Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914B57F/B2457D6A4E5911EA9EE9E20DC4F9AE02/11685AAC4F0D11EAA161D143C4F9AE02.roa
File: 11685AAC4F0D11EAA161D143C4F9AE02.roa (raw, json)
Hash identifier: HpuZh21zVl0Ft40GZ9PsEwmlpNjswClEyYGJmu6x+ok=
Subject key identifier: CC:FB:5D:3B:8E:B6:DA:A0:2C:92:69:CC:FB:8C:F0:1E:B5:CE:82:C4
Certificate issuer: /CN=A914B57F/serialNumber=E1064BB601A13108761B5457A1F71524C4A4CBCE
Certificate serial: 0A5C
Authority key identifier: E1:06:4B:B6:01:A1:31:08:76:1B:54:57:A1:F7:15:24:C4:A4:CB:CE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4QZLtgGhMQh2G1RXofcVJMSky84.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914B57F/B2457D6A4E5911EA9EE9E20DC4F9AE02/11685AAC4F0D11EAA161D143C4F9AE02.roa
Signing time: Fri 18 Oct 2024 19:58:12 +0000
ROA not before: Fri 18 Oct 2024 19:58:12 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 136979
IP address blocks: 103.101.36.0/22 maxlen: 22
103.101.36.0/24 maxlen: 24
103.101.37.0/24 maxlen: 24
103.101.38.0/24 maxlen: 24
103.101.39.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2652 (0xa5c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914B57F/serialNumber=E1064BB601A13108761B5457A1F71524C4A4CBCE
Validity
Not Before: Oct 18 19:58:12 2024 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=6712bdd4-23b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4d:e2:db:d3:42:8c:41:a6:b0:a3:23:07:03:
79:b9:d4:db:58:67:5b:ab:2e:89:22:7f:9d:9e:08:
52:e6:77:14:68:ae:a5:aa:0d:eb:3c:98:dd:fc:86:
c8:ba:9d:ba:b6:b0:17:f9:7a:7d:f1:a0:78:d4:67:
65:ba:c3:dc:85:55:4b:58:78:93:e1:80:3b:5c:fe:
77:3d:a4:9c:db:75:8d:71:64:97:fb:84:78:e6:d7:
7b:25:c3:4a:5d:19:6e:dd:9e:20:81:59:00:90:d9:
6f:d5:c4:20:6e:a6:a4:9e:b8:a4:b5:af:59:6d:47:
86:b3:25:d1:f8:41:d5:58:66:45:d0:bf:3c:9f:a2:
91:ba:f3:94:f0:9d:9a:4c:70:cb:00:30:33:77:7e:
9d:a0:10:90:e9:fd:1f:55:bf:e8:f3:b5:c3:b1:4d:
20:3a:69:04:39:41:b1:ef:cf:1b:a7:fc:6b:1c:30:
d3:7b:13:37:f7:27:31:ad:37:10:99:73:5f:d1:2e:
52:33:40:93:e5:64:91:30:92:71:d9:9b:8c:b8:13:
a6:8e:42:70:bb:fc:16:94:64:13:08:f8:1e:7e:83:
7f:fd:85:a9:92:4a:58:72:54:61:85:32:73:ac:4a:
c4:ab:30:50:b6:86:6f:8d:ac:e6:35:5c:8b:af:d7:
81:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:FB:5D:3B:8E:B6:DA:A0:2C:92:69:CC:FB:8C:F0:1E:B5:CE:82:C4
X509v3 Authority Key Identifier:
keyid:E1:06:4B:B6:01:A1:31:08:76:1B:54:57:A1:F7:15:24:C4:A4:CB:CE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914B57F/B2457D6A4E5911EA9EE9E20DC4F9AE02/4QZLtgGhMQh2G1RXofcVJMSky84.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4QZLtgGhMQh2G1RXofcVJMSky84.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914B57F/B2457D6A4E5911EA9EE9E20DC4F9AE02/11685AAC4F0D11EAA161D143C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.101.36.0/22
Signature Algorithm: sha256WithRSAEncryption
a0:e6:00:0d:cc:2c:7c:ee:cf:8f:13:89:51:66:85:fa:19:6a:
d0:8b:e7:f9:76:62:e1:af:38:16:44:95:cb:77:32:60:21:ff:
78:a9:76:2f:eb:a9:42:f6:10:8e:91:1f:32:ff:c6:cd:1f:56:
f5:e2:1a:f3:2d:fa:b8:18:90:35:78:84:e4:03:a0:72:f5:e5:
f1:86:df:eb:a3:27:a9:61:7b:18:84:ce:ee:55:26:8b:09:e2:
c8:5a:36:e9:45:6a:5a:56:9f:92:76:05:76:6a:6b:da:32:a0:
a3:63:75:33:e4:e0:d7:56:b0:90:94:f9:00:25:50:fb:02:a9:
c2:02:70:ab:82:7c:f7:48:81:8f:8a:bc:4c:07:66:b3:6a:87:
0a:b0:af:4e:5c:db:95:99:73:c3:07:4f:50:28:0e:db:c8:b0:
41:b6:13:d5:b8:4c:29:45:5a:4b:6f:b0:aa:68:67:9d:7c:cc:
75:ef:4d:1d:6b:ab:64:e8:12:0f:69:07:fd:81:23:8d:bf:12:
d0:e9:33:5b:c6:c2:27:04:e0:c9:2c:cf:64:1f:bc:b4:14:ff:
57:31:c9:e9:0a:20:20:c4:2b:11:0c:46:68:d0:26:6f:34:ea:
60:fd:76:44:8e:49:af:de:5b:0e:0c:ff:b6:74:05:3f:be:f7:
50:60:50:10
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICClwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEI1N0YxMTAvBgNVBAUTKEUxMDY0QkI2MDFBMTMxMDg3NjFCNTQ1N0ExRjcxNTI0
QzRBNENCQ0UwHhcNMjQxMDE4MTk1ODEyWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzEyYmRkNC0yM2I2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt03i29NCjEGmsKMjBwN5udTbWGdbqy6JIn+dnghS5ncUaK6lqg3rPJjd/IbI
up26trAX+Xp98aB41GdlusPchVVLWHiT4YA7XP53PaSc23WNcWSX+4R45td7JcNK
XRlu3Z4ggVkAkNlv1cQgbqaknrikta9ZbUeGsyXR+EHVWGZF0L88n6KRuvOU8J2a
THDLADAzd36doBCQ6f0fVb/o87XDsU0gOmkEOUGx788bp/xrHDDTexM39ycxrTcQ
mXNf0S5SM0CT5WSRMJJx2ZuMuBOmjkJwu/wWlGQTCPgefoN//YWpkkpYclRhhTJz
rErEqzBQtoZvjazmNVyLr9eBvwIDAQABo4IClTCCApEwHQYDVR0OBBYEFMz7XTuO
ttqgLJJpzPuM8B61zoLEMB8GA1UdIwQYMBaAFOEGS7YBoTEIdhtUV6H3FSTEpMvO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QjU3Ri9CMjQ1N0Q2QTRF
NTkxMUVBOUVFOUUyMERDNEY5QUUwMi80UVpMdGdHaE1RaDJHMVJYb2ZjVkpNU2t5
ODQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRRWkx0Z0doTVFoMkcxUlhvZmNWSk1Ta3k4NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEI1N0YvQjI0NTdENkE0RTU5MTFFQTlFRTlFMjBEQzRGOUFFMDIvMTE2ODVBQUM0
RjBEMTFFQUExNjFEMTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnZSQwDQYJKoZIhvcNAQELBQADggEBAKDmAA3MLHzuz48T
iVFmhfoZatCL5/l2YuGvOBZElct3MmAh/3ipdi/rqUL2EI6RHzL/xs0fVvXiGvMt
+rgYkDV4hOQDoHL15fGG3+ujJ6lhexiEzu5VJosJ4shaNulFalpWn5J2BXZqa9oy
oKNjdTPk4NdWsJCU+QAlUPsCqcICcKuCfPdIgY+KvEwHZrNqhwqwr05c25WZc8MH
T1AoDtvIsEG2E9W4TClFWktvsKpoZ518zHXvTR1rq2ToEg9pB/2BI42/EtDpM1vG
wicE4Mksz2QfvLQU/1cxyekKICDEKxEMRmjQJm806mD9dkSOSa/eWw4M/7Z0BT++
91BgUBA=
-----END CERTIFICATE-----
Generated at Sun Apr 27 15:40:58 2025 by rpki-client