Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/FE02E774CFFD11EC8CFDFF68C4F9AE02.roa
File: FE02E774CFFD11EC8CFDFF68C4F9AE02.roa (raw, json)
Hash identifier: Mb3AFxuyqsJCVgV+HTF7n8MDdauyi9spCKyVJmftERQ=
Subject key identifier: CF:E7:5F:EC:04:3F:31:42:3A:7E:7A:3B:84:46:39:8F:37:4E:ED:D0
Certificate issuer: /CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
Certificate serial: 0758
Authority key identifier: 5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/FE02E774CFFD11EC8CFDFF68C4F9AE02.roa
Signing time: Wed 28 Aug 2024 22:00:09 +0000
ROA not before: Wed 28 Aug 2024 22:00:09 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 140892
IP address blocks: 103.153.8.0/23 maxlen: 23
203.34.11.0/24 maxlen: 24
2401:3020::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1880 (0x758)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
Validity
Not Before: Aug 28 22:00:09 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=66cf9de9-41b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:84:1c:c4:49:7b:08:b1:9f:76:ec:ba:ef:01:
3e:57:3f:13:77:d8:d4:29:bf:c8:f8:0a:11:10:a2:
5a:ca:44:f2:e6:1f:64:6b:ec:53:d1:f5:4e:f2:0a:
37:ed:96:ce:6f:1f:2e:00:d4:9d:81:17:ec:ee:4f:
2e:1d:f7:d7:97:23:59:e2:ed:93:e5:d4:a0:96:33:
78:0d:56:06:ed:e5:77:27:a9:91:ca:2b:1e:83:08:
93:29:9a:e0:cf:c1:39:fd:2c:98:d0:b1:82:21:d6:
d9:73:8d:de:e4:4c:58:c3:45:d7:48:07:2c:06:ca:
f3:88:e1:bb:f6:23:4f:55:2b:91:06:83:1f:c9:e3:
7e:5e:5a:5f:92:fe:68:38:94:63:17:58:bc:fb:e8:
77:02:b5:4b:58:14:a9:57:eb:f8:61:d5:f6:8e:50:
c6:7e:73:87:36:4a:a4:e1:76:5a:3c:a9:c9:02:b2:
87:32:33:ba:ed:3d:61:3f:e6:9c:02:47:80:e3:71:
a2:3e:9e:96:7f:93:24:22:24:d3:4f:b1:5f:5c:d9:
1a:16:59:0d:b8:40:ce:16:e5:3b:de:3c:fb:a7:fb:
c4:85:74:46:2c:5e:5b:c0:37:20:18:67:3d:44:8d:
58:83:fc:07:f2:60:7a:b3:ab:00:5a:ff:ab:50:93:
a5:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:E7:5F:EC:04:3F:31:42:3A:7E:7A:3B:84:46:39:8F:37:4E:ED:D0
X509v3 Authority Key Identifier:
keyid:5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/X-MMr29aMskZ0zWqlNDnMzzQVDU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/FE02E774CFFD11EC8CFDFF68C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.153.8.0/23
203.34.11.0/24
IPv6:
2401:3020::/32
Signature Algorithm: sha256WithRSAEncryption
1b:96:bd:53:80:64:0a:ab:66:ef:f6:29:f4:05:9c:e2:27:64:
b7:b9:0e:b0:01:c0:c8:f9:de:97:0c:1e:e1:fa:4f:b6:87:4b:
b7:4b:4f:df:ef:49:b8:7c:70:11:8c:9f:0e:5c:43:3f:ec:2b:
59:20:43:f1:95:af:9a:f4:28:40:57:ec:4a:3e:1d:a4:08:eb:
af:f8:cf:3e:14:e9:71:3d:44:e1:6e:bd:78:96:80:6e:09:ee:
51:d2:8c:b8:14:fb:b0:3b:ba:c8:2f:7b:fb:f2:38:0a:9d:0e:
9f:1c:5d:c3:14:3a:2e:16:c5:3f:9c:59:8f:10:1c:2e:52:27:
fd:ef:7c:f5:a7:68:ff:e2:5c:86:30:88:81:78:cf:33:f6:4e:
00:36:8e:80:cc:d2:7e:11:65:38:83:18:02:6c:2a:9a:6f:8c:
71:94:42:44:c9:af:51:45:9c:76:c2:01:57:dc:e2:36:ca:fe:
f8:24:05:00:63:40:21:59:94:33:77:9a:cb:e1:07:29:18:14:
91:66:52:44:9e:82:08:65:b3:98:fa:bc:ae:5b:1b:f0:d1:b7:
7d:12:03:9c:47:84:ab:bc:64:bb:d8:1c:3d:d1:31:b1:b9:19:
bd:62:26:ee:ac:b0:bd:8a:b9:50:6a:97:62:b4:c3:b2:89:0a:
2b:6f:ab:2c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICB1gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU0MDMxMTAvBgNVBAUTKDVGRTMwQ0FGNkY1QTMyQzkxOUQzMzVBQTk0RDBFNzMz
M0NEMDU0MzUwHhcNMjQwODI4MjIwMDA5WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmNmOWRlOS00MWIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxoQcxEl7CLGfduy67wE+Vz8Td9jUKb/I+AoREKJaykTy5h9ka+xT0fVO8go3
7ZbObx8uANSdgRfs7k8uHffXlyNZ4u2T5dSgljN4DVYG7eV3J6mRyisegwiTKZrg
z8E5/SyY0LGCIdbZc43e5ExYw0XXSAcsBsrziOG79iNPVSuRBoMfyeN+Xlpfkv5o
OJRjF1i8++h3ArVLWBSpV+v4YdX2jlDGfnOHNkqk4XZaPKnJArKHMjO67T1hP+ac
AkeA43GiPp6Wf5MkIiTTT7FfXNkaFlkNuEDOFuU73jz7p/vEhXRGLF5bwDcgGGc9
RI1Yg/wH8mB6s6sAWv+rUJOlUQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFM/nX+wE
PzFCOn56O4RGOY83Tu3QMB8GA1UdIwQYMBaAFF/jDK9vWjLJGdM1qpTQ5zM80FQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTQwMy9BMUNDRUNGRUY4
QkIxMUVBODdCMURFNkJDNEY5QUUwMi9YLU1NcjI5YU1za1oweldxbE5Ebk16elFW
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1gtTU1yMjlhTXNrWjB6V3FsTkRuTXp6UVZEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU0MDMvQTFDQ0VDRkVGOEJCMTFFQTg3QjFERTZCQzRGOUFFMDIvRkUwMkU3NzRD
RkZEMTFFQzhDRkRGRjY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFnmQgDBADLIgswDQQCAAIwBwMFACQBMCAwDQYJKoZIhvcN
AQELBQADggEBABuWvVOAZAqrZu/2KfQFnOInZLe5DrABwMj53pcMHuH6T7aHS7dL
T9/vSbh8cBGMnw5cQz/sK1kgQ/GVr5r0KEBX7Eo+HaQI66/4zz4U6XE9ROFuvXiW
gG4J7lHSjLgU+7A7usgve/vyOAqdDp8cXcMUOi4WxT+cWY8QHC5SJ/3vfPWnaP/i
XIYwiIF4zzP2TgA2joDM0n4RZTiDGAJsKppvjHGUQkTJr1FFnHbCAVfc4jbK/vgk
BQBjQCFZlDN3msvhBykYFJFmUkSegghls5j6vK5bG/DRt30SA5xHhKu8ZLvYHD3R
MbG5Gb1iJu6ssL2KuVBql2K0w7KJCitvqyw=
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:20:58 2025 by rpki-client