Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9191E19/10C7F0AA140F11EF8A4A7016C4F9AE02/680CA022140F11EF99D47F17C4F9AE02.roa
File: 680CA022140F11EF99D47F17C4F9AE02.roa (raw, json)
Hash identifier: 04UnpmnSMr4KxT7I14Z6Z4RlxSd1PflOoSJyZd1LDaY=
Subject key identifier: 80:FD:6D:0A:A8:0F:0A:0C:21:7A:A5:70:9B:A5:95:60:35:12:46:AC
Certificate issuer: /CN=A9191E19/serialNumber=372081F7DBE2EF11A4411BD4E6AF86F32698CAFA
Certificate serial: 02
Authority key identifier: 37:20:81:F7:DB:E2:EF:11:A4:41:1B:D4:E6:AF:86:F3:26:98:CA:FA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NyCB99vi7xGkQRvU5q-G8yaYyvo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9191E19/10C7F0AA140F11EF8A4A7016C4F9AE02/680CA022140F11EF99D47F17C4F9AE02.roa
Signing time: Fri 17 May 2024 05:36:27 +0000
ROA not before: Fri 17 May 2024 05:36:27 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 18390
IP address blocks: 203.4.136.0/24 maxlen: 24
203.4.137.0/24 maxlen: 24
203.4.138.0/24 maxlen: 24
203.4.139.0/24 maxlen: 24
203.4.140.0/24 maxlen: 24
203.4.141.0/24 maxlen: 24
203.4.142.0/24 maxlen: 24
203.4.143.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9191E19
Validity
Not Before: May 17 05:36:27 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=6646ecdb-83c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:fa:f6:ed:04:86:67:2a:39:ce:8d:ba:46:94:
e6:df:84:8a:65:ad:cf:2d:97:e9:9a:4b:6d:61:03:
ac:c1:11:81:55:e9:ce:d6:85:5c:4a:0d:c6:9f:1b:
9b:2d:7a:6c:9a:b6:98:13:f5:a6:ae:c9:b2:ce:76:
61:f2:f6:13:67:03:df:61:2a:b4:65:b1:9d:98:46:
ca:cd:12:f8:39:2a:d5:fe:cb:b0:48:2d:be:59:a1:
18:22:47:19:7f:ba:0b:73:08:ac:db:d6:ed:9a:1f:
bd:c0:dc:37:07:c2:d4:8e:78:60:53:f4:d2:76:0b:
9a:a0:51:73:a7:49:54:00:cc:84:f1:0a:78:07:e3:
a6:9f:2b:c1:54:34:c8:dd:da:ce:72:ba:1c:9a:b4:
5b:da:e1:67:6e:79:bb:92:af:66:3e:f6:ac:c3:14:
60:72:c7:1e:12:7c:5b:f9:2c:f1:8a:f7:38:87:71:
1a:c2:59:d1:75:3d:67:e3:71:df:b7:3f:03:c7:20:
a5:cf:3f:97:69:a3:fb:4b:a2:73:71:e6:0d:08:a4:
bc:b3:28:c7:aa:45:57:c8:05:36:94:72:87:51:aa:
08:95:01:49:e9:e5:7c:75:31:34:f7:c0:c8:cf:7e:
73:13:f0:c1:c7:ed:17:86:8f:33:e0:73:06:3a:55:
29:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:FD:6D:0A:A8:0F:0A:0C:21:7A:A5:70:9B:A5:95:60:35:12:46:AC
X509v3 Authority Key Identifier:
keyid:37:20:81:F7:DB:E2:EF:11:A4:41:1B:D4:E6:AF:86:F3:26:98:CA:FA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9191E19/10C7F0AA140F11EF8A4A7016C4F9AE02/NyCB99vi7xGkQRvU5q-G8yaYyvo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NyCB99vi7xGkQRvU5q-G8yaYyvo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9191E19/10C7F0AA140F11EF8A4A7016C4F9AE02/680CA022140F11EF99D47F17C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.4.136.0/21
Signature Algorithm: sha256WithRSAEncryption
68:81:57:bc:3c:36:99:4e:99:b9:be:ed:80:e3:9d:8c:a9:2a:
33:a9:8a:02:e8:09:96:8c:29:e7:90:b3:5e:fc:e4:ec:61:d8:
d6:8d:1a:77:d2:7c:c8:06:87:94:5d:c2:fa:11:01:a6:70:b6:
6c:93:b3:2d:2e:b7:d6:8b:5d:83:ee:d2:00:73:9d:f1:9a:24:
4d:d2:43:32:e1:bb:ef:15:bc:fa:0c:3c:69:ea:0a:6c:4f:d3:
81:72:3d:b6:67:3a:36:36:d2:d6:29:87:0f:c9:b0:c7:9a:a1:
4d:58:df:7c:c4:56:a8:4e:c4:33:7e:32:94:bc:b3:21:d7:ab:
6f:26:4e:48:c1:b8:0a:b7:bd:87:29:8c:ec:6e:88:67:eb:25:
9e:71:57:19:4c:76:fa:48:26:8a:6d:e8:d8:ec:a4:73:20:69:
49:bb:33:7c:08:7b:7f:96:08:73:5e:b4:58:cb:b3:2d:a4:11:
ff:e7:5a:cc:da:4d:97:9c:63:e1:1a:c7:4c:bf:2f:03:ca:7a:
f7:44:ad:d1:e2:66:00:b4:76:f2:f5:75:90:59:a7:fb:16:e9:
34:2d:06:c3:63:6f:da:99:5b:a7:23:26:2d:0a:00:e8:64:69:
1f:4e:88:23:72:f2:9f:bc:47:9f:84:e6:a1:ee:9b:fc:74:7e:
59:5c:91:e8
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
MUUxOTExMC8GA1UEBRMoMzcyMDgxRjdEQkUyRUYxMUE0NDExQkQ0RTZBRjg2RjMy
Njk4Q0FGQTAeFw0yNDA1MTcwNTM2MjdaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NDZlY2RiLTgzYzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDH+vbtBIZnKjnOjbpGlObfhIplrc8tl+maS21hA6zBEYFV6c7WhVxKDcafG5st
emyatpgT9aauybLOdmHy9hNnA99hKrRlsZ2YRsrNEvg5KtX+y7BILb5ZoRgiRxl/
ugtzCKzb1u2aH73A3DcHwtSOeGBT9NJ2C5qgUXOnSVQAzITxCngH46afK8FUNMjd
2s5yuhyatFva4WduebuSr2Y+9qzDFGByxx4SfFv5LPGK9ziHcRrCWdF1PWfjcd+3
PwPHIKXPP5dpo/tLonNx5g0IpLyzKMeqRVfIBTaUcodRqgiVAUnp5Xx1MTT3wMjP
fnMT8MHH7ReGjzPgcwY6VSnlAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUgP1tCqgP
CgwheqVwm6WVYDUSRqwwHwYDVR0jBBgwFoAUNyCB99vi7xGkQRvU5q+G8yaYyvow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTkxRTE5LzEwQzdGMEFBMTQw
RjExRUY4QTRBNzAxNkM0RjlBRTAyL055Q0I5OXZpN3hHa1FSdlU1cS1HOHlhWXl2
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTnlDQjk5dmk3eEdrUVJ2VTVxLUc4eWFZeXZvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
MUUxOS8xMEM3RjBBQTE0MEYxMUVGOEE0QTcwMTZDNEY5QUUwMi82ODBDQTAyMjE0
MEYxMUVGOTlENDdGMTdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEA8sEiDANBgkqhkiG9w0BAQsFAAOCAQEAaIFXvDw2mU6Zub7t
gOOdjKkqM6mKAugJlowp55CzXvzk7GHY1o0ad9J8yAaHlF3C+hEBpnC2bJOzLS63
1otdg+7SAHOd8ZokTdJDMuG77xW8+gw8aeoKbE/TgXI9tmc6NjbS1imHD8mwx5qh
TVjffMRWqE7EM34ylLyzIderbyZOSMG4Cre9hymM7G6IZ+slnnFXGUx2+kgmim3o
2OykcyBpSbszfAh7f5YIc160WMuzLaQR/+dazNpNl5xj4RrHTL8vA8p690St0eJm
ALR28vV1kFmn+xbpNC0Gw2Nv2plbpyMmLQoA6GRpH06II3Lyn7xHn4Tmoe6b/HR+
WVyR6A==
-----END CERTIFICATE-----
Generated at Sat Apr 5 22:18:59 2025 by rpki-client