Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91ADFD3/1FD1A8BE948611E5AE0C8B72C4F9AE02/6880FA2C59D211EAB77C8C13C4F9AE02.roa
File: 6880FA2C59D211EAB77C8C13C4F9AE02.roa (raw, json)
Hash identifier: lXOFb0YJQZdFFX90oDPgUqBGFkT5p8wJoFtkhJ/Uo9A=
Subject key identifier: 1D:FA:B0:EF:FC:12:B8:87:42:5E:81:53:1A:87:3B:A7:F4:31:DB:FE
Certificate issuer: /CN=A91ADFD3/serialNumber=C6089EEBC556B77F64E44249A68B95D5BD941E40
Certificate serial: 22EC
Authority key identifier: C6:08:9E:EB:C5:56:B7:7F:64:E4:42:49:A6:8B:95:D5:BD:94:1E:40
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xgie68VWt39k5EJJpouV1b2UHkA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91ADFD3/1FD1A8BE948611E5AE0C8B72C4F9AE02/6880FA2C59D211EAB77C8C13C4F9AE02.roa
Signing time: Tue 14 Jan 2025 15:52:51 +0000
ROA not before: Tue 14 Jan 2025 15:52:51 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 56017
IP address blocks: 43.249.176.0/22 maxlen: 24
103.4.72.0/22 maxlen: 24
113.197.68.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8940 (0x22ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91ADFD3/serialNumber=C6089EEBC556B77F64E44249A68B95D5BD941E40
Validity
Not Before: Jan 14 15:52:51 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67868853-27a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:2f:aa:af:5e:f9:22:1e:e8:83:35:99:fe:d7:
f1:8d:e9:2b:a9:8d:76:89:3d:4f:b7:a1:32:d2:32:
53:1a:da:e1:07:9f:ff:5c:f5:3d:69:fe:5f:2b:85:
75:78:02:f4:39:cd:34:35:68:4a:4d:3b:0b:55:54:
4d:5d:c5:bb:d5:e8:88:34:01:6c:92:07:47:0b:1c:
08:e0:35:8a:fd:10:2a:b0:dc:88:bd:1f:06:9a:ff:
e4:80:a4:69:cc:ff:a7:80:ba:cc:f6:a3:b0:27:ae:
39:a7:18:84:c3:95:e8:ff:cc:08:e1:13:b1:49:da:
8a:09:21:ca:2c:d4:84:4c:1f:eb:1a:1a:5d:83:64:
64:88:c4:2b:87:e6:de:b0:96:30:50:7d:c5:46:e3:
e5:a8:b2:34:10:fe:1a:43:c2:eb:a0:87:47:ec:53:
65:0d:84:ec:09:f6:d8:da:56:8d:d5:08:44:ab:6f:
e5:86:7c:a0:e6:06:e2:c3:e1:8c:10:e3:69:d2:76:
6f:8c:2e:81:47:69:2b:16:5f:35:fe:e1:e6:39:c6:
25:2d:f2:4a:b8:16:75:eb:3b:cf:4b:33:cb:67:c1:
34:9e:72:02:a3:d2:8f:d8:fa:ff:b9:e7:0d:f3:04:
40:7b:0f:f2:02:d8:18:0d:0e:16:29:dd:0c:8e:84:
e2:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:FA:B0:EF:FC:12:B8:87:42:5E:81:53:1A:87:3B:A7:F4:31:DB:FE
X509v3 Authority Key Identifier:
keyid:C6:08:9E:EB:C5:56:B7:7F:64:E4:42:49:A6:8B:95:D5:BD:94:1E:40
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91ADFD3/1FD1A8BE948611E5AE0C8B72C4F9AE02/xgie68VWt39k5EJJpouV1b2UHkA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xgie68VWt39k5EJJpouV1b2UHkA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ADFD3/1FD1A8BE948611E5AE0C8B72C4F9AE02/6880FA2C59D211EAB77C8C13C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.249.176.0/22
103.4.72.0/22
113.197.68.0/22
Signature Algorithm: sha256WithRSAEncryption
6a:60:5e:35:d5:ef:18:bf:0d:a3:6f:9a:91:e2:17:a1:f5:0f:
81:b0:52:4d:8c:0e:99:0d:a6:e8:7d:52:68:e1:27:88:dc:cf:
53:85:98:4a:d7:21:06:4f:09:3c:45:b5:88:5e:15:81:c6:3f:
2d:d8:c8:be:44:7b:6b:93:65:01:1c:ca:a3:aa:09:29:4b:20:
49:82:c1:8b:01:11:2b:a5:28:0d:58:f4:c1:2a:72:a1:c7:26:
fb:f2:d6:91:dd:8e:c7:1e:7c:7e:4c:cc:e6:89:77:ff:ac:6b:
e9:f4:df:b8:03:a9:a8:e6:0a:38:6b:eb:49:25:0e:e9:5a:f3:
e4:ef:bb:10:b3:a0:da:54:1a:b3:3d:7d:49:de:ac:b7:0b:e3:
86:3e:91:b8:fd:bc:19:2c:03:dd:4b:3c:90:aa:38:3d:9b:3f:
93:af:e6:fe:0d:c7:35:11:1e:d7:09:29:b3:e7:b6:a4:32:4a:
0a:ce:0f:70:f1:a9:72:c4:5e:69:74:ba:30:a4:a4:f8:6c:3c:
ef:10:ac:7c:6a:ae:b6:6c:44:16:f0:57:b9:43:cd:f5:01:ec:
01:e2:15:35:5a:74:b6:92:46:2a:48:e0:a2:53:51:df:0a:84:
58:b9:57:67:01:ba:df:49:96:45:52:d6:28:a3:34:c0:8a:d9:
8f:5b:5d:f3
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICIuwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QURGRDMxMTAvBgNVBAUTKEM2MDg5RUVCQzU1NkI3N0Y2NEU0NDI0OUE2OEI5NUQ1
QkQ5NDFFNDAwHhcNMjUwMTE0MTU1MjUxWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzg2ODg1My0yN2E3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1S+qr175Ih7ogzWZ/tfxjekrqY12iT1Pt6Ey0jJTGtrhB5//XPU9af5fK4V1
eAL0Oc00NWhKTTsLVVRNXcW71eiINAFskgdHCxwI4DWK/RAqsNyIvR8Gmv/kgKRp
zP+ngLrM9qOwJ645pxiEw5Xo/8wI4ROxSdqKCSHKLNSETB/rGhpdg2RkiMQrh+be
sJYwUH3FRuPlqLI0EP4aQ8LroIdH7FNlDYTsCfbY2laN1QhEq2/lhnyg5gbiw+GM
EONp0nZvjC6BR2krFl81/uHmOcYlLfJKuBZ16zvPSzPLZ8E0nnICo9KP2Pr/uecN
8wRAew/yAtgYDQ4WKd0MjoTiRQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFB36sO/8
EriHQl6BUxqHO6f0Mdv+MB8GA1UdIwQYMBaAFMYInuvFVrd/ZORCSaaLldW9lB5A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBREZEMy8xRkQxQThCRTk0
ODYxMUU1QUUwQzhCNzJDNEY5QUUwMi94Z2llNjhWV3QzOWs1RUpKcG91VjFiMlVI
a0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hnaWU2OFZXdDM5azVFSkpwb3VWMWIyVUhrQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QURGRDMvMUZEMUE4QkU5NDg2MTFFNUFFMEM4QjcyQzRGOUFFMDIvNjg4MEZBMkM1
OUQyMTFFQUI3N0M4QzEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAIr+bADBAJnBEgDBAJxxUQwDQYJKoZIhvcNAQELBQADggEB
AGpgXjXV7xi/DaNvmpHiF6H1D4GwUk2MDpkNpuh9UmjhJ4jcz1OFmErXIQZPCTxF
tYheFYHGPy3YyL5Ee2uTZQEcyqOqCSlLIEmCwYsBESulKA1Y9MEqcqHHJvvy1pHd
jscefH5MzOaJd/+sa+n037gDqajmCjhr60klDula8+TvuxCzoNpUGrM9fUnerLcL
44Y+kbj9vBksA91LPJCqOD2bP5Ov5v4NxzURHtcJKbPntqQySgrOD3DxqXLEXml0
ujCkpPhsPO8QrHxqrrZsRBbwV7lDzfUB7AHiFTVadLaSRipI4KJTUd8KhFi5V2cB
ut9JlkVS1iijNMCK2Y9bXfM=
-----END CERTIFICATE-----
Generated at Fri Apr 25 14:03:21 2025 by rpki-client