Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
File: 13901018203F11ECBE18630CC4F9AE02.roa (raw, json)
Hash identifier: zrrI6AtdyN6IWstAzQnI1Tab8e42Oncb5pCDnEH10Zg=
Subject key identifier: 4C:5B:2E:55:73:77:26:8F:FA:C3:6A:20:2A:A8:A1:9F:A1:09:46:B0
Certificate issuer: /CN=A91AEDF7/serialNumber=9696C6592C02B503F488D4437CD0AC82C176B376
Certificate serial: 06BF
Authority key identifier: 96:96:C6:59:2C:02:B5:03:F4:88:D4:43:7C:D0:AC:82:C1:76:B3:76
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
Signing time: Tue 30 Jan 2024 23:11:41 +0000
ROA not before: Tue 30 Jan 2024 23:11:41 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 55366
IP address blocks: 103.70.172.0/22 maxlen: 23
103.70.172.0/24 maxlen: 24
103.70.173.0/24 maxlen: 24
103.70.174.0/24 maxlen: 24
103.70.175.0/24 maxlen: 24
202.58.229.0/24 maxlen: 24
202.90.38.0/23 maxlen: 23
202.90.38.0/24 maxlen: 24
202.90.39.0/24 maxlen: 24
203.142.223.0/24 maxlen: 24
2406:9c40::/32 maxlen: 40
2406:9c40:1000::/48 maxlen: 48
2406:9c40:1001::/48 maxlen: 48
2406:9c40:1002::/47 maxlen: 47
2406:9c40:1004::/46 maxlen: 46
2406:9c40:1008::/45 maxlen: 45
2406:9c40:1010::/44 maxlen: 44
2406:9c40:1020::/43 maxlen: 43
2406:9c40:1040::/42 maxlen: 42
2406:9c40:1080::/41 maxlen: 41
2406:9c40:2000::/48 maxlen: 48
2406:9c40:2001::/48 maxlen: 48
2406:9c40:2002::/47 maxlen: 47
2406:9c40:2004::/46 maxlen: 46
2406:9c40:2008::/45 maxlen: 45
2406:9c40:2010::/44 maxlen: 44
2406:9c40:2020::/43 maxlen: 43
2406:9c40:2040::/42 maxlen: 42
2406:9c40:2080::/41 maxlen: 41
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.crl
rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1727 (0x6bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AEDF7/serialNumber=9696C6592C02B503F488D4437CD0AC82C176B376
Validity
Not Before: Jan 30 23:11:41 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65b9822d-8e86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:5a:79:c6:cd:ca:2c:03:88:39:99:a5:0c:03:
de:c2:f2:d0:df:c3:63:a3:28:3d:f5:2c:85:67:ca:
03:af:38:b4:f1:89:a6:fd:d8:25:34:49:fe:0d:28:
a6:6b:3d:9e:fc:14:44:8c:4b:27:a2:dd:6c:ca:8b:
df:65:8e:74:f2:38:32:f3:56:d3:f4:e5:bd:42:22:
91:42:e5:4a:5b:e5:ff:a3:cf:50:14:94:f5:23:07:
c4:18:9f:39:c7:4c:e6:73:da:ba:15:6e:bc:1d:d0:
09:75:e3:30:f5:f8:07:c6:dd:07:19:59:37:86:81:
e4:a6:a9:ff:fa:c0:fa:8f:f8:52:42:90:95:99:7f:
6c:4e:97:16:ce:73:20:52:c8:9f:0e:41:76:4a:71:
5e:b5:a6:32:67:36:e3:7a:5d:81:cc:26:b9:a8:7d:
da:49:44:1c:d3:69:16:7a:3b:3b:03:92:25:da:28:
06:8e:8a:70:32:47:eb:83:80:8b:ad:85:72:f1:19:
93:f4:a9:18:b7:31:b6:a7:f0:66:66:99:83:be:01:
76:7d:45:6f:86:52:29:a3:d2:22:bc:43:50:a5:ef:
c0:cf:2d:1c:3f:d6:1f:21:45:7b:02:ca:ea:71:31:
22:4f:d3:70:53:a2:80:d9:0e:12:9f:e6:56:00:02:
a0:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:5B:2E:55:73:77:26:8F:FA:C3:6A:20:2A:A8:A1:9F:A1:09:46:B0
X509v3 Authority Key Identifier:
keyid:96:96:C6:59:2C:02:B5:03:F4:88:D4:43:7C:D0:AC:82:C1:76:B3:76
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.70.172.0/22
202.58.229.0/24
202.90.38.0/23
203.142.223.0/24
IPv6:
2406:9c40::/32
Signature Algorithm: sha256WithRSAEncryption
0f:fd:c5:3f:f7:1d:b2:2b:ef:25:cd:45:ac:1c:2b:18:3c:04:
10:9d:74:fb:1f:fc:83:2a:61:c3:71:5e:5c:3e:f6:ed:02:ea:
11:cf:36:09:75:04:e8:76:96:1f:7b:96:ff:db:e9:46:7a:a2:
19:cf:fd:9e:eb:41:c3:91:df:1b:ad:55:e7:bc:51:72:c8:34:
74:2f:85:c6:30:f9:c4:c4:ec:3d:bb:7a:04:26:c5:44:fb:f5:
8f:bd:82:d4:fd:a8:86:9f:1c:e7:55:df:7d:5b:82:25:45:cc:
a4:cc:d9:41:ab:66:d5:ea:77:6f:d1:99:6b:5b:0b:0a:3d:d0:
53:b9:a3:d4:96:2f:40:00:bc:db:97:4b:eb:0b:aa:b4:f8:74:
48:da:06:21:90:55:56:88:43:7c:7a:af:ca:a2:ba:1f:b7:ee:
5d:0b:c3:10:a9:63:d1:fd:6e:80:db:b5:55:32:dc:7b:b9:ad:
12:1f:99:d4:70:19:ad:05:3e:80:8c:5f:9b:2d:ab:4c:bb:01:
21:f7:42:9f:e7:65:88:53:9f:f3:de:18:43:6b:58:2e:f2:ad:
fc:73:53:66:f0:32:c3:d9:49:89:54:95:11:08:b5:33:80:58:
35:66:47:22:9f:df:49:e9:e9:4c:ab:a5:4b:9b:c3:e7:14:23:
f9:dc:8a:9a
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICBr8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUVERjcxMTAvBgNVBAUTKDk2OTZDNjU5MkMwMkI1MDNGNDg4RDQ0MzdDRDBBQzgy
QzE3NkIzNzYwHhcNMjQwMTMwMjMxMTQxWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5ODIyZC04ZTg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAslp5xs3KLAOIOZmlDAPewvLQ38Njoyg99SyFZ8oDrzi08Ymm/dglNEn+DSim
az2e/BREjEsnot1syovfZY508jgy81bT9OW9QiKRQuVKW+X/o89QFJT1IwfEGJ85
x0zmc9q6FW68HdAJdeMw9fgHxt0HGVk3hoHkpqn/+sD6j/hSQpCVmX9sTpcWznMg
UsifDkF2SnFetaYyZzbjel2BzCa5qH3aSUQc02kWejs7A5Il2igGjopwMkfrg4CL
rYVy8RmT9KkYtzG2p/BmZpmDvgF2fUVvhlIpo9IivENQpe/Azy0cP9YfIUV7Asrq
cTEiT9NwU6KA2Q4Sn+ZWAAKgIQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFExbLlVz
dyaP+sNqICqooZ+hCUawMB8GA1UdIwQYMBaAFJaWxlksArUD9IjUQ3zQrILBdrN2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRURGNy9ERUUyRDA3QzA5
MDAxMUVCODUyMzE2NUNDNEY5QUUwMi9scGJHV1N3Q3RRUDBpTlJEZk5Dc2dzRjJz
M1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xwYkdXU3dDdFFQMGlOUkRmTkNzZ3NGMnMzWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUVERjcvREVFMkQwN0MwOTAwMTFFQjg1MjMxNjVDQzRGOUFFMDIvMTM5MDEwMTgy
MDNGMTFFQ0JFMTg2MzBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJnRqwDBADKOuUDBAHKWiYDBADLjt8wDQQCAAIwBwMFACQG
nEAwDQYJKoZIhvcNAQELBQADggEBAA/9xT/3HbIr7yXNRawcKxg8BBCddPsf/IMq
YcNxXlw+9u0C6hHPNgl1BOh2lh97lv/b6UZ6ohnP/Z7rQcOR3xutVee8UXLINHQv
hcYw+cTE7D27egQmxUT79Y+9gtT9qIafHOdV331bgiVFzKTM2UGrZtXqd2/RmWtb
Cwo90FO5o9SWL0AAvNuXS+sLqrT4dEjaBiGQVVaIQ3x6r8qiuh+37l0LwxCpY9H9
boDbtVUy3Hu5rRIfmdRwGa0FPoCMX5stq0y7ASH3Qp/nZYhTn/PeGENrWC7yrfxz
U2bwMsPZSYlUlREItTOAWDVmRyKf30np6UyrpUubw+cUI/ncipo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:11 2024 by rpki-client on console-fra.rpki-client.org