Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7A3F/64C33948923511EC96047511C4F9AE02/821CAFEE923811EC955B7A3AC4F9AE02.roa
File: 821CAFEE923811EC955B7A3AC4F9AE02.roa (raw, json)
Hash identifier: HQbxIpWcedK5+bgfWJhbfwDuzgKpxhexN3JOo2oh/fw=
Subject key identifier: 31:92:40:E1:F6:5B:30:03:F1:38:38:4C:61:4D:C7:8C:EE:AF:A7:9F
Certificate issuer: /CN=A91B7A3F/serialNumber=576C5447C09B597107B770C101C89327F105BD33
Certificate serial: 02CB
Authority key identifier: 57:6C:54:47:C0:9B:59:71:07:B7:70:C1:01:C8:93:27:F1:05:BD:33
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V2xUR8CbWXEHt3DBAciTJ_EFvTM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B7A3F/64C33948923511EC96047511C4F9AE02/821CAFEE923811EC955B7A3AC4F9AE02.roa
Signing time: Wed 21 Feb 2024 03:15:30 +0000
ROA not before: Wed 21 Feb 2024 03:15:30 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 138506
IP address blocks: 103.127.90.0/24 maxlen: 24
103.152.8.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 715 (0x2cb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B7A3F/serialNumber=576C5447C09B597107B770C101C89327F105BD33
Validity
Not Before: Feb 21 03:15:30 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65d56ad2-32c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:7c:6e:d1:1a:ac:61:98:52:c6:60:a8:2e:bf:
2c:62:46:ae:88:79:ad:93:1d:7e:4f:22:90:94:20:
71:8d:73:d0:36:1c:1b:0c:66:ad:56:85:75:8e:e3:
1d:39:4f:2d:22:b5:b2:b0:e4:e3:1e:d3:9f:76:68:
de:a3:aa:de:c6:ef:68:ba:97:3e:e0:ee:cf:eb:a7:
87:d6:36:8b:a0:8d:d1:d6:ae:a1:11:94:bc:5d:21:
7d:95:bc:b8:1c:8c:24:79:41:b9:68:a7:84:c9:6d:
67:42:58:ad:a9:39:2a:f1:06:c5:29:0c:9d:39:cd:
35:1d:89:1e:fb:e9:26:25:46:4f:a2:04:c1:8c:05:
fc:29:32:a8:44:c2:cf:3c:1d:2b:93:f3:fe:b2:ff:
93:cb:ef:07:3f:58:ae:51:6c:f4:12:db:ae:92:e2:
79:f3:46:ef:9e:bb:31:2c:60:ae:30:c7:32:d4:47:
d3:15:61:7b:e4:4e:48:ac:9b:ec:5e:7f:dc:f3:26:
3c:11:a6:94:94:e3:2d:e1:fb:06:12:b5:01:49:c5:
1a:d6:e1:2a:66:45:90:92:09:f1:e9:64:bf:f0:60:
76:5a:12:e9:30:78:f1:10:ca:50:e8:6f:13:c3:b7:
23:07:e5:d0:2b:f9:fd:02:45:2e:ef:6d:c8:da:50:
dd:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:92:40:E1:F6:5B:30:03:F1:38:38:4C:61:4D:C7:8C:EE:AF:A7:9F
X509v3 Authority Key Identifier:
keyid:57:6C:54:47:C0:9B:59:71:07:B7:70:C1:01:C8:93:27:F1:05:BD:33
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B7A3F/64C33948923511EC96047511C4F9AE02/V2xUR8CbWXEHt3DBAciTJ_EFvTM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V2xUR8CbWXEHt3DBAciTJ_EFvTM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7A3F/64C33948923511EC96047511C4F9AE02/821CAFEE923811EC955B7A3AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.127.90.0/24
103.152.8.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:67:25:0a:8e:14:0c:79:49:bd:b4:22:34:57:d3:e0:c2:3e:
cf:7a:70:41:d3:cc:3c:4a:c9:ee:7c:00:ac:2a:6d:c0:ad:57:
2a:9c:40:97:22:08:f7:46:c8:dd:12:11:70:0c:af:40:f4:b1:
0a:c3:d7:e4:b2:c4:5d:16:b1:04:f3:79:aa:be:a1:df:f3:97:
f9:72:3c:b4:13:15:c6:78:d4:6a:a3:7c:b7:93:2d:fd:33:68:
dd:10:36:a5:dd:02:60:1f:d6:0c:1c:9f:90:c6:6d:b1:98:fb:
c4:1b:ab:dc:84:ce:e5:30:64:91:99:14:d6:42:2e:a7:b9:36:
2b:b3:df:84:42:38:5b:b0:86:a9:31:52:53:f3:38:bf:0e:79:
cf:11:88:14:fc:de:41:91:15:bb:a2:8d:4d:59:2c:1f:84:7b:
80:7c:52:21:2a:54:1f:c0:e1:07:56:c6:bb:33:b0:26:d3:7b:
bb:98:58:56:37:c7:59:eb:33:91:79:92:f7:6e:a9:e1:07:ff:
81:8f:22:d3:4b:72:99:78:c8:6c:0e:3e:9d:7c:c0:1a:92:d8:
4c:29:a8:a1:a4:a3:74:73:55:05:36:62:d8:af:c1:f9:4b:0b:
2c:3a:41:ee:b9:c6:87:f4:59:3c:9a:d6:df:4b:49:48:89:5e:
83:52:f5:14
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAsswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjdBM0YxMTAvBgNVBAUTKDU3NkM1NDQ3QzA5QjU5NzEwN0I3NzBDMTAxQzg5MzI3
RjEwNUJEMzMwHhcNMjQwMjIxMDMxNTMwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ1NmFkMi0zMmM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAznxu0RqsYZhSxmCoLr8sYkauiHmtkx1+TyKQlCBxjXPQNhwbDGatVoV1juMd
OU8tIrWysOTjHtOfdmjeo6rexu9oupc+4O7P66eH1jaLoI3R1q6hEZS8XSF9lby4
HIwkeUG5aKeEyW1nQlitqTkq8QbFKQydOc01HYke++kmJUZPogTBjAX8KTKoRMLP
PB0rk/P+sv+Ty+8HP1iuUWz0EtuukuJ580bvnrsxLGCuMMcy1EfTFWF75E5IrJvs
Xn/c8yY8EaaUlOMt4fsGErUBScUa1uEqZkWQkgnx6WS/8GB2WhLpMHjxEMpQ6G8T
w7cjB+XQK/n9AkUu723I2lDdWQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFDGSQOH2
WzAD8Tg4TGFNx4zur6efMB8GA1UdIwQYMBaAFFdsVEfAm1lxB7dwwQHIkyfxBb0z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCN0EzRi82NEMzMzk0ODky
MzUxMUVDOTYwNDc1MTFDNEY5QUUwMi9WMnhVUjhDYldYRUh0M0RCQWNpVEpfRUZ2
VE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1YyeFVSOENiV1hFSHQzREJBY2lUSl9FRnZUTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjdBM0YvNjRDMzM5NDg5MjM1MTFFQzk2MDQ3NTExQzRGOUFFMDIvODIxQ0FGRUU5
MjM4MTFFQzk1NUI3QTNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnf1oDBABnmAgwDQYJKoZIhvcNAQELBQADggEBAD1nJQqO
FAx5Sb20IjRX0+DCPs96cEHTzDxKye58AKwqbcCtVyqcQJciCPdGyN0SEXAMr0D0
sQrD1+SyxF0WsQTzeaq+od/zl/lyPLQTFcZ41GqjfLeTLf0zaN0QNqXdAmAf1gwc
n5DGbbGY+8Qbq9yEzuUwZJGZFNZCLqe5Niuz34RCOFuwhqkxUlPzOL8Oec8RiBT8
3kGRFbuijU1ZLB+Ee4B8UiEqVB/A4QdWxrszsCbTe7uYWFY3x1nrM5F5kvduqeEH
/4GPItNLcpl4yGwOPp18wBqS2EwpqKGko3RzVQU2YtivwflLCyw6Qe65xof0WTya
1t9LSUiJXoNS9RQ=
-----END CERTIFICATE-----
Generated at Sat Apr 26 03:29:31 2025 by rpki-client