Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/E36FB86EC09A11ECB9687037C4F9AE02.roa
File: E36FB86EC09A11ECB9687037C4F9AE02.roa (raw, json)
Hash identifier: Ib+XazX+Qxi5XJo4rC4mxroM+7vsfCjFEjXXwhdqb+s=
Subject key identifier: E2:1E:07:5B:B7:7B:91:7F:B2:1D:3E:4F:32:D4:97:79:E4:B0:5E:C0
Certificate issuer: /CN=A91C911D/serialNumber=475B62A5F233ED05AC72D8781234E109BF3A908C
Certificate serial: 0606
Authority key identifier: 47:5B:62:A5:F2:33:ED:05:AC:72:D8:78:12:34:E1:09:BF:3A:90:8C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/E36FB86EC09A11ECB9687037C4F9AE02.roa
Signing time: Wed 03 Apr 2024 00:32:58 +0000
ROA not before: Wed 03 Apr 2024 00:32:58 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 133736
IP address blocks: 43.245.132.0/22 maxlen: 22
43.245.132.0/24 maxlen: 24
43.245.133.0/24 maxlen: 24
43.245.134.0/24 maxlen: 24
43.245.135.0/24 maxlen: 24
103.31.88.0/22 maxlen: 22
103.31.88.0/24 maxlen: 24
103.31.89.0/24 maxlen: 24
103.31.90.0/24 maxlen: 24
103.31.91.0/24 maxlen: 24
103.47.0.0/24 maxlen: 24
103.55.132.0/24 maxlen: 24
103.55.134.0/23 maxlen: 24
103.61.128.0/24 maxlen: 24
103.61.130.0/24 maxlen: 24
103.79.172.0/22 maxlen: 22
144.48.232.0/22 maxlen: 22
144.48.232.0/24 maxlen: 24
144.48.233.0/24 maxlen: 24
144.48.234.0/24 maxlen: 24
144.48.235.0/24 maxlen: 24
202.179.144.0/22 maxlen: 22
202.179.144.0/24 maxlen: 24
202.179.145.0/24 maxlen: 24
202.179.146.0/24 maxlen: 24
202.179.147.0/24 maxlen: 24
203.166.216.0/24 maxlen: 24
203.189.124.0/22 maxlen: 22
203.189.124.0/24 maxlen: 24
203.189.125.0/24 maxlen: 24
203.189.126.0/24 maxlen: 24
203.189.127.0/24 maxlen: 24
221.120.164.0/22 maxlen: 22
221.120.164.0/24 maxlen: 24
221.120.165.0/24 maxlen: 24
221.120.166.0/24 maxlen: 24
221.120.167.0/24 maxlen: 24
2401:8140::/32 maxlen: 32
2401:8140::/35 maxlen: 35
2401:8140:2000::/35 maxlen: 35
2401:8140:4000::/35 maxlen: 35
2401:8140:6000::/35 maxlen: 35
2401:8140:8000::/35 maxlen: 35
2401:8140:a000::/35 maxlen: 35
2401:8140:c000::/35 maxlen: 35
2401:8140:e000::/35 maxlen: 35
2402:4c80::/32 maxlen: 32
2402:4c80::/35 maxlen: 35
2402:4c80:2000::/35 maxlen: 35
2402:4c80:4000::/35 maxlen: 35
2402:4c80:6000::/35 maxlen: 35
2402:4c80:8000::/35 maxlen: 35
2402:4c80:a000::/35 maxlen: 35
2402:4c80:c000::/35 maxlen: 35
2402:4c80:e000::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.crl
rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1542 (0x606)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C911D/serialNumber=475B62A5F233ED05AC72D8781234E109BF3A908C
Validity
Not Before: Apr 3 00:32:58 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=660ca3ba-26c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ab:63:52:85:b3:ce:cc:a3:6b:ee:2b:a6:b7:
f3:e2:a2:46:43:eb:50:a3:46:20:e3:66:4f:ce:71:
44:b8:ad:ff:5e:70:20:85:48:28:60:ad:ce:d4:ac:
17:4e:d9:f9:d8:ad:0e:5c:05:d7:0b:ab:c5:55:cd:
f5:71:fd:25:4c:e8:bb:fc:97:ad:db:d1:79:92:fe:
e8:2b:2a:ff:37:14:79:4c:5e:c8:1d:04:68:14:20:
6b:c5:96:1c:e2:6f:c9:0e:64:03:cc:98:b6:69:2a:
84:1c:11:a9:10:9a:67:dd:e5:11:f2:1f:d1:0b:44:
b0:7f:04:cc:f6:66:84:5a:7b:bc:7a:5a:b7:44:b7:
b3:be:e1:83:bb:86:86:65:38:ac:10:36:95:08:a7:
a2:63:18:f3:06:c9:dd:16:6a:09:fa:de:fd:f4:df:
23:89:59:e8:cd:38:0c:11:57:6b:06:26:c0:fa:53:
5b:0f:df:28:d9:c0:2a:0a:8b:58:09:db:13:08:78:
3a:64:7a:81:cf:fb:f0:0c:61:67:bf:d8:e1:4c:1c:
d7:b7:1e:f8:b6:7e:7a:b9:7f:46:26:2e:5f:4c:56:
e5:cf:04:80:ee:7c:42:4e:59:3e:9a:f2:de:ab:9b:
c6:ec:22:8a:3c:4b:97:37:67:3e:c7:d9:58:2d:4d:
d9:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:1E:07:5B:B7:7B:91:7F:B2:1D:3E:4F:32:D4:97:79:E4:B0:5E:C0
X509v3 Authority Key Identifier:
keyid:47:5B:62:A5:F2:33:ED:05:AC:72:D8:78:12:34:E1:09:BF:3A:90:8C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/R1tipfIz7QWscth4EjThCb86kIw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1tipfIz7QWscth4EjThCb86kIw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C911D/7B13B3846C0311EB8844784BC4F9AE02/E36FB86EC09A11ECB9687037C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.132.0/22
103.31.88.0/22
103.47.0.0/24
103.55.132.0/24
103.55.134.0/23
103.61.128.0/24
103.61.130.0/24
103.79.172.0/22
144.48.232.0/22
202.179.144.0/22
203.166.216.0/24
203.189.124.0/22
221.120.164.0/22
IPv6:
2401:8140::/32
2402:4c80::/32
Signature Algorithm: sha256WithRSAEncryption
58:98:63:40:83:8d:c9:75:76:cb:9e:55:76:74:20:52:10:6c:
93:b6:5c:d2:fb:8d:0f:e8:48:51:be:60:71:19:00:fd:bb:0f:
eb:1b:ef:40:2e:19:64:83:f5:f2:d5:12:95:79:d3:ab:19:c9:
31:73:ff:20:2b:06:2b:d4:4f:ca:83:fc:1a:b1:d7:b8:04:8d:
2a:65:b5:74:56:f1:f5:31:51:fd:50:e2:39:1d:e6:61:8b:3c:
6a:d9:65:c5:33:f1:54:f8:5d:e2:a4:42:16:61:6c:78:e6:e9:
71:23:ad:98:37:44:9f:25:86:fe:4c:5d:6b:cd:2e:9b:b1:66:
84:74:9b:8a:2b:71:39:f6:89:b7:e9:0a:e8:90:b6:cc:0e:f5:
cd:7f:c0:65:10:f1:3c:cb:22:62:a2:81:cc:0c:95:82:7d:0d:
06:6f:66:5e:eb:80:b4:4f:54:6c:f2:7a:77:33:de:d9:0d:6e:
95:f3:ae:bd:dd:74:2e:49:0f:80:6c:c0:16:e5:4c:f1:0f:8e:
74:57:44:d8:97:aa:eb:91:ba:9c:68:f7:f3:a5:60:b7:2b:c3:
e7:3c:09:4e:20:8c:de:e0:1f:07:52:f2:97:b0:10:44:3b:17:
8b:2d:47:f9:72:5b:db:b5:72:23:78:bb:d6:19:3e:4a:ef:61:
38:69:92:af
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgICBgYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzkxMUQxMTAvBgNVBAUTKDQ3NUI2MkE1RjIzM0VEMDVBQzcyRDg3ODEyMzRFMTA5
QkYzQTkwOEMwHhcNMjQwNDAzMDAzMjU4WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBjYTNiYS0yNmMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuatjUoWzzsyja+4rprfz4qJGQ+tQo0Yg42ZPznFEuK3/XnAghUgoYK3O1KwX
Ttn52K0OXAXXC6vFVc31cf0lTOi7/Jet29F5kv7oKyr/NxR5TF7IHQRoFCBrxZYc
4m/JDmQDzJi2aSqEHBGpEJpn3eUR8h/RC0SwfwTM9maEWnu8elq3RLezvuGDu4aG
ZTisEDaVCKeiYxjzBsndFmoJ+t799N8jiVnozTgMEVdrBibA+lNbD98o2cAqCotY
CdsTCHg6ZHqBz/vwDGFnv9jhTBzXtx74tn56uX9GJi5fTFblzwSA7nxCTlk+mvLe
q5vG7CKKPEuXN2c+x9lYLU3Z8QIDAQABo4IC8zCCAu8wHQYDVR0OBBYEFOIeB1u3
e5F/sh0+TzLUl3nksF7AMB8GA1UdIwQYMBaAFEdbYqXyM+0FrHLYeBI04Qm/OpCM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTExRC83QjEzQjM4NDZD
MDMxMUVCODg0NDc4NEJDNEY5QUUwMi9SMXRpcGZJejdRV3NjdGg0RWpUaENiODZr
SXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1IxdGlwZkl6N1FXc2N0aDRFalRoQ2I4NmtJdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzkxMUQvN0IxM0IzODQ2QzAzMTFFQjg4NDQ3ODRCQzRGOUFFMDIvRTM2RkI4NkVD
MDlBMTFFQ0I5Njg3MDM3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfQYIKwYBBQUHAQcBAf8E
bjBsMFQEAgABME4DBAIr9YQDBAJnH1gDBABnLwADBABnN4QDBAFnN4YDBABnPYAD
BABnPYIDBAJnT6wDBAKQMOgDBALKs5ADBADLptgDBALLvXwDBALdeKQwFAQCAAIw
DgMFACQBgUADBQAkAkyAMA0GCSqGSIb3DQEBCwUAA4IBAQBYmGNAg43JdXbLnlV2
dCBSEGyTtlzS+40P6EhRvmBxGQD9uw/rG+9ALhlkg/Xy1RKVedOrGckxc/8gKwYr
1E/Kg/wasde4BI0qZbV0VvH1MVH9UOI5HeZhizxq2WXFM/FU+F3ipEIWYWx45ulx
I62YN0SfJYb+TF1rzS6bsWaEdJuKK3E59om36QrokLbMDvXNf8BlEPE8yyJiooHM
DJWCfQ0Gb2Ze64C0T1Rs8np3M97ZDW6V86693XQuSQ+AbMAW5UzxD450V0TYl6rr
kbqcaPfzpWC3K8PnPAlOIIze4B8HUvKXsBBEOxeLLUf5clvbtXIjeLvWGT5K72E4
aZKv
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:39:34 2024 by rpki-client on console-fra.rpki-client.org