Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/3AF5786E3D9D11EEA74E786EC4F9AE02.roa
File: 3AF5786E3D9D11EEA74E786EC4F9AE02.roa (raw, json)
Hash identifier: nMAaCjcKV0ZABoWFwYv3EbgW2y4fbKtOcZ6Q298KrvQ=
Subject key identifier: BA:15:D9:38:AB:29:CF:E1:74:B2:BE:DD:EE:C6:49:09:9F:03:E7:39
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 25
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/3AF5786E3D9D11EEA74E786EC4F9AE02.roa
Signing time: Wed 27 Sep 2023 07:25:15 +0000
ROA not before: Wed 27 Sep 2023 07:25:15 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 133320
IP address blocks: 45.118.9.0/24 maxlen: 24
103.58.41.0/24 maxlen: 24
103.237.115.0/24 maxlen: 24
2001:df6:a900::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 37 (0x25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Sep 27 07:25:15 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=6513d8db-7222
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:1d:ac:b0:a1:16:da:80:99:10:df:a1:b1:b6:
5c:91:55:ca:18:d6:9c:6c:09:42:fc:e2:b8:3d:99:
52:d8:28:28:2e:f4:fc:1a:72:e4:ac:5d:8f:f2:08:
21:16:61:03:41:af:03:2c:f3:33:0e:36:ac:df:5d:
56:f1:b7:fe:14:9d:f3:b2:ac:35:8b:34:4c:d8:d7:
a1:e0:49:95:5c:c4:c7:51:7b:ce:8d:a5:9b:cb:22:
f7:b8:3c:2f:0c:b4:65:da:3d:f5:27:e9:62:5f:82:
7c:22:29:98:ac:4d:8a:d9:f9:b7:25:08:76:17:ac:
3f:78:b6:c2:43:0c:c9:a2:45:7e:24:11:55:c8:af:
f7:0c:21:c1:83:b2:ec:8b:60:cf:98:6a:0e:2e:73:
bc:e9:52:ac:b2:e9:0e:5a:c3:0d:0f:a5:71:35:bf:
ea:92:3c:b3:51:82:02:54:08:18:5b:e4:b7:20:00:
72:af:b7:8b:83:36:4a:2f:ce:99:eb:e5:3f:32:2f:
96:e0:46:ce:6e:0a:e6:fe:3d:74:b6:4c:f2:f6:6f:
27:2e:c1:0b:a7:ed:b3:41:04:c1:28:70:43:d6:6a:
f2:8e:1b:cb:71:95:e7:82:b7:01:6f:f2:84:59:cd:
18:56:a9:05:34:f4:fb:10:44:1d:bf:1e:c8:bc:62:
ba:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:15:D9:38:AB:29:CF:E1:74:B2:BE:DD:EE:C6:49:09:9F:03:E7:39
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/3AF5786E3D9D11EEA74E786EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.118.9.0/24
103.58.41.0/24
103.237.115.0/24
IPv6:
2001:df6:a900::/48
Signature Algorithm: sha256WithRSAEncryption
bc:f1:6f:c6:37:51:f0:e3:e4:2c:b8:c5:20:ed:7a:7d:f8:65:
ee:f8:38:60:6e:22:09:ec:40:20:1b:25:0d:7f:87:55:9a:17:
9e:bb:59:82:cf:2c:19:7f:72:e4:ac:79:72:79:96:36:2e:b9:
b6:fa:83:79:e8:ed:af:85:5f:2c:09:2b:46:ea:f2:df:32:90:
7d:d3:3f:76:72:50:94:c5:1e:8b:ea:46:d3:f3:e4:7d:0e:98:
ba:40:84:3d:16:ce:b7:f7:51:ae:38:3c:9b:71:57:4f:e2:fc:
54:8f:53:5b:ae:18:84:5c:1f:6a:31:c0:0d:6e:35:5f:17:0c:
a6:5f:8c:dc:24:46:a0:c3:05:6a:a1:c7:17:a2:4e:13:6e:a9:
52:87:1f:d7:fc:93:03:40:fc:d8:e7:a9:2b:41:14:f9:71:ea:
f1:7f:94:e8:9d:57:bc:b1:fa:3b:fb:1a:76:53:c1:9a:f5:34:
3b:81:ef:97:3a:bf:be:82:ec:b6:8d:64:5b:7f:53:70:b5:74:
c0:79:c7:02:4c:e9:c6:fa:e9:0c:6b:68:0f:af:c2:f3:88:10:
23:b8:29:69:09:54:10:19:39:0f:75:c1:04:fb:39:a3:27:1d:
94:81:ec:1b:e3:03:2f:be:87:04:a8:0f:df:b1:22:27:27:9b:
3f:fd:11:bd
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIBJTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NTlFNTExMC8GA1UEBRMoRTQ3QkY3MDI1NDUzMjY5N0QyMEQwRDMxMTBGNjI1Mzcw
RDY1RkE4MzAeFw0yMzA5MjcwNzI1MTVaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MTNkOGRiLTcyMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDhHaywoRbagJkQ36GxtlyRVcoY1pxsCUL84rg9mVLYKCgu9PwacuSsXY/yCCEW
YQNBrwMs8zMONqzfXVbxt/4UnfOyrDWLNEzY16HgSZVcxMdRe86NpZvLIve4PC8M
tGXaPfUn6WJfgnwiKZisTYrZ+bclCHYXrD94tsJDDMmiRX4kEVXIr/cMIcGDsuyL
YM+Yag4uc7zpUqyy6Q5aww0PpXE1v+qSPLNRggJUCBhb5LcgAHKvt4uDNkovzpnr
5T8yL5bgRs5uCub+PXS2TPL2bycuwQun7bNBBMEocEPWavKOG8txleeCtwFv8oRZ
zRhWqQU09PsQRB2/Hsi8YrrvAgMBAAGjggKyMIICrjAdBgNVHQ4EFgQUuhXZOKsp
z+F0sr7d7sZJCZ8D5zkwHwYDVR0jBBgwFoAU5Hv3AlRTJpfSDQ0xEPYlNw1l+oMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI1OUU1L0REOUYxRjdDM0Mw
MTExRUU5MUNCRTE1N0M0RjlBRTAyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1v
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNUh2M0FsUlRKcGZTRFEweEVQWWxOdzFsLW9NLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NTlFNS9ERDlGMUY3QzNDMDExMUVFOTFDQkUxNTdDNEY5QUUwMi8zQUY1Nzg2RTNE
OUQxMUVFQTc0RTc4NkVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA8BggrBgEFBQcBBwEB/wQt
MCswGAQCAAEwEgMEAC12CQMEAGc6KQMEAGftczAPBAIAAjAJAwcAIAEN9qkAMA0G
CSqGSIb3DQEBCwUAA4IBAQC88W/GN1Hw4+QsuMUg7Xp9+GXu+DhgbiIJ7EAgGyUN
f4dVmheeu1mCzywZf3LkrHlyeZY2Lrm2+oN56O2vhV8sCStG6vLfMpB90z92clCU
xR6L6kbT8+R9Dpi6QIQ9Fs6391GuODybcVdP4vxUj1NbrhiEXB9qMcANbjVfFwym
X4zcJEagwwVqoccXok4TbqlShx/X/JMDQPzY56krQRT5cerxf5TonVe8sfo7+xp2
U8Ga9TQ7ge+XOr++guy2jWRbf1NwtXTAeccCTOnG+ukMa2gPr8LziBAjuClpCVQQ
GTkPdcEE+zmjJx2Ugewb4wMvvocEqA/fsSInJ5s//RG9
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:17:51 2025 by rpki-client