Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D2706/04D457C2330611EBA282D30AC4F9AE02/35D4363E330711EB9D3AA60BC4F9AE02.roa
File: 35D4363E330711EB9D3AA60BC4F9AE02.roa (raw, json)
Hash identifier: M4Gqzd39PMwr7C0nKPOIDqHHsIaRLfcCY3hCq+E40tY=
Subject key identifier: 9A:8F:35:2B:02:C8:C4:A2:D3:C0:04:4D:2B:8B:83:2E:28:49:E7:29
Certificate issuer: /CN=A91D2706/serialNumber=639239063917EE92C099E46AD3696C2ECA7C510A
Certificate serial: 06DF
Authority key identifier: 63:92:39:06:39:17:EE:92:C0:99:E4:6A:D3:69:6C:2E:CA:7C:51:0A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y5I5BjkX7pLAmeRq02lsLsp8UQo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D2706/04D457C2330611EBA282D30AC4F9AE02/35D4363E330711EB9D3AA60BC4F9AE02.roa
Signing time: Wed 18 Dec 2024 22:11:31 +0000
ROA not before: Wed 18 Dec 2024 22:11:31 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 134797
IP address blocks: 103.199.216.0/22 maxlen: 22
103.199.216.0/24 maxlen: 24
103.199.217.0/24 maxlen: 24
103.199.218.0/24 maxlen: 24
103.199.219.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1759 (0x6df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D2706/serialNumber=639239063917EE92C099E46AD3696C2ECA7C510A
Validity
Not Before: Dec 18 22:11:31 2024 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67634893-d762
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:dc:2f:0d:19:63:21:76:91:99:5f:41:8c:83:
49:a1:2e:7b:3d:0c:73:df:aa:d8:0d:74:d0:44:e4:
37:b6:32:50:2b:c5:c5:e0:cb:da:4c:ae:21:ce:f5:
f0:8f:4d:e7:9b:b2:5b:18:12:0a:99:5e:ec:3b:99:
d4:30:1a:5d:3e:a0:bd:1a:ba:12:ab:84:c2:64:a2:
cf:d7:80:73:b4:72:e9:eb:e5:5f:a1:06:da:78:ec:
70:2e:b0:af:79:cf:3b:fb:f7:d3:19:60:03:bd:c6:
5a:0e:52:e0:90:f3:9c:e8:4f:8d:d2:91:48:95:e1:
f2:e3:ae:25:ac:b2:44:5b:04:82:73:7c:d3:f7:b7:
40:7b:09:6f:94:5b:50:43:dd:3a:d5:38:92:8e:99:
06:5e:e7:96:65:cd:84:3f:67:52:54:40:64:49:80:
ad:2b:e7:5b:72:9f:4f:f2:98:3f:8c:5a:e5:54:77:
ed:7c:a4:a5:f7:5f:59:a8:43:cf:7c:dc:77:e3:4d:
19:e3:b5:6b:f6:24:48:83:c7:c3:56:1e:09:61:68:
0e:0f:a1:fb:18:33:23:1e:59:e0:b8:36:16:db:f1:
6a:df:af:50:67:56:ea:c9:db:f6:eb:cf:d4:8f:db:
ff:50:08:3c:61:52:83:e4:df:ef:14:05:9b:16:db:
84:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:8F:35:2B:02:C8:C4:A2:D3:C0:04:4D:2B:8B:83:2E:28:49:E7:29
X509v3 Authority Key Identifier:
keyid:63:92:39:06:39:17:EE:92:C0:99:E4:6A:D3:69:6C:2E:CA:7C:51:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D2706/04D457C2330611EBA282D30AC4F9AE02/Y5I5BjkX7pLAmeRq02lsLsp8UQo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y5I5BjkX7pLAmeRq02lsLsp8UQo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D2706/04D457C2330611EBA282D30AC4F9AE02/35D4363E330711EB9D3AA60BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.199.216.0/22
Signature Algorithm: sha256WithRSAEncryption
06:d2:4f:15:1a:1b:75:b9:5d:c5:1c:24:7e:a3:1f:b2:a6:bf:
42:47:2b:e5:dd:7a:c6:fe:5c:46:98:c9:49:7d:fe:12:a1:22:
0a:07:e4:26:da:73:50:f8:6f:8e:5d:a3:40:0e:39:f4:06:07:
aa:29:44:7d:75:c6:2c:35:83:00:75:7f:23:d2:32:55:33:5e:
73:d1:5e:36:3b:30:46:95:3e:89:25:53:35:3a:b9:57:eb:db:
fc:15:5c:63:21:d0:e3:08:ff:b0:fd:4d:31:f7:b1:60:ba:ad:
b8:28:24:13:37:b3:2b:7e:5b:73:ad:af:9c:e2:f0:c1:ff:69:
52:50:d9:6f:2f:8d:44:48:5a:39:6d:15:97:33:51:94:73:f7:
c5:c4:8d:64:cd:e3:ed:fe:bd:eb:01:a1:e7:03:89:11:3d:fe:
b8:63:9d:ce:11:32:6a:61:e2:51:ed:a9:c2:1b:56:99:f7:de:
ce:ba:dd:cb:db:f8:96:db:75:31:26:75:d0:9c:1c:c7:a9:25:
77:3e:57:e4:1d:97:26:ff:96:17:48:71:00:f4:f4:fa:55:d6:
c4:fb:ef:8c:ce:93:f7:5e:ea:3f:9c:3d:23:c5:70:bc:5e:f6:
39:a2:33:20:0a:2c:50:a2:41:d0:8a:9c:c7:a8:5d:08:15:b3:
93:67:43:88
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBt8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDI3MDYxMTAvBgNVBAUTKDYzOTIzOTA2MzkxN0VFOTJDMDk5RTQ2QUQzNjk2QzJF
Q0E3QzUxMEEwHhcNMjQxMjE4MjIxMTMxWhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzYzNDg5My1kNzYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3dwvDRljIXaRmV9BjINJoS57PQxz36rYDXTQROQ3tjJQK8XF4MvaTK4hzvXw
j03nm7JbGBIKmV7sO5nUMBpdPqC9GroSq4TCZKLP14BztHLp6+VfoQbaeOxwLrCv
ec87+/fTGWADvcZaDlLgkPOc6E+N0pFIleHy464lrLJEWwSCc3zT97dAewlvlFtQ
Q9061TiSjpkGXueWZc2EP2dSVEBkSYCtK+dbcp9P8pg/jFrlVHftfKSl919ZqEPP
fNx3400Z47Vr9iRIg8fDVh4JYWgOD6H7GDMjHlnguDYW2/Fq369QZ1bqydv268/U
j9v/UAg8YVKD5N/vFAWbFtuEUQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJqPNSsC
yMSi08AETSuLgy4oSecpMB8GA1UdIwQYMBaAFGOSOQY5F+6SwJnkatNpbC7KfFEK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMjcwNi8wNEQ0NTdDMjMz
MDYxMUVCQTI4MkQzMEFDNEY5QUUwMi9ZNUk1QmprWDdwTEFtZVJxMDJsc0xzcDhV
UW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1k1STVCamtYN3BMQW1lUnEwMmxzTHNwOFVRby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDI3MDYvMDRENDU3QzIzMzA2MTFFQkEyODJEMzBBQzRGOUFFMDIvMzVENDM2M0Uz
MzA3MTFFQjlEM0FBNjBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnx9gwDQYJKoZIhvcNAQELBQADggEBAAbSTxUaG3W5XcUc
JH6jH7Kmv0JHK+Xdesb+XEaYyUl9/hKhIgoH5Cbac1D4b45do0AOOfQGB6opRH11
xiw1gwB1fyPSMlUzXnPRXjY7MEaVPoklUzU6uVfr2/wVXGMh0OMI/7D9TTH3sWC6
rbgoJBM3syt+W3Otr5zi8MH/aVJQ2W8vjURIWjltFZczUZRz98XEjWTN4+3+vesB
oecDiRE9/rhjnc4RMmph4lHtqcIbVpn33s663cvb+JbbdTEmddCcHMepJXc+V+Qd
lyb/lhdIcQD09PpV1sT774zOk/de6j+cPSPFcLxe9jmiMyAKLFCiQdCKnMeoXQgV
s5NnQ4g=
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:08:07 2025 by rpki-client