Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE959/AA4C77ECED7611EEAD871A11C4F9AE02/03BA6992ED7711EE9998FC11C4F9AE02.roa
File: 03BA6992ED7711EE9998FC11C4F9AE02.roa (raw, json)
Hash identifier: pNXp/zitcEGKo6/gAz8K4qpjBS4Aa7CoWSI3NGsPSw8=
Subject key identifier: D2:5A:A3:BB:01:D5:AD:37:EF:E3:FE:B6:FC:9E:4D:CA:46:85:A3:2F
Certificate issuer: /CN=A91CE959/serialNumber=D6EC22A73A59D2AA955997470279C662D11088F2
Certificate serial: 05
Authority key identifier: D6:EC:22:A7:3A:59:D2:AA:95:59:97:47:02:79:C6:62:D1:10:88:F2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1uwipzpZ0qqVWZdHAnnGYtEQiPI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE959/AA4C77ECED7611EEAD871A11C4F9AE02/03BA6992ED7711EE9998FC11C4F9AE02.roa
Signing time: Fri 29 Mar 2024 02:51:21 +0000
ROA not before: Fri 29 Mar 2024 02:51:20 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 9311
IP address blocks: 202.58.20.0/24 maxlen: 24
202.58.22.0/24 maxlen: 24
202.58.26.0/24 maxlen: 24
202.58.27.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE959/serialNumber=D6EC22A73A59D2AA955997470279C662D11088F2
Validity
Not Before: Mar 29 02:51:20 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=66062ca8-b531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:34:37:3f:8b:19:d5:09:9d:1f:c0:0f:99:36:
b5:e1:0d:e3:88:c1:5f:5b:97:dd:01:51:57:b6:74:
74:c3:07:7c:65:b9:bd:26:ab:df:ef:f6:8f:ce:07:
24:20:d3:c4:67:b6:ac:17:63:ca:df:00:2a:d0:2a:
0b:56:23:5c:42:84:e9:57:06:ca:e5:f4:31:19:f8:
4e:ee:dc:63:9a:b8:b7:32:da:a1:ba:d2:c7:03:d4:
fb:15:5f:f0:7e:46:06:7e:c4:6e:d4:0c:81:bd:97:
d2:39:02:a1:4b:52:c3:bb:47:f9:6d:d9:9b:f1:22:
ce:64:de:af:aa:cc:03:85:be:f4:67:da:a6:04:d2:
f2:72:62:4f:30:90:28:1b:d1:92:b4:38:aa:ab:2f:
5d:06:4b:36:50:ab:61:32:31:57:b8:c0:05:02:73:
51:6a:e2:19:e3:71:20:cc:13:32:93:92:ee:45:55:
17:6e:32:d2:9c:ca:d7:39:84:90:f5:89:6e:40:39:
66:c9:9d:51:c1:5e:a8:e9:77:94:96:86:c2:9f:56:
36:0d:c3:b7:fa:99:87:9c:44:92:c1:26:f5:66:39:
da:fc:3e:ff:57:d8:3b:27:87:23:94:9b:08:4a:53:
e3:e1:bd:c6:f9:da:cb:a5:6d:f5:6e:9e:35:0a:45:
fd:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:5A:A3:BB:01:D5:AD:37:EF:E3:FE:B6:FC:9E:4D:CA:46:85:A3:2F
X509v3 Authority Key Identifier:
keyid:D6:EC:22:A7:3A:59:D2:AA:95:59:97:47:02:79:C6:62:D1:10:88:F2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE959/AA4C77ECED7611EEAD871A11C4F9AE02/1uwipzpZ0qqVWZdHAnnGYtEQiPI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1uwipzpZ0qqVWZdHAnnGYtEQiPI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE959/AA4C77ECED7611EEAD871A11C4F9AE02/03BA6992ED7711EE9998FC11C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.58.20.0/24
202.58.22.0/24
202.58.26.0/23
Signature Algorithm: sha256WithRSAEncryption
44:d0:26:04:0d:19:3a:bd:20:c9:9b:6a:5f:4b:5d:c7:bb:15:
4c:d0:02:4c:0a:e5:be:cf:f3:25:28:a5:15:4f:29:20:55:c7:
c3:99:ce:a0:43:2b:fb:8d:83:44:5f:12:2d:90:c0:e4:2a:d2:
2d:1e:32:32:e6:cd:13:48:26:b5:83:b0:1b:9b:bc:01:ce:fd:
91:99:36:25:6e:39:0b:e1:e0:d1:ab:07:74:99:e8:30:51:a9:
c0:20:78:d8:89:1d:80:66:4b:50:56:56:4d:6a:69:9d:f1:5c:
14:c1:ba:b2:09:bd:13:33:cb:1d:78:a2:7e:c2:a1:92:e0:b2:
c6:44:e7:06:d5:d8:10:d3:d4:ee:58:66:68:b4:38:21:e9:72:
57:1d:76:2f:fa:a3:fb:ac:68:c6:fc:17:bb:de:67:97:f0:70:
6b:6c:a1:20:6a:e5:1c:25:23:87:97:cb:7e:c8:4d:41:45:b1:
96:90:ec:84:1a:19:c0:da:8b:64:01:cb:b9:e2:1f:be:e5:81:
e3:d2:74:8d:a4:47:fc:2d:56:f5:39:ee:8c:8d:8f:43:b2:8a:
ba:d9:f5:b8:5c:9a:a5:bc:18:4d:d0:00:79:8e:94:6a:e5:c8:
b6:aa:33:2f:4d:9f:68:6d:39:29:51:f2:89:4d:4f:ae:e5:16:
81:43:82:b5
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RTk1OTExMC8GA1UEBRMoRDZFQzIyQTczQTU5RDJBQTk1NTk5NzQ3MDI3OUM2NjJE
MTEwODhGMjAeFw0yNDAzMjkwMjUxMjBaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2MDYyY2E4LWI1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDoNDc/ixnVCZ0fwA+ZNrXhDeOIwV9bl90BUVe2dHTDB3xlub0mq9/v9o/OByQg
08RntqwXY8rfACrQKgtWI1xChOlXBsrl9DEZ+E7u3GOauLcy2qG60scD1PsVX/B+
RgZ+xG7UDIG9l9I5AqFLUsO7R/lt2ZvxIs5k3q+qzAOFvvRn2qYE0vJyYk8wkCgb
0ZK0OKqrL10GSzZQq2EyMVe4wAUCc1Fq4hnjcSDMEzKTku5FVRduMtKcytc5hJD1
iW5AOWbJnVHBXqjpd5SWhsKfVjYNw7f6mYecRJLBJvVmOdr8Pv9X2DsnhyOUmwhK
U+Phvcb52sulbfVunjUKRf09AgMBAAGjggKhMIICnTAdBgNVHQ4EFgQU0lqjuwHV
rTfv4/62/J5NykaFoy8wHwYDVR0jBBgwFoAU1uwipzpZ0qqVWZdHAnnGYtEQiPIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNFOTU5L0FBNEM3N0VDRUQ3
NjExRUVBRDg3MUExMUM0RjlBRTAyLzF1d2lwenBaMHFxVldaZEhBbm5HWXRFUWlQ
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMXV3aXB6cFowcXFWV1pkSEFubkdZdEVRaVBJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RTk1OS9BQTRDNzdFQ0VENzYxMUVFQUQ4NzFBMTFDNEY5QUUwMi8wM0JBNjk5MkVE
NzcxMUVFOTk5OEZDMTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDArBggrBgEFBQcBBwEB/wQc
MBowGAQCAAEwEgMEAMo6FAMEAMo6FgMEAco6GjANBgkqhkiG9w0BAQsFAAOCAQEA
RNAmBA0ZOr0gyZtqX0tdx7sVTNACTArlvs/zJSilFU8pIFXHw5nOoEMr+42DRF8S
LZDA5CrSLR4yMubNE0gmtYOwG5u8Ac79kZk2JW45C+Hg0asHdJnoMFGpwCB42Ikd
gGZLUFZWTWppnfFcFMG6sgm9EzPLHXiifsKhkuCyxkTnBtXYENPU7lhmaLQ4Iely
Vx12L/qj+6xoxvwXu95nl/Bwa2yhIGrlHCUjh5fLfshNQUWxlpDshBoZwNqLZAHL
ueIfvuWB49J0jaRH/C1W9TnujI2PQ7KKutn1uFyapbwYTdAAeY6UauXItqozL02f
aG05KVHyiU1PruUWgUOCtQ==
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:56:04 2025 by rpki-client