Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C17A9/5F89F6ECFB3111EB8FBFA559C4F9AE02/C25659465C9D11EC99F7D10BC4F9AE02.roa
File: C25659465C9D11EC99F7D10BC4F9AE02.roa (raw, json)
Hash identifier: V7oi3Gg2bJeyB31QQcYvbv2j/BrInSgpAZM4b3T1xkU=
Subject key identifier: 7A:9E:92:CF:CE:C4:73:5B:35:2C:AE:76:99:71:E2:6C:07:3C:A8:92
Certificate issuer: /CN=A91C17A9/serialNumber=5394E57D285777FD751428D15CB0FB2FC592C7A6
Certificate serial: 04A4
Authority key identifier: 53:94:E5:7D:28:57:77:FD:75:14:28:D1:5C:B0:FB:2F:C5:92:C7:A6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U5TlfShXd_11FCjRXLD7L8WSx6Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C17A9/5F89F6ECFB3111EB8FBFA559C4F9AE02/C25659465C9D11EC99F7D10BC4F9AE02.roa
Signing time: Wed 17 Jul 2024 01:02:25 +0000
ROA not before: Wed 17 Jul 2024 01:02:25 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 136969
IP address blocks: 103.167.162.0/24 maxlen: 24
103.167.163.0/24 maxlen: 24
2001:df6:b980::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1188 (0x4a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C17A9/serialNumber=5394E57D285777FD751428D15CB0FB2FC592C7A6
Validity
Not Before: Jul 17 01:02:25 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=66971821-2160
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d7:9b:e9:c1:0f:e6:c4:79:56:1d:87:c8:cf:
aa:6c:7d:ba:80:fd:0a:5c:5c:3a:b3:d1:6f:9c:6e:
ae:df:0f:6c:aa:1b:8a:9f:99:a0:82:7a:ad:df:99:
b5:45:64:8a:55:d1:32:12:ea:ec:ba:f9:00:ed:3a:
50:ad:7d:0c:c2:d2:5c:9a:9b:63:84:10:a6:fd:b0:
b9:e3:3c:01:fb:0b:41:92:b7:35:26:4d:11:e6:bc:
d3:eb:a6:78:9a:2c:1e:3f:67:03:31:95:64:f6:58:
48:e6:5b:dc:05:c7:0d:d3:70:56:9d:a0:1d:c6:79:
26:d6:74:ff:e1:c2:42:68:28:32:74:40:e7:1e:12:
9a:28:29:e8:1b:e2:3f:02:e6:06:f0:83:67:80:50:
ef:e2:3c:bc:fa:d5:16:5d:2e:be:aa:34:34:de:d9:
a6:77:b2:69:fd:e0:dc:8e:64:0b:21:4b:b8:e6:ed:
5d:c1:ad:43:68:41:5b:12:db:9d:73:98:67:04:36:
42:16:8b:25:fc:2a:5e:76:22:7f:7c:c0:c3:f7:ca:
be:6c:2e:02:da:4e:19:3e:02:76:19:3f:53:d7:6c:
68:67:d7:b1:68:ce:52:78:ca:d3:39:58:2f:37:f8:
5a:05:bd:e6:ef:77:0b:99:64:a2:dd:1e:c3:13:28:
fe:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:9E:92:CF:CE:C4:73:5B:35:2C:AE:76:99:71:E2:6C:07:3C:A8:92
X509v3 Authority Key Identifier:
keyid:53:94:E5:7D:28:57:77:FD:75:14:28:D1:5C:B0:FB:2F:C5:92:C7:A6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C17A9/5F89F6ECFB3111EB8FBFA559C4F9AE02/U5TlfShXd_11FCjRXLD7L8WSx6Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U5TlfShXd_11FCjRXLD7L8WSx6Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C17A9/5F89F6ECFB3111EB8FBFA559C4F9AE02/C25659465C9D11EC99F7D10BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.167.162.0/23
IPv6:
2001:df6:b980::/48
Signature Algorithm: sha256WithRSAEncryption
8a:0a:e3:45:f0:59:1b:bf:6a:b7:90:7e:9c:9a:7f:a2:23:86:
f8:7c:5b:6e:be:8a:26:d5:cf:d7:9f:f5:02:30:12:ae:3f:bf:
8c:4a:35:94:d8:1a:8d:57:a7:bc:b3:c5:c7:c9:05:e4:a6:fe:
21:31:0c:0a:ac:fa:4a:52:e1:bd:8b:e0:2e:45:18:02:14:f0:
79:f5:15:29:0a:e5:9c:10:85:0c:d1:bb:9f:16:27:e8:3d:a1:
33:61:c3:b8:29:7f:a3:7b:aa:e1:67:42:49:87:2e:e6:d1:50:
d4:4b:35:1d:53:98:b6:75:79:bc:7c:bf:17:b6:16:b6:b2:64:
4f:cd:35:28:1b:5b:59:37:03:eb:4b:82:7d:6f:bb:3f:1f:15:
43:fd:d2:7a:a9:7c:06:5d:e0:82:9d:0b:f0:59:bd:37:f3:e1:
0b:94:d1:11:ca:f0:fe:ee:b8:48:52:52:2b:c8:ab:e7:2b:33:
14:53:51:e6:9d:5e:e7:5a:d0:1d:4f:ef:bb:9d:f6:41:54:d4:
af:64:5f:04:94:ae:e8:c0:9a:32:20:50:61:3d:f0:27:15:cc:
70:8d:03:0d:e9:77:8a:a8:48:2e:f3:12:c7:dd:14:a8:52:9e:
54:34:fa:95:4d:4d:41:4b:c6:61:f4:ba:f1:c0:da:0a:96:2d:
dc:ed:1c:93
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBKQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzE3QTkxMTAvBgNVBAUTKDUzOTRFNTdEMjg1Nzc3RkQ3NTE0MjhEMTVDQjBGQjJG
QzU5MkM3QTYwHhcNMjQwNzE3MDEwMjI1WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njk3MTgyMS0yMTYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoNeb6cEP5sR5Vh2HyM+qbH26gP0KXFw6s9FvnG6u3w9sqhuKn5mggnqt35m1
RWSKVdEyEursuvkA7TpQrX0MwtJcmptjhBCm/bC54zwB+wtBkrc1Jk0R5rzT66Z4
miweP2cDMZVk9lhI5lvcBccN03BWnaAdxnkm1nT/4cJCaCgydEDnHhKaKCnoG+I/
AuYG8INngFDv4jy8+tUWXS6+qjQ03tmmd7Jp/eDcjmQLIUu45u1dwa1DaEFbEtud
c5hnBDZCFosl/CpediJ/fMDD98q+bC4C2k4ZPgJ2GT9T12xoZ9exaM5SeMrTOVgv
N/haBb3m73cLmWSi3R7DEyj+MQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHqeks/O
xHNbNSyudplx4mwHPKiSMB8GA1UdIwQYMBaAFFOU5X0oV3f9dRQo0Vyw+y/Fksem
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMTdBOS81Rjg5RjZFQ0ZC
MzExMUVCOEZCRkE1NTlDNEY5QUUwMi9VNVRsZlNoWGRfMTFGQ2pSWExEN0w4V1N4
NlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1U1VGxmU2hYZF8xMUZDalJYTEQ3TDhXU3g2WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzE3QTkvNUY4OUY2RUNGQjMxMTFFQjhGQkZBNTU5QzRGOUFFMDIvQzI1NjU5NDY1
QzlEMTFFQzk5RjdEMTBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnp6IwDwQCAAIwCQMHACABDfa5gDANBgkqhkiG9w0BAQsF
AAOCAQEAigrjRfBZG79qt5B+nJp/oiOG+Hxbbr6KJtXP15/1AjASrj+/jEo1lNga
jVenvLPFx8kF5Kb+ITEMCqz6SlLhvYvgLkUYAhTwefUVKQrlnBCFDNG7nxYn6D2h
M2HDuCl/o3uq4WdCSYcu5tFQ1Es1HVOYtnV5vHy/F7YWtrJkT801KBtbWTcD60uC
fW+7Px8VQ/3Seql8Bl3ggp0L8Fm9N/PhC5TREcrw/u64SFJSK8ir5yszFFNR5p1e
51rQHU/vu532QVTUr2RfBJSu6MCaMiBQYT3wJxXMcI0DDel3iqhILvMSx90UqFKe
VDT6lU1NQUvGYfS68cDaCpYt3O0ckw==
-----END CERTIFICATE-----
Generated at Fri Apr 25 12:10:39 2025 by rpki-client