Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9195BA9/D891478C838E11EA8CEA0960C4F9AE02/543CDDF0839011EAB5B82263C4F9AE02.roa
File: 543CDDF0839011EAB5B82263C4F9AE02.roa (raw, json)
Hash identifier: PG+DCY3DsnT1DiiJh/CX8LITvJqbEq/+Av+Qqgc42Yc=
Subject key identifier: 2D:56:26:71:70:01:34:AD:C3:6D:F1:CA:9F:6B:6B:63:41:2C:C4:AD
Certificate issuer: /CN=A9195BA9/serialNumber=2245AD91543ADDAD78123DD415D659BB52D5FB62
Certificate serial: 0972
Authority key identifier: 22:45:AD:91:54:3A:DD:AD:78:12:3D:D4:15:D6:59:BB:52:D5:FB:62
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/IkWtkVQ63a14Ej3UFdZZu1LV-2I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9195BA9/D891478C838E11EA8CEA0960C4F9AE02/543CDDF0839011EAB5B82263C4F9AE02.roa
Signing time: Fri 20 Dec 2024 20:09:26 +0000
ROA not before: Fri 20 Dec 2024 20:09:26 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 134809
IP address blocks: 96.9.160.0/21 maxlen: 21
96.9.168.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2418 (0x972)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9195BA9/serialNumber=2245AD91543ADDAD78123DD415D659BB52D5FB62
Validity
Not Before: Dec 20 20:09:26 2024 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=6765cef6-2ac4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:cf:25:38:44:ca:97:6c:9e:1f:89:14:cd:fd:
2a:7b:fd:24:e1:61:0c:42:72:b2:f7:9e:b9:27:8c:
b5:5e:f3:8f:9e:b9:b5:e2:13:63:aa:97:d1:0a:2c:
33:a2:66:a5:d1:d4:99:16:59:cb:8a:8f:e0:0a:6b:
51:ad:1c:70:2a:e5:07:83:50:65:11:d8:f4:08:39:
71:3b:55:3a:e4:a2:c8:c1:fc:16:b6:a7:db:8e:64:
99:77:0d:cd:95:25:70:cd:3d:21:9c:79:ba:66:d9:
ac:fb:bc:7e:1e:bd:d4:62:06:88:d5:a4:83:36:3f:
42:74:16:38:df:43:9d:ec:95:a4:7f:6d:6e:38:ba:
b4:d6:12:96:fc:9d:91:6c:ec:5e:3c:69:76:bb:dc:
a4:f7:9a:02:bb:e5:84:b2:14:b5:3a:b8:de:3b:51:
69:42:23:45:57:4d:45:96:57:e6:79:5d:f3:ff:9d:
17:ce:58:33:25:25:50:ca:62:ad:b3:26:5f:05:96:
ca:fa:31:a0:ed:eb:62:f7:5d:62:72:3b:5a:07:2d:
4f:15:27:44:21:ea:b3:53:7d:bd:fd:44:79:91:b2:
e8:21:4f:6f:01:1d:c4:e1:c3:a7:dc:1d:8c:eb:96:
50:a6:67:2f:0e:13:26:a6:d4:1b:28:bf:cb:c5:89:
56:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:56:26:71:70:01:34:AD:C3:6D:F1:CA:9F:6B:6B:63:41:2C:C4:AD
X509v3 Authority Key Identifier:
keyid:22:45:AD:91:54:3A:DD:AD:78:12:3D:D4:15:D6:59:BB:52:D5:FB:62
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9195BA9/D891478C838E11EA8CEA0960C4F9AE02/IkWtkVQ63a14Ej3UFdZZu1LV-2I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/IkWtkVQ63a14Ej3UFdZZu1LV-2I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9195BA9/D891478C838E11EA8CEA0960C4F9AE02/543CDDF0839011EAB5B82263C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
96.9.160.0/20
Signature Algorithm: sha256WithRSAEncryption
df:c3:73:d2:64:5f:18:d2:61:ba:9e:ac:e3:5a:cf:7c:9a:46:
ab:b3:a9:30:3e:7a:56:06:28:ae:e0:ba:6f:dc:1b:a3:09:56:
01:3a:ae:75:44:a6:20:3c:64:24:20:c0:94:04:5d:4b:b7:ea:
d5:67:0d:b2:89:84:f6:d8:11:e3:b9:5e:20:9e:34:fe:d8:9c:
25:58:da:f4:21:77:01:cb:d4:e7:18:60:fa:c8:3d:58:57:94:
e9:48:2c:4a:9d:71:7b:9f:61:4f:4a:4e:63:02:b0:05:14:ff:
09:02:fc:5e:07:17:ad:bc:7b:0e:5d:6f:38:73:68:7e:e3:ad:
13:cf:08:ba:cb:66:e1:52:6f:74:bd:82:35:91:be:ab:6f:de:
75:5f:43:a7:ec:b7:97:29:8b:c5:44:9a:e6:ef:a8:eb:21:32:
99:65:49:11:36:4e:1d:9f:30:95:3b:ab:79:64:91:0d:31:03:
3e:8f:57:b4:25:94:80:18:2b:77:84:64:92:fa:46:ea:27:9b:
97:47:66:2a:cb:1f:2f:1f:38:02:ba:89:ae:d8:a4:b4:b1:e5:
d3:8b:0d:25:8c:85:e0:f7:82:b7:57:db:d6:bf:42:97:fa:eb:
16:a1:0c:9b:53:f8:1d:44:d8:42:70:c7:eb:e6:8b:58:a7:68:
bc:15:c1:09
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCXIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTVCQTkxMTAvBgNVBAUTKDIyNDVBRDkxNTQzQUREQUQ3ODEyM0RENDE1RDY1OUJC
NTJENUZCNjIwHhcNMjQxMjIwMjAwOTI2WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzY1Y2VmNi0yYWM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApM8lOETKl2yeH4kUzf0qe/0k4WEMQnKy9565J4y1XvOPnrm14hNjqpfRCiwz
omal0dSZFlnLio/gCmtRrRxwKuUHg1BlEdj0CDlxO1U65KLIwfwWtqfbjmSZdw3N
lSVwzT0hnHm6Ztms+7x+Hr3UYgaI1aSDNj9CdBY430Od7JWkf21uOLq01hKW/J2R
bOxePGl2u9yk95oCu+WEshS1OrjeO1FpQiNFV01FllfmeV3z/50XzlgzJSVQymKt
syZfBZbK+jGg7eti911icjtaBy1PFSdEIeqzU329/UR5kbLoIU9vAR3E4cOn3B2M
65ZQpmcvDhMmptQbKL/LxYlWQwIDAQABo4IClTCCApEwHQYDVR0OBBYEFC1WJnFw
ATStw23xyp9ra2NBLMStMB8GA1UdIwQYMBaAFCJFrZFUOt2teBI91BXWWbtS1fti
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NUJBOS9EODkxNDc4Qzgz
OEUxMUVBOENFQTA5NjBDNEY5QUUwMi9Ja1d0a1ZRNjNhMTRFajNVRmRaWnUxTFYt
MkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0lrV3RrVlE2M2ExNEVqM1VGZFpadTFMVi0ySS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTVCQTkvRDg5MTQ3OEM4MzhFMTFFQThDRUEwOTYwQzRGOUFFMDIvNTQzQ0RERjA4
MzkwMTFFQUI1QjgyMjYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBARgCaAwDQYJKoZIhvcNAQELBQADggEBAN/Dc9JkXxjSYbqe
rONaz3yaRquzqTA+elYGKK7gum/cG6MJVgE6rnVEpiA8ZCQgwJQEXUu36tVnDbKJ
hPbYEeO5XiCeNP7YnCVY2vQhdwHL1OcYYPrIPVhXlOlILEqdcXufYU9KTmMCsAUU
/wkC/F4HF628ew5dbzhzaH7jrRPPCLrLZuFSb3S9gjWRvqtv3nVfQ6fst5cpi8VE
mubvqOshMpllSRE2Th2fMJU7q3lkkQ0xAz6PV7QllIAYK3eEZJL6Ruonm5dHZirL
Hy8fOAK6ia7YpLSx5dOLDSWMheD3grdX29a/Qpf66xahDJtT+B1E2EJwx+vmi1in
aLwVwQk=
-----END CERTIFICATE-----
Generated at Tue Apr 29 20:42:57 2025 by rpki-client