Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
File: 3003C4BA7C7711EEB9E0BE15C4F9AE02.roa (raw, json)
Hash identifier: iS2kCadt9EPztCML62YjpO3iZQeKW9op8orLhEYixVE=
Subject key identifier: FE:1D:CA:42:22:54:1E:90:5C:0C:62:47:76:43:C8:D4:71:EC:A6:4E
Certificate issuer: /CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Certificate serial: 04DD
Authority key identifier: C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
Signing time: Sun 31 Mar 2024 11:47:03 +0000
ROA not before: Sun 31 Mar 2024 11:47:03 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 13150
IP address blocks: 103.203.220.0/24 maxlen: 24
103.203.221.0/24 maxlen: 24
103.203.222.0/24 maxlen: 24
103.203.223.0/24 maxlen: 24
123.253.152.0/24 maxlen: 24
123.253.153.0/24 maxlen: 24
123.253.154.0/24 maxlen: 24
123.253.155.0/24 maxlen: 24
150.195.208.0/24 maxlen: 24
150.195.209.0/24 maxlen: 24
150.195.210.0/24 maxlen: 24
150.195.211.0/24 maxlen: 24
150.195.212.0/24 maxlen: 24
150.195.214.0/24 maxlen: 24
150.195.217.0/24 maxlen: 24
150.195.218.0/24 maxlen: 24
150.195.219.0/24 maxlen: 24
150.195.220.0/24 maxlen: 24
150.195.221.0/24 maxlen: 24
150.195.222.0/24 maxlen: 24
150.195.223.0/24 maxlen: 24
202.75.242.0/24 maxlen: 24
202.75.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 15 May 2024 02:42:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1245 (0x4dd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Validity
Not Before: Mar 31 11:47:03 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=66094d36-3e32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:b5:37:41:dc:f6:b1:08:d7:36:21:0b:3b:2c:
c3:5a:7b:e9:09:78:41:63:ad:29:d3:ed:aa:e5:c0:
6e:8d:15:e7:23:ee:01:8f:92:49:2e:93:82:11:9e:
6d:0a:90:44:42:34:1a:9c:4f:d7:db:8d:76:13:99:
6f:d8:2b:d6:5a:aa:d8:47:b0:1f:e1:d8:5e:dc:bb:
b1:1a:d4:eb:19:d7:40:d7:e1:2b:37:95:58:9e:17:
95:e8:a0:02:12:6e:b3:77:b6:bf:a2:0c:f6:82:0a:
25:aa:41:e9:ee:22:69:0b:bf:b7:d6:ea:11:b7:b0:
08:69:2c:70:f1:78:6f:cd:5c:2d:4e:ed:ba:24:74:
41:ed:e2:1a:b7:90:f9:c5:78:85:0c:69:d1:f8:9f:
2b:e9:2c:39:7d:7c:28:62:7c:97:0c:4b:90:be:15:
ac:0e:48:56:21:4d:0d:2f:56:46:d1:48:7a:9d:8d:
1b:7d:00:7e:18:fc:fb:fe:c7:30:05:5f:a9:82:36:
68:07:0f:3a:2e:66:75:8c:87:a1:38:69:67:15:23:
9c:bc:b9:28:7f:b8:ae:49:b8:01:b5:fa:b5:ff:ec:
3a:4c:a0:63:2c:61:7d:9a:0f:ee:e4:bd:57:cb:a9:
ac:b9:48:7c:35:ec:09:14:bf:fe:12:59:0f:9a:f9:
c0:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:1D:CA:42:22:54:1E:90:5C:0C:62:47:76:43:C8:D4:71:EC:A6:4E
X509v3 Authority Key Identifier:
keyid:C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.203.220.0/22
123.253.152.0/22
150.195.208.0-150.195.212.255
150.195.214.0/24
150.195.217.0-150.195.223.255
202.75.242.0/23
Signature Algorithm: sha256WithRSAEncryption
25:0d:fb:67:dc:dc:ee:88:09:0c:d2:40:d8:4a:87:a4:09:54:
f6:76:26:c6:c4:67:46:75:cb:c0:5c:19:07:15:77:61:76:08:
a3:12:8b:d6:7f:b6:a1:8d:2b:ca:73:c1:81:a3:9d:3a:65:e1:
49:53:e8:b3:3c:5f:5f:d7:ab:3b:af:13:28:2d:99:dd:01:4a:
3b:3d:2c:26:b5:11:b7:29:a2:14:d1:30:13:73:39:5b:7d:8a:
75:14:f8:55:38:03:64:ba:5c:d2:24:e4:e8:d2:aa:2b:94:f9:
c4:d1:18:ad:a9:f2:2c:5d:af:10:87:95:db:35:03:05:33:5c:
47:ee:a3:d8:71:63:49:3d:f4:2b:3f:6a:8d:ba:02:1c:ca:22:
6d:4b:81:cb:c1:0a:f4:86:a6:71:cc:82:21:7f:ea:f2:ff:16:
99:7a:af:0f:34:aa:4f:7f:bc:64:6f:44:9c:64:4e:97:6b:aa:
f1:bb:a8:23:e7:bc:24:f6:4f:fe:ca:61:96:f0:22:9a:4c:ad:
d9:21:5a:86:92:88:28:23:7a:5b:9d:49:2b:7d:c7:a5:41:ac:
14:fa:24:48:18:88:66:42:5a:e6:96:f9:e1:b5:f9:54:bb:2a:
eb:4e:60:21:b6:85:73:e0:e5:0f:aa:26:57:65:e9:33:91:3e:
09:5d:b8:f2
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICBN0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTREM0QxMTAvBgNVBAUTKEM4MDcwRkQwNjFBODUxRkY4QUVERTBERTBDMzYwN0VF
Qjk4RkY3MDEwHhcNMjQwMzMxMTE0NzAzWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjA5NGQzNi0zZTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3LU3Qdz2sQjXNiELOyzDWnvpCXhBY60p0+2q5cBujRXnI+4Bj5JJLpOCEZ5t
CpBEQjQanE/X2412E5lv2CvWWqrYR7Af4dhe3LuxGtTrGddA1+ErN5VYnheV6KAC
Em6zd7a/ogz2ggolqkHp7iJpC7+31uoRt7AIaSxw8XhvzVwtTu26JHRB7eIat5D5
xXiFDGnR+J8r6Sw5fXwoYnyXDEuQvhWsDkhWIU0NL1ZG0Uh6nY0bfQB+GPz7/scw
BV+pgjZoBw86LmZ1jIehOGlnFSOcvLkof7iuSbgBtfq1/+w6TKBjLGF9mg/u5L1X
y6msuUh8NewJFL/+ElkPmvnA0wIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFP4dykIi
VB6QXAxiR3ZDyNRx7KZOMB8GA1UdIwQYMBaAFMgHD9BhqFH/iu3g3gw2B+65j/cB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEQzRC9CMDIwMkQzMkQ4
QjkxMUVCQUJDMUY0ODVDNEY5QUUwMi95QWNQMEdHb1VmLUs3ZURlRERZSDdybVA5
d0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lBY1AwR0dvVWYtSzdlRGVERFlIN3JtUDl3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTREM0QvQjAyMDJEMzJEOEI5MTFFQkFCQzFGNDg1QzRGOUFFMDIvMzAwM0M0QkE3
Qzc3MTFFRUI5RTBCRTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQDBAJny9wDBAJ7/ZgwDAMEBJbD0AMEAJbD1AMEAJbD1jAMAwQA
lsPZAwQFlsPAAwQBykvyMA0GCSqGSIb3DQEBCwUAA4IBAQAlDftn3NzuiAkM0kDY
SoekCVT2dibGxGdGdcvAXBkHFXdhdgijEovWf7ahjSvKc8GBo506ZeFJU+izPF9f
16s7rxMoLZndAUo7PSwmtRG3KaIU0TATczlbfYp1FPhVOANkulzSJOTo0qorlPnE
0RitqfIsXa8Qh5XbNQMFM1xH7qPYcWNJPfQrP2qNugIcyiJtS4HLwQr0hqZxzIIh
f+ry/xaZeq8PNKpPf7xkb0ScZE6Xa6rxu6gj57wk9k/+ymGW8CKaTK3ZIVqGkogo
I3pbnUkrfcelQawU+iRIGIhmQlrmlvnhtflUuyrrTmAhtoVz4OUPqiZXZekzkT4J
Xbjy
-----END CERTIFICATE-----
Generated at Sat May 11 02:39:35 2024 by rpki-client on console-fra.rpki-client.org