Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
File: BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa (raw, json)
Hash identifier: M2rblYPIl22pSvhr04c7XXdt1XeAUmS52zoBpDAC/7E=
Subject key identifier: 50:01:44:F9:1F:E1:B3:F7:BC:06:31:B1:08:42:20:33:8F:74:45:AE
Certificate issuer: /CN=A91B49F2/serialNumber=C873BB610B913C3ECDC708A265A74B1141A76F54
Certificate serial: 0D89
Authority key identifier: C8:73:BB:61:0B:91:3C:3E:CD:C7:08:A2:65:A7:4B:11:41:A7:6F:54
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
Signing time: Mon 27 May 2024 11:30:36 +0000
ROA not before: Mon 27 May 2024 11:30:36 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 55944
IP address blocks: 43.231.28.0/22 maxlen: 24
43.247.140.0/22 maxlen: 24
103.15.52.0/22 maxlen: 24
103.19.224.0/22 maxlen: 24
103.50.104.0/22 maxlen: 24
103.248.112.0/22 maxlen: 24
150.107.196.0/22 maxlen: 24
202.153.80.0/21 maxlen: 21
202.153.80.0/23 maxlen: 24
202.153.82.0/23 maxlen: 24
202.153.84.0/23 maxlen: 24
202.153.86.0/23 maxlen: 24
2404:ab80::/48 maxlen: 48
2404:ab80:1::/48 maxlen: 48
2404:ab80:2::/48 maxlen: 48
2404:ab80:3::/48 maxlen: 48
2404:ab80:4::/48 maxlen: 48
2404:ab80:5::/48 maxlen: 48
2404:ab80:6::/48 maxlen: 48
2404:ab80:7::/48 maxlen: 48
2404:ab80:8::/48 maxlen: 48
2404:ab80:9::/48 maxlen: 48
2404:ab80:9:400::/64 maxlen: 64
2404:ab80:9:401::/64 maxlen: 64
2404:ab80:a::/48 maxlen: 48
2404:ab80:b::/48 maxlen: 48
2404:ab80:c::/48 maxlen: 48
2404:ab80:d::/48 maxlen: 48
2404:ab80:e::/48 maxlen: 48
2404:ab80:f::/48 maxlen: 48
2404:ab80:10::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.crl
rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 04 Jun 2024 18:44:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3465 (0xd89)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B49F2/serialNumber=C873BB610B913C3ECDC708A265A74B1141A76F54
Validity
Not Before: May 27 11:30:36 2024 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=66546edc-eb4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:10:92:96:a1:48:f2:af:ef:53:40:ee:3f:ca:
63:56:cb:74:9b:d6:a9:08:51:c5:9d:f4:72:9c:27:
03:7e:26:ba:12:58:25:14:b5:f1:39:6c:42:4f:09:
41:db:67:e0:d7:3f:cf:51:33:d8:a8:fd:84:e5:88:
e1:27:7a:dc:f3:af:64:2d:eb:04:f3:ba:04:31:26:
69:4f:f9:ae:1d:59:ba:91:ac:1e:3c:46:f2:93:61:
35:e2:df:e1:7b:7a:e2:34:26:42:49:2a:7f:5a:b2:
fa:e9:6c:91:0d:34:b4:61:83:29:c4:54:77:a9:47:
ae:37:43:8b:c9:0e:98:18:b4:a4:9c:11:b3:e3:3e:
5f:c9:55:05:06:67:bc:36:b7:a4:e8:77:82:f8:f5:
15:cf:5a:b3:59:d4:b9:db:94:d3:0b:9f:20:60:08:
69:68:e5:84:91:4f:bd:54:8c:51:14:49:44:54:f9:
44:c2:ad:b0:05:10:00:a6:3d:bc:fa:39:ec:75:b5:
79:92:e4:cc:5a:33:f8:22:b5:99:31:9a:71:51:41:
01:61:fd:00:55:ec:a7:91:63:38:9c:84:bd:0b:d5:
a0:44:67:7b:b2:2f:76:5c:7b:3c:8d:6f:76:79:85:
6a:fc:ff:87:3d:cf:5c:62:32:6d:4d:05:9f:7d:8f:
55:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:01:44:F9:1F:E1:B3:F7:BC:06:31:B1:08:42:20:33:8F:74:45:AE
X509v3 Authority Key Identifier:
keyid:C8:73:BB:61:0B:91:3C:3E:CD:C7:08:A2:65:A7:4B:11:41:A7:6F:54
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/yHO7YQuRPD7NxwiiZadLEUGnb1Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yHO7YQuRPD7NxwiiZadLEUGnb1Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B49F2/82E4C2A0A6EE11E985F3B011C4F9AE02/BB0AA59C0A3D11EB82ECEA4BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.231.28.0/22
43.247.140.0/22
103.15.52.0/22
103.19.224.0/22
103.50.104.0/22
103.248.112.0/22
150.107.196.0/22
202.153.80.0/21
IPv6:
2404:ab80::-2404:ab80:10:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
61:cd:b7:b6:f2:a3:17:75:86:51:51:96:63:ef:d3:21:5c:96:
a7:c6:b5:75:a2:47:51:55:5e:c1:21:d1:08:20:af:21:38:c4:
ad:4d:8d:07:13:93:b0:0c:4f:19:a7:51:b4:39:0e:da:18:4f:
fe:f5:58:df:11:0b:41:96:63:30:a3:8d:a4:75:05:48:09:5f:
cd:80:4d:e2:6c:f4:b5:82:05:4f:d2:4d:f4:07:ee:51:0b:2f:
e8:7d:cb:27:bc:05:e9:49:7c:7d:18:87:f7:e5:ef:ec:06:3d:
60:ed:94:44:f9:fb:45:f9:9e:50:ef:16:b7:d2:35:8b:14:98:
8e:13:b5:c5:d8:66:69:ae:65:3b:a8:7c:2b:f8:f5:df:ac:ff:
15:80:06:7b:f7:fe:1d:fc:d6:c9:29:4a:35:f3:c2:e0:95:01:
ea:28:68:3f:ce:39:52:11:69:70:d1:49:43:45:9c:57:89:e2:
07:ee:16:85:41:91:9c:39:3d:76:fd:3c:af:67:45:54:1a:0b:
e8:c7:de:29:7e:b4:fe:f5:8c:01:b9:8f:f5:b3:11:6c:55:f5:
34:03:cf:66:d8:37:36:21:a6:15:02:9c:3e:29:a4:f3:a6:bd:
a7:e2:61:a5:c8:05:f1:a3:46:81:09:f7:bb:93:ea:db:55:ae:
a1:ab:64:c9
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICDYkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjQ5RjIxMTAvBgNVBAUTKEM4NzNCQjYxMEI5MTNDM0VDREM3MDhBMjY1QTc0QjEx
NDFBNzZGNTQwHhcNMjQwNTI3MTEzMDM2WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU0NmVkYy1lYjRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsRCSlqFI8q/vU0DuP8pjVst0m9apCFHFnfRynCcDfia6ElglFLXxOWxCTwlB
22fg1z/PUTPYqP2E5YjhJ3rc869kLesE87oEMSZpT/muHVm6kawePEbyk2E14t/h
e3riNCZCSSp/WrL66WyRDTS0YYMpxFR3qUeuN0OLyQ6YGLSknBGz4z5fyVUFBme8
Nrek6HeC+PUVz1qzWdS525TTC58gYAhpaOWEkU+9VIxRFElEVPlEwq2wBRAApj28
+jnsdbV5kuTMWjP4IrWZMZpxUUEBYf0AVeynkWM4nIS9C9WgRGd7si92XHs8jW92
eYVq/P+HPc9cYjJtTQWffY9VXQIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFFABRPkf
4bP3vAYxsQhCIDOPdEWuMB8GA1UdIwQYMBaAFMhzu2ELkTw+zccIomWnSxFBp29U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNDlGMi84MkU0QzJBMEE2
RUUxMUU5ODVGM0IwMTFDNEY5QUUwMi95SE83WVF1UlBEN054d2lpWmFkTEVVR25i
MVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lITzdZUXVSUEQ3Tnh3aWlaYWRMRVVHbmIxUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjQ5RjIvODJFNEMyQTBBNkVFMTFFOTg1RjNCMDExQzRGOUFFMDIvQkIwQUE1OUMw
QTNEMTFFQjgyRUNFQTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMDYEAgABMDADBAIr5xwDBAIr94wDBAJnDzQDBAJnE+ADBAJnMmgDBAJn+HAD
BAKWa8QDBAPKmVAwGAQCAAIwEjAQAwUHJASrgAMHACQEq4AAEDANBgkqhkiG9w0B
AQsFAAOCAQEAYc23tvKjF3WGUVGWY+/TIVyWp8a1daJHUVVewSHRCCCvITjErU2N
BxOTsAxPGadRtDkO2hhP/vVY3xELQZZjMKONpHUFSAlfzYBN4mz0tYIFT9JN9Afu
UQsv6H3LJ7wF6Ul8fRiH9+Xv7AY9YO2URPn7RfmeUO8Wt9I1ixSYjhO1xdhmaa5l
O6h8K/j136z/FYAGe/f+HfzWySlKNfPC4JUB6ihoP845UhFpcNFJQ0WcV4niB+4W
hUGRnDk9dv08r2dFVBoL6MfeKX60/vWMAbmP9bMRbFX1NAPPZtg3NiGmFQKcPimk
86a9p+JhpcgF8aNGgQn3u5Pq21WuoatkyQ==
-----END CERTIFICATE-----
Generated at Tue May 28 19:51:23 2024 by rpki-client on console-fra.rpki-client.org