Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/B7D67B4ECC3011EA9B54C679C4F9AE02.roa
File: B7D67B4ECC3011EA9B54C679C4F9AE02.roa (raw, json)
Hash identifier: 0pajmOLzTfRxXN+jwLdgr/HPuMFyL3nbTNRtA04jmts=
Subject key identifier: F9:D1:15:5B:33:11:81:28:25:5E:36:44:5B:69:96:78:55:A6:25:65
Certificate issuer: /CN=A9123D9C/serialNumber=5B2CF0FB62F160F1838AEE3E6CDE07544DFF8BFF
Certificate serial: 1023
Authority key identifier: 5B:2C:F0:FB:62:F1:60:F1:83:8A:EE:3E:6C:DE:07:54:4D:FF:8B:FF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/B7D67B4ECC3011EA9B54C679C4F9AE02.roa
Signing time: Wed 12 Feb 2025 18:06:02 +0000
ROA not before: Wed 12 Feb 2025 18:06:02 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 138564
IP address blocks: 103.136.184.0/24 maxlen: 24
103.136.185.0/24 maxlen: 24
103.136.186.0/24 maxlen: 24
103.136.187.0/24 maxlen: 24
2404:9ec0:1000::/40 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4131 (0x1023)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123D9C
Validity
Not Before: Feb 12 18:06:02 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67ace30a-6c38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:dd:23:4f:a8:83:6c:13:db:d4:1d:e4:1c:75:
a2:8a:ea:91:d6:9f:ae:69:b8:f1:82:58:76:90:e5:
ee:92:81:1a:58:2b:cb:4b:0f:cc:f6:c2:d7:9d:f9:
f1:d6:b8:2e:a7:4c:06:20:76:9c:37:cf:34:27:ab:
8a:8f:03:15:04:c2:1f:f0:71:ba:c3:2e:51:ed:0d:
76:1e:ae:a4:68:f7:a1:73:db:2f:db:29:df:93:62:
8a:5e:7d:d4:39:8f:17:9c:7b:29:27:03:2f:c3:fd:
53:8d:18:56:b6:8c:07:b4:66:c0:a1:5c:fb:91:12:
b2:c5:c5:92:51:30:40:96:0c:b0:33:bf:87:f3:e0:
22:76:42:66:c1:51:b1:c4:a0:36:31:f1:b0:f4:c0:
0a:89:ac:d9:e1:c1:29:46:18:8d:19:a6:a3:9d:fa:
cd:d2:da:14:63:34:5f:c6:7b:de:12:d4:35:80:b4:
31:69:63:80:b7:df:be:72:d3:27:93:39:83:b6:06:
ba:36:0f:c3:f0:55:b7:77:6f:be:0a:fd:8d:13:f4:
e2:2b:d6:22:2d:06:fe:01:73:18:24:b7:e7:0c:fa:
b1:c5:5a:c7:2e:65:00:cf:1a:97:48:1a:ee:cc:08:
10:f5:9b:38:83:22:7e:89:ff:7a:63:80:36:02:bc:
d4:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:D1:15:5B:33:11:81:28:25:5E:36:44:5B:69:96:78:55:A6:25:65
X509v3 Authority Key Identifier:
keyid:5B:2C:F0:FB:62:F1:60:F1:83:8A:EE:3E:6C:DE:07:54:4D:FF:8B:FF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/B7D67B4ECC3011EA9B54C679C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.136.184.0/22
IPv6:
2404:9ec0:1000::/40
Signature Algorithm: sha256WithRSAEncryption
66:eb:1e:cf:19:1f:7f:9b:01:e4:05:f5:c1:4c:db:b7:bb:57:
81:f2:17:18:db:d3:2b:75:7f:ff:ed:5b:93:a6:d4:c3:fa:ab:
5a:cb:16:58:45:f5:e4:49:b3:ed:6e:89:30:31:9e:c1:4b:84:
f4:cd:40:db:71:4f:50:4f:ba:f1:c4:04:6a:3d:d9:0a:e2:9e:
bb:4e:cd:0d:81:ae:e8:29:7f:da:db:e4:56:53:fb:97:cd:b1:
cb:c1:4a:8b:49:df:15:9f:1c:2b:ea:ae:62:83:39:af:bf:68:
2b:e7:47:e9:c1:f9:4c:4b:36:ea:be:19:83:85:b1:21:76:45:
88:21:40:5f:d9:0c:71:5f:8f:ed:b5:02:60:ff:1b:7b:59:41:
43:85:ec:f0:a1:69:6b:a5:13:75:ea:1f:2f:1d:2b:6b:4d:d9:
2b:3a:1b:fa:20:28:b5:83:16:01:06:50:6a:36:64:94:de:ce:
54:f9:27:cc:45:0d:04:59:78:25:3c:44:d4:1f:d2:5a:99:47:
0a:9f:26:89:70:1e:52:be:04:aa:d3:6d:66:7e:a0:3d:02:66:
3f:76:14:45:37:e3:d2:73:55:b0:3d:35:93:a8:74:59:57:90:
b0:e3:45:a6:ae:96:39:38:33:7e:69:32:19:37:ff:cf:d4:b8:
82:fa:09:43
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICECMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNEOUMxMTAvBgNVBAUTKDVCMkNGMEZCNjJGMTYwRjE4MzhBRUUzRTZDREUwNzU0
NERGRjhCRkYwHhcNMjUwMjEyMTgwNjAyWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2FjZTMwYS02YzM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5t0jT6iDbBPb1B3kHHWiiuqR1p+uabjxglh2kOXukoEaWCvLSw/M9sLXnfnx
1rgup0wGIHacN880J6uKjwMVBMIf8HG6wy5R7Q12Hq6kaPehc9sv2ynfk2KKXn3U
OY8XnHspJwMvw/1TjRhWtowHtGbAoVz7kRKyxcWSUTBAlgywM7+H8+AidkJmwVGx
xKA2MfGw9MAKiazZ4cEpRhiNGaajnfrN0toUYzRfxnveEtQ1gLQxaWOAt9++ctMn
kzmDtga6Ng/D8FW3d2++Cv2NE/TiK9YiLQb+AXMYJLfnDPqxxVrHLmUAzxqXSBru
zAgQ9Zs4gyJ+if96Y4A2ArzU8wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFPnRFVsz
EYEoJV42RFtplnhVpiVlMB8GA1UdIwQYMBaAFFss8Pti8WDxg4ruPmzeB1RN/4v/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0Q5Qy80NTU5NDJENjUw
QjIxMUU5QjVEQjZBNkJDNEY5QUUwMi9XeXp3LTJMeFlQR0RpdTQtYk40SFZFM19p
XzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1d5enctMkx4WVBHRGl1NC1iTjRIVkUzX2lfOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNEOUMvNDU1OTQyRDY1MEIyMTFFOUI1REI2QTZCQzRGOUFFMDIvQjdENjdCNEVD
QzMwMTFFQTlCNTRDNjc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAJniLgwDgQCAAIwCAMGACQEnsAQMA0GCSqGSIb3DQEBCwUA
A4IBAQBm6x7PGR9/mwHkBfXBTNu3u1eB8hcY29MrdX//7VuTptTD+qtayxZYRfXk
SbPtbokwMZ7BS4T0zUDbcU9QT7rxxARqPdkK4p67Ts0Nga7oKX/a2+RWU/uXzbHL
wUqLSd8Vnxwr6q5igzmvv2gr50fpwflMSzbqvhmDhbEhdkWIIUBf2QxxX4/ttQJg
/xt7WUFDhezwoWlrpRN16h8vHStrTdkrOhv6ICi1gxYBBlBqNmSU3s5U+SfMRQ0E
WXglPETUH9JamUcKnyaJcB5SvgSq021mfqA9AmY/dhRFN+PSc1WwPTWTqHRZV5Cw
40WmrpY5ODN+aTIZN//P1LiC+glD
-----END CERTIFICATE-----
Generated at Tue Apr 8 22:20:39 2025 by rpki-client