Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/BFC0298670DC11EF8B65D95AC4F9AE02.roa
File: BFC0298670DC11EF8B65D95AC4F9AE02.roa (raw, json)
Hash identifier: UgEzMnFdPuD9AyKqWzCGknoXwkBXShyWFB2xX76uKRE=
Subject key identifier: 5F:97:F3:DB:33:A5:BB:05:8D:F5:1A:74:BD:46:E5:B2:60:3B:BE:2F
Certificate issuer: /CN=A9171D16/serialNumber=708F1E07133855C8074EED5F8C83B4466A607AC2
Certificate serial: CF
Authority key identifier: 70:8F:1E:07:13:38:55:C8:07:4E:ED:5F:8C:83:B4:46:6A:60:7A:C2
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/cI8eBxM4VcgHTu1fjIO0RmpgesI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/BFC0298670DC11EF8B65D95AC4F9AE02.roa
Signing time: Wed 29 Jan 2025 04:17:52 +0000
ROA not before: Wed 29 Jan 2025 04:17:52 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 152299
IP address blocks: 157.10.38.0/24 maxlen: 24
157.10.39.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 207 (0xcf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9171D16
Validity
Not Before: Jan 29 04:17:52 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=6799abf0-2601
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:fb:97:67:5d:db:1a:6e:6a:07:a6:91:89:dd:
be:c5:76:05:18:36:b8:1f:f7:1b:78:18:66:c0:27:
b3:96:fc:70:dd:bf:f1:39:30:6c:88:fe:ce:61:72:
57:aa:d7:d6:3a:29:71:07:d1:41:76:81:e9:95:02:
3b:15:a3:76:54:be:c9:4b:d9:8b:c2:2f:a4:6e:d1:
85:0f:3a:d3:bd:50:7c:c5:0e:5e:82:00:fd:0e:ec:
af:65:b1:c3:70:36:32:c2:4b:e3:f2:1b:55:79:8c:
86:44:3f:9c:2c:5c:fa:96:fa:38:f6:1a:fb:4f:55:
8f:e0:6b:ba:0d:0e:f9:dd:3d:10:89:22:b2:d8:45:
5b:a8:ab:ec:2e:50:0c:9a:77:80:ff:2e:08:77:f3:
59:d5:ae:c6:9c:62:68:76:0f:85:ea:a4:b6:68:93:
14:02:09:71:f4:6c:e0:4a:6c:0e:38:73:c3:91:ad:
fa:cf:c1:36:4f:c1:1e:4a:3d:0d:7e:a9:36:14:e1:
c1:1c:c2:eb:6b:02:58:ea:06:8f:80:13:b0:aa:a5:
e6:fc:82:94:64:bc:3c:63:47:bd:d6:2c:a7:cc:85:
f8:78:84:67:a7:ad:02:87:f1:38:60:4f:2c:da:38:
44:f0:7f:6c:ac:7e:51:91:06:d3:b8:bb:c4:e8:ef:
df:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:97:F3:DB:33:A5:BB:05:8D:F5:1A:74:BD:46:E5:B2:60:3B:BE:2F
X509v3 Authority Key Identifier:
keyid:70:8F:1E:07:13:38:55:C8:07:4E:ED:5F:8C:83:B4:46:6A:60:7A:C2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/cI8eBxM4VcgHTu1fjIO0RmpgesI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/cI8eBxM4VcgHTu1fjIO0RmpgesI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/BFC0298670DC11EF8B65D95AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
157.10.38.0/23
Signature Algorithm: sha256WithRSAEncryption
a5:50:70:3c:92:e0:65:2a:3a:8b:1b:1f:30:db:de:d4:0f:25:
ff:dc:56:83:93:fd:98:03:dc:ea:d7:2e:64:2a:4e:3a:f3:b1:
d6:a7:2a:aa:de:1c:1e:70:39:aa:27:27:d1:45:e6:de:37:6d:
ac:47:70:7b:4c:c3:15:b2:bf:21:76:d3:c4:ff:5e:75:48:8b:
29:35:bc:f9:44:1a:ea:c2:ec:63:84:eb:70:a1:7a:6c:ae:c0:
ad:c3:c7:0c:18:b3:76:32:dd:68:9d:30:1d:a2:f4:46:57:37:
e2:fa:35:70:2f:e0:cb:f1:7f:b7:83:c2:eb:07:fc:d4:64:bb:
5c:89:a2:7c:48:a5:0c:a9:dd:76:82:bd:9e:0d:0d:17:c4:3f:
0b:db:1e:ae:cd:b2:f5:1e:11:72:13:34:32:a6:38:ba:67:a0:
7b:e4:18:00:61:83:73:f1:de:96:16:f2:35:24:74:81:12:9b:
d4:d9:29:fd:43:0b:80:3c:98:18:1e:4a:a1:7e:e4:77:f2:9c:
8d:a5:32:9a:ac:4b:79:f7:56:e0:f9:25:75:22:26:82:97:db:
7d:b1:c2:e5:ea:d3:e6:ab:dd:f7:f7:9e:8b:91:c5:58:f7:35:
ff:17:18:5c:1e:20:ab:ca:f5:ad:4b:3e:e1:bb:a7:d9:16:9f:
a5:51:8b:5e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAM8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzFEMTYxMTAvBgNVBAUTKDcwOEYxRTA3MTMzODU1QzgwNzRFRUQ1RjhDODNCNDQ2
NkE2MDdBQzIwHhcNMjUwMTI5MDQxNzUyWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzk5YWJmMC0yNjAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsvuXZ13bGm5qB6aRid2+xXYFGDa4H/cbeBhmwCezlvxw3b/xOTBsiP7OYXJX
qtfWOilxB9FBdoHplQI7FaN2VL7JS9mLwi+kbtGFDzrTvVB8xQ5eggD9DuyvZbHD
cDYywkvj8htVeYyGRD+cLFz6lvo49hr7T1WP4Gu6DQ753T0QiSKy2EVbqKvsLlAM
mneA/y4Id/NZ1a7GnGJodg+F6qS2aJMUAglx9GzgSmwOOHPDka36z8E2T8EeSj0N
fqk2FOHBHMLrawJY6gaPgBOwqqXm/IKUZLw8Y0e91iynzIX4eIRnp60Ch/E4YE8s
2jhE8H9srH5RkQbTuLvE6O/fQwIDAQABo4IClTCCApEwHQYDVR0OBBYEFF+X89sz
pbsFjfUadL1G5bJgO74vMB8GA1UdIwQYMBaAFHCPHgcTOFXIB07tX4yDtEZqYHrC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUQxNi82NTZEMTdBOEFF
OUMxMUVFOTExQUZCNjNDNEY5QUUwMi9jSThlQnhNNFZjZ0hUdTFmaklPMFJtcGdl
c0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2NJOGVCeE00VmNnSFR1MWZqSU8wUm1wZ2VzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFEMTYvNjU2RDE3QThBRTlDMTFFRTkxMUFGQjYzQzRGOUFFMDIvQkZDMDI5ODY3
MERDMTFFRjhCNjVEOTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGdCiYwDQYJKoZIhvcNAQELBQADggEBAKVQcDyS4GUqOosb
HzDb3tQPJf/cVoOT/ZgD3OrXLmQqTjrzsdanKqreHB5wOaonJ9FF5t43baxHcHtM
wxWyvyF208T/XnVIiyk1vPlEGurC7GOE63ChemyuwK3DxwwYs3Yy3WidMB2i9EZX
N+L6NXAv4Mvxf7eDwusH/NRku1yJonxIpQyp3XaCvZ4NDRfEPwvbHq7NsvUeEXIT
NDKmOLpnoHvkGABhg3Px3pYW8jUkdIESm9TZKf1DC4A8mBgeSqF+5HfynI2lMpqs
S3n3VuD5JXUiJoKX232xwuXq0+ar3ff3nouRxVj3Nf8XGFweIKvK9a1LPuG7p9kW
n6VRi14=
-----END CERTIFICATE-----
Generated at Fri Apr 11 14:17:57 2025 by rpki-client