Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCD8FB7E28BB11EB95E05040C4F9AE02.roa
File: CCD8FB7E28BB11EB95E05040C4F9AE02.roa (raw, json)
Hash identifier: 9zQobPuPr1U/CrY8/t69zwkgDVkUrlnxO5y5BcS9wQY=
Subject key identifier: 4A:3C:EA:5B:2F:05:66:D3:D1:8E:5D:45:C4:04:66:0D:C2:5C:1A:28
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8AC2
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCD8FB7E28BB11EB95E05040C4F9AE02.roa
Signing time: Thu 30 May 2024 16:04:20 +0000
ROA not before: Thu 30 May 2024 16:04:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 135873
IP address blocks: 14.102.42.0/24 maxlen: 24
14.102.59.0/24 maxlen: 24
103.74.220.0/22 maxlen: 24
2406:c540::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35522 (0x8ac2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:04:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a384-4528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d3:64:a6:fe:5b:ac:75:47:94:84:fc:41:4d:
f4:4c:ce:00:cd:c8:4c:e7:76:0a:6d:d0:f0:ec:f2:
1f:98:d0:66:79:b7:d3:90:3c:8f:78:41:95:cd:b3:
e0:13:2f:a3:54:af:bf:07:9d:5e:12:40:5c:a4:e2:
c2:51:6a:3d:79:01:a9:d4:8d:ba:6a:87:03:56:2c:
13:1d:bf:ad:37:74:85:de:be:40:1d:69:26:23:20:
0b:46:5c:09:40:32:8f:d0:02:75:7d:f5:76:e9:f8:
e8:fe:c1:fc:b3:be:90:d5:df:0d:1a:97:99:88:a6:
3f:96:7a:bf:e9:54:1e:ef:36:1d:cf:f2:ed:0c:6e:
7b:fd:b7:73:61:2d:31:59:80:1b:18:b7:1a:b2:9d:
4b:64:d5:70:2a:7d:62:77:5c:50:7d:32:1b:1b:e6:
89:81:bc:f2:5e:60:f0:65:86:ac:a9:9e:ae:ca:61:
4f:d4:db:f2:94:c2:0f:f7:49:e9:37:7d:3b:5c:82:
6b:f6:16:a3:6d:d3:93:bf:86:12:8b:69:ff:52:ce:
59:00:2c:0e:ac:38:eb:70:32:b5:44:80:65:bf:d5:
c7:4e:d3:7c:f9:ef:f6:ad:d3:a8:a2:f6:b2:3c:e9:
f6:dc:4f:e3:98:cb:11:e2:8c:ae:7d:bb:c1:e8:fa:
a2:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:3C:EA:5B:2F:05:66:D3:D1:8E:5D:45:C4:04:66:0D:C2:5C:1A:28
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCD8FB7E28BB11EB95E05040C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.42.0/24
14.102.59.0/24
103.74.220.0/22
IPv6:
2406:c540::/32
Signature Algorithm: sha256WithRSAEncryption
38:f3:f4:9d:4c:43:2f:25:57:e4:9f:6c:f4:89:07:6c:d5:63:
56:10:81:4e:52:8f:85:6b:2b:3b:e6:b7:94:6d:7b:e4:08:ed:
70:46:0e:56:42:24:e9:57:b9:92:a3:c4:d2:86:12:0b:d4:c9:
9c:55:f5:bd:b7:29:ce:b8:9d:3f:ca:a8:b8:78:3a:0d:f0:44:
57:00:84:d1:62:5d:9d:a6:23:77:ed:fe:44:eb:0d:7f:dc:66:
18:fb:99:df:ab:3d:af:49:06:23:a4:91:11:83:c5:0c:38:d9:
ed:09:b7:fd:57:da:66:6f:dd:05:85:e4:61:d7:33:3d:b1:24:
ee:f6:d0:81:50:16:d9:33:3c:59:a7:5f:8e:40:23:1d:e0:f4:
94:eb:ad:0c:d2:1c:06:bd:c8:e9:83:31:3f:37:e2:05:21:bf:
3f:d5:53:4a:f8:a8:65:cb:65:69:e5:da:58:1f:9a:04:9c:16:
d2:d0:10:9c:30:f4:48:a8:22:c1:53:c0:8b:d6:59:17:03:0a:
9c:cf:a5:63:fd:3c:e1:eb:da:f3:a0:68:79:8a:f2:a4:f8:79:
c5:84:d7:49:18:e7:b1:40:da:62:c6:25:08:a2:66:d3:c4:f3:
5c:0f:2a:97:60:f6:0b:7f:f5:cf:07:02:44:27:2f:13:65:1f:
13:18:f9:e2
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIDAIrCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MDQyMFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGEzODQtNDUyODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHTZKb+W6x1R5SE/EFN9EzOAM3ITOd2Cm3Q8OzyH5jQZnm305A8j3hBlc2z
4BMvo1SvvwedXhJAXKTiwlFqPXkBqdSNumqHA1YsEx2/rTd0hd6+QB1pJiMgC0Zc
CUAyj9ACdX31dun46P7B/LO+kNXfDRqXmYimP5Z6v+lUHu82Hc/y7Qxue/23c2Et
MVmAGxi3GrKdS2TVcCp9YndcUH0yGxvmiYG88l5g8GWGrKmersphT9Tb8pTCD/dJ
6Td9O1yCa/YWo23Tk7+GEotp/1LOWQAsDqw463AytUSAZb/Vx07TfPnv9q3TqKL2
sjzp9txP45jLEeKMrn27wej6om0CAwEAAaOCArAwggKsMB0GA1UdDgQWBBRKPOpb
LwVm09GOXUXEBGYNwlwaKDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0NDRDhGQjdF
MjhCQjExRUI5NUUwNTA0MEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDoGCCsGAQUFBwEHAQH/
BCswKTAYBAIAATASAwQADmYqAwQADmY7AwQCZ0rcMA0EAgACMAcDBQAkBsVAMA0G
CSqGSIb3DQEBCwUAA4IBAQA48/SdTEMvJVfkn2z0iQds1WNWEIFOUo+Fays75reU
bXvkCO1wRg5WQiTpV7mSo8TShhIL1MmcVfW9tynOuJ0/yqi4eDoN8ERXAITRYl2d
piN37f5E6w1/3GYY+5nfqz2vSQYjpJERg8UMONntCbf9V9pmb90FheRh1zM9sSTu
9tCBUBbZMzxZp1+OQCMd4PSU660M0hwGvcjpgzE/N+IFIb8/1VNK+Khly2Vp5dpY
H5oEnBbS0BCcMPRIqCLBU8CL1lkXAwqcz6Vj/Tzh69rzoGh5ivKk+HnFhNdJGOex
QNpixiUIombTxPNcDyqXYPYLf/XPBwJEJy8TZR8TGPni
-----END CERTIFICATE-----
Generated at Mon Apr 7 12:53:11 2025 by rpki-client