Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DD42F/C8BA01BC2E2B11EB80EB7080C4F9AE02/E20C4942DC7D11EDA2F7B651C4F9AE02.roa
File: E20C4942DC7D11EDA2F7B651C4F9AE02.roa (raw, json)
Hash identifier: yD7Oq9ELTSwJW2k9G7WxgHSnfxXNkpi3+nKcvJopyDM=
Subject key identifier: 00:55:4D:29:00:04:4E:F2:74:90:76:16:F3:C2:FA:95:28:72:E0:2C
Certificate issuer: /CN=A91DD42F/serialNumber=87A55061B75F1DC2C5C5BB87D2898E83307D870F
Certificate serial: 06CF
Authority key identifier: 87:A5:50:61:B7:5F:1D:C2:C5:C5:BB:87:D2:89:8E:83:30:7D:87:0F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h6VQYbdfHcLFxbuH0omOgzB9hw8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DD42F/C8BA01BC2E2B11EB80EB7080C4F9AE02/E20C4942DC7D11EDA2F7B651C4F9AE02.roa
Signing time: Fri 13 Sep 2024 00:01:38 +0000
ROA not before: Fri 13 Sep 2024 00:01:38 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 59381
IP address blocks: 103.235.176.0/22 maxlen: 22
103.235.176.0/24 maxlen: 24
103.235.177.0/24 maxlen: 24
103.235.178.0/24 maxlen: 24
103.235.179.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1743 (0x6cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DD42F/serialNumber=87A55061B75F1DC2C5C5BB87D2898E83307D870F
Validity
Not Before: Sep 13 00:01:38 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66e380e2-08f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:81:90:f6:41:29:63:2f:87:31:9e:4a:aa:37:
d7:c9:d2:c2:14:9d:2c:2f:b9:c4:f2:45:be:eb:87:
c2:0f:f2:63:e4:e0:35:b0:2b:f8:b2:ad:42:91:74:
12:d7:d5:43:4a:65:9d:7e:64:91:23:54:8a:4c:00:
2b:6a:c6:8b:2f:d6:da:b5:02:3d:74:c4:78:15:75:
54:fe:3f:92:9d:29:a8:4c:25:eb:c1:dc:18:05:33:
b8:97:06:6a:37:90:3c:98:59:ef:fe:7b:af:d1:36:
ad:11:b1:e8:09:d4:67:2f:b8:d5:e0:c5:f2:72:f3:
b2:30:2c:57:86:f2:8a:85:6b:59:3b:cf:c7:11:c6:
9d:67:b5:bb:46:71:e7:32:4c:9c:4c:7b:3c:82:41:
9e:31:c5:b0:ce:23:20:28:3a:fa:c8:fc:a4:f7:8a:
5d:b2:a0:98:13:f4:db:6f:c1:24:ae:33:87:87:7c:
69:1f:d9:e3:58:c3:56:17:24:3c:0c:d4:24:3c:b9:
91:93:f1:03:00:af:7a:40:80:16:14:c6:76:7f:ac:
9f:2d:44:f3:b3:c0:1c:a6:cd:21:17:e7:9c:76:fd:
15:6c:8e:6a:17:fa:86:18:d0:02:95:ef:09:df:f0:
3b:72:ef:ba:64:59:f2:13:97:f2:0b:be:1d:a7:c5:
89:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:55:4D:29:00:04:4E:F2:74:90:76:16:F3:C2:FA:95:28:72:E0:2C
X509v3 Authority Key Identifier:
keyid:87:A5:50:61:B7:5F:1D:C2:C5:C5:BB:87:D2:89:8E:83:30:7D:87:0F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DD42F/C8BA01BC2E2B11EB80EB7080C4F9AE02/h6VQYbdfHcLFxbuH0omOgzB9hw8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h6VQYbdfHcLFxbuH0omOgzB9hw8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DD42F/C8BA01BC2E2B11EB80EB7080C4F9AE02/E20C4942DC7D11EDA2F7B651C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.235.176.0/22
Signature Algorithm: sha256WithRSAEncryption
a6:ef:94:dd:61:6c:f7:ca:ef:95:cd:04:62:b5:38:38:88:0c:
75:99:8b:4a:07:82:62:ec:de:c7:21:91:05:87:c3:7c:c1:9d:
8c:44:dc:d0:2d:37:c6:92:0e:2f:7f:fb:40:9f:1c:c4:e0:06:
7a:19:f1:59:43:41:ca:01:31:e5:fd:19:ac:8e:be:67:0a:3a:
19:32:a5:b4:c8:3b:bc:6e:53:f5:85:18:73:c8:f1:39:9b:e0:
e1:43:09:2b:9e:94:95:7c:0c:86:fa:9f:43:ca:75:d1:fc:af:
45:79:e9:d1:a5:89:02:ad:34:7b:af:a2:eb:8e:e0:ee:9b:ed:
ed:92:f9:78:f0:1b:1f:3c:a9:5f:11:31:e1:2f:fc:fc:d8:01:
07:1a:49:2e:38:1b:33:b4:11:b6:15:5b:82:a3:f9:57:bc:a8:
9d:73:2c:a8:e5:a2:8f:05:1f:60:91:8a:b1:66:de:b0:ba:ec:
16:67:06:37:66:50:c6:5a:3b:63:b4:8f:65:11:03:c9:fc:73:
6b:6c:27:7a:0e:9a:de:22:bc:f7:1c:f0:96:de:b1:b4:a5:d2:
61:86:22:53:4e:5d:9b:13:4f:9f:c8:a0:05:a6:ef:64:75:c4:
5c:b5:db:d7:01:b4:75:c2:59:65:9a:8a:66:1a:49:19:f9:51:
43:19:d0:a5
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBs8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REQ0MkYxMTAvBgNVBAUTKDg3QTU1MDYxQjc1RjFEQzJDNUM1QkI4N0QyODk4RTgz
MzA3RDg3MEYwHhcNMjQwOTEzMDAwMTM4WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmUzODBlMi0wOGY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsIGQ9kEpYy+HMZ5KqjfXydLCFJ0sL7nE8kW+64fCD/Jj5OA1sCv4sq1CkXQS
19VDSmWdfmSRI1SKTAArasaLL9batQI9dMR4FXVU/j+SnSmoTCXrwdwYBTO4lwZq
N5A8mFnv/nuv0TatEbHoCdRnL7jV4MXycvOyMCxXhvKKhWtZO8/HEcadZ7W7RnHn
MkycTHs8gkGeMcWwziMgKDr6yPyk94pdsqCYE/Tbb8EkrjOHh3xpH9njWMNWFyQ8
DNQkPLmRk/EDAK96QIAWFMZ2f6yfLUTzs8Acps0hF+ecdv0VbI5qF/qGGNACle8J
3/A7cu+6ZFnyE5fyC74dp8WJNwIDAQABo4IClTCCApEwHQYDVR0OBBYEFABVTSkA
BE7ydJB2FvPC+pUocuAsMB8GA1UdIwQYMBaAFIelUGG3Xx3CxcW7h9KJjoMwfYcP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERDQyRi9DOEJBMDFCQzJF
MkIxMUVCODBFQjcwODBDNEY5QUUwMi9oNlZRWWJkZkhjTEZ4YnVIMG9tT2d6Qjlo
dzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2g2VlFZYmRmSGNMRnhidUgwb21PZ3pCOWh3OC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REQ0MkYvQzhCQTAxQkMyRTJCMTFFQjgwRUI3MDgwQzRGOUFFMDIvRTIwQzQ5NDJE
QzdEMTFFREEyRjdCNjUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJn67AwDQYJKoZIhvcNAQELBQADggEBAKbvlN1hbPfK75XN
BGK1ODiIDHWZi0oHgmLs3schkQWHw3zBnYxE3NAtN8aSDi9/+0CfHMTgBnoZ8VlD
QcoBMeX9GayOvmcKOhkypbTIO7xuU/WFGHPI8Tmb4OFDCSuelJV8DIb6n0PKddH8
r0V56dGliQKtNHuvouuO4O6b7e2S+XjwGx88qV8RMeEv/PzYAQcaSS44GzO0EbYV
W4Kj+Ve8qJ1zLKjloo8FH2CRirFm3rC67BZnBjdmUMZaO2O0j2URA8n8c2tsJ3oO
mt4ivPcc8JbesbSl0mGGIlNOXZsTT5/IoAWm72R1xFy129cBtHXCWWWaimYaSRn5
UUMZ0KU=
-----END CERTIFICATE-----
Generated at Wed Apr 30 23:39:44 2025 by rpki-client