Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91970E2/8101258CF9A811E6A4EFE02EC4F9AE02/AC8124909A4911E7857CA62FC4F9AE02.roa
File: AC8124909A4911E7857CA62FC4F9AE02.roa (raw, json)
Hash identifier: iHpjkKgrM/aDV1pos/dM1mkPjodoRGQzW79P/+DhQv0=
Subject key identifier: FC:D6:03:9D:BC:61:ED:F2:49:0B:8D:37:A6:6F:CD:81:75:8B:E1:13
Certificate issuer: /CN=A91970E2/serialNumber=D4D17799EAC9C9962B325FED87F930C2EAC82CAF
Certificate serial: 1B1D
Authority key identifier: D4:D1:77:99:EA:C9:C9:96:2B:32:5F:ED:87:F9:30:C2:EA:C8:2C:AF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1NF3merJyZYrMl_th_kwwurILK8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91970E2/8101258CF9A811E6A4EFE02EC4F9AE02/AC8124909A4911E7857CA62FC4F9AE02.roa
Signing time: Tue 30 Apr 2024 16:54:20 +0000
ROA not before: Tue 30 Apr 2024 16:54:20 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 58689
IP address blocks: 103.205.132.0/24 maxlen: 24
103.205.134.0/23 maxlen: 24
144.48.108.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6941 (0x1b1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91970E2/serialNumber=D4D17799EAC9C9962B325FED87F930C2EAC82CAF
Validity
Not Before: Apr 30 16:54:20 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=6631223c-2871
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:3e:cf:f6:ec:60:63:23:1e:3d:d8:41:2e:17:
ec:0b:02:0a:74:55:99:aa:c6:f3:7c:ab:4c:21:25:
f0:dd:7f:2f:4b:2d:45:3f:cc:26:38:26:d6:3d:bd:
7f:fd:a4:f5:1a:98:73:69:eb:b4:1f:7b:ee:97:bd:
07:5b:8d:12:9c:51:e3:56:12:17:77:f1:e6:ff:3a:
5a:3e:53:24:80:98:89:41:c7:cf:10:4e:ea:19:9f:
31:1e:c6:f1:b8:8a:d7:95:80:7a:6b:2c:ae:b8:47:
52:8e:4e:73:53:c0:b8:68:c6:73:48:0a:ce:46:c5:
27:50:c6:ad:88:de:f6:ac:53:2e:34:8f:e1:30:be:
d1:15:38:ce:76:5a:1b:d3:ae:1a:f6:6d:71:85:2e:
ea:e7:d0:a4:f8:f0:0f:2a:f1:17:d8:22:80:a2:47:
4f:5d:fc:b8:05:35:fb:35:fb:45:b1:dd:00:ff:1c:
41:d9:fd:0c:4b:3f:59:b8:fb:22:31:04:d3:56:dd:
61:f9:bf:81:09:b5:aa:39:bf:39:0b:3e:df:4c:0d:
fb:a7:85:64:b6:81:7d:be:9c:91:cb:ed:8d:1b:23:
5e:bd:70:55:ac:57:b0:98:fa:25:93:aa:cf:7f:36:
0b:43:a2:e4:b3:a5:80:4a:c7:5a:b3:71:2c:54:6f:
93:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:D6:03:9D:BC:61:ED:F2:49:0B:8D:37:A6:6F:CD:81:75:8B:E1:13
X509v3 Authority Key Identifier:
keyid:D4:D1:77:99:EA:C9:C9:96:2B:32:5F:ED:87:F9:30:C2:EA:C8:2C:AF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91970E2/8101258CF9A811E6A4EFE02EC4F9AE02/1NF3merJyZYrMl_th_kwwurILK8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1NF3merJyZYrMl_th_kwwurILK8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91970E2/8101258CF9A811E6A4EFE02EC4F9AE02/AC8124909A4911E7857CA62FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.205.132.0/24
103.205.134.0/23
144.48.108.0/22
Signature Algorithm: sha256WithRSAEncryption
11:71:3f:b4:b0:5f:35:47:06:ec:f0:58:4d:86:07:df:bf:13:
27:92:f5:bb:2d:db:02:03:0d:8e:3b:41:f9:2f:c8:d8:79:55:
0b:48:4f:7e:5d:bb:a3:05:7e:6b:17:a1:32:68:46:a1:65:dd:
88:36:da:ba:bf:ad:75:19:99:e5:0a:56:ea:2e:22:e7:95:05:
ad:a4:90:0a:89:1d:69:46:4c:41:4a:55:46:ae:1e:0e:aa:e1:
8f:5b:16:3f:5a:00:97:f6:60:97:60:a4:24:b2:f7:8c:e0:84:
be:8d:c1:5a:24:c3:f6:b2:1e:2d:2a:d1:a0:03:a4:9a:ca:97:
a4:91:8f:e0:da:af:21:bc:01:19:b0:ce:42:dd:b5:35:0d:b9:
6f:55:a1:58:f5:19:ed:74:18:9c:04:2d:ca:fe:db:81:58:11:
7f:bf:7e:96:e6:be:cb:fe:0d:c7:ee:5f:1c:8f:c0:b1:17:ab:
71:6b:0c:f7:83:38:9a:b0:45:8f:0d:b9:fd:c8:f8:64:ce:21:
f9:ca:69:99:58:5c:28:f3:6d:84:87:b1:d9:be:36:96:5a:3c:
a7:33:f9:1b:7e:3e:49:95:55:1f:d4:48:67:3c:e1:ce:51:da:
41:ea:f6:a0:c0:30:23:63:42:15:91:ee:4d:d6:e8:5f:93:26:
a6:99:61:ef
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICGx0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTcwRTIxMTAvBgNVBAUTKEQ0RDE3Nzk5RUFDOUM5OTYyQjMyNUZFRDg3RjkzMEMy
RUFDODJDQUYwHhcNMjQwNDMwMTY1NDIwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMxMjIzYy0yODcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvT7P9uxgYyMePdhBLhfsCwIKdFWZqsbzfKtMISXw3X8vSy1FP8wmOCbWPb1/
/aT1Gphzaeu0H3vul70HW40SnFHjVhIXd/Hm/zpaPlMkgJiJQcfPEE7qGZ8xHsbx
uIrXlYB6ayyuuEdSjk5zU8C4aMZzSArORsUnUMatiN72rFMuNI/hML7RFTjOdlob
064a9m1xhS7q59Ck+PAPKvEX2CKAokdPXfy4BTX7NftFsd0A/xxB2f0MSz9ZuPsi
MQTTVt1h+b+BCbWqOb85Cz7fTA37p4VktoF9vpyRy+2NGyNevXBVrFewmPolk6rP
fzYLQ6Lks6WASsdas3EsVG+T/wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFPzWA528
Ye3ySQuNN6ZvzYF1i+ETMB8GA1UdIwQYMBaAFNTRd5nqycmWKzJf7Yf5MMLqyCyv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NzBFMi84MTAxMjU4Q0Y5
QTgxMUU2QTRFRkUwMkVDNEY5QUUwMi8xTkYzbWVySnlaWXJNbF90aF9rd3d1cklM
SzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFORjNtZXJKeVpZck1sX3RoX2t3d3VySUxLOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTcwRTIvODEwMTI1OENGOUE4MTFFNkE0RUZFMDJFQzRGOUFFMDIvQUM4MTI0OTA5
QTQ5MTFFNzg1N0NBNjJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABnzYQDBAFnzYYDBAKQMGwwDQYJKoZIhvcNAQELBQADggEB
ABFxP7SwXzVHBuzwWE2GB9+/EyeS9bst2wIDDY47QfkvyNh5VQtIT35du6MFfmsX
oTJoRqFl3Yg22rq/rXUZmeUKVuouIueVBa2kkAqJHWlGTEFKVUauHg6q4Y9bFj9a
AJf2YJdgpCSy94zghL6NwVokw/ayHi0q0aADpJrKl6SRj+DaryG8ARmwzkLdtTUN
uW9VoVj1Ge10GJwELcr+24FYEX+/fpbmvsv+DcfuXxyPwLEXq3FrDPeDOJqwRY8N
uf3I+GTOIfnKaZlYXCjzbYSHsdm+NpZaPKcz+Rt+PkmVVR/USGc84c5R2kHq9qDA
MCNjQhWR7k3W6F+TJqaZYe8=
-----END CERTIFICATE-----
Generated at Fri Apr 25 14:18:49 2025 by rpki-client