Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
File: DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa (raw, json)
Hash identifier: xpjctOic9ALUbvMpVasWFZFNE3OfU+88qrN9oKY4+Dw=
Subject key identifier: 3A:F5:15:FD:C9:FC:0A:16:A5:7E:8D:4D:AE:45:8F:BC:8C:0E:FD:42
Certificate issuer: /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Certificate serial: 3473
Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
Signing time: Sat 04 May 2024 15:20:57 +0000
ROA not before: Sat 04 May 2024 15:20:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 23838
IP address blocks: 43.255.160.0/22 maxlen: 22
43.255.160.0/24 maxlen: 24
43.255.161.0/24 maxlen: 24
43.255.162.0/24 maxlen: 24
43.255.163.0/24 maxlen: 24
103.8.252.0/22 maxlen: 23
116.90.135.0/24 maxlen: 24
120.136.48.0/20 maxlen: 20
120.136.48.0/21 maxlen: 21
120.136.49.0/24 maxlen: 24
120.136.53.0/24 maxlen: 24
120.136.56.0/21 maxlen: 21
120.136.56.0/24 maxlen: 24
120.136.58.0/24 maxlen: 24
2401:f000:6::/48 maxlen: 48
2401:f000:8::/48 maxlen: 48
2401:f000:16::/48 maxlen: 48
2401:f000:18::/48 maxlen: 48
2402:1c00::/32 maxlen: 32
2402:1c00::/32 maxlen: 48
2402:1c00:4000::/36 maxlen: 36
2402:1c00:8000::/36 maxlen: 36
2402:1c00:9000::/37 maxlen: 37
2402:1c00:c000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 May 2024 15:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13427 (0x3473)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Validity
Not Before: May 4 15:20:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66365259-fc27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:fa:65:b4:95:9a:29:14:59:b4:a8:36:fc:f6:
44:32:d0:e4:1b:dc:81:c6:e0:c5:59:80:96:05:e4:
8f:4d:b9:98:18:4d:d2:c7:2c:ed:c0:35:f6:63:63:
32:9a:d2:40:f1:34:5c:ed:8b:80:c4:1f:43:f8:8d:
d6:62:47:49:22:ad:82:bb:4e:2b:ef:66:de:a9:69:
b6:5b:ba:70:c8:46:00:64:1d:71:4b:81:53:7b:a5:
2f:2c:b8:ce:95:17:a9:e5:2f:71:7e:8e:7c:1f:71:
ba:69:54:67:67:03:6e:a8:3a:30:31:26:07:d7:17:
8a:2b:ad:af:47:98:55:39:44:16:27:16:6c:87:46:
45:67:82:9a:35:78:92:ba:57:d4:65:4d:aa:96:9c:
5b:e6:d6:43:65:e6:94:31:16:0e:52:e9:3b:83:7f:
4e:f3:c8:b5:03:f9:22:c3:0d:ff:c6:26:51:73:3b:
34:3c:66:2c:11:ea:6f:4e:72:0b:12:d8:ed:72:53:
20:b3:f3:8e:02:9f:cb:b3:50:1a:44:37:0b:14:16:
31:1c:7c:f2:ec:ef:be:7d:25:bd:9a:97:a8:49:61:
a1:6c:0e:da:eb:75:93:16:80:b2:2e:69:fc:24:11:
b2:d8:8b:65:ca:09:64:e3:48:60:95:4b:fa:bf:76:
d0:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:F5:15:FD:C9:FC:0A:16:A5:7E:8D:4D:AE:45:8F:BC:8C:0E:FD:42
X509v3 Authority Key Identifier:
keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.255.160.0/22
103.8.252.0/22
116.90.135.0/24
120.136.48.0/20
IPv6:
2401:f000:6::/48
2401:f000:8::/48
2401:f000:16::/48
2401:f000:18::/48
2402:1c00::/32
Signature Algorithm: sha256WithRSAEncryption
a3:6f:d1:61:18:70:9b:04:df:9b:01:f9:1a:79:16:bb:c1:0a:
80:f3:85:b3:d0:78:ff:72:62:11:72:c9:2f:68:12:62:f1:28:
9a:dd:e1:bb:2e:ce:65:ac:01:de:e5:cb:be:da:fd:39:f2:d0:
7d:81:a4:b7:d4:f1:6c:7c:b3:3b:ac:c7:f9:d9:b2:f1:fc:bb:
79:e8:75:52:a4:3a:5f:ed:df:10:ff:cb:47:2e:5e:1a:10:eb:
ae:ba:f7:4d:65:36:f0:33:37:23:78:b4:a2:e3:d9:64:51:e7:
0a:04:cd:51:d7:af:f5:4c:54:e0:85:2e:32:83:6a:1c:de:e9:
fa:16:ea:8d:20:26:0a:7c:9e:5d:d8:4e:f3:6e:c9:fd:de:d0:
73:11:30:07:30:f5:a1:34:72:a1:c9:57:71:b3:65:a0:61:9c:
18:1e:89:e3:36:f0:a4:e9:6e:fc:ad:c8:58:08:42:8e:6b:7b:
cb:62:a7:dd:a1:5f:00:b4:0a:28:36:2f:a7:9d:0d:1d:59:f4:
ee:32:36:69:a8:43:d6:be:09:c1:03:9c:1b:15:80:e6:c9:96:
95:65:e5:f2:f6:4e:ce:43:04:a9:6f:10:eb:3f:4e:91:8c:8e:
f2:5f:be:24:2e:70:7b:03:94:38:6f:16:a1:87:82:09:41:73:
f8:a1:1b:05
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICNHMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE
RjgzOTZFQkUwHhcNMjQwNTA0MTUyMDU3WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM2NTI1OS1mYzI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu/pltJWaKRRZtKg2/PZEMtDkG9yBxuDFWYCWBeSPTbmYGE3SxyztwDX2Y2My
mtJA8TRc7YuAxB9D+I3WYkdJIq2Cu04r72beqWm2W7pwyEYAZB1xS4FTe6UvLLjO
lRep5S9xfo58H3G6aVRnZwNuqDowMSYH1xeKK62vR5hVOUQWJxZsh0ZFZ4KaNXiS
ulfUZU2qlpxb5tZDZeaUMRYOUuk7g39O88i1A/kiww3/xiZRczs0PGYsEepvTnIL
EtjtclMgs/OOAp/Ls1AaRDcLFBYxHHzy7O++fSW9mpeoSWGhbA7a63WTFoCyLmn8
JBGy2Itlyglk40hglUv6v3bQrQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFDr1Ff3J
/AoWpX6NTa5Fj7yMDv1CMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE
OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi
cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvRERGNEIwRDJG
MDhDMTFFRUI3MEExRjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMB4EAgABMBgDBAIr/6ADBAJnCPwDBAB0WocDBAR4iDAwMQQCAAIwKwMHACQB
8AAABgMHACQB8AAACAMHACQB8AAAFgMHACQB8AAAGAMFACQCHAAwDQYJKoZIhvcN
AQELBQADggEBAKNv0WEYcJsE35sB+Rp5FrvBCoDzhbPQeP9yYhFyyS9oEmLxKJrd
4bsuzmWsAd7ly77a/Tny0H2BpLfU8Wx8szusx/nZsvH8u3nodVKkOl/t3xD/y0cu
XhoQ6666901lNvAzNyN4tKLj2WRR5woEzVHXr/VMVOCFLjKDahze6foW6o0gJgp8
nl3YTvNuyf3e0HMRMAcw9aE0cqHJV3GzZaBhnBgeieM28KTpbvytyFgIQo5re8ti
p92hXwC0Cig2L6edDR1Z9O4yNmmoQ9a+CcEDnBsVgObJlpVl5fL2Ts5DBKlvEOs/
TpGMjvJfviQucHsDlDhvFqGHgglBc/ihGwU=
-----END CERTIFICATE-----
Generated at Mon May 20 17:23:57 2024 by rpki-client on console-ams.rpki-client.org