Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
File: EEFB07CCB8A311ED8F694046C4F9AE02.roa (raw, json)
Hash identifier: IdMt6eJbJY0CQOsRt3BklbohXFfNbPy1Yiz62IuF3WE=
Subject key identifier: 90:21:42:FC:BA:8F:6B:D9:81:3E:A8:DE:1A:0B:FC:5B:FC:BD:81:60
Certificate issuer: /CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60
Certificate serial: 20EE
Authority key identifier: 72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
Signing time: Tue 18 Jun 2024 01:20:34 +0000
ROA not before: Tue 18 Jun 2024 01:20:34 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 17551
IP address blocks: 14.192.56.0/22 maxlen: 22
14.192.56.0/23 maxlen: 23
14.192.58.0/23 maxlen: 23
103.15.148.0/22 maxlen: 22
103.29.172.0/24 maxlen: 24
103.29.173.0/24 maxlen: 24
103.53.117.0/24 maxlen: 24
103.53.118.0/24 maxlen: 24
103.53.119.0/24 maxlen: 24
103.227.64.0/23 maxlen: 23
103.232.252.0/22 maxlen: 22
110.232.240.0/21 maxlen: 21
117.53.128.0/20 maxlen: 20
125.214.80.0/21 maxlen: 21
202.47.120.0/22 maxlen: 22
203.22.132.0/24 maxlen: 24
203.27.231.0/24 maxlen: 24
203.30.68.0/24 maxlen: 24
203.83.4.0/22 maxlen: 22
203.147.96.0/21 maxlen: 21
2400:b880::/32 maxlen: 32
2407:5400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl
rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 29 Nov 2024 15:56:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8430 (0x20ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60
Validity
Not Before: Jun 18 01:20:34 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=6670e0e2-05aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:b1:99:b5:38:0d:68:22:d2:de:57:41:48:42:
cc:00:9e:f3:ef:fa:e9:9c:8b:8b:e9:3a:60:0a:59:
9c:8c:59:ff:ac:46:5f:54:f0:92:2d:0d:4b:c5:86:
9e:4c:09:9d:94:5b:3a:e5:69:2d:92:b5:d6:8f:aa:
cd:bc:cb:57:35:c7:54:a8:e4:5b:55:5c:4b:ba:8c:
e6:39:52:04:3d:26:20:d1:c7:a9:df:a8:38:86:cc:
a4:85:e4:80:78:ca:a1:68:cd:2b:df:a3:97:27:13:
c7:64:c0:f8:35:d8:bd:b5:ee:f8:1d:36:61:60:ab:
91:b5:f7:a9:c2:f2:4b:3c:cb:31:61:0f:4a:e3:38:
38:21:a7:38:af:d2:cc:e4:92:02:4a:59:90:4a:78:
da:fb:69:f0:4d:1d:26:5d:ae:87:8b:8d:10:a9:5a:
f3:ca:7c:25:e2:c5:9f:03:40:1b:01:f2:b8:62:39:
aa:27:17:d8:8c:2b:43:b4:a6:38:2f:f5:28:9e:18:
0a:7f:9d:4f:fd:24:fe:5c:16:24:0d:51:92:38:6d:
ab:3a:7f:89:bd:56:f0:3a:db:c8:3d:71:02:e4:2b:
d4:82:8a:9d:24:50:0e:1c:f5:ea:99:8d:10:7d:ee:
8a:87:fd:e4:d8:e3:f6:6d:f7:bd:6a:b7:5e:2c:52:
51:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:21:42:FC:BA:8F:6B:D9:81:3E:A8:DE:1A:0B:FC:5B:FC:BD:81:60
X509v3 Authority Key Identifier:
keyid:72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/EEFB07CCB8A311ED8F694046C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.56.0/22
103.15.148.0/22
103.29.172.0/23
103.53.117.0-103.53.119.255
103.227.64.0/23
103.232.252.0/22
110.232.240.0/21
117.53.128.0/20
125.214.80.0/21
202.47.120.0/22
203.22.132.0/24
203.27.231.0/24
203.30.68.0/24
203.83.4.0/22
203.147.96.0/21
IPv6:
2400:b880::/32
2407:5400::/32
Signature Algorithm: sha256WithRSAEncryption
cb:db:d3:bc:ba:58:37:d7:de:bc:4d:34:ff:72:a7:00:98:79:
a9:84:a0:7c:b1:a6:0b:1d:20:35:7b:a2:9a:95:d4:31:86:61:
cb:b0:7f:cd:e0:35:ff:b0:1b:8e:4b:67:f5:07:fb:76:7f:68:
11:97:9f:6c:42:ee:71:79:51:0c:ac:52:60:7e:ef:f6:f6:b6:
41:25:ee:46:9e:5c:7c:f2:27:fe:2d:ef:96:97:30:c1:4f:2c:
5a:3f:e9:47:de:a7:a3:7c:4e:ad:92:6e:60:57:f0:c3:81:79:
b8:ac:b9:3d:10:a0:4a:38:0f:1e:a0:4e:02:73:4d:ba:b7:d9:
a5:b2:78:fc:61:61:24:da:ef:8d:93:36:41:49:bf:c2:e9:a0:
39:7f:4d:4a:4a:c3:3d:9f:ef:1b:90:53:5a:56:bb:86:0a:4f:
ca:fe:b8:0a:ae:19:b1:93:96:4c:52:c3:93:cb:3c:ed:49:d0:
d7:53:d9:ce:11:d4:39:be:6a:33:45:4a:ca:24:23:f0:ad:46:
0b:70:c9:f1:26:e0:76:77:d3:0b:3a:23:77:de:3d:1b:7f:37:
28:d6:b1:3b:62:cd:6f:15:5a:6f:4b:95:f4:e5:ce:0f:31:ac:
55:cf:03:32:4d:c9:16:7e:60:28:e5:b4:1b:b2:51:97:77:e4:
eb:e5:59:ce
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgICIO4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkRENEQxMTAvBgNVBAUTKDcyQUZCQUVCQzlFQ0REQTJFRUQyRDQ5QjEzRTYwNDhF
QTNFNDFFNjAwHhcNMjQwNjE4MDEyMDM0WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjcwZTBlMi0wNWFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoLGZtTgNaCLS3ldBSELMAJ7z7/rpnIuL6TpgClmcjFn/rEZfVPCSLQ1LxYae
TAmdlFs65WktkrXWj6rNvMtXNcdUqORbVVxLuozmOVIEPSYg0cep36g4hsykheSA
eMqhaM0r36OXJxPHZMD4Ndi9te74HTZhYKuRtfepwvJLPMsxYQ9K4zg4Iac4r9LM
5JICSlmQSnja+2nwTR0mXa6Hi40QqVrzynwl4sWfA0AbAfK4YjmqJxfYjCtDtKY4
L/UonhgKf51P/ST+XBYkDVGSOG2rOn+JvVbwOtvIPXEC5CvUgoqdJFAOHPXqmY0Q
fe6Kh/3k2OP2bfe9ardeLFJRQwIDAQABo4IDCjCCAwYwHQYDVR0OBBYEFJAhQvy6
j2vZgT6o3hoL/Fv8vYFgMB8GA1UdIwQYMBaAFHKvuuvJ7N2i7tLUmxPmBI6j5B5g
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREQ0RC9CQUUxMDhDNEVB
NjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNhTHUwdFNiRS1ZRWpxUGtI
bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NxLTY2OG5zM2FMdTB0U2JFLVlFanFQa0htQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkRENEQvQkFFMTA4QzRFQTYwMTFFNTg4MTU3NzBDQzRGOUFFMDIvRUVGQjA3Q0NC
OEEzMTFFRDhGNjk0MDQ2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZMGCCsGAQUFBwEHAQH/
BIGDMIGAMGgEAgABMGIDBAIOwDgDBAJnD5QDBAFnHawwDAMEAGc1dQMEA2c1cAME
AWfjQAMEAmfo/AMEA27o8AMEBHU1gAMEA33WUAMEAsoveAMEAMsWhAMEAMsb5wME
AMseRAMEAstTBAMEA8uTYDAUBAIAAjAOAwUAJAC4gAMFACQHVAAwDQYJKoZIhvcN
AQELBQADggEBAMvb07y6WDfX3rxNNP9ypwCYeamEoHyxpgsdIDV7opqV1DGGYcuw
f83gNf+wG45LZ/UH+3Z/aBGXn2xC7nF5UQysUmB+7/b2tkEl7kaeXHzyJ/4t75aX
MMFPLFo/6Ufep6N8Tq2SbmBX8MOBebisuT0QoEo4Dx6gTgJzTbq32aWyePxhYSTa
742TNkFJv8LpoDl/TUpKwz2f7xuQU1pWu4YKT8r+uAquGbGTlkxSw5PLPO1J0NdT
2c4R1Dm+ajNFSsokI/CtRgtwyfEm4HZ30ws6I3fePRt/NyjWsTtizW8VWm9LlfTl
zg8xrFXPAzJNyRZ+YCjltBuyUZd35OvlWc4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:56:23 2024 by rpki-client on console-fra.rpki-client.org