Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/71A7B3621AD911EA97EF1C30C4F9AE02.roa
File: 71A7B3621AD911EA97EF1C30C4F9AE02.roa (raw, json)
Hash identifier: 9r153uKD9O+R7bkXsQuugQY1h1itvtGz1Qj2pvwl7UY=
Subject key identifier: 5E:21:09:4F:9A:92:74:64:DF:F9:75:F9:04:22:E6:9C:EC:63:D8:0A
Certificate issuer: /CN=A91C4003/serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Certificate serial: 0A91
Authority key identifier: 03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/71A7B3621AD911EA97EF1C30C4F9AE02.roa
Signing time: Fri 28 Jul 2023 19:37:29 +0000
ROA not before: Fri 28 Jul 2023 19:37:29 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 38835
IP address blocks: 43.231.68.0/22 maxlen: 24
43.245.36.0/22 maxlen: 24
43.251.52.0/22 maxlen: 24
103.18.252.0/22 maxlen: 24
103.21.132.0/22 maxlen: 24
103.24.47.0/24 maxlen: 24
103.42.140.0/22 maxlen: 24
103.205.246.0/23 maxlen: 24
103.206.28.0/24 maxlen: 24
103.232.196.0/22 maxlen: 24
113.21.32.0/20 maxlen: 23
113.21.32.0/22 maxlen: 24
113.21.37.0/24 maxlen: 24
113.21.38.0/23 maxlen: 24
113.21.40.0/21 maxlen: 24
113.61.96.0/21 maxlen: 23
113.61.97.0/24 maxlen: 24
113.61.98.0/23 maxlen: 24
113.61.100.0/23 maxlen: 24
113.61.102.0/24 maxlen: 24
163.47.64.0/22 maxlen: 24
182.161.44.0/22 maxlen: 24
183.81.144.0/21 maxlen: 24
203.31.34.0/23 maxlen: 24
203.160.8.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 13 May 2024 19:59:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2705 (0xa91)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C4003/serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Validity
Not Before: Jul 28 19:37:29 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64c418f8-6cb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:ea:b2:d0:06:c5:d0:f1:aa:2c:a7:31:32:78:
ea:84:9f:28:46:7c:87:d4:86:3f:93:2e:a0:dd:e1:
a9:2c:84:06:a1:22:28:15:72:f6:87:f6:d2:2a:59:
a6:e3:62:84:19:6a:f4:4f:8e:b8:38:dd:4b:f7:93:
45:be:87:b1:c3:46:48:8c:dc:31:ee:3d:26:b0:86:
d6:a8:e9:5b:d2:ef:5e:81:72:1f:df:cc:9c:ae:91:
97:54:aa:de:fa:fe:98:f1:3e:19:1d:67:c6:55:8c:
2e:ce:56:41:24:b8:7a:6d:59:9f:9e:b0:8d:ea:6d:
26:29:e9:25:29:72:da:c9:57:df:43:73:90:0f:ac:
c1:e4:6a:50:1f:03:9e:e8:04:09:ef:11:d2:b0:23:
5e:a4:d4:22:10:0d:dd:18:20:de:ed:67:ab:3c:06:
c5:26:64:25:d0:b1:7b:c9:22:28:be:92:88:4e:eb:
1d:32:0a:39:50:0c:41:3f:a5:00:c4:54:d7:e9:2d:
61:7a:77:ad:d1:d6:f0:84:1f:22:7b:39:af:f5:11:
c7:66:5c:b6:5a:9c:29:8e:f9:f4:2e:5f:f3:60:f2:
81:3e:7f:5a:58:bd:87:d9:5d:49:e7:e7:e7:67:a4:
73:c0:3d:96:f7:e6:75:45:cf:eb:c5:e3:2f:63:78:
d9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:21:09:4F:9A:92:74:64:DF:F9:75:F9:04:22:E6:9C:EC:63:D8:0A
X509v3 Authority Key Identifier:
keyid:03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/71A7B3621AD911EA97EF1C30C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.231.68.0/22
43.245.36.0/22
43.251.52.0/22
103.18.252.0/22
103.21.132.0/22
103.24.47.0/24
103.42.140.0/22
103.205.246.0/23
103.206.28.0/24
103.232.196.0/22
113.21.32.0/20
113.61.96.0/21
163.47.64.0/22
182.161.44.0/22
183.81.144.0/21
203.31.34.0/23
203.160.8.0/21
Signature Algorithm: sha256WithRSAEncryption
3b:62:fd:ab:ba:10:83:14:24:c9:ee:37:70:f4:25:b5:dd:b1:
7c:a4:71:99:24:44:2f:e3:54:0d:6a:2d:b0:75:83:e7:75:dd:
b8:14:49:6e:9d:17:60:91:b2:a8:58:7b:ed:91:c8:d5:82:d4:
a5:5a:0b:1c:d7:46:7c:5f:4b:3f:9f:6c:87:63:c0:b0:dc:3c:
1c:55:12:56:b0:78:50:0f:1b:97:8c:cc:3b:22:e3:b8:21:e8:
de:6c:13:5a:94:75:d5:80:59:2e:d5:ad:7f:da:8e:1e:7a:f0:
46:b9:d7:a3:86:60:33:71:8c:5d:f3:f7:9c:86:38:51:30:9b:
3b:29:0e:5f:e6:ff:68:15:89:ca:1f:a4:74:79:c6:a2:d9:2f:
c9:5d:6d:b4:63:df:82:1c:17:9a:11:10:88:7b:27:c0:10:c6:
49:c0:4e:a9:25:e7:c7:ab:a5:c5:bd:39:5d:ed:fd:01:c0:45:
e8:55:09:82:ec:a1:42:c5:c7:da:06:51:63:24:d5:89:15:13:
c8:ca:54:48:4b:16:0e:8b:95:ad:f4:19:9c:1b:ba:65:a0:4e:
17:4a:83:24:52:22:8d:0c:6d:8d:06:80:60:32:5c:ea:60:85:
1c:5a:3c:18:6e:c2:c2:49:39:11:5e:de:79:98:97:0d:b0:d3:
a0:20:ff:32
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgICCpEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzQwMDMxMTAvBgNVBAUTKDAzOEE4NkYzNjJCMjU1N0Y5NEJFNzcyRUUwQzVGRDMx
ODQ1RkUyNjMwHhcNMjMwNzI4MTkzNzI5WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM0MThmOC02Y2I5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6+qy0AbF0PGqLKcxMnjqhJ8oRnyH1IY/ky6g3eGpLIQGoSIoFXL2h/bSKlmm
42KEGWr0T464ON1L95NFvoexw0ZIjNwx7j0msIbWqOlb0u9egXIf38ycrpGXVKre
+v6Y8T4ZHWfGVYwuzlZBJLh6bVmfnrCN6m0mKeklKXLayVffQ3OQD6zB5GpQHwOe
6AQJ7xHSsCNepNQiEA3dGCDe7WerPAbFJmQl0LF7ySIovpKITusdMgo5UAxBP6UA
xFTX6S1henet0dbwhB8iezmv9RHHZly2Wpwpjvn0Ll/zYPKBPn9aWL2H2V1J5+fn
Z6RzwD2W9+Z1Rc/rxeMvY3jZdQIDAQABo4IC9TCCAvEwHQYDVR0OBBYEFF4hCU+a
knRk3/l1+QQi5pzsY9gKMB8GA1UdIwQYMBaAFAOKhvNislV/lL53LuDF/TGEX+Jj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNDAwMy9COEU4QUQ3MjFB
RDgxMUVBODJFNzRCMkZDNEY5QUUwMi9BNHFHODJLeVZYLVV2bmN1NE1YOU1ZUmY0
bU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0E0cUc4Mkt5VlgtVXZuY3U0TVg5TVlSZjRtTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzQwMDMvQjhFOEFENzIxQUQ4MTFFQTgyRTc0QjJGQzRGOUFFMDIvNzFBN0IzNjIx
QUQ5MTFFQTk3RUYxQzMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfwYIKwYBBQUHAQcBAf8E
cDBuMGwEAgABMGYDBAIr50QDBAIr9SQDBAIr+zQDBAJnEvwDBAJnFYQDBABnGC8D
BAJnKowDBAFnzfYDBABnzhwDBAJn6MQDBARxFSADBANxPWADBAKjL0ADBAK2oSwD
BAO3UZADBAHLHyIDBAPLoAgwDQYJKoZIhvcNAQELBQADggEBADti/au6EIMUJMnu
N3D0JbXdsXykcZkkRC/jVA1qLbB1g+d13bgUSW6dF2CRsqhYe+2RyNWC1KVaCxzX
RnxfSz+fbIdjwLDcPBxVElaweFAPG5eMzDsi47gh6N5sE1qUddWAWS7VrX/ajh56
8Ea516OGYDNxjF3z95yGOFEwmzspDl/m/2gVicofpHR5xqLZL8ldbbRj34IcF5oR
EIh7J8AQxknATqkl58erpcW9OV3t/QHARehVCYLsoULFx9oGUWMk1YkVE8jKVEhL
Fg6Lla30GZwbumWgThdKgyRSIo0MbY0GgGAyXOpghRxaPBhuwsJJORFe3nmYlw2w
06Ag/zI=
-----END CERTIFICATE-----
Generated at Mon May 6 23:05:49 2024 by rpki-client on console-fra.rpki-client.org