Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911ABCE/90099C4057DD11EEBAFFE42DC4F9AE02/22613D48AC7311EE8A97A86FC4F9AE02.roa
File: 22613D48AC7311EE8A97A86FC4F9AE02.roa (raw, json)
Hash identifier: /eRQukOTRoCvRThMcH9XwUAJIcceCRwYKwwMbY6uF7g=
Subject key identifier: 26:1C:0E:43:85:3B:9C:E8:06:6B:20:A9:2C:B1:AD:5D:59:B7:90:CD
Certificate issuer: /CN=A911ABCE/serialNumber=300742E4AD547AE49DD82C82F7ECEB095B902A20
Certificate serial: D3
Authority key identifier: 30:07:42:E4:AD:54:7A:E4:9D:D8:2C:82:F7:EC:EB:09:5B:90:2A:20
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MAdC5K1UeuSd2CyC9-zrCVuQKiA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911ABCE/90099C4057DD11EEBAFFE42DC4F9AE02/22613D48AC7311EE8A97A86FC4F9AE02.roa
Signing time: Sat 05 Oct 2024 04:38:38 +0000
ROA not before: Sat 05 Oct 2024 04:38:38 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 2914
IP address blocks: 43.239.250.0/24 maxlen: 24
114.31.208.0/22 maxlen: 22
2404:3600::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 211 (0xd3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911ABCE/serialNumber=300742E4AD547AE49DD82C82F7ECEB095B902A20
Validity
Not Before: Oct 5 04:38:38 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=6700c2ce-d7f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:3b:20:5b:c5:5d:7c:de:20:bc:a7:2c:de:ed:
d5:12:7e:5e:52:aa:6c:04:ee:d7:bf:94:d8:4e:d2:
a7:eb:c8:db:24:52:99:b2:2e:69:fa:6f:af:5d:14:
3d:7d:09:8b:84:de:2f:a8:38:4a:92:e4:77:cb:f4:
06:ce:c7:cd:fb:30:76:9b:3e:8a:a2:88:0a:e8:4c:
df:64:f1:1c:6c:54:c2:cc:5b:bb:c3:2a:6f:33:bc:
c1:1d:ad:b0:e3:a4:22:a9:e4:54:ff:61:6a:c9:17:
39:f0:24:91:d4:ce:0b:7b:c7:17:2d:50:db:0d:a6:
f6:da:e8:ba:c7:08:f1:91:fc:a3:12:63:56:43:f5:
27:08:5a:7a:14:78:70:fa:b9:3b:b2:c0:41:b1:d4:
62:0f:12:2d:73:82:b1:7f:1f:c3:14:77:99:b3:2c:
d3:a3:b8:48:5b:95:2d:71:a9:5c:ef:bd:fd:7a:89:
75:3a:a4:c0:0b:78:e2:fc:97:58:e0:b9:f5:13:08:
8f:59:2f:62:21:95:89:e9:51:1f:82:df:36:6b:3d:
79:d0:3a:a5:6e:27:89:21:5c:d5:eb:61:db:e5:57:
aa:13:73:fc:72:6b:59:e1:f0:5b:d4:f8:6d:af:d6:
76:97:fb:46:92:0f:ae:30:29:4f:82:50:bb:78:2b:
1c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:1C:0E:43:85:3B:9C:E8:06:6B:20:A9:2C:B1:AD:5D:59:B7:90:CD
X509v3 Authority Key Identifier:
keyid:30:07:42:E4:AD:54:7A:E4:9D:D8:2C:82:F7:EC:EB:09:5B:90:2A:20
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911ABCE/90099C4057DD11EEBAFFE42DC4F9AE02/MAdC5K1UeuSd2CyC9-zrCVuQKiA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MAdC5K1UeuSd2CyC9-zrCVuQKiA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911ABCE/90099C4057DD11EEBAFFE42DC4F9AE02/22613D48AC7311EE8A97A86FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.250.0/24
114.31.208.0/22
IPv6:
2404:3600::/32
Signature Algorithm: sha256WithRSAEncryption
cd:f1:39:55:36:5d:15:c6:1d:8b:c1:d1:18:04:b4:dd:4b:b8:
b0:6b:44:a1:bb:92:f2:f4:39:0f:eb:04:24:3f:3f:95:9b:4d:
92:e3:2c:93:d2:45:ab:1c:70:99:09:fb:7d:c2:91:b0:f5:af:
c0:be:3e:94:a9:a0:06:bc:f1:e5:fc:1b:93:98:7f:6a:f1:4f:
88:89:78:63:56:95:8a:9a:f2:bc:03:93:ed:fd:0c:18:25:5d:
59:74:e3:4b:db:a7:dc:61:1e:be:86:21:ca:5c:93:33:a2:54:
80:5f:2b:dd:7e:fa:f2:ed:c1:07:e3:dd:b3:97:a2:4f:be:22:
ab:73:2d:9a:a4:a2:27:9a:a6:7a:65:2a:86:fd:e4:df:5e:d6:
aa:cc:d0:e8:0a:cd:ac:3b:27:94:38:ee:83:9a:9e:21:3a:37:
c6:57:c9:3d:01:b2:cd:42:97:4a:e3:32:97:3b:14:e1:20:ec:
54:59:e8:63:e3:6a:3c:69:e5:ee:b0:07:58:a9:d6:c4:c4:99:
78:9b:8f:6a:33:99:26:06:f1:67:3a:38:72:11:b5:8d:33:bd:
5d:dd:4e:2f:9a:0f:65:fb:11:b0:15:15:73:92:94:5b:a1:2a:
2a:d1:77:e9:73:7c:82:58:95:5d:4e:d1:89:78:7a:cb:fd:82:
0f:96:99:df
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICANMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUFCQ0UxMTAvBgNVBAUTKDMwMDc0MkU0QUQ1NDdBRTQ5REQ4MkM4MkY3RUNFQjA5
NUI5MDJBMjAwHhcNMjQxMDA1MDQzODM4WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzAwYzJjZS1kN2Y2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTsgW8VdfN4gvKcs3u3VEn5eUqpsBO7Xv5TYTtKn68jbJFKZsi5p+m+vXRQ9
fQmLhN4vqDhKkuR3y/QGzsfN+zB2mz6KoogK6EzfZPEcbFTCzFu7wypvM7zBHa2w
46QiqeRU/2FqyRc58CSR1M4Le8cXLVDbDab22ui6xwjxkfyjEmNWQ/UnCFp6FHhw
+rk7ssBBsdRiDxItc4Kxfx/DFHeZsyzTo7hIW5Utcalc7739eol1OqTAC3ji/JdY
4Ln1EwiPWS9iIZWJ6VEfgt82az150DqlbieJIVzV62Hb5VeqE3P8cmtZ4fBb1Pht
r9Z2l/tGkg+uMClPglC7eCscqwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFCYcDkOF
O5zoBmsgqSyxrV1Zt5DNMB8GA1UdIwQYMBaAFDAHQuStVHrkndgsgvfs6wlbkCog
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQUJDRS85MDA5OUM0MDU3
REQxMUVFQkFGRkU0MkRDNEY5QUUwMi9NQWRDNUsxVWV1U2QyQ3lDOS16ckNWdVFL
aUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01BZEM1SzFVZXVTZDJDeUM5LXpyQ1Z1UUtpQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUFCQ0UvOTAwOTlDNDA1N0REMTFFRUJBRkZFNDJEQzRGOUFFMDIvMjI2MTNENDhB
QzczMTFFRThBOTdBODZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAAr7/oDBAJyH9AwDQQCAAIwBwMFACQENgAwDQYJKoZIhvcN
AQELBQADggEBAM3xOVU2XRXGHYvB0RgEtN1LuLBrRKG7kvL0OQ/rBCQ/P5WbTZLj
LJPSRasccJkJ+33CkbD1r8C+PpSpoAa88eX8G5OYf2rxT4iJeGNWlYqa8rwDk+39
DBglXVl040vbp9xhHr6GIcpckzOiVIBfK91++vLtwQfj3bOXok++IqtzLZqkoiea
pnplKob95N9e1qrM0OgKzaw7J5Q47oOaniE6N8ZXyT0Bss1Cl0rjMpc7FOEg7FRZ
6GPjajxp5e6wB1ip1sTEmXibj2ozmSYG8Wc6OHIRtY0zvV3dTi+aD2X7EbAVFXOS
lFuhKirRd+lzfIJYlV1O0Yl4esv9gg+Wmd8=
-----END CERTIFICATE-----
Generated at Fri Apr 25 14:29:12 2025 by rpki-client