Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/BAE1D7A8716711EFBF91272AC4F9AE02.roa
File: BAE1D7A8716711EFBF91272AC4F9AE02.roa (raw, json)
Hash identifier: R9PMkjGXgOcQjk0/UQYLOxv5UDNqT04eK7DjfiWdfHY=
Subject key identifier: 09:78:F4:A5:AA:87:67:39:7E:F4:26:79:08:21:EF:A4:B7:AF:E1:A7
Certificate issuer: /CN=A91B3558/serialNumber=C8909254F69666D585E310ACD8DFF2B1FB9A5F2A
Certificate serial: 0FE5
Authority key identifier: C8:90:92:54:F6:96:66:D5:85:E3:10:AC:D8:DF:F2:B1:FB:9A:5F:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yJCSVPaWZtWF4xCs2N_ysfuaXyo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/BAE1D7A8716711EFBF91272AC4F9AE02.roa
Signing time: Fri 13 Sep 2024 00:33:16 +0000
ROA not before: Fri 13 Sep 2024 00:33:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 46489
IP address blocks: 45.113.128.0/22 maxlen: 22
103.53.48.0/22 maxlen: 22
103.53.48.0/23 maxlen: 23
2402:2a80::/32 maxlen: 32
2402:2a80:100::/40 maxlen: 48
2402:2a80:200::/40 maxlen: 48
2402:2a80:300::/40 maxlen: 48
2402:2a80:400::/40 maxlen: 48
2402:2a80:1000::/36 maxlen: 36
2402:2a80:1000::/40 maxlen: 40
2402:2a80:1100::/40 maxlen: 40
2402:2a80:1200::/40 maxlen: 40
2402:2a80:1300::/40 maxlen: 40
2402:2a80:1400::/40 maxlen: 40
2402:2a80:1500::/40 maxlen: 40
2402:2a80:2000::/36 maxlen: 36
2402:2a80:2000::/40 maxlen: 40
2402:2a80:2100::/40 maxlen: 40
2402:2a80:3000::/36 maxlen: 36
2402:2a80:3000::/40 maxlen: 40
2402:2a80:3100::/40 maxlen: 40
2402:2a80:3200::/40 maxlen: 40
2402:2a80:3300::/40 maxlen: 40
2402:2a80:4000::/36 maxlen: 36
2402:2a80:4000::/40 maxlen: 40
2402:2a80:4100::/40 maxlen: 40
2402:2a80:4200::/40 maxlen: 40
2402:2a80:5000::/36 maxlen: 36
2402:2a80:6000::/36 maxlen: 36
2402:2a80:b000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/yJCSVPaWZtWF4xCs2N_ysfuaXyo.crl
rsync://rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/yJCSVPaWZtWF4xCs2N_ysfuaXyo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yJCSVPaWZtWF4xCs2N_ysfuaXyo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 27 Nov 2024 17:13:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4069 (0xfe5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B3558/serialNumber=C8909254F69666D585E310ACD8DFF2B1FB9A5F2A
Validity
Not Before: Sep 13 00:33:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66e3884a-7f2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:6e:8e:db:e5:96:af:2e:95:47:4f:2b:3e:87:
54:65:5d:c4:9c:22:67:9a:83:24:6a:fd:76:4f:c5:
a0:5c:a8:9e:e1:02:67:e1:c4:0c:10:29:4e:8e:0f:
2b:a5:9f:a2:ae:9a:a2:6a:02:64:08:11:32:0b:ce:
d9:24:a1:fc:eb:40:20:3a:a0:9a:a8:87:c1:a3:79:
d0:6f:46:0c:5c:88:4c:ab:1a:a4:7c:d4:da:f6:82:
36:9d:3a:36:3f:f8:a7:81:d9:5f:ea:49:fa:83:81:
60:95:f9:31:3d:2b:fd:55:46:d6:93:74:fb:e1:07:
02:90:40:fd:89:d7:ea:79:ba:f9:f2:be:fd:8f:dc:
3a:8c:4d:87:ee:17:9b:f3:d1:ad:55:1d:98:b4:1a:
ed:04:40:7c:d0:c4:15:b4:64:40:85:c3:b8:39:ac:
82:33:77:36:b7:d2:27:b6:b4:ab:31:d6:cb:50:09:
d0:36:ef:82:38:67:2b:ad:ee:53:a0:98:1d:f6:08:
ed:1f:66:64:33:58:f7:56:f0:57:cb:f4:13:be:f6:
7c:a6:c9:1d:4b:84:e8:38:21:31:ee:2c:dd:5f:68:
9b:ab:95:7e:38:27:0b:d4:25:18:9a:b9:c3:d1:94:
23:5e:5b:b8:78:f6:c7:bf:b3:3c:a1:e4:fe:71:f9:
57:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:78:F4:A5:AA:87:67:39:7E:F4:26:79:08:21:EF:A4:B7:AF:E1:A7
X509v3 Authority Key Identifier:
keyid:C8:90:92:54:F6:96:66:D5:85:E3:10:AC:D8:DF:F2:B1:FB:9A:5F:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/yJCSVPaWZtWF4xCs2N_ysfuaXyo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yJCSVPaWZtWF4xCs2N_ysfuaXyo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3558/0F21214E390511E99A330233C4F9AE02/BAE1D7A8716711EFBF91272AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.113.128.0/22
103.53.48.0/22
IPv6:
2402:2a80::/32
Signature Algorithm: sha256WithRSAEncryption
3a:77:91:1a:71:1c:e6:2d:2f:f4:24:1e:12:10:18:a8:ef:74:
3b:5d:c3:ae:4f:92:a0:7c:f4:77:46:80:7c:a9:ce:76:63:f4:
22:0a:f6:a3:ba:71:b8:c9:9f:72:4c:9a:2d:99:cb:23:93:e7:
98:c2:87:50:e6:a7:d2:d0:54:24:ec:0f:78:82:d5:14:41:12:
ca:de:1f:a2:33:f3:ef:e6:7f:da:05:94:82:cb:b2:64:84:e0:
db:f5:c3:c1:39:86:d5:b9:50:03:d2:ba:a9:c8:80:ac:b6:e2:
0c:39:83:8d:61:40:1e:af:2e:9e:bd:c3:4b:d2:04:c6:06:d1:
32:4d:ba:fd:28:fe:6a:25:79:47:f8:2f:66:04:54:75:9a:85:
4c:9e:1a:ef:62:a6:16:be:b7:f7:3b:94:4d:2c:b6:0b:76:1d:
66:e6:f5:33:7a:fe:c8:5c:6a:67:77:03:2d:86:4a:df:16:55:
1b:6a:21:79:92:07:7f:94:c6:85:26:65:28:2d:c3:35:ff:b9:
51:e9:17:a6:2b:d3:2c:ea:16:2f:e1:74:8c:25:46:06:30:cc:
a3:1f:6c:0f:80:9e:87:ed:bd:2e:7f:b1:16:42:c8:4f:9e:58:
ac:fd:d2:59:d7:86:ef:ca:c8:61:1c:36:a1:38:0c:a5:cc:97:
9b:7e:96:2c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICD+UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjM1NTgxMTAvBgNVBAUTKEM4OTA5MjU0RjY5NjY2RDU4NUUzMTBBQ0Q4REZGMkIx
RkI5QTVGMkEwHhcNMjQwOTEzMDAzMzE2WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmUzODg0YS03ZjJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArW6O2+WWry6VR08rPodUZV3EnCJnmoMkav12T8WgXKie4QJn4cQMEClOjg8r
pZ+irpqiagJkCBEyC87ZJKH860AgOqCaqIfBo3nQb0YMXIhMqxqkfNTa9oI2nTo2
P/ingdlf6kn6g4FglfkxPSv9VUbWk3T74QcCkED9idfqebr58r79j9w6jE2H7heb
89GtVR2YtBrtBEB80MQVtGRAhcO4OayCM3c2t9IntrSrMdbLUAnQNu+COGcrre5T
oJgd9gjtH2ZkM1j3VvBXy/QTvvZ8pskdS4ToOCEx7izdX2ibq5V+OCcL1CUYmrnD
0ZQjXlu4ePbHv7M8oeT+cflXWQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFAl49KWq
h2c5fvQmeQgh76S3r+GnMB8GA1UdIwQYMBaAFMiQklT2lmbVheMQrNjf8rH7ml8q
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMzU1OC8wRjIxMjE0RTM5
MDUxMUU5OUEzMzAyMzNDNEY5QUUwMi95SkNTVlBhV1p0V0Y0eENzMk5feXNmdWFY
eW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lKQ1NWUGFXWnRXRjR4Q3MyTl95c2Z1YVh5by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjM1NTgvMEYyMTIxNEUzOTA1MTFFOTlBMzMwMjMzQzRGOUFFMDIvQkFFMUQ3QTg3
MTY3MTFFRkJGOTEyNzJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAItcYADBAJnNTAwDQQCAAIwBwMFACQCKoAwDQYJKoZIhvcN
AQELBQADggEBADp3kRpxHOYtL/QkHhIQGKjvdDtdw65PkqB89HdGgHypznZj9CIK
9qO6cbjJn3JMmi2ZyyOT55jCh1Dmp9LQVCTsD3iC1RRBEsreH6Iz8+/mf9oFlILL
smSE4Nv1w8E5htW5UAPSuqnIgKy24gw5g41hQB6vLp69w0vSBMYG0TJNuv0o/mol
eUf4L2YEVHWahUyeGu9ipha+t/c7lE0stgt2HWbm9TN6/shcamd3Ay2GSt8WVRtq
IXmSB3+UxoUmZSgtwzX/uVHpF6Yr0yzqFi/hdIwlRgYwzKMfbA+AnoftvS5/sRZC
yE+eWKz90lnXhu/KyGEcNqE4DKXMl5t+liw=
-----END CERTIFICATE-----
Generated at Wed Nov 20 18:45:04 2024 by rpki-client on console-fra.rpki-client.org