Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
File: 7E0AB01C782C11EBB0B71971C4F9AE02.roa (raw, json)
Hash identifier: vANLWWY0YHYC0sh+JQ5XsGgfQudlAFfwTFv4G7Gqqlo=
Subject key identifier: AB:CF:C1:3D:8E:36:AA:26:2A:2C:1F:8C:F6:2E:0F:F3:78:BB:CA:94
Certificate issuer: /CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Certificate serial: 05A8
Authority key identifier: 05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
Signing time: Fri 29 Dec 2023 07:21:16 +0000
ROA not before: Fri 29 Dec 2023 07:21:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56201
IP address blocks: 169.148.132.0/24 maxlen: 24
169.148.133.0/24 maxlen: 24
169.148.134.0/23 maxlen: 23
169.148.134.0/24 maxlen: 24
169.148.135.0/24 maxlen: 24
169.148.136.0/23 maxlen: 23
169.148.136.0/24 maxlen: 24
169.148.137.0/24 maxlen: 24
169.148.138.0/23 maxlen: 24
169.148.140.0/23 maxlen: 24
169.148.142.0/23 maxlen: 23
169.148.142.0/24 maxlen: 24
169.148.143.0/24 maxlen: 24
169.148.144.0/23 maxlen: 23
169.148.144.0/24 maxlen: 24
169.148.145.0/24 maxlen: 24
169.148.146.0/23 maxlen: 23
169.148.148.0/23 maxlen: 23
169.148.148.0/24 maxlen: 24
169.148.149.0/24 maxlen: 24
169.148.150.0/24 maxlen: 24
199.67.76.0/23 maxlen: 23
199.67.76.0/24 maxlen: 24
199.67.77.0/24 maxlen: 24
199.67.78.0/23 maxlen: 23
199.67.78.0/24 maxlen: 24
199.67.79.0/24 maxlen: 24
199.67.94.0/23 maxlen: 23
199.67.94.0/24 maxlen: 24
199.67.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 21 May 2024 22:44:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1448 (0x5a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FF74B/serialNumber=059E6F03AE7676A9D0F09D5F6CBDB90861855A57
Validity
Not Before: Dec 29 07:21:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=658e736c-44e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:a3:3c:48:99:33:20:bf:b4:5f:f3:84:6e:dd:
55:f4:31:ab:50:e4:3b:98:7d:33:27:90:b5:c8:d9:
43:16:1b:70:0c:42:46:c9:fd:9e:77:6c:cd:2a:81:
be:3a:e2:88:a9:79:d4:1c:85:6c:36:13:a1:5b:b6:
08:70:6b:ab:3a:5f:12:1b:c5:08:93:bb:81:bc:41:
bd:6b:bf:2d:89:8d:25:db:97:2c:2e:78:a0:24:7d:
d4:23:d6:e2:ef:33:bc:db:1c:69:19:02:f8:0c:4f:
77:d1:b7:fd:9a:28:0e:8d:ec:37:20:2e:22:04:38:
69:16:ca:b7:ae:b4:29:87:40:37:a4:9c:84:4f:d6:
3d:14:7a:48:cb:a9:cc:b4:88:fa:42:10:ae:48:e7:
29:5d:0e:71:33:7a:22:86:ab:d9:a9:5c:74:f0:d0:
b1:bb:af:e2:65:bb:e3:d5:36:a6:5a:e1:ce:86:24:
61:8f:4b:cf:be:c5:d2:69:cc:5a:6d:95:86:06:af:
c0:59:0f:72:c4:1a:2a:6e:a2:fe:74:c3:2a:5e:cf:
c9:e8:53:4b:62:79:0a:45:84:09:35:f5:30:dc:1f:
91:e9:0c:d6:84:69:90:f2:69:b8:b2:53:5e:36:b6:
67:ed:e8:f9:bc:87:2a:e3:3f:3c:cb:a5:06:e4:f6:
13:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:CF:C1:3D:8E:36:AA:26:2A:2C:1F:8C:F6:2E:0F:F3:78:BB:CA:94
X509v3 Authority Key Identifier:
keyid:05:9E:6F:03:AE:76:76:A9:D0:F0:9D:5F:6C:BD:B9:08:61:85:5A:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/BZ5vA652dqnQ8J1fbL25CGGFWlc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/BZ5vA652dqnQ8J1fbL25CGGFWlc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF74B/61A3384A782C11EBAC04F672C4F9AE02/7E0AB01C782C11EBB0B71971C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
169.148.132.0-169.148.150.255
199.67.76.0/22
199.67.94.0/23
Signature Algorithm: sha256WithRSAEncryption
94:e2:c5:31:04:73:c2:a0:93:f0:fb:02:ed:7c:6f:d5:ce:89:
83:3a:db:fc:94:fc:82:74:ed:21:d9:d7:d4:e9:c0:a1:9c:ab:
b2:23:b6:15:e1:c0:b9:fd:81:6e:c9:81:93:23:54:cd:ef:18:
8c:c9:c6:af:6d:99:c4:c7:53:88:3b:e8:47:6d:0b:19:95:7e:
8c:66:6e:49:3c:c2:88:8f:fe:9b:9a:72:59:4c:60:09:19:af:
af:5c:02:a8:e6:76:56:a9:61:9c:52:36:17:1b:c7:06:c0:4c:
4a:c1:82:1a:60:2d:a6:8e:15:60:75:cd:0a:0a:da:a5:6d:c2:
a3:2b:a8:c6:7d:4b:d8:db:a4:39:35:66:88:82:fd:93:6d:75:
5a:e8:d0:10:c6:35:aa:5d:99:0e:09:e6:db:14:b3:5d:9e:11:
de:aa:f4:09:79:fc:c6:39:fd:7e:1d:e6:0f:ad:83:44:8f:e6:
4d:4b:3d:aa:16:43:15:fe:fb:26:ef:5f:21:0e:55:03:88:73:
ac:05:17:17:a0:23:55:98:8e:ce:9b:60:34:62:91:93:1e:0a:
95:b5:a7:55:fb:c3:05:b2:2c:7b:f5:46:63:85:bf:67:6a:e3:
e2:cb:77:40:e0:77:bb:4b:58:da:82:db:b6:65:8a:79:1e:3a:
79:8e:9f:26
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBagwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY3NEIxMTAvBgNVBAUTKDA1OUU2RjAzQUU3Njc2QTlEMEYwOUQ1RjZDQkRCOTA4
NjE4NTVBNTcwHhcNMjMxMjI5MDcyMTE2WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThlNzM2Yy00NGUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6KM8SJkzIL+0X/OEbt1V9DGrUOQ7mH0zJ5C1yNlDFhtwDEJGyf2ed2zNKoG+
OuKIqXnUHIVsNhOhW7YIcGurOl8SG8UIk7uBvEG9a78tiY0l25csLnigJH3UI9bi
7zO82xxpGQL4DE930bf9migOjew3IC4iBDhpFsq3rrQph0A3pJyET9Y9FHpIy6nM
tIj6QhCuSOcpXQ5xM3oihqvZqVx08NCxu6/iZbvj1TamWuHOhiRhj0vPvsXSacxa
bZWGBq/AWQ9yxBoqbqL+dMMqXs/J6FNLYnkKRYQJNfUw3B+R6QzWhGmQ8mm4slNe
NrZn7ej5vIcq4z88y6UG5PYTPQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFKvPwT2O
NqomKiwfjPYuD/N4u8qUMB8GA1UdIwQYMBaAFAWebwOudnap0PCdX2y9uQhhhVpX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjc0Qi82MUEzMzg0QTc4
MkMxMUVCQUMwNEY2NzJDNEY5QUUwMi9CWjV2QTY1MmRxblE4SjFmYkwyNUNHR0ZX
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0JaNXZBNjUyZHFuUThKMWZiTDI1Q0dHRldsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY3NEIvNjFBMzM4NEE3ODJDMTFFQkFDMDRGNjcyQzRGOUFFMDIvN0UwQUIwMUM3
ODJDMTFFQkIwQjcxOTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAqmUhAMEAKmUlgMEAsdDTAMEAcdDXjANBgkqhkiG9w0B
AQsFAAOCAQEAlOLFMQRzwqCT8PsC7Xxv1c6Jgzrb/JT8gnTtIdnX1OnAoZyrsiO2
FeHAuf2BbsmBkyNUze8YjMnGr22ZxMdTiDvoR20LGZV+jGZuSTzCiI/+m5pyWUxg
CRmvr1wCqOZ2VqlhnFI2FxvHBsBMSsGCGmAtpo4VYHXNCgrapW3Coyuoxn1L2Nuk
OTVmiIL9k211WujQEMY1ql2ZDgnm2xSzXZ4R3qr0CXn8xjn9fh3mD62DRI/mTUs9
qhZDFf77Ju9fIQ5VA4hzrAUXF6AjVZiOzptgNGKRkx4KlbWnVfvDBbIse/VGY4W/
Z2rj4st3QOB3u0tY2oLbtmWKeR46eY6fJg==
-----END CERTIFICATE-----
Generated at Wed May 15 01:43:54 2024 by rpki-client on console-ams.rpki-client.org