B648120311EBBAA19414C4F9AE02/82BB885E4B9811EB85F74960C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
110.93.192.0/18
117.20.16.0/20
119.63.128.0/20
221.132.112.0/21
IPv6:
2404:d400::/32
Signature Algorithm: sha256WithRSAEncryption
4d:d9:37:b2:a9:d0:07:d0:fb:00:31:7e:bf:26:03:8a:6b:1a:
70:0b:53:fc:66:82:39:47:1c:44:ae:34:77:1d:a1:8c:d6:23:
15:ea:00:a8:73:f7:be:4e:ca:d2:24:a4:cf:b0:93:b4:9f:e2:
a8:4e:01:a8:a4:34:1d:8e:fc:62:9f:c9:29:b1:0c:57:ad:da:
ea:59:b1:c9:96:e5:3b:fc:37:f9:ae:07:0a:51:fe:0c:0c:d2:
42:b7:bb:c9:c0:b2:f0:dd:22:52:b6:f0:d1:1a:2f:84:7c:b4:
91:b3:1b:e5:3a:9c:15:8f:3e:18:60:dd:4c:c3:8f:12:ce:cb:
4c:5b:b3:5e:57:90:b7:0b:a7:2c:4d:65:53:24:3b:64:5f:f8:
16:59:02:60:6b:10:e8:49:32:b1:c1:4c:0c:1e:65:df:69:ab:
df:ba:37:91:7a:34:c1:e1:7d:64:32:24:57:bf:9c:97:45:a3:
3f:67:02:c1:97:2c:cb:42:b4:32:ed:e0:7a:23:cb:74:d4:13:
6f:8f:48:43:93:34:56:68:dc:b4:12:1e:20:bc:d3:cf:ac:2c:
da:c1:07:e7:57:f1:c5:7f:45:c5:37:e7:6f:c4:6e:28:e8:bb:
2f:aa:b1:eb:4e:63:5b:19:60:7e:af:06:84:8a:44:c3:8c:62:
dc:c3:40:b5
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICB04wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUIyMEIxMTAvBgNVBAUTKDVFQzFBNkFENzZBM0FCRkRDMUUxMzI5RUIyNjM3QzAx
ODY0QjQ4MDgwHhcNMjQwOTA0MjI0MTI3WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQ4ZTIxNy05MWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqgo+IIOKrDXx+KUf0WO8ufh+PWYC9qPUdZuRD0fHINgL8Yy+Vhl38/7ZHtyz
esSDn/ijvi0A1CgOzjSDZEcIAyt2W9KqFT8eHwYXk3H6Uundb91VjxK6bNQqGkUR
VGjQcUwLxj/uJR2ghPosxiFDsa7J+l/GqitWNhUw+VwGP29yVe/6yOfTbqTlH313
hIWsS+hLObWt5SIXMwNNRk/qALXyoIzu+KdVV9A1gRSzCdCiSRrA5+BxnacpdTeX
prkB0Fr+3Xm6u/SyasTPzBd9QawdH8Q1uaT9t6OGBidhFWRSPAGVzsFoPP8oeVF1
fBkuGuCURS/PzljcZGQ06A1bwQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFLr4CM19
f3+Ws36a5C8I95Gu79FDMB8GA1UdIwQYMBaAFF7Bpq12o6v9weEynrJjfAGGS0gI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjIwQi9CQTcxQjY0ODEy
MDMxMUVCQkFBMTk0MTRDNEY5QUUwMi9Yc0dtclhhanFfM0I0VEtlc21OOEFZWkxT
QWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hzR21yWGFqcV8zQjRUS2VzbU44QVlaTFNBZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUIyMEIvQkE3MUI2NDgxMjAzMTFFQkJBQTE5NDE0QzRGOUFFMDIvODJCQjg4NUU0
Qjk4MTFFQjg1Rjc0OTYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAZuXcADBAR1FBADBAR3P4ADBAPdhHAwDQQCAAIwBwMFACQE
1AAwDQYJKoZIhvcNAQELBQADggEBAE3ZN7Kp0AfQ+wAxfr8mA4prGnALU/xmgjlH
HESuNHcdoYzWIxXqAKhz975OytIkpM+wk7Sf4qhOAaikNB2O/GKfySmxDFet2upZ
scmW5Tv8N/muBwpR/gwM0kK3u8nAsvDdIlK28NEaL4R8tJGzG+U6nBWPPhhg3UzD
jxLOy0xbs15XkLcLpyxNZVMkO2Rf+BZZAmBrEOhJMrHBTAweZd9pq9+6N5F6NMHh
fWQyJFe/nJdFoz9nAsGXLMtCtDLt4Hojy3TUE2+PSEOTNFZo3LQSHiC808+sLNrB
B+dX8cV/RcU352/Ebijouy+qsetOY1sZYH6vBoSKRMOMYtzDQLU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:11 2024 by rpki-client on console-fra.rpki-client.org