Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B8D18508EDE011EF88407251C4F9AE02.roa
File: B8D18508EDE011EF88407251C4F9AE02.roa (raw, json)
Hash identifier: 7FKsDT71I8DwEjcBpbCZQH8HmSgZkJ2Kdkp2VjtHRzA=
Subject key identifier: 12:18:F5:2D:94:82:56:8D:63:C2:37:00:8C:D5:B2:88:6B:EA:4E:3B
Certificate issuer: /CN=A918C661/serialNumber=1EC42C1B69E16F5F37C73D81BF9FAB1F4BA42329
Certificate serial: 0A4C
Authority key identifier: 1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B8D18508EDE011EF88407251C4F9AE02.roa
Signing time: Tue 18 Feb 2025 10:11:30 +0000
ROA not before: Tue 18 Feb 2025 10:11:30 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 64050
IP address blocks: 1.32.192.0/18 maxlen: 24
14.128.32.0/19 maxlen: 24
27.50.48.0/20 maxlen: 24
27.124.0.0/18 maxlen: 24
103.200.200.0/22 maxlen: 24
118.107.0.0/18 maxlen: 19
118.107.0.0/19 maxlen: 23
118.107.0.0/22 maxlen: 24
118.107.4.0/24 maxlen: 24
118.107.6.0/23 maxlen: 24
118.107.8.0/21 maxlen: 24
118.107.16.0/20 maxlen: 24
118.107.32.0/20 maxlen: 24
118.107.56.0/21 maxlen: 24
118.107.176.0/22 maxlen: 24
180.222.204.0/22 maxlen: 24
182.173.70.0/24 maxlen: 24
202.36.48.0/20 maxlen: 24
202.61.128.0/18 maxlen: 24
202.79.160.0/20 maxlen: 24
202.95.0.0/22 maxlen: 24
202.95.4.0/22 maxlen: 24
202.95.8.0/21 maxlen: 24
202.95.16.0/20 maxlen: 24
202.162.96.0/20 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2636 (0xa4c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918C661
Validity
Not Before: Feb 18 10:11:30 2025 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=67b45cd2-3756
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:f6:0b:c1:4a:ac:7d:9b:d2:8a:8c:26:b2:cf:
8e:ae:bb:f0:8f:02:4d:2c:b2:0b:bd:3a:ac:f7:d8:
ca:d3:74:f1:e8:9b:92:55:56:4d:84:bc:39:41:c3:
a0:f0:48:18:9e:61:bc:1a:6d:1d:f2:c4:9f:80:82:
c0:dd:cf:7d:bb:34:ea:e8:55:29:2d:3a:08:87:42:
e8:a7:7b:79:3f:5c:5c:20:b8:6a:d7:d7:81:29:02:
cf:20:73:38:47:3d:3f:ee:4d:d0:5c:1e:9f:03:14:
33:9c:64:fd:c0:7d:3b:74:a9:94:16:1b:ad:db:53:
ce:ca:3d:9e:32:74:53:46:33:59:b4:26:7d:d1:7d:
d9:b3:83:85:58:da:f3:8c:bb:0f:99:08:58:0b:f9:
4b:31:d6:37:5a:b8:0c:9a:91:2b:af:f1:3d:5b:78:
70:ab:47:12:fe:b6:51:29:99:d6:e2:4f:af:0d:89:
d2:78:6b:dc:67:cd:cc:7f:1a:28:56:b1:ed:da:86:
28:6b:e9:6a:d1:50:5a:c7:c0:4b:9a:47:7a:81:47:
df:56:ba:9f:87:81:9c:93:05:87:fb:a5:ff:e9:28:
c7:13:2d:7d:0e:d3:ff:41:70:b8:2f:c6:ca:eb:b6:
c7:69:6d:39:eb:f3:de:6a:97:16:b8:57:77:de:c7:
80:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:18:F5:2D:94:82:56:8D:63:C2:37:00:8C:D5:B2:88:6B:EA:4E:3B
X509v3 Authority Key Identifier:
keyid:1E:C4:2C:1B:69:E1:6F:5F:37:C7:3D:81:BF:9F:AB:1F:4B:A4:23:29
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/HsQsG2nhb183xz2Bv5-rH0ukIyk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HsQsG2nhb183xz2Bv5-rH0ukIyk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918C661/0BBD9EA2836D11EAB4A2D76DC4F9AE02/B8D18508EDE011EF88407251C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.32.192.0/18
14.128.32.0/19
27.50.48.0/20
27.124.0.0/18
103.200.200.0/22
118.107.0.0/18
118.107.176.0/22
180.222.204.0/22
182.173.70.0/24
202.36.48.0/20
202.61.128.0/18
202.79.160.0/20
202.95.0.0/19
202.162.96.0/20
Signature Algorithm: sha256WithRSAEncryption
2e:ad:8e:b3:4e:a3:a0:b1:e6:a3:df:1c:c7:e9:5a:94:78:9b:
7e:cf:6b:14:2e:b5:c6:2e:fb:9d:37:b2:74:0c:15:1f:de:52:
03:41:22:d6:ce:92:85:57:18:8b:ee:16:80:fb:20:7c:0c:87:
40:2d:f0:9d:04:a9:ad:80:15:f4:38:80:22:88:2c:ad:c0:a7:
98:8e:4a:08:1c:42:f3:a7:3b:67:8e:71:ee:86:1a:7c:7f:39:
04:9c:97:0d:96:d7:25:cc:11:b9:18:35:a0:d4:74:68:5d:65:
5c:1b:d5:db:78:2f:5b:11:54:81:37:a3:52:5b:2f:4c:8e:5d:
86:55:1e:38:a5:c6:26:e8:30:18:ed:f8:c8:a6:d5:ab:bb:ad:
ca:56:01:df:45:f4:14:14:fd:be:5e:cb:ef:1b:3c:b6:22:05:
15:b0:2a:38:a1:a1:f9:a5:de:e5:a3:ba:b1:cb:92:e5:3b:73:
94:93:71:24:e1:67:f1:cf:68:01:88:d4:a3:5d:0d:f7:4d:ba:
7c:f8:28:e1:b8:95:b9:63:38:bf:77:43:81:2e:0d:df:4c:97:
69:a5:77:08:b1:88:86:a1:fe:f8:94:6e:d1:bd:35:4f:76:29:
89:7f:04:8e:24:fa:83:cb:df:6e:62:44:f0:8b:b1:5b:38:86:
1f:a3:43:f7
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgICCkwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEM2NjExMTAvBgNVBAUTKDFFQzQyQzFCNjlFMTZGNUYzN0M3M0Q4MUJGOUZBQjFG
NEJBNDIzMjkwHhcNMjUwMjE4MTAxMTMwWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2I0NWNkMi0zNzU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtPYLwUqsfZvSiowmss+OrrvwjwJNLLILvTqs99jK03Tx6JuSVVZNhLw5QcOg
8EgYnmG8Gm0d8sSfgILA3c99uzTq6FUpLToIh0Lop3t5P1xcILhq19eBKQLPIHM4
Rz0/7k3QXB6fAxQznGT9wH07dKmUFhut21POyj2eMnRTRjNZtCZ90X3Zs4OFWNrz
jLsPmQhYC/lLMdY3WrgMmpErr/E9W3hwq0cS/rZRKZnW4k+vDYnSeGvcZ83Mfxoo
VrHt2oYoa+lq0VBax8BLmkd6gUffVrqfh4GckwWH+6X/6SjHEy19DtP/QXC4L8bK
67bHaW056/PeapcWuFd33seAqQIDAQABo4IC4zCCAt8wHQYDVR0OBBYEFBIY9S2U
glaNY8I3AIzVsohr6k47MB8GA1UdIwQYMBaAFB7ELBtp4W9fN8c9gb+fqx9LpCMp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QzY2MS8wQkJEOUVBMjgz
NkQxMUVBQjRBMkQ3NkRDNEY5QUUwMi9Ic1FzRzJuaGIxODN4ejJCdjUtckgwdWtJ
eWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hzUXNHMm5oYjE4M3h6MkJ2NS1ySDB1a0l5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEM2NjEvMEJCRDlFQTI4MzZEMTFFQUI0QTJENzZEQzRGOUFFMDIvQjhEMTg1MDhF
REUwMTFFRjg4NDA3MjUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbQYIKwYBBQUHAQcBAf8E
XjBcMFoEAgABMFQDBAYBIMADBAUOgCADBAQbMjADBAYbfAADBAJnyMgDBAZ2awAD
BAJ2a7ADBAK03swDBAC2rUYDBATKJDADBAbKPYADBATKT6ADBAXKXwADBATKomAw
DQYJKoZIhvcNAQELBQADggEBAC6tjrNOo6Cx5qPfHMfpWpR4m37PaxQutcYu+503
snQMFR/eUgNBItbOkoVXGIvuFoD7IHwMh0At8J0Eqa2AFfQ4gCKILK3Ap5iOSggc
QvOnO2eOce6GGnx/OQSclw2W1yXMEbkYNaDUdGhdZVwb1dt4L1sRVIE3o1JbL0yO
XYZVHjilxiboMBjt+Mim1au7rcpWAd9F9BQU/b5ey+8bPLYiBRWwKjihofml3uWj
urHLkuU7c5STcSThZ/HPaAGI1KNdDfdNunz4KOG4lbljOL93Q4EuDd9Ml2mldwix
iIah/viUbtG9NU92KYl/BI4k+oPL325iRPCLsVs4hh+jQ/c=
-----END CERTIFICATE-----
Generated at Tue Apr 8 18:00:49 2025 by rpki-client