Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E52708AADFCE11EFBC4CD631C4F9AE02.roa
File: E52708AADFCE11EFBC4CD631C4F9AE02.roa (raw, json)
Hash identifier: dLnVNOk6AACzjjAAnQNLqgLe86qSgv2DVsFZWQrJkGE=
Subject key identifier: 69:F7:37:84:AC:38:2A:9C:E9:13:C1:05:2C:FE:EE:F3:B8:67:8B:3E
Certificate issuer: /CN=A9157DA0/serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
Certificate serial: 3451
Authority key identifier: 88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E52708AADFCE11EFBC4CD631C4F9AE02.roa
Signing time: Fri 31 Jan 2025 12:28:37 +0000
ROA not before: Fri 31 Jan 2025 12:28:37 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 38875
IP address blocks: 43.248.156.0/23 maxlen: 23
119.252.120.0/23 maxlen: 23
119.252.120.0/24 maxlen: 24
119.252.121.0/24 maxlen: 24
124.109.12.0/22 maxlen: 22
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13393 (0x3451)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157DA0
Validity
Not Before: Jan 31 12:28:37 2025 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=679cc1f5-35cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:1f:c9:b4:81:bb:eb:f3:10:e9:a1:2f:ee:55:
89:93:da:d1:cf:9e:6d:43:3f:47:3b:d0:e6:71:c8:
f6:ed:44:b3:3f:4a:d9:0f:fb:07:56:fd:1c:fe:a4:
64:81:4d:34:33:51:57:f3:9d:b2:28:8e:ae:d6:85:
b5:fb:80:a9:69:c9:b6:97:2f:d4:c6:d4:9f:c0:3c:
a9:82:a0:6a:70:8f:c2:7b:fc:f5:ef:04:df:8e:16:
3f:c0:c8:e1:e1:1b:df:ae:e9:94:8f:98:06:90:59:
1f:ca:15:dc:1b:ed:3f:fc:2a:a4:8e:37:22:78:7a:
fd:91:b2:bd:5b:cd:b2:55:bb:84:f2:7b:25:ee:c7:
fb:8f:06:0a:5e:d6:9a:21:8a:10:96:2e:6a:e3:29:
ed:bc:d4:f3:a0:d5:05:7b:42:19:fa:d8:b8:ca:6f:
18:31:53:3d:3a:a2:46:a8:33:9b:55:9b:69:bd:ec:
48:82:1f:39:08:ac:5e:5d:64:c3:c1:a8:b1:ec:05:
f6:26:66:c6:db:c7:f3:b7:e0:69:d7:05:4e:a9:f0:
ab:b0:d3:91:15:9b:1c:96:b7:e7:46:d6:f1:1a:e3:
ec:f5:a8:27:ca:4f:46:78:9f:bf:3e:c8:73:77:be:
1d:4a:61:4d:da:9e:01:63:9f:71:f6:58:38:0f:6b:
9e:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:F7:37:84:AC:38:2A:9C:E9:13:C1:05:2C:FE:EE:F3:B8:67:8B:3E
X509v3 Authority Key Identifier:
keyid:88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E52708AADFCE11EFBC4CD631C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.156.0/23
119.252.120.0/23
124.109.12.0/22
Signature Algorithm: sha256WithRSAEncryption
00:30:3d:a8:3b:e6:1f:5f:3e:6f:e6:72:70:bc:32:c0:09:38:
1e:c8:1d:84:bb:75:b8:74:2d:95:03:35:e9:be:73:99:0d:ab:
98:7a:1b:4f:8e:fd:14:5c:d6:ad:42:bb:57:00:71:66:2f:62:
cc:f3:43:b5:7d:57:8f:dd:75:a6:99:c0:ca:4b:f7:57:fe:88:
45:d0:bd:0b:b7:d3:fa:ac:10:ef:57:a2:b6:9d:71:df:ea:cd:
07:a9:7d:f4:c6:aa:17:3b:f4:a5:66:fa:b0:d8:ff:00:3c:06:
11:18:82:37:ab:7a:7a:75:17:5c:64:14:e0:a3:96:c2:88:7f:
b9:82:99:c5:b0:46:31:fd:08:d7:e5:17:03:a3:db:f0:ff:e3:
c7:23:dd:d8:9b:ee:fb:0b:a5:07:b6:53:f3:22:93:ae:7b:af:
cb:28:a6:5f:e7:8c:00:af:dc:b2:22:4b:e0:69:c1:86:39:45:
bb:43:54:8f:be:9e:65:51:ab:13:7e:73:4c:a2:44:9d:a6:9a:
c5:41:97:6d:a9:07:d8:6d:3a:dd:4b:f0:35:99:22:69:0c:e5:
ab:a9:01:93:3f:74:25:47:8e:5a:67:ea:c1:4b:29:32:2d:f8:
42:fd:46:1f:a0:a1:51:40:11:d1:7f:2f:1d:8a:f7:1b:a3:7c:
b8:cb:5b:03
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICNFEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEQTAxMTAvBgNVBAUTKDg4ODdDRjZDRjUxMDJGMEZCNzEzRjRDNEExQkRFMzg5
NDgxRjFDNDQwHhcNMjUwMTMxMTIyODM3WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzljYzFmNS0zNWNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyx/JtIG76/MQ6aEv7lWJk9rRz55tQz9HO9Dmccj27USzP0rZD/sHVv0c/qRk
gU00M1FX852yKI6u1oW1+4Cpacm2ly/UxtSfwDypgqBqcI/Ce/z17wTfjhY/wMjh
4RvfrumUj5gGkFkfyhXcG+0//CqkjjcieHr9kbK9W82yVbuE8nsl7sf7jwYKXtaa
IYoQli5q4yntvNTzoNUFe0IZ+ti4ym8YMVM9OqJGqDObVZtpvexIgh85CKxeXWTD
waix7AX2JmbG28fzt+Bp1wVOqfCrsNORFZsclrfnRtbxGuPs9agnyk9GeJ+/Pshz
d74dSmFN2p4BY59x9lg4D2ueowIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFGn3N4Ss
OCqc6RPBBSz+7vO4Z4s+MB8GA1UdIwQYMBaAFIiHz2z1EC8PtxP0xKG944lIHxxE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0RBMC8zQTBEOTMxMDFE
OEMxMUUyOEVGRjU3RTcwOEIwMkNEMi9pSWZQYlBVUUx3LTNFX1RFb2IzamlVZ2ZI
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lJZlBiUFVRTHctM0VfVEVvYjNqaVVnZkhFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEQTAvM0EwRDkzMTAxRDhDMTFFMjhFRkY1N0U3MDhCMDJDRDIvRTUyNzA4QUFE
RkNFMTFFRkJDNENENjMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAEr+JwDBAF3/HgDBAJ8bQwwDQYJKoZIhvcNAQELBQADggEB
AAAwPag75h9fPm/mcnC8MsAJOB7IHYS7dbh0LZUDNem+c5kNq5h6G0+O/RRc1q1C
u1cAcWYvYszzQ7V9V4/ddaaZwMpL91f+iEXQvQu30/qsEO9Xoradcd/qzQepffTG
qhc79KVm+rDY/wA8BhEYgjerenp1F1xkFOCjlsKIf7mCmcWwRjH9CNflFwOj2/D/
48cj3dib7vsLpQe2U/Mik657r8sopl/njACv3LIiS+BpwYY5RbtDVI++nmVRqxN+
c0yiRJ2mmsVBl22pB9htOt1L8DWZImkM5aupAZM/dCVHjlpn6sFLKTIt+EL9Rh+g
oVFAEdF/Lx2K9xujfLjLWwM=
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:10:32 2025 by rpki-client