Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
File: A257A95EA9DC11E9AA03780DC4F9AE02.roa (raw, json)
Hash identifier: c5EKgRZbwGkR1Dt53R8CSRSf7zLCY2912iZh8le8ZQE=
Subject key identifier: DE:8B:E5:32:6E:C3:B5:8D:0A:DB:2A:C6:C4:6D:34:34:88:37:94:EA
Certificate issuer: /CN=A91C77BD/serialNumber=A3EB7C435063BC54D3573D81DBDC1873987663E0
Certificate serial: 20EC
Authority key identifier: A3:EB:7C:43:50:63:BC:54:D3:57:3D:81:DB:DC:18:73:98:76:63:E0
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
Signing time: Fri 20 Sep 2024 16:33:39 +0000
ROA not before: Fri 20 Sep 2024 16:33:39 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134707
IP address blocks: 103.196.136.0/22 maxlen: 22
203.189.116.0/22 maxlen: 22
223.25.60.0/22 maxlen: 22
2404:3380::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8428 (0x20ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C77BD/serialNumber=A3EB7C435063BC54D3573D81DBDC1873987663E0
Validity
Not Before: Sep 20 16:33:39 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66eda3e2-6ef4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:08:8e:02:9d:28:a8:52:f9:71:ac:bb:79:e0:
b8:70:ab:44:92:d1:4b:71:56:95:1c:a0:93:80:62:
65:7f:0d:8c:c6:18:cf:45:d4:cc:2f:6a:48:79:76:
9c:df:cb:d8:17:42:a8:83:fd:03:47:69:c3:58:74:
43:91:d2:4a:46:ce:eb:ed:fd:e6:cd:6b:5f:53:a1:
5e:f6:dc:a6:cd:f7:e2:c8:f9:dc:a4:1f:3a:35:bb:
87:73:fb:2c:71:4f:98:5e:87:dc:61:cf:b4:c7:33:
cb:8a:35:41:bd:6e:86:1a:cf:c2:c3:33:f9:8a:88:
bf:4e:ad:58:6a:bd:a6:ec:cd:af:05:ba:e1:19:ec:
c2:2f:fe:36:31:8c:86:0a:c2:2a:ae:10:df:27:ab:
83:20:3e:fd:af:fe:72:9f:ac:05:fa:b0:76:ab:a0:
d9:68:de:be:f6:ac:ee:39:0e:bc:50:2a:ff:25:54:
3f:26:f7:2c:45:dd:cb:03:c3:5e:68:66:0f:9e:e1:
aa:8c:40:5c:44:db:ff:bc:0e:7f:ac:6f:9f:5f:fd:
5e:2f:ba:7a:01:27:0f:7d:3d:73:0c:c0:44:21:4d:
44:8b:ef:3c:22:08:64:25:a9:20:26:01:a5:32:a2:
6f:39:34:76:c6:24:fd:ee:be:9a:11:54:ba:da:08:
79:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:8B:E5:32:6E:C3:B5:8D:0A:DB:2A:C6:C4:6D:34:34:88:37:94:EA
X509v3 Authority Key Identifier:
keyid:A3:EB:7C:43:50:63:BC:54:D3:57:3D:81:DB:DC:18:73:98:76:63:E0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.196.136.0/22
203.189.116.0/22
223.25.60.0/22
IPv6:
2404:3380::/32
Signature Algorithm: sha256WithRSAEncryption
ef:60:ae:af:3f:a1:a0:1e:23:3c:6f:a8:df:c0:15:3f:70:8e:
53:7c:1a:c0:53:b6:7e:f4:9e:ed:70:bf:66:3c:52:1b:76:c0:
cd:18:57:44:08:52:a6:69:53:08:7c:0c:65:f7:83:aa:99:da:
1f:bc:2a:ad:74:73:80:1e:10:38:7f:64:9e:27:4d:b1:30:be:
88:48:10:bd:af:5b:c9:3e:af:39:a3:c1:58:10:f8:24:c2:08:
74:93:fe:7b:45:23:39:c1:72:0e:9d:4a:64:c8:fb:5f:21:45:
d0:e3:2f:86:3f:e3:6c:0a:6f:e3:28:0f:b4:9f:d3:42:a0:ac:
2b:cd:06:22:44:16:a2:c3:48:7c:c7:36:0b:38:be:89:91:5d:
84:d3:c2:d2:10:46:47:a0:47:2c:70:1d:97:31:49:79:51:bb:
fd:0c:2a:1b:da:37:f0:aa:0d:bc:1d:de:c4:c1:1c:2b:b5:a9:
7a:78:4d:fc:fc:fb:7f:f4:66:8d:9a:0d:19:41:5e:f8:a0:ac:
6a:d2:de:89:9f:ed:b8:f2:e9:1a:32:63:07:3d:a3:5b:36:2d:
ef:3e:e1:9d:9e:c4:c3:fc:ce:8a:89:db:e2:e7:98:41:ec:e6:
2f:07:a0:94:24:9d:74:55:5d:f9:78:fc:57:8a:09:31:5e:d6:
6a:2f:75:28
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICIOwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc3QkQxMTAvBgNVBAUTKEEzRUI3QzQzNTA2M0JDNTREMzU3M0Q4MURCREMxODcz
OTg3NjYzRTAwHhcNMjQwOTIwMTYzMzM5WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVkYTNlMi02ZWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAugiOAp0oqFL5cay7eeC4cKtEktFLcVaVHKCTgGJlfw2MxhjPRdTML2pIeXac
38vYF0Kog/0DR2nDWHRDkdJKRs7r7f3mzWtfU6Fe9tymzffiyPncpB86NbuHc/ss
cU+YXofcYc+0xzPLijVBvW6GGs/CwzP5ioi/Tq1Yar2m7M2vBbrhGezCL/42MYyG
CsIqrhDfJ6uDID79r/5yn6wF+rB2q6DZaN6+9qzuOQ68UCr/JVQ/JvcsRd3LA8Ne
aGYPnuGqjEBcRNv/vA5/rG+fX/1eL7p6AScPfT1zDMBEIU1Ei+88IghkJakgJgGl
MqJvOTR2xiT97r6aEVS62gh5QQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFN6L5TJu
w7WNCtsqxsRtNDSIN5TqMB8GA1UdIwQYMBaAFKPrfENQY7xU01c9gdvcGHOYdmPg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzdCRC8zODkzNzE5OERG
NDAxMUU1ODIzMjczNEFDNEY5QUUwMi9vLXQ4UTFCanZGVFRWejJCMjl3WWM1aDJZ
LUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL28tdDhRMUJqdkZUVFZ6MkIyOXdZYzVoMlktQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc3QkQvMzg5MzcxOThERjQwMTFFNTgyMzI3MzRBQzRGOUFFMDIvQTI1N0E5NUVB
OURDMTFFOUFBMDM3ODBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJnxIgDBALLvXQDBALfGTwwDQQCAAIwBwMFACQEM4AwDQYJ
KoZIhvcNAQELBQADggEBAO9grq8/oaAeIzxvqN/AFT9wjlN8GsBTtn70nu1wv2Y8
Uht2wM0YV0QIUqZpUwh8DGX3g6qZ2h+8Kq10c4AeEDh/ZJ4nTbEwvohIEL2vW8k+
rzmjwVgQ+CTCCHST/ntFIznBcg6dSmTI+18hRdDjL4Y/42wKb+MoD7Sf00KgrCvN
BiJEFqLDSHzHNgs4vomRXYTTwtIQRkegRyxwHZcxSXlRu/0MKhvaN/CqDbwd3sTB
HCu1qXp4Tfz8+3/0Zo2aDRlBXvigrGrS3omf7bjy6RoyYwc9o1s2Le8+4Z2exMP8
zoqJ2+LnmEHs5i8HoJQknXRVXfl4/FeKCTFe1movdSg=
-----END CERTIFICATE-----
Generated at Sun Apr 27 15:40:49 2025 by rpki-client