Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9120AC1/48017D38309711ECB285A64BC4F9AE02/EDB1F68E3C8811EC889B9D78C4F9AE02.roa
File: EDB1F68E3C8811EC889B9D78C4F9AE02.roa (raw, json)
Hash identifier: M28GSpsob0GcZZ2QTl/qwtN101CbqZ2q8yG6EV5VT+A=
Subject key identifier: 11:71:04:AB:2C:18:2C:C7:12:6D:DE:38:D9:25:E5:0C:B2:43:13:51
Certificate issuer: /CN=A9120AC1/serialNumber=8F2BD4C12636F0059B408D0716AF32C8F54069A5
Certificate serial: 03B8
Authority key identifier: 8F:2B:D4:C1:26:36:F0:05:9B:40:8D:07:16:AF:32:C8:F5:40:69:A5
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jyvUwSY28AWbQI0HFq8yyPVAaaU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9120AC1/48017D38309711ECB285A64BC4F9AE02/EDB1F68E3C8811EC889B9D78C4F9AE02.roa
Signing time: Wed 17 Jan 2024 02:03:55 +0000
ROA not before: Wed 17 Jan 2024 02:03:55 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 45753
IP address blocks: 43.225.196.0/22 maxlen: 22
43.225.196.0/24 maxlen: 24
43.225.197.0/24 maxlen: 24
43.225.198.0/24 maxlen: 24
43.225.199.0/24 maxlen: 24
103.44.160.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 952 (0x3b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9120AC1/serialNumber=8F2BD4C12636F0059B408D0716AF32C8F54069A5
Validity
Not Before: Jan 17 02:03:55 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65a7358a-8f1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bb:a4:03:88:2c:c6:6e:47:aa:01:25:3a:c1:
d5:82:1d:c6:90:8a:f2:25:c3:bb:eb:f3:c7:bd:04:
d5:1e:d9:a0:94:9d:68:41:d3:b0:bd:a6:ec:db:3a:
a7:18:55:5c:dc:da:39:24:41:bf:53:f2:92:25:b2:
0c:84:e9:91:73:f0:d4:f8:01:61:cd:fa:e3:22:66:
ce:30:44:11:b2:33:94:48:32:ad:32:c3:46:ce:96:
48:72:23:b0:44:be:dd:21:4a:c4:d6:7c:fe:26:c2:
94:d0:40:b5:12:1e:c7:02:a9:1c:a6:47:ae:6b:fe:
a1:0a:fd:78:8a:05:8e:00:fd:d0:3e:50:50:35:9d:
07:ee:ec:b7:93:4a:17:08:a9:e2:92:01:4e:99:9e:
cb:89:59:d1:dd:a4:3c:76:0c:59:b6:91:73:ad:b2:
fd:43:32:1a:25:7f:2e:e8:5a:29:31:b0:39:9d:77:
15:35:46:93:fa:04:fe:30:6d:95:d0:6e:aa:4a:ad:
71:c6:71:cb:51:50:aa:7d:85:9c:0c:51:8c:89:47:
8d:0c:1a:52:74:cc:4f:fe:1c:ce:b4:d0:5d:72:15:
e0:4b:1b:10:27:29:15:7d:6d:26:ca:ee:e2:dd:a2:
95:25:90:ff:ec:19:c0:43:40:f1:62:85:01:77:6b:
58:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:71:04:AB:2C:18:2C:C7:12:6D:DE:38:D9:25:E5:0C:B2:43:13:51
X509v3 Authority Key Identifier:
keyid:8F:2B:D4:C1:26:36:F0:05:9B:40:8D:07:16:AF:32:C8:F5:40:69:A5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9120AC1/48017D38309711ECB285A64BC4F9AE02/jyvUwSY28AWbQI0HFq8yyPVAaaU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jyvUwSY28AWbQI0HFq8yyPVAaaU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120AC1/48017D38309711ECB285A64BC4F9AE02/EDB1F68E3C8811EC889B9D78C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.196.0/22
103.44.160.0/22
Signature Algorithm: sha256WithRSAEncryption
42:b4:8c:b9:ac:dc:f0:d5:f7:ce:8b:80:3e:6a:f8:30:89:79:
9d:52:e3:e5:ca:df:34:5b:0c:fe:9b:e6:ee:b9:ba:0e:53:2b:
70:fd:de:ed:71:c2:77:60:09:75:85:c1:0f:51:73:33:04:68:
22:a1:5c:ea:46:ec:aa:73:6c:a3:31:e9:b1:77:d9:51:bb:2d:
31:e0:8c:10:0c:17:cd:e9:8f:27:83:09:5c:05:de:4d:9f:6b:
e5:05:74:1d:0d:c5:a9:c9:eb:10:10:82:89:90:f3:05:ed:c5:
97:82:1a:d5:0d:fc:66:d8:70:8c:bd:86:f7:4c:a2:42:18:13:
67:fe:95:e1:2d:68:d2:8e:ef:42:35:68:19:6b:59:18:51:b6:
c4:58:6b:bf:83:42:98:c1:61:0a:22:92:c3:7f:7d:90:15:7e:
ac:f0:14:3e:ed:79:aa:70:d2:60:39:b7:11:0f:46:fd:a2:b3:
f2:f3:24:ca:34:8d:9e:fc:80:c6:c9:18:70:3c:01:03:8d:9e:
eb:30:5f:c9:02:ba:cd:5f:5b:ce:40:ab:b4:f0:52:88:dd:d6:
78:04:21:be:1c:66:84:50:9a:ab:37:50:28:26:ab:c3:1c:72:
2d:b7:5f:83:a9:cb:8a:ea:52:f6:b6:75:be:76:c3:a6:e0:c1:
13:23:96:93
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA7gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjBBQzExMTAvBgNVBAUTKDhGMkJENEMxMjYzNkYwMDU5QjQwOEQwNzE2QUYzMkM4
RjU0MDY5QTUwHhcNMjQwMTE3MDIwMzU1WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWE3MzU4YS04ZjFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAurukA4gsxm5HqgElOsHVgh3GkIryJcO76/PHvQTVHtmglJ1oQdOwvabs2zqn
GFVc3No5JEG/U/KSJbIMhOmRc/DU+AFhzfrjImbOMEQRsjOUSDKtMsNGzpZIciOw
RL7dIUrE1nz+JsKU0EC1Eh7HAqkcpkeua/6hCv14igWOAP3QPlBQNZ0H7uy3k0oX
CKnikgFOmZ7LiVnR3aQ8dgxZtpFzrbL9QzIaJX8u6FopMbA5nXcVNUaT+gT+MG2V
0G6qSq1xxnHLUVCqfYWcDFGMiUeNDBpSdMxP/hzOtNBdchXgSxsQJykVfW0myu7i
3aKVJZD/7BnAQ0DxYoUBd2tYoQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBFxBKss
GCzHEm3eONkl5QyyQxNRMB8GA1UdIwQYMBaAFI8r1MEmNvAFm0CNBxavMsj1QGml
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMEFDMS80ODAxN0QzODMw
OTcxMUVDQjI4NUE2NEJDNEY5QUUwMi9qeXZVd1NZMjhBV2JRSTBIRnE4eXlQVkFh
YVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p5dlV3U1kyOEFXYlFJMEhGcTh5eVBWQWFhVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjBBQzEvNDgwMTdEMzgzMDk3MTFFQ0IyODVBNjRCQzRGOUFFMDIvRURCMUY2OEUz
Qzg4MTFFQzg4OUI5RDc4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr4cQDBAJnLKAwDQYJKoZIhvcNAQELBQADggEBAEK0jLms
3PDV986LgD5q+DCJeZ1S4+XK3zRbDP6b5u65ug5TK3D93u1xwndgCXWFwQ9RczME
aCKhXOpG7KpzbKMx6bF32VG7LTHgjBAMF83pjyeDCVwF3k2fa+UFdB0NxanJ6xAQ
gomQ8wXtxZeCGtUN/GbYcIy9hvdMokIYE2f+leEtaNKO70I1aBlrWRhRtsRYa7+D
QpjBYQoiksN/fZAVfqzwFD7teapw0mA5txEPRv2is/LzJMo0jZ78gMbJGHA8AQON
nuswX8kCus1fW85Aq7TwUojd1ngEIb4cZoRQmqs3UCgmq8Mcci23X4Opy4rqUva2
db52w6bgwRMjlpM=
-----END CERTIFICATE-----
Generated at Wed Apr 30 20:39:13 2025 by rpki-client