Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
File: 01BB1B8E7C0411EFB0D29158C4F9AE02.roa (raw, json)
Hash identifier: RqQ3FtgVLAL1IFIF/43vRyoNKwfkZ4KsetRcvw+Y+Fg=
Subject key identifier: 78:FC:DF:A7:B5:53:92:8E:5D:1F:2F:6D:62:96:81:47:B0:91:DE:98
Certificate issuer: /CN=A91D298D/serialNumber=FEF2C1C4EA0964477514C1AA946E6C41778D06BF
Certificate serial: 07DB
Authority key identifier: FE:F2:C1:C4:EA:09:64:47:75:14:C1:AA:94:6E:6C:41:77:8D:06:BF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
Signing time: Tue 01 Oct 2024 06:14:08 +0000
ROA not before: Tue 01 Oct 2024 06:14:08 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 138423
IP address blocks: 111.119.175.0/24 maxlen: 24
115.42.72.0/21 maxlen: 24
121.91.56.0/23 maxlen: 24
121.91.60.0/23 maxlen: 24
121.91.62.0/23 maxlen: 24
144.48.0.0/22 maxlen: 24
223.123.0.0/24 maxlen: 24
223.123.32.0/24 maxlen: 24
223.123.33.0/24 maxlen: 24
223.123.34.0/24 maxlen: 24
223.123.35.0/24 maxlen: 24
223.123.36.0/24 maxlen: 24
223.123.37.0/24 maxlen: 24
223.123.38.0/24 maxlen: 24
223.123.39.0/24 maxlen: 24
223.123.40.0/24 maxlen: 24
223.123.41.0/24 maxlen: 24
223.123.42.0/24 maxlen: 24
223.123.43.0/24 maxlen: 24
223.123.44.0/24 maxlen: 24
223.123.45.0/24 maxlen: 24
223.123.46.0/24 maxlen: 24
223.123.47.0/24 maxlen: 24
223.123.100.0/23 maxlen: 24
223.123.102.0/23 maxlen: 24
223.123.122.0/23 maxlen: 24
223.123.124.0/23 maxlen: 24
2402:ad80:c0::/44 maxlen: 48
2402:ad80:d0::/44 maxlen: 48
2402:ad80:e0::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.crl
rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 20:43:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2011 (0x7db)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D298D/serialNumber=FEF2C1C4EA0964477514C1AA946E6C41778D06BF
Validity
Not Before: Oct 1 06:14:08 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=66fb9330-9030
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cf:cb:7f:ad:54:08:9d:47:72:b9:54:e2:41:
5e:b6:8c:c6:e0:ba:cf:7b:ca:b2:6c:c6:08:8c:5c:
7b:5f:68:6d:33:bf:58:19:68:19:6f:1c:e5:04:c1:
78:da:cb:89:0b:e8:70:d5:56:d1:b7:7e:96:67:b1:
ca:b0:4d:b4:ad:5f:11:13:72:7f:20:ab:47:db:f1:
a9:1b:b6:87:c4:19:96:7a:7c:4c:06:a0:16:85:84:
5b:55:bb:5b:89:d8:c4:50:71:91:d7:39:82:6c:20:
57:2c:f9:ba:04:57:71:fe:08:a7:c4:ab:62:e8:ce:
70:36:49:0f:ed:93:e4:50:d3:1d:80:8b:ab:3a:d5:
e6:f4:00:a9:c7:7d:fe:4f:3d:54:5a:fa:ba:7c:e4:
21:a6:c9:da:e9:c9:0e:bb:d2:45:a3:13:33:0e:0e:
98:d3:a2:b9:25:2b:8f:b7:f7:c8:a2:63:61:a5:24:
96:1b:a6:08:02:75:f0:46:a8:32:04:87:ad:b5:12:
80:92:90:35:3b:bf:72:48:9a:7f:4e:25:40:40:49:
9e:fe:b6:52:1a:c9:67:ff:31:ad:15:7d:c1:c3:cf:
61:dc:45:18:21:36:86:ac:de:c7:31:97:56:32:6c:
e9:6f:4d:2a:c1:12:5b:0e:23:b0:1d:9b:2e:77:5f:
88:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:FC:DF:A7:B5:53:92:8E:5D:1F:2F:6D:62:96:81:47:B0:91:DE:98
X509v3 Authority Key Identifier:
keyid:FE:F2:C1:C4:EA:09:64:47:75:14:C1:AA:94:6E:6C:41:77:8D:06:BF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/_vLBxOoJZEd1FMGqlG5sQXeNBr8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_vLBxOoJZEd1FMGqlG5sQXeNBr8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D298D/337A6432F1A611EAB95C0E2FC4F9AE02/01BB1B8E7C0411EFB0D29158C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
111.119.175.0/24
115.42.72.0/21
121.91.56.0/23
121.91.60.0/22
144.48.0.0/22
223.123.0.0/24
223.123.32.0/20
223.123.100.0/22
223.123.122.0-223.123.125.255
IPv6:
2402:ad80:c0::-2402:ad80:ef:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3e:0f:fe:be:96:8b:6f:9a:7b:5e:6a:fe:70:a9:83:d7:ba:9e:
53:af:df:83:8d:29:c6:d5:bc:79:f8:e8:6e:e7:c3:ce:8f:a3:
b5:50:11:39:6a:5d:da:fe:da:9a:a4:f6:67:f3:83:9c:c8:d9:
d9:b7:c1:6f:40:cd:82:7e:96:56:19:94:be:89:5b:f4:75:83:
48:96:ee:c9:55:9b:6f:81:43:fb:68:c5:b3:de:7d:83:f8:eb:
5f:b7:16:88:1c:8d:b8:1c:e3:78:5e:78:5f:a1:fe:41:50:d9:
42:1b:48:ba:ad:2f:5d:25:51:30:b8:b6:71:73:de:bb:f9:88:
55:bf:e6:c8:96:4c:63:db:03:79:6b:f2:c1:ec:ad:de:70:0e:
18:1c:6e:51:22:84:d0:db:7e:e6:57:e8:29:96:15:a8:c7:ae:
21:4f:e1:15:a3:e7:8e:29:e1:da:65:84:c0:cc:0a:94:ca:00:
b4:42:76:e5:f3:a9:89:5c:60:4c:af:ee:c1:32:d4:00:67:b8:
c7:16:13:a4:80:ff:67:d1:ff:13:7c:06:22:db:32:ba:46:d6:
2f:9b:e3:96:40:bb:16:66:8d:77:37:76:77:64:be:77:c2:32:
83:f4:07:53:cd:05:8b:3c:9b:58:e0:64:30:5c:c5:87:51:a0:
65:ac:bd:08
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgICB9swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDI5OEQxMTAvBgNVBAUTKEZFRjJDMUM0RUEwOTY0NDc3NTE0QzFBQTk0NkU2QzQx
Nzc4RDA2QkYwHhcNMjQxMDAxMDYxNDA4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZiOTMzMC05MDMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu8/Lf61UCJ1HcrlU4kFetozG4LrPe8qybMYIjFx7X2htM79YGWgZbxzlBMF4
2suJC+hw1VbRt36WZ7HKsE20rV8RE3J/IKtH2/GpG7aHxBmWenxMBqAWhYRbVbtb
idjEUHGR1zmCbCBXLPm6BFdx/ginxKti6M5wNkkP7ZPkUNMdgIurOtXm9ACpx33+
Tz1UWvq6fOQhpsna6ckOu9JFoxMzDg6Y06K5JSuPt/fIomNhpSSWG6YIAnXwRqgy
BIettRKAkpA1O79ySJp/TiVAQEme/rZSGsln/zGtFX3Bw89h3EUYITaGrN7HMZdW
Mmzpb00qwRJbDiOwHZsud1+IJQIDAQABo4IC6TCCAuUwHQYDVR0OBBYEFHj836e1
U5KOXR8vbWKWgUewkd6YMB8GA1UdIwQYMBaAFP7ywcTqCWRHdRTBqpRubEF3jQa/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMjk4RC8zMzdBNjQzMkYx
QTYxMUVBQjk1QzBFMkZDNEY5QUUwMi9fdkxCeE9vSlpFZDFGTUdxbEc1c1FYZU5C
cjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL192TEJ4T29KWkVkMUZNR3FsRzVzUVhlTkJyOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDI5OEQvMzM3QTY0MzJGMUE2MTFFQUI5NUMwRTJGQzRGOUFFMDIvMDFCQjFCOEU3
QzA0MTFFRkIwRDI5MTU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcwYIKwYBBQUHAQcBAf8E
ZDBiMEQEAgABMD4DBABvd68DBANzKkgDBAF5WzgDBAJ5WzwDBAKQMAADBADfewAD
BATfeyADBALfe2QwDAMEAd97egMEAd97fDAaBAIAAjAUMBIDBwYkAq2AAMADBwQk
Aq2AAOAwDQYJKoZIhvcNAQELBQADggEBAD4P/r6Wi2+ae15q/nCpg9e6nlOv34ON
KcbVvHn46G7nw86Po7VQETlqXdr+2pqk9mfzg5zI2dm3wW9AzYJ+llYZlL6JW/R1
g0iW7slVm2+BQ/toxbPefYP461+3Fogcjbgc43heeF+h/kFQ2UIbSLqtL10lUTC4
tnFz3rv5iFW/5siWTGPbA3lr8sHsrd5wDhgcblEihNDbfuZX6CmWFajHriFP4RWj
544p4dplhMDMCpTKALRCduXzqYlcYEyv7sEy1ABnuMcWE6SA/2fR/xN8BiLbMrpG
1i+b45ZAuxZmjXc3dndkvnfCMoP0B1PNBYs8m1jgZDBcxYdRoGWsvQg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:12 2024 by rpki-client on console-fra.rpki-client.org