Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/F86E9DE46B9811ED9330AC4CC4F9AE02.roa
File: F86E9DE46B9811ED9330AC4CC4F9AE02.roa (raw, json)
Hash identifier: JhVXDJz63aidEMO/nq+HJlBaaThD9tcKXmuM/gfoTT0=
Subject key identifier: 16:46:38:5A:D6:6C:A6:43:59:52:1E:D9:18:74:91:C7:B1:07:35:13
Certificate issuer: /CN=A91D92FB/serialNumber=4C36F812E76D827ECE6E59BD1560585C51ECD992
Certificate serial: 345B
Authority key identifier: 4C:36:F8:12:E7:6D:82:7E:CE:6E:59:BD:15:60:58:5C:51:EC:D9:92
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/F86E9DE46B9811ED9330AC4CC4F9AE02.roa
Signing time: Mon 04 Nov 2024 06:31:40 +0000
ROA not before: Mon 04 Nov 2024 06:31:40 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 17408
IP address blocks: 43.243.252.0/22 maxlen: 24
202.133.224.0/19 maxlen: 24
2405:7e00:17::/48 maxlen: 48
2405:7e00:1000::/36 maxlen: 36
2405:7e00:1000::/48 maxlen: 48
2405:7e00:1002::/64 maxlen: 64
2405:7e00:1003::/48 maxlen: 48
2405:7e00:100a::/48 maxlen: 48
2405:7e00:100b::/48 maxlen: 48
2405:7e00:100c::/48 maxlen: 48
2405:7e00:100d::/48 maxlen: 48
2405:7e00:100e::/48 maxlen: 48
2405:7e00:100f::/48 maxlen: 48
2405:7e00:1011::/48 maxlen: 48
2405:7e00:1012::/48 maxlen: 48
2405:7e00:1013::/48 maxlen: 48
2405:7e00:1014::/48 maxlen: 48
2405:7e00:1015::/48 maxlen: 48
2405:7e00:1016::/48 maxlen: 48
2405:7e00:101a::/48 maxlen: 48
2405:7e00:101b::/48 maxlen: 48
2405:7e00:4000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.crl
rsync://rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 01 Dec 2024 14:28:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13403 (0x345b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D92FB/serialNumber=4C36F812E76D827ECE6E59BD1560585C51ECD992
Validity
Not Before: Nov 4 06:31:40 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=67286a4c-6e29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:67:2a:2b:63:96:24:4b:ef:eb:2b:b4:78:97:
e4:1b:be:43:48:fd:b4:a8:24:6d:32:af:e1:9c:8b:
49:6c:bf:2a:cf:50:11:71:da:38:c2:3f:c3:c6:c0:
4f:13:9a:fa:c8:fe:40:67:6e:05:72:3d:d1:9e:39:
85:f1:5c:74:47:82:34:e4:39:ca:62:39:95:0c:60:
2a:03:a9:dd:83:c9:ab:17:1b:e5:ea:64:02:7f:8f:
b4:91:f8:fd:e2:21:83:5c:28:9b:99:0c:ed:dc:65:
ef:8a:ba:6c:37:9c:43:b7:90:4e:50:46:87:c8:d6:
e5:f5:44:89:8f:4c:b1:29:4e:d2:60:87:f0:b2:69:
4c:50:eb:81:64:b0:09:6d:6e:cc:32:d8:e9:92:bc:
db:0e:04:ee:a9:0e:8d:94:a7:52:59:84:97:99:4a:
fc:92:92:92:54:97:f7:5e:81:6a:59:5b:a7:eb:a9:
0c:14:81:2a:4b:13:03:90:27:6b:24:1d:5b:7c:82:
f1:af:c9:a4:c7:89:3b:73:aa:c2:6f:b2:46:67:50:
0a:84:0f:11:c4:7a:f3:bd:4a:bb:a7:61:66:0b:63:
95:1a:0e:04:0c:c4:a3:27:f4:64:b5:c9:ef:ef:82:
48:3f:fb:2b:1c:32:0c:de:85:67:6a:72:3a:5f:f1:
32:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:46:38:5A:D6:6C:A6:43:59:52:1E:D9:18:74:91:C7:B1:07:35:13
X509v3 Authority Key Identifier:
keyid:4C:36:F8:12:E7:6D:82:7E:CE:6E:59:BD:15:60:58:5C:51:EC:D9:92
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDb4Eudtgn7Oblm9FWBYXFHs2ZI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D92FB/327FC6B21D8811E298F3A3E008B02CD2/F86E9DE46B9811ED9330AC4CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.252.0/22
202.133.224.0/19
IPv6:
2405:7e00:17::/48
2405:7e00:1000::/36
2405:7e00:4000::/36
Signature Algorithm: sha256WithRSAEncryption
81:58:22:13:ba:1c:80:43:d5:e5:84:9b:0d:ed:97:a9:b6:46:
62:5b:ea:df:ad:04:69:3c:33:d0:1f:ad:75:81:67:4c:34:94:
04:90:1d:a3:5c:2b:24:cd:09:f0:b8:7e:6b:56:e9:99:39:b3:
da:99:1a:f8:f9:26:8d:2c:fa:fe:e7:b4:78:ee:0a:22:54:0f:
13:82:59:3f:1b:f0:d0:e3:2a:f1:79:f9:20:df:02:b3:dd:68:
23:79:99:87:f8:b0:43:c2:cf:99:87:3e:a8:2a:c2:31:77:26:
4a:1e:f0:c9:80:27:e0:e8:f7:3c:48:94:9d:db:a8:ef:11:69:
48:f1:52:5a:95:3d:d7:28:03:0f:e9:f6:49:c4:bf:02:4a:a1:
d7:41:a1:14:13:98:4c:74:72:43:b4:da:34:bc:86:7c:31:cd:
71:94:67:b5:a0:03:e9:48:f9:a7:68:a7:ce:75:4f:76:c9:51:
1e:3b:04:23:79:48:92:20:56:09:6d:97:88:58:b1:b7:1f:d8:
74:c7:6d:6e:5d:dc:45:4f:31:b6:ea:48:99:5f:3a:ae:c4:1f:
ea:53:11:3a:d2:8c:4a:61:37:67:9b:0b:87:fa:19:83:df:02:
c3:87:9b:37:1a:7f:6b:22:79:0b:5b:47:d1:cc:f9:e9:73:c7:
59:4b:31:4b
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICNFswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDkyRkIxMTAvBgNVBAUTKDRDMzZGODEyRTc2RDgyN0VDRTZFNTlCRDE1NjA1ODVD
NTFFQ0Q5OTIwHhcNMjQxMTA0MDYzMTQwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzI4NmE0Yy02ZTI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1WcqK2OWJEvv6yu0eJfkG75DSP20qCRtMq/hnItJbL8qz1ARcdo4wj/DxsBP
E5r6yP5AZ24Fcj3RnjmF8Vx0R4I05DnKYjmVDGAqA6ndg8mrFxvl6mQCf4+0kfj9
4iGDXCibmQzt3GXvirpsN5xDt5BOUEaHyNbl9USJj0yxKU7SYIfwsmlMUOuBZLAJ
bW7MMtjpkrzbDgTuqQ6NlKdSWYSXmUr8kpKSVJf3XoFqWVun66kMFIEqSxMDkCdr
JB1bfILxr8mkx4k7c6rCb7JGZ1AKhA8RxHrzvUq7p2FmC2OVGg4EDMSjJ/Rktcnv
74JIP/srHDIM3oVnanI6X/Ey1wIDAQABo4ICvDCCArgwHQYDVR0OBBYEFBZGOFrW
bKZDWVIe2Rh0kcexBzUTMB8GA1UdIwQYMBaAFEw2+BLnbYJ+zm5ZvRVgWFxR7NmS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEOTJGQi8zMjdGQzZCMjFE
ODgxMUUyOThGM0EzRTAwOEIwMkNEMi9URGI0RXVkdGduN09ibG05RldCWVhGSHMy
WkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1REYjRFdWR0Z243T2JsbTlGV0JZWEZIczJaSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDkyRkIvMzI3RkM2QjIxRDg4MTFFMjk4RjNBM0UwMDhCMDJDRDIvRjg2RTlERTQ2
Qjk4MTFFRDkzMzBBQzRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MBIEAgABMAwDBAIr8/wDBAXKheAwHwQCAAIwGQMHACQFfgAAFwMGBCQFfgAQ
AwYEJAV+AEAwDQYJKoZIhvcNAQELBQADggEBAIFYIhO6HIBD1eWEmw3tl6m2RmJb
6t+tBGk8M9AfrXWBZ0w0lASQHaNcKyTNCfC4fmtW6Zk5s9qZGvj5Jo0s+v7ntHju
CiJUDxOCWT8b8NDjKvF5+SDfArPdaCN5mYf4sEPCz5mHPqgqwjF3Jkoe8MmAJ+Do
9zxIlJ3bqO8RaUjxUlqVPdcoAw/p9knEvwJKoddBoRQTmEx0ckO02jS8hnwxzXGU
Z7WgA+lI+adop851T3bJUR47BCN5SJIgVgltl4hYsbcf2HTHbW5d3EVPMbbqSJlf
Oq7EH+pTETrSjEphN2ebC4f6GYPfAsOHmzcaf2sieQtbR9HM+elzx1lLMUs=
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:20:52 2024 by rpki-client on console-fra.rpki-client.org