Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
File: 29F7413CBB6011EEB59E5D81C4F9AE02.roa (raw, json)
Hash identifier: LZzUQOcRmtmL+1vVju87h7++WY3DSavtT2Wpvh36ohE=
Subject key identifier: 09:21:5A:AA:CB:74:3A:A9:07:4A:EF:74:AE:B0:F5:D6:98:E8:69:A6
Certificate issuer: /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Certificate serial: 3477
Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
Signing time: Sat 04 May 2024 15:21:01 +0000
ROA not before: Sat 04 May 2024 15:21:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 45459
IP address blocks: 103.14.40.0/22 maxlen: 23
103.14.40.0/24 maxlen: 24
103.14.41.0/24 maxlen: 24
103.14.42.0/24 maxlen: 24
103.14.43.0/24 maxlen: 24
112.109.64.0/21 maxlen: 24
112.109.72.0/23 maxlen: 24
112.109.75.0/24 maxlen: 24
112.109.76.0/22 maxlen: 24
112.109.80.0/24 maxlen: 24
112.109.85.0/24 maxlen: 24
112.109.86.0/23 maxlen: 24
119.47.116.0/24 maxlen: 24
119.47.120.0/23 maxlen: 24
119.47.125.0/24 maxlen: 24
119.47.126.0/23 maxlen: 24
202.174.116.0/24 maxlen: 24
210.79.48.0/22 maxlen: 23
210.79.49.0/24 maxlen: 24
210.79.50.0/23 maxlen: 24
210.79.52.0/24 maxlen: 24
210.79.53.0/24 maxlen: 24
210.79.54.0/24 maxlen: 24
210.79.55.0/24 maxlen: 24
2404:3800::/48 maxlen: 48
2404:3800:1::/48 maxlen: 48
2404:3800:8::/46 maxlen: 46
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 29 May 2024 15:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13431 (0x3477)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Validity
Not Before: May 4 15:21:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6636525d-c9b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:30:fa:2f:97:cf:c1:23:d1:6e:30:b2:58:4a:
ef:31:12:85:6e:63:88:1d:96:56:aa:f1:ad:8c:a1:
e2:5f:1c:c4:e8:0d:61:0f:c4:7a:1d:56:b2:c0:fd:
dc:a8:a2:5b:af:10:56:53:ab:ba:31:1f:c7:03:2d:
79:17:87:92:2e:95:37:c7:af:f4:58:c1:74:8c:71:
12:39:9d:da:7b:ed:01:87:55:f0:63:ff:bc:b3:83:
5b:25:09:e3:bd:92:bb:be:19:83:c2:76:63:00:d1:
3e:07:91:fc:1e:36:90:2e:e1:5e:3e:23:5d:4e:4e:
df:dd:56:6e:d5:c0:88:1c:af:98:e0:93:3e:e8:3a:
53:46:b7:ab:6d:f5:99:5f:2e:a5:a9:c6:d7:9d:bb:
ab:c0:75:da:c4:a4:31:2e:87:2c:29:66:56:27:93:
14:78:24:de:7c:ea:a7:35:15:2d:ea:fb:f5:0f:d2:
d3:74:fe:d3:f6:a0:00:42:af:5e:c9:d4:3e:f4:5e:
6b:3c:a4:b2:63:f5:45:68:14:37:78:12:0c:d3:95:
63:bf:bc:a3:41:9a:24:be:73:64:0f:e9:11:32:a4:
ab:7f:9d:f1:46:ef:63:46:64:c1:b8:bd:94:24:9f:
d9:0c:5e:2b:5c:30:8f:e3:a1:e6:8a:95:66:b7:49:
12:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:21:5A:AA:CB:74:3A:A9:07:4A:EF:74:AE:B0:F5:D6:98:E8:69:A6
X509v3 Authority Key Identifier:
keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.14.40.0/22
112.109.64.0-112.109.73.255
112.109.75.0-112.109.80.255
112.109.85.0-112.109.87.255
119.47.116.0/24
119.47.120.0/23
119.47.125.0-119.47.127.255
202.174.116.0/24
210.79.48.0/21
IPv6:
2404:3800::/47
2404:3800:8::/46
Signature Algorithm: sha256WithRSAEncryption
9d:ba:2f:1b:48:fe:a2:5b:63:fb:f3:de:6f:6d:f4:be:ac:e2:
5a:60:7b:a7:5c:b0:be:47:7c:a8:ad:89:1a:92:01:f0:5d:4f:
63:19:35:23:14:82:38:58:01:0d:06:3d:f6:65:81:84:6d:b5:
ce:81:07:1d:17:77:38:16:bb:ad:21:9d:2f:e9:1e:1d:f7:ab:
15:a1:ea:1b:e2:ef:3c:77:da:fe:3a:7d:28:a3:47:31:c0:41:
86:57:2d:17:e8:eb:b9:1c:8a:36:cf:e3:fd:6e:80:7e:03:91:
d9:9b:7b:66:94:f9:ab:f8:bf:94:92:d4:b5:3b:d7:da:4e:32:
29:a7:29:ef:81:e6:e9:95:4c:1a:a2:64:8a:e6:61:1b:35:1c:
83:7a:f6:2f:0c:83:47:fb:9e:91:ae:d1:bf:93:21:ce:c5:a5:
fa:50:eb:35:f8:74:e1:e6:e5:4e:11:b8:66:ba:d6:88:3c:a5:
79:d9:df:53:e6:b0:2b:c7:25:00:ac:3f:78:74:ee:00:94:84:
c6:08:18:83:7f:7c:39:4a:c0:93:ae:6e:0b:3a:0e:1c:99:ac:
4c:c9:f6:09:2a:3f:54:07:55:24:5b:61:5d:28:16:ab:84:23:
79:7e:66:f8:53:26:bc:4b:bd:e9:2f:e6:41:bb:e7:f7:06:91:
6e:56:ec:cd
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgICNHcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE
RjgzOTZFQkUwHhcNMjQwNTA0MTUyMTAxWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM2NTI1ZC1jOWI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAozD6L5fPwSPRbjCyWErvMRKFbmOIHZZWqvGtjKHiXxzE6A1hD8R6HVaywP3c
qKJbrxBWU6u6MR/HAy15F4eSLpU3x6/0WMF0jHESOZ3ae+0Bh1XwY/+8s4NbJQnj
vZK7vhmDwnZjANE+B5H8HjaQLuFePiNdTk7f3VZu1cCIHK+Y4JM+6DpTRrerbfWZ
Xy6lqcbXnburwHXaxKQxLocsKWZWJ5MUeCTefOqnNRUt6vv1D9LTdP7T9qAAQq9e
ydQ+9F5rPKSyY/VFaBQ3eBIM05Vjv7yjQZokvnNkD+kRMqSrf53xRu9jRmTBuL2U
JJ/ZDF4rXDCP46HmipVmt0kS7QIDAQABo4IDADCCAvwwHQYDVR0OBBYEFAkhWqrL
dDqpB0rvdK6w9daY6GmmMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE
OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi
cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvMjlGNzQxM0NC
QjYwMTFFRUI1OUU1RDgxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYkGCCsGAQUFBwEHAQH/
BHoweDBcBAIAATBWAwQCZw4oMAwDBAZwbUADBAFwbUgwDAMEAHBtSwMEAHBtUDAM
AwQAcG1VAwQDcG1QAwQAdy90AwQBdy94MAwDBAB3L30DBAd3LwADBADKrnQDBAPS
TzAwGAQCAAIwEgMHASQEOAAAAAMHAiQEOAAACDANBgkqhkiG9w0BAQsFAAOCAQEA
nbovG0j+oltj+/Peb230vqziWmB7p1ywvkd8qK2JGpIB8F1PYxk1IxSCOFgBDQY9
9mWBhG21zoEHHRd3OBa7rSGdL+keHferFaHqG+LvPHfa/jp9KKNHMcBBhlctF+jr
uRyKNs/j/W6AfgOR2Zt7ZpT5q/i/lJLUtTvX2k4yKacp74Hm6ZVMGqJkiuZhGzUc
g3r2LwyDR/ueka7Rv5MhzsWl+lDrNfh04eblThG4ZrrWiDylednfU+awK8clAKw/
eHTuAJSExggYg398OUrAk65uCzoOHJmsTMn2CSo/VAdVJFthXSgWq4QjeX5m+FMm
vEu96S/mQbvn9waRblbszQ==
-----END CERTIFICATE-----
Generated at Wed May 22 16:21:48 2024 by rpki-client on console-ams.rpki-client.org