Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C40D6/CA8E7F7EA54411EA94DA3683C4F9AE02/A84D830AA54511EAA942C683C4F9AE02.roa
File: A84D830AA54511EAA942C683C4F9AE02.roa (raw, json)
Hash identifier: LRUqK0HbwhlophByZnm497LSzITbbBMeAuaK57/ofL0=
Subject key identifier: CB:1C:F4:00:60:FC:0C:70:FB:AD:93:4F:4C:9D:F5:88:97:01:B7:59
Certificate issuer: /CN=A91C40D6/serialNumber=8E784349EF2DDF78575FD54CC78ED8C45C976CBF
Certificate serial: 08C5
Authority key identifier: 8E:78:43:49:EF:2D:DF:78:57:5F:D5:4C:C7:8E:D8:C4:5C:97:6C:BF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jnhDSe8t33hXX9VMx47YxFyXbL8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C40D6/CA8E7F7EA54411EA94DA3683C4F9AE02/A84D830AA54511EAA942C683C4F9AE02.roa
Signing time: Wed 06 Nov 2024 20:39:11 +0000
ROA not before: Wed 06 Nov 2024 20:39:11 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 139750
IP address blocks: 45.253.248.0/24 maxlen: 24
45.253.249.0/24 maxlen: 24
45.253.250.0/24 maxlen: 24
45.253.251.0/24 maxlen: 24
45.253.252.0/24 maxlen: 24
45.253.253.0/24 maxlen: 24
45.253.254.0/24 maxlen: 24
45.253.255.0/24 maxlen: 24
103.144.140.0/24 maxlen: 24
103.144.141.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2245 (0x8c5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C40D6
Validity
Not Before: Nov 6 20:39:11 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=672bd3ef-431b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:6f:8a:bd:d2:a0:3b:db:05:2a:e1:07:87:9d:
65:6c:3a:71:41:87:11:3b:5e:63:5e:42:03:15:d9:
3e:a3:76:c3:ca:7d:72:cc:e7:2b:5b:be:f1:2e:a2:
2d:d8:80:e9:b6:21:88:af:37:ab:4a:a0:2f:14:4d:
05:04:96:94:90:af:57:06:8f:ac:0f:6f:27:d8:d7:
45:bb:03:5a:68:6b:35:95:57:4f:7b:77:f9:6f:e2:
25:d0:7d:ce:7e:22:ce:cb:97:3b:d7:12:86:1b:b0:
b4:4f:65:2e:5d:05:dc:03:10:f7:4d:26:a0:e4:99:
77:1c:79:38:28:e6:bb:32:e4:57:c5:86:23:ce:68:
09:4d:2c:39:dd:d5:2e:c5:58:59:95:75:f4:27:e6:
a5:cd:52:e6:58:b7:9f:57:7c:22:5f:96:ee:b5:73:
29:93:bc:d1:a8:c0:e0:1f:b8:a9:4d:f7:b7:a0:d2:
5a:75:2e:9e:da:c4:3b:de:05:67:ae:6e:0a:7b:fb:
f0:5e:9e:83:84:af:1d:e6:f6:18:80:f1:e1:b1:c9:
41:52:62:7b:da:2f:00:1d:93:46:42:68:cc:47:c6:
6e:52:85:b0:04:21:76:0a:f5:85:ad:86:83:90:e1:
18:f5:00:79:46:5d:c6:e1:a0:92:de:d6:03:19:da:
63:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:1C:F4:00:60:FC:0C:70:FB:AD:93:4F:4C:9D:F5:88:97:01:B7:59
X509v3 Authority Key Identifier:
keyid:8E:78:43:49:EF:2D:DF:78:57:5F:D5:4C:C7:8E:D8:C4:5C:97:6C:BF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C40D6/CA8E7F7EA54411EA94DA3683C4F9AE02/jnhDSe8t33hXX9VMx47YxFyXbL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jnhDSe8t33hXX9VMx47YxFyXbL8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C40D6/CA8E7F7EA54411EA94DA3683C4F9AE02/A84D830AA54511EAA942C683C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.253.248.0/21
103.144.140.0/23
Signature Algorithm: sha256WithRSAEncryption
b8:2c:b4:5f:7f:01:1f:40:e8:9b:12:48:6b:6e:26:82:4c:b4:
17:78:c4:58:09:5c:85:f5:62:25:c3:b1:04:f3:52:73:68:8b:
61:d4:6b:39:91:fd:d6:3e:ad:df:e8:b5:26:15:ed:b6:61:f9:
fe:f8:0b:55:11:d5:b7:14:a9:67:3a:d1:53:f8:41:51:dc:49:
97:9b:d6:6e:de:17:01:13:c3:a7:5e:76:ae:76:41:16:cc:c9:
c2:9c:09:69:28:76:84:75:5f:ce:d2:c2:da:4e:0c:0a:5d:06:
3c:70:6c:5a:5e:da:5c:9a:fc:90:a1:eb:23:09:d0:cf:41:23:
d6:c5:b7:b3:3b:5d:16:d4:2c:93:07:3e:ee:5e:81:5d:1b:d6:
bc:c0:48:2e:1b:10:8d:88:b3:bc:69:7c:38:d6:1b:79:14:11:
8e:70:98:64:76:3b:3f:fe:58:18:07:b6:d8:d0:f0:98:96:4c:
28:c2:e6:33:9b:ae:8c:04:5e:db:aa:34:6e:00:c1:70:e9:14:
a3:99:a0:65:f9:7f:34:9f:64:01:de:a4:93:0f:6f:4c:c0:75:
01:69:e0:86:99:c3:35:48:d8:31:c0:25:29:4f:e6:59:f9:fe:
f1:22:2a:ea:03:7c:72:9c:27:3d:d6:48:c6:e4:92:35:71:8a:
2a:7a:d0:19
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCMUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzQwRDYxMTAvBgNVBAUTKDhFNzg0MzQ5RUYyRERGNzg1NzVGRDU0Q0M3OEVEOEM0
NUM5NzZDQkYwHhcNMjQxMTA2MjAzOTExWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJiZDNlZi00MzFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvG+KvdKgO9sFKuEHh51lbDpxQYcRO15jXkIDFdk+o3bDyn1yzOcrW77xLqIt
2IDptiGIrzerSqAvFE0FBJaUkK9XBo+sD28n2NdFuwNaaGs1lVdPe3f5b+Il0H3O
fiLOy5c71xKGG7C0T2UuXQXcAxD3TSag5Jl3HHk4KOa7MuRXxYYjzmgJTSw53dUu
xVhZlXX0J+alzVLmWLefV3wiX5butXMpk7zRqMDgH7ipTfe3oNJadS6e2sQ73gVn
rm4Ke/vwXp6DhK8d5vYYgPHhsclBUmJ72i8AHZNGQmjMR8ZuUoWwBCF2CvWFrYaD
kOEY9QB5Rl3G4aCS3tYDGdpjXQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFMsc9ABg
/Axw+62TT0yd9YiXAbdZMB8GA1UdIwQYMBaAFI54Q0nvLd94V1/VTMeO2MRcl2y/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNDBENi9DQThFN0Y3RUE1
NDQxMUVBOTREQTM2ODNDNEY5QUUwMi9qbmhEU2U4dDMzaFhYOVZNeDQ3WXhGeVhi
TDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2puaERTZTh0MzNoWFg5Vk14NDdZeEZ5WGJMOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzQwRDYvQ0E4RTdGN0VBNTQ0MTFFQTk0REEzNjgzQzRGOUFFMDIvQTg0RDgzMEFB
NTQ1MTFFQUE5NDJDNjgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAMt/fgDBAFnkIwwDQYJKoZIhvcNAQELBQADggEBALgstF9/
AR9A6JsSSGtuJoJMtBd4xFgJXIX1YiXDsQTzUnNoi2HUazmR/dY+rd/otSYV7bZh
+f74C1UR1bcUqWc60VP4QVHcSZeb1m7eFwETw6dedq52QRbMycKcCWkodoR1X87S
wtpODApdBjxwbFpe2lya/JCh6yMJ0M9BI9bFt7M7XRbULJMHPu5egV0b1rzASC4b
EI2Is7xpfDjWG3kUEY5wmGR2Oz/+WBgHttjQ8JiWTCjC5jObrowEXtuqNG4AwXDp
FKOZoGX5fzSfZAHepJMPb0zAdQFp4IaZwzVI2DHAJSlP5ln5/vEiKuoDfHKcJz3W
SMbkkjVxiip60Bk=
-----END CERTIFICATE-----
Generated at Sat Apr 12 09:42:39 2025 by rpki-client