Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914CA5C/6510E310A45911ECA87FD80DC4F9AE02/3F7E8DCAA45C11EC845FEA36C4F9AE02.roa
File: 3F7E8DCAA45C11EC845FEA36C4F9AE02.roa (raw, json)
Hash identifier: DbGKbMecwcykqDAfU21+x6Kvm9Z6g5WTzg4SdqXRisc=
Subject key identifier: 9B:2D:3D:F3:A2:97:BD:57:9C:AA:DF:8D:CD:8A:47:16:5D:4F:49:72
Certificate issuer: /CN=A914CA5C/serialNumber=C43D19C6D397112A2AFED4666122FC576B47886D
Certificate serial: 0367
Authority key identifier: C4:3D:19:C6:D3:97:11:2A:2A:FE:D4:66:61:22:FC:57:6B:47:88:6D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xD0ZxtOXESoq_tRmYSL8V2tHiG0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914CA5C/6510E310A45911ECA87FD80DC4F9AE02/3F7E8DCAA45C11EC845FEA36C4F9AE02.roa
Signing time: Thu 13 Mar 2025 00:55:42 +0000
ROA not before: Thu 13 Mar 2025 00:55:42 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 134428
IP address blocks: 103.163.120.0/24 maxlen: 24
103.163.121.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 871 (0x367)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914CA5C
Validity
Not Before: Mar 13 00:55:42 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67d22d0d-cc04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:7c:2b:be:ba:5b:94:1c:d0:96:9d:96:05:97:
80:1f:a2:0c:16:40:37:e0:a6:3c:b0:12:e4:4e:da:
89:29:dc:35:15:b6:38:30:ae:5b:25:42:0d:aa:59:
a0:24:4b:f3:ad:80:4a:30:7d:26:37:0c:b9:0a:c8:
ef:fb:f2:27:a4:7e:0f:7f:8b:65:db:5e:a0:b5:2b:
c9:69:39:fc:75:74:88:ff:78:da:cb:88:5e:fa:1a:
b7:ff:37:ef:ba:74:a6:8a:e9:14:b8:2d:01:47:18:
0a:cc:b3:48:b1:78:bb:79:ed:c6:86:a1:01:4b:21:
01:9a:ca:bd:25:39:f1:86:ba:dc:76:98:71:aa:e0:
2e:00:8d:7e:16:fc:df:9e:b5:b7:fb:19:47:0d:92:
fe:87:12:e8:9a:93:f2:10:aa:32:cb:47:5c:9d:09:
3b:de:41:03:d5:ab:6c:3f:b1:7a:f5:96:1a:30:25:
56:81:66:24:50:c9:8d:4c:bf:32:84:30:47:05:88:
3f:2c:3f:f3:cb:a2:79:08:2d:d7:17:c0:27:11:6d:
50:8b:bd:2a:93:a6:47:65:3a:6c:28:e9:70:f4:c5:
c1:10:2d:4d:67:33:4f:23:7a:81:93:57:72:db:88:
37:d2:b3:2d:c1:c6:ad:49:05:2e:3a:8b:3a:15:8e:
95:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:2D:3D:F3:A2:97:BD:57:9C:AA:DF:8D:CD:8A:47:16:5D:4F:49:72
X509v3 Authority Key Identifier:
keyid:C4:3D:19:C6:D3:97:11:2A:2A:FE:D4:66:61:22:FC:57:6B:47:88:6D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914CA5C/6510E310A45911ECA87FD80DC4F9AE02/xD0ZxtOXESoq_tRmYSL8V2tHiG0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xD0ZxtOXESoq_tRmYSL8V2tHiG0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914CA5C/6510E310A45911ECA87FD80DC4F9AE02/3F7E8DCAA45C11EC845FEA36C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.163.120.0/23
Signature Algorithm: sha256WithRSAEncryption
3f:d7:05:8b:12:ea:ea:4a:fd:96:34:8e:53:21:a1:1f:58:04:
65:e9:90:11:55:f1:2c:da:3b:44:3c:76:c8:12:b6:7b:cd:d8:
cb:5b:2a:11:02:6b:f5:ff:02:28:1d:0f:14:ac:d8:06:bc:80:
38:99:eb:2d:62:75:94:9f:cf:b0:13:98:26:66:b4:27:cf:6f:
34:09:fd:b2:5b:5e:19:5d:fb:7a:35:7e:22:c2:d3:c9:e5:28:
d8:95:60:72:e5:69:a6:f7:5a:88:e7:7f:3e:6d:85:7a:c1:7c:
9c:2d:54:5c:9a:60:ef:18:d7:0f:51:e4:dc:e7:da:bb:db:78:
52:55:4e:9d:3a:3e:94:2c:56:9d:f1:16:81:4d:1b:13:95:e3:
75:d3:fc:85:ee:b0:cb:5f:90:1b:af:b0:ac:12:7a:1a:e4:67:
b6:51:64:5e:57:9e:c8:50:ea:fe:ec:5f:96:df:51:dc:95:e1:
43:c7:da:ed:89:4b:11:86:1a:be:2d:64:6f:15:6e:5f:03:e2:
e8:6d:61:6d:c0:25:45:a6:49:92:dc:dc:3c:a3:60:90:cc:58:
e4:76:be:a3:c3:25:33:06:55:ae:32:96:03:b3:86:76:57:1f:
34:cc:9c:fe:16:5b:a0:15:64:8e:04:91:0b:e2:fc:d0:26:43:
a4:70:d7:d6
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA2cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NENBNUMxMTAvBgNVBAUTKEM0M0QxOUM2RDM5NzExMkEyQUZFRDQ2NjYxMjJGQzU3
NkI0Nzg4NkQwHhcNMjUwMzEzMDA1NTQyWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2QyMmQwZC1jYzA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs3wrvrpblBzQlp2WBZeAH6IMFkA34KY8sBLkTtqJKdw1FbY4MK5bJUINqlmg
JEvzrYBKMH0mNwy5Csjv+/InpH4Pf4tl216gtSvJaTn8dXSI/3jay4he+hq3/zfv
unSmiukUuC0BRxgKzLNIsXi7ee3GhqEBSyEBmsq9JTnxhrrcdphxquAuAI1+Fvzf
nrW3+xlHDZL+hxLompPyEKoyy0dcnQk73kED1atsP7F69ZYaMCVWgWYkUMmNTL8y
hDBHBYg/LD/zy6J5CC3XF8AnEW1Qi70qk6ZHZTpsKOlw9MXBEC1NZzNPI3qBk1dy
24g30rMtwcatSQUuOos6FY6VpQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJstPfOi
l71XnKrfjc2KRxZdT0lyMB8GA1UdIwQYMBaAFMQ9GcbTlxEqKv7UZmEi/FdrR4ht
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Q0E1Qy82NTEwRTMxMEE0
NTkxMUVDQTg3RkQ4MERDNEY5QUUwMi94RDBaeHRPWEVTb3FfdFJtWVNMOFYydEhp
RzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hEMFp4dE9YRVNvcV90Um1ZU0w4VjJ0SGlHMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NENBNUMvNjUxMEUzMTBBNDU5MTFFQ0E4N0ZEODBEQzRGOUFFMDIvM0Y3RThEQ0FB
NDVDMTFFQzg0NUZFQTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFno3gwDQYJKoZIhvcNAQELBQADggEBAD/XBYsS6upK/ZY0
jlMhoR9YBGXpkBFV8SzaO0Q8dsgStnvN2MtbKhECa/X/AigdDxSs2Aa8gDiZ6y1i
dZSfz7ATmCZmtCfPbzQJ/bJbXhld+3o1fiLC08nlKNiVYHLlaab3Wojnfz5thXrB
fJwtVFyaYO8Y1w9R5Nzn2rvbeFJVTp06PpQsVp3xFoFNGxOV43XT/IXusMtfkBuv
sKwSehrkZ7ZRZF5XnshQ6v7sX5bfUdyV4UPH2u2JSxGGGr4tZG8Vbl8D4uhtYW3A
JUWmSZLc3DyjYJDMWOR2vqPDJTMGVa4ylgOzhnZXHzTMnP4WW6AVZI4EkQvi/NAm
Q6Rw19Y=
-----END CERTIFICATE-----
Generated at Sat Apr 5 22:10:16 2025 by rpki-client