Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
File: 99CF729E221011ED980A6F47C4F9AE02.roa (raw, json)
Hash identifier: iSQxLeiRN1fYoIns2yWqQhKW9w0d7Bh4Hi7g+FcoiAo=
Subject key identifier: 3E:0D:34:93:33:5B:A2:0F:4B:C6:5C:35:61:18:75:4A:A9:06:F0:05
Certificate issuer: /CN=A91B6F47/serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Certificate serial: 34E2
Authority key identifier: 53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
Signing time: Wed 02 Oct 2024 14:50:32 +0000
ROA not before: Wed 02 Oct 2024 14:50:32 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 18042
IP address blocks: 58.114.0.0/15 maxlen: 16
58.114.0.0/17 maxlen: 17
58.114.0.0/18 maxlen: 18
58.114.64.0/18 maxlen: 18
58.114.128.0/18 maxlen: 18
58.114.192.0/18 maxlen: 18
58.115.0.0/18 maxlen: 21
58.115.64.0/18 maxlen: 18
58.115.128.0/18 maxlen: 18
58.115.192.0/18 maxlen: 18
61.70.0.0/15 maxlen: 15
61.70.0.0/16 maxlen: 24
61.71.0.0/16 maxlen: 24
111.184.0.0/15 maxlen: 24
182.233.0.0/16 maxlen: 24
182.234.0.0/15 maxlen: 24
202.2.52.0/22 maxlen: 24
203.133.0.0/17 maxlen: 24
203.187.80.0/20 maxlen: 24
203.203.0.0/16 maxlen: 24
203.204.0.0/16 maxlen: 24
219.68.0.0/16 maxlen: 24
219.69.0.0/17 maxlen: 24
219.69.128.0/17 maxlen: 24
219.70.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 14:24:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13538 (0x34e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B6F47/serialNumber=538B076E0AADD8FAE2970C9543E849A90FE73752
Validity
Not Before: Oct 2 14:50:32 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66fd5db8-4d85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:6b:0e:06:06:6d:76:8b:d5:d8:df:5d:57:42:
7f:7b:be:6d:09:f5:33:f7:86:c7:e6:10:f2:2d:9a:
e4:ac:8b:1c:68:00:58:71:37:ab:e0:5d:78:95:2a:
55:21:fd:17:e5:41:fd:75:f1:4d:a6:f0:32:fb:b7:
98:9b:b4:45:5c:2c:c5:63:61:d0:1c:71:0e:79:03:
fd:d7:fd:26:b8:a1:ef:ed:2b:ec:9d:8b:1d:90:a5:
f4:17:d1:f0:40:c3:b7:07:81:00:fc:d9:0a:8d:27:
31:fa:87:b8:35:d3:ae:75:dc:da:95:fb:5c:59:44:
5d:ec:3a:11:4a:a4:07:5b:95:46:4d:f6:54:5a:1d:
de:e0:c3:61:de:5c:3e:63:44:1c:28:dc:38:1d:49:
6c:b9:1a:a0:23:12:fa:98:d6:03:9d:f3:73:25:ce:
a9:d6:40:2e:09:2a:59:10:9b:77:58:8f:df:c7:cb:
ca:6f:29:f2:e9:10:ec:5d:64:38:3d:b3:15:77:5c:
24:e2:24:73:32:83:92:74:0a:ee:7c:53:25:9d:0a:
06:32:94:6b:d4:ba:2d:24:04:0e:7c:fa:1f:a9:06:
c7:3d:91:bf:db:64:a3:32:27:02:d3:02:ec:0b:36:
eb:5a:d7:65:3d:9c:4e:5e:01:94:b7:9d:2e:8b:5e:
07:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:0D:34:93:33:5B:A2:0F:4B:C6:5C:35:61:18:75:4A:A9:06:F0:05
X509v3 Authority Key Identifier:
keyid:53:8B:07:6E:0A:AD:D8:FA:E2:97:0C:95:43:E8:49:A9:0F:E7:37:52
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U4sHbgqt2PrilwyVQ-hJqQ_nN1I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6F47/B4A86C381D8411E2969FC5DA08B02CD2/99CF729E221011ED980A6F47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.114.0.0/15
61.70.0.0/15
111.184.0.0/15
182.233.0.0-182.235.255.255
202.2.52.0/22
203.133.0.0/17
203.187.80.0/20
203.203.0.0-203.204.255.255
219.68.0.0/14
Signature Algorithm: sha256WithRSAEncryption
5b:a0:2f:d1:fc:12:2b:08:ff:ae:93:a3:e4:23:00:81:9d:0f:
a9:90:6c:3b:0b:85:ab:0a:d8:58:eb:be:7b:99:1e:73:33:e3:
ed:b2:ec:56:00:d5:a0:0d:83:77:4d:d7:20:cf:b4:95:f0:81:
9e:60:68:df:45:27:9a:c3:e5:15:06:7e:7a:6b:87:21:32:e1:
30:81:2e:c3:81:98:7e:4e:16:af:af:6a:41:50:6d:03:f3:e8:
7c:84:4a:cb:ed:a3:c5:c8:37:b7:64:64:8b:9e:66:37:b7:74:
29:35:d2:40:95:bd:94:50:73:08:30:03:50:3a:f5:1f:c8:5f:
86:35:0b:2f:1e:33:8d:85:7e:02:0a:ec:e4:9b:61:a2:61:5f:
9c:f1:08:a0:7e:0a:57:5f:98:90:d3:46:29:e1:ec:ed:19:67:
6a:d6:70:b3:aa:93:24:31:56:7b:04:1a:28:0b:86:8b:81:08:
fa:2d:68:71:3e:62:f3:3e:1c:e1:f7:5f:69:1d:57:9b:4f:f0:
71:ee:ca:53:ff:7f:a7:83:96:1e:3f:67:dd:32:9a:07:d8:13:
72:bc:10:4c:90:62:b5:f8:20:e3:44:f8:4a:d7:f9:3d:67:e6:
32:71:68:50:92:bf:e0:e8:ff:1b:07:9c:df:ae:be:cd:9f:5d:
a6:11:b9:8a
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICNOIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjZGNDcxMTAvBgNVBAUTKDUzOEIwNzZFMEFBREQ4RkFFMjk3MEM5NTQzRTg0OUE5
MEZFNzM3NTIwHhcNMjQxMDAyMTQ1MDMyWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZkNWRiOC00ZDg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArmsOBgZtdovV2N9dV0J/e75tCfUz94bH5hDyLZrkrIscaABYcTer4F14lSpV
If0X5UH9dfFNpvAy+7eYm7RFXCzFY2HQHHEOeQP91/0muKHv7SvsnYsdkKX0F9Hw
QMO3B4EA/NkKjScx+oe4NdOuddzalftcWURd7DoRSqQHW5VGTfZUWh3e4MNh3lw+
Y0QcKNw4HUlsuRqgIxL6mNYDnfNzJc6p1kAuCSpZEJt3WI/fx8vKbyny6RDsXWQ4
PbMVd1wk4iRzMoOSdArufFMlnQoGMpRr1LotJAQOfPofqQbHPZG/22SjMicC0wLs
CzbrWtdlPZxOXgGUt50ui14HZQIDAQABo4ICzTCCAskwHQYDVR0OBBYEFD4NNJMz
W6IPS8ZcNWEYdUqpBvAFMB8GA1UdIwQYMBaAFFOLB24Krdj64pcMlUPoSakP5zdS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNkY0Ny9CNEE4NkMzODFE
ODQxMUUyOTY5RkM1REEwOEIwMkNEMi9VNHNIYmdxdDJQcmlsd3lWUS1oSnFRX25O
MUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1U0c0hiZ3F0MlByaWx3eVZRLWhKcVFfbk4xSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjZGNDcvQjRBODZDMzgxRDg0MTFFMjk2OUZDNURBMDhCMDJDRDIvOTlDRjcyOUUy
MjEwMTFFRDk4MEE2RjQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DAwE6cgMDAT1GAwMBb7gwCgMDALbpAwMCtugDBALKAjQDBAfL
hQADBATLu1AwCgMDAMvLAwMAy8wDAwLbRDANBgkqhkiG9w0BAQsFAAOCAQEAW6Av
0fwSKwj/rpOj5CMAgZ0PqZBsOwuFqwrYWOu+e5keczPj7bLsVgDVoA2Dd03XIM+0
lfCBnmBo30UnmsPlFQZ+emuHITLhMIEuw4GYfk4Wr69qQVBtA/PofIRKy+2jxcg3
t2Rki55mN7d0KTXSQJW9lFBzCDADUDr1H8hfhjULLx4zjYV+Agrs5JthomFfnPEI
oH4KV1+YkNNGKeHs7RlnatZws6qTJDFWewQaKAuGi4EI+i1ocT5i8z4c4fdfaR1X
m0/wce7KU/9/p4OWHj9n3TKaB9gTcrwQTJBitfgg40T4Stf5PWfmMnFoUJK/4Oj/
Gwec366+zZ9dphG5ig==
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:50:03 2024 by rpki-client on console-ams.rpki-client.org