Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9195DE5/E3ED65D8F4BE11EA9C35FE6AC4F9AE02/70017B5CF74111EF98C99938C4F9AE02.roa
File: 70017B5CF74111EF98C99938C4F9AE02.roa (raw, json)
Hash identifier: nlv6PPwmJzGqY+2wGFCtZheEBScL802+7/gTMhsqU+k=
Subject key identifier: 5E:38:7D:0B:AD:40:06:B1:8A:58:F7:86:71:1E:9F:3B:3E:01:CE:89
Certificate issuer: /CN=A9195DE5/serialNumber=B85BED99BF740ABAD5A399C9DF5FE9962A6DE8F1
Certificate serial: 07B2
Authority key identifier: B8:5B:ED:99:BF:74:0A:BA:D5:A3:99:C9:DF:5F:E9:96:2A:6D:E8:F1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uFvtmb90CrrVo5nJ31_plipt6PE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9195DE5/E3ED65D8F4BE11EA9C35FE6AC4F9AE02/70017B5CF74111EF98C99938C4F9AE02.roa
Signing time: Sun 02 Mar 2025 08:36:30 +0000
ROA not before: Sun 02 Mar 2025 08:36:30 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 13444
IP address blocks: 116.204.208.0/24 maxlen: 24
116.204.209.0/24 maxlen: 24
116.204.210.0/24 maxlen: 24
116.204.211.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1970 (0x7b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9195DE5
Validity
Not Before: Mar 2 08:36:30 2025 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=67c4188d-0eb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:84:65:58:c7:62:28:ef:75:8f:ec:8d:3e:c5:
c3:bf:3d:5f:14:90:c7:14:ab:98:c2:c7:b5:b6:94:
07:3c:c2:4c:94:36:21:71:f8:4e:ae:83:4a:b4:01:
53:79:31:a0:df:1f:31:7d:4f:b9:a7:c2:58:ca:3d:
9c:f6:af:31:fd:88:96:f3:64:54:a5:82:8b:66:54:
ec:d1:75:35:a6:df:c3:af:d5:6a:a7:39:61:de:f8:
fc:7a:5a:7c:7d:a7:76:a7:2c:e2:a5:a8:1a:f3:5b:
ca:d1:7f:8a:3f:93:03:3d:90:26:9d:06:e2:53:66:
b0:72:ef:e5:39:30:a0:67:dd:86:7f:2d:33:bb:c7:
ef:72:08:e1:c7:c3:ea:75:f2:da:f9:00:1b:39:95:
1a:df:ba:35:90:d2:7c:f0:d8:e2:ab:bf:dd:dd:8f:
34:09:0c:a1:3d:20:9f:8e:69:24:0a:38:ce:24:9b:
56:02:85:4b:c9:8e:be:33:58:85:21:f3:4d:d9:0f:
e1:38:74:50:80:29:c3:17:de:c5:aa:68:24:4e:78:
7e:da:84:81:c3:1a:cd:ea:e2:9d:8f:f5:ee:43:6c:
c6:86:be:be:02:31:7d:66:4c:fa:d7:9f:bd:c5:0b:
e7:55:8f:9c:35:53:83:9f:34:35:bc:91:c0:78:fd:
6c:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:38:7D:0B:AD:40:06:B1:8A:58:F7:86:71:1E:9F:3B:3E:01:CE:89
X509v3 Authority Key Identifier:
keyid:B8:5B:ED:99:BF:74:0A:BA:D5:A3:99:C9:DF:5F:E9:96:2A:6D:E8:F1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9195DE5/E3ED65D8F4BE11EA9C35FE6AC4F9AE02/uFvtmb90CrrVo5nJ31_plipt6PE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uFvtmb90CrrVo5nJ31_plipt6PE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9195DE5/E3ED65D8F4BE11EA9C35FE6AC4F9AE02/70017B5CF74111EF98C99938C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
116.204.208.0/22
Signature Algorithm: sha256WithRSAEncryption
02:34:7a:4d:cb:94:de:9f:2f:b9:44:82:36:26:b5:62:5e:ea:
9e:50:26:ab:d1:75:f2:9b:6a:a6:23:e2:f1:cf:24:e0:a6:b9:
23:72:3c:67:e9:04:5a:e4:31:99:17:ea:76:1e:09:fc:ca:67:
3f:73:7d:f3:e8:19:f4:d4:8e:d9:92:dd:55:77:6e:1b:bf:69:
51:1a:86:80:89:01:ca:f1:88:c2:30:1b:81:db:39:6f:5c:60:
0f:f1:d7:af:d2:24:28:03:a2:a1:6d:82:82:b9:c8:d1:7b:fe:
11:6d:4c:b6:3e:0a:31:95:df:e5:6a:aa:b2:b2:14:0c:2a:54:
07:88:33:5b:4c:0f:06:15:bd:1f:bd:1d:78:7f:b4:3a:9d:76:
26:e6:35:d1:ea:e9:e8:9c:08:0f:51:4f:59:b0:af:d6:83:fe:
3e:16:d6:13:4f:11:63:b3:a1:eb:8d:34:69:7e:8a:89:f0:a7:
07:af:5c:98:74:48:88:89:b7:bf:18:0c:93:47:82:98:65:13:
08:a1:8b:a2:7f:e2:86:50:8a:ba:f2:26:82:e8:5d:50:64:78:
7b:a0:8f:14:80:72:7c:e0:86:5b:e3:16:e9:04:07:43:d7:52:
e8:b9:d8:dc:c1:8f:16:c3:21:53:fa:cc:fc:f9:56:7b:5c:e7:
9f:1c:fe:e2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB7IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTVERTUxMTAvBgNVBAUTKEI4NUJFRDk5QkY3NDBBQkFENUEzOTlDOURGNUZFOTk2
MkE2REU4RjEwHhcNMjUwMzAyMDgzNjMwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M0MTg4ZC0wZWI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt4RlWMdiKO91j+yNPsXDvz1fFJDHFKuYwse1tpQHPMJMlDYhcfhOroNKtAFT
eTGg3x8xfU+5p8JYyj2c9q8x/YiW82RUpYKLZlTs0XU1pt/Dr9Vqpzlh3vj8elp8
fad2pyzipaga81vK0X+KP5MDPZAmnQbiU2awcu/lOTCgZ92Gfy0zu8fvcgjhx8Pq
dfLa+QAbOZUa37o1kNJ88Njiq7/d3Y80CQyhPSCfjmkkCjjOJJtWAoVLyY6+M1iF
IfNN2Q/hOHRQgCnDF97FqmgkTnh+2oSBwxrN6uKdj/XuQ2zGhr6+AjF9Zkz615+9
xQvnVY+cNVODnzQ1vJHAeP1scwIDAQABo4IClTCCApEwHQYDVR0OBBYEFF44fQut
QAaxilj3hnEenzs+Ac6JMB8GA1UdIwQYMBaAFLhb7Zm/dAq61aOZyd9f6ZYqbejx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NURFNS9FM0VENjVEOEY0
QkUxMUVBOUMzNUZFNkFDNEY5QUUwMi91RnZ0bWI5MENyclZvNW5KMzFfcGxpcHQ2
UEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VGdnRtYjkwQ3JyVm81bkozMV9wbGlwdDZQRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTVERTUvRTNFRDY1RDhGNEJFMTFFQTlDMzVGRTZBQzRGOUFFMDIvNzAwMTdCNUNG
NzQxMTFFRjk4Qzk5OTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJ0zNAwDQYJKoZIhvcNAQELBQADggEBAAI0ek3LlN6fL7lE
gjYmtWJe6p5QJqvRdfKbaqYj4vHPJOCmuSNyPGfpBFrkMZkX6nYeCfzKZz9zffPo
GfTUjtmS3VV3bhu/aVEahoCJAcrxiMIwG4HbOW9cYA/x16/SJCgDoqFtgoK5yNF7
/hFtTLY+CjGV3+VqqrKyFAwqVAeIM1tMDwYVvR+9HXh/tDqddibmNdHq6eicCA9R
T1mwr9aD/j4W1hNPEWOzoeuNNGl+ionwpwevXJh0SIiJt78YDJNHgphlEwihi6J/
4oZQirryJoLoXVBkeHugjxSAcnzghlvjFukEB0PXUui52NzBjxbDIVP6zPz5Vntc
558c/uI=
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:08:58 2025 by rpki-client