Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
File: BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa (raw, json)
Hash identifier: ko6JuSH5KdHDRvbFAlQ/kuUaDfW5QK4Fi6pI4fCmc9Y=
Subject key identifier: 04:A7:B8:B0:B7:EB:44:A2:1E:44:21:88:CD:A9:9F:A4:24:F4:19:49
Certificate issuer: /CN=A91B49F2/serialNumber=C873BB610B913C3ECDC708A265A74B1141A76F54
Certificate serial: 0DA0
Authority key identifier: C8:73:BB:61:0B:91:3C:3E:CD:C7:08:A2:65:A7:4B:11:41:A7:6F:54
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
Signing time: Tue 02 Jul 2024 18:45:44 +0000
ROA not before: Tue 02 Jul 2024 18:45:44 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 55944
IP address blocks: 43.231.28.0/22 maxlen: 24
43.247.140.0/22 maxlen: 24
103.15.52.0/22 maxlen: 24
103.19.224.0/22 maxlen: 24
103.50.104.0/22 maxlen: 24
103.248.112.0/22 maxlen: 24
150.107.196.0/22 maxlen: 24
202.153.80.0/21 maxlen: 21
202.153.80.0/23 maxlen: 24
202.153.82.0/23 maxlen: 24
202.153.84.0/23 maxlen: 24
202.153.86.0/23 maxlen: 24
2404:ab80::/48 maxlen: 48
2404:ab80:1::/48 maxlen: 48
2404:ab80:2::/48 maxlen: 48
2404:ab80:3::/48 maxlen: 48
2404:ab80:4::/48 maxlen: 48
2404:ab80:5::/48 maxlen: 48
2404:ab80:6::/48 maxlen: 48
2404:ab80:7::/48 maxlen: 48
2404:ab80:8::/48 maxlen: 48
2404:ab80:9::/48 maxlen: 48
2404:ab80:9:400::/64 maxlen: 64
2404:ab80:9:401::/64 maxlen: 64
2404:ab80:a::/48 maxlen: 48
2404:ab80:b::/48 maxlen: 48
2404:ab80:c::/48 maxlen: 48
2404:ab80:d::/48 maxlen: 48
2404:ab80:e::/48 maxlen: 48
2404:ab80:f::/48 maxlen: 48
2404:ab80:10::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.crl
rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 21 Feb 2025 05:15:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3488 (0xda0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B49F2
Validity
Not Before: Jul 2 18:45:44 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66844ad8-9aac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:98:28:3a:9c:9e:a4:ef:f7:ca:77:8a:8f:2b:
5d:fa:8d:27:59:ad:57:72:0c:83:07:90:10:d0:3a:
66:a3:61:ff:ba:37:ed:ac:6e:c9:32:e1:20:9f:b9:
4a:15:67:d2:7c:0e:a3:11:7e:2f:31:60:25:60:e8:
47:b0:5d:0d:07:7c:73:9d:21:37:44:98:62:88:e3:
2c:7e:21:0f:02:9a:56:3e:ff:9a:83:ac:30:ce:18:
e9:d8:24:69:9f:fa:cc:98:3a:cf:ac:3e:f2:df:d8:
b5:6d:4a:dd:60:11:2c:41:72:5e:9c:9a:50:60:1e:
20:5b:ae:02:10:73:c9:4a:b6:f3:71:77:49:e0:e5:
01:33:8b:cf:30:ba:d7:95:de:5c:27:7f:4b:c5:6d:
54:6e:45:02:12:ef:29:eb:05:ca:b6:c8:1f:6b:c3:
74:34:f8:e6:4a:48:05:dc:25:97:a5:03:b9:7d:6b:
62:f5:d9:7f:f6:cc:7b:44:56:b3:5c:d6:5c:d5:f2:
57:22:4e:72:74:78:07:aa:37:2f:7f:eb:35:be:90:
0c:4d:6d:65:04:23:ae:cf:f8:3b:01:dc:ea:46:19:
47:dd:b3:10:e5:79:b8:26:19:38:4e:af:54:b1:2b:
04:77:32:b3:81:fb:76:de:75:53:30:80:78:5e:f4:
fc:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A7:B8:B0:B7:EB:44:A2:1E:44:21:88:CD:A9:9F:A4:24:F4:19:49
X509v3 Authority Key Identifier:
keyid:C8:73:BB:61:0B:91:3C:3E:CD:C7:08:A2:65:A7:4B:11:41:A7:6F:54
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.231.28.0/22
43.247.140.0/22
103.15.52.0/22
103.19.224.0/22
103.50.104.0/22
103.248.112.0/22
150.107.196.0/22
202.153.80.0/21
IPv6:
2404:ab80::-2404:ab80:10:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
03:5f:3f:2a:78:62:1d:eb:40:ab:98:4c:a4:5e:ca:71:fa:84:
ee:d1:9f:ba:1f:6f:3e:31:04:f0:69:84:9c:d3:23:45:b8:49:
89:ae:74:a9:fe:5c:70:64:5c:2b:b3:61:89:d3:57:c6:f5:4a:
5e:6a:f2:9a:28:01:2f:7b:9a:ce:83:e8:60:0d:1d:d3:e3:dc:
72:11:9f:e0:3b:8f:56:6d:92:1c:56:70:62:9e:74:02:cd:af:
28:92:08:da:99:48:f8:fc:01:0a:2f:6c:46:70:c8:38:8f:36:
7c:3a:c7:5a:76:2a:b5:ac:e1:a5:bd:13:5d:ff:c2:32:97:ed:
b5:ff:8e:17:1f:dc:a8:dd:18:03:de:13:4b:36:6c:11:63:69:
56:ad:62:14:27:25:e3:38:51:d8:27:07:7a:21:01:34:0a:74:
8a:60:35:82:5c:8a:71:d1:c4:a7:b0:5c:07:5c:05:8f:59:0a:
22:74:7d:f5:47:42:5f:3b:65:93:65:f9:0c:bd:34:29:dc:5a:
37:8c:19:d7:8a:94:91:44:7b:ce:94:83:91:0d:59:76:18:82:
f5:fd:28:0f:f0:19:c6:29:1a:17:e4:a0:29:bd:4f:24:4e:b2:
e1:a5:05:16:4d:61:ad:cd:5b:70:85:a7:cb:c4:e6:83:86:e1:
40:ae:10:05
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICDaAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjQ5RjIxMTAvBgNVBAUTKEM4NzNCQjYxMEI5MTNDM0VDREM3MDhBMjY1QTc0QjEx
NDFBNzZGNTQwHhcNMjQwNzAyMTg0NTQ0WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg0NGFkOC05YWFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsJgoOpyepO/3yneKjytd+o0nWa1XcgyDB5AQ0Dpmo2H/ujftrG7JMuEgn7lK
FWfSfA6jEX4vMWAlYOhHsF0NB3xznSE3RJhiiOMsfiEPAppWPv+ag6wwzhjp2CRp
n/rMmDrPrD7y39i1bUrdYBEsQXJenJpQYB4gW64CEHPJSrbzcXdJ4OUBM4vPMLrX
ld5cJ39LxW1UbkUCEu8p6wXKtsgfa8N0NPjmSkgF3CWXpQO5fWti9dl/9sx7RFaz
XNZc1fJXIk5ydHgHqjcvf+s1vpAMTW1lBCOuz/g7AdzqRhlH3bMQ5Xm4Jhk4Tq9U
sSsEdzKzgft23nVTMIB4XvT88QIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFASnuLC3
60SiHkQhiM2pn6Qk9BlJMB8GA1UdIwQYMBaAFMhzu2ELkTw+zccIomWnSxFBp29U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNDlGMi84MkU0QzJBMEE2
RUUxMUU5ODVGM0IwMTFDNEY5QUUwMi95SE83WVF1UlBEN054d2lpWmFkTEVVR25i
MVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lITzdZUXVSUEQ3Tnh3aWlaYWRMRVVHbmIxUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjQ5RjIvODJFNEMyQTBBNkVFMTFFOTg1RjNCMDExQzRGOUFFMDIvQkIwQUE1OUMw
QTNEMTFFQjgyRUNFQTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMDYEAgABMDADBAIr5xwDBAIr94wDBAJnDzQDBAJnE+ADBAJnMmgDBAJn+HAD
BAKWa8QDBAPKmVAwGAQCAAIwEjAQAwUHJASrgAMHACQEq4AAEDANBgkqhkiG9w0B
AQsFAAOCAQEAA18/KnhiHetAq5hMpF7KcfqE7tGfuh9vPjEE8GmEnNMjRbhJia50
qf5ccGRcK7NhidNXxvVKXmrymigBL3uazoPoYA0d0+PcchGf4DuPVm2SHFZwYp50
As2vKJII2plI+PwBCi9sRnDIOI82fDrHWnYqtazhpb0TXf/CMpfttf+OFx/cqN0Y
A94TSzZsEWNpVq1iFCcl4zhR2CcHeiEBNAp0imA1glyKcdHEp7BcB1wFj1kKInR9
9UdCXztlk2X5DL00KdxaN4wZ14qUkUR7zpSDkQ1ZdhiC9f0oD/AZxikaF+SgKb1P
JE6y4aUFFk1hrc1bcIWny8Tmg4bhQK4QBQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:24:57 2025 by rpki-client