Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
File: A257A95EA9DC11E9AA03780DC4F9AE02.roa (raw, json)
Hash identifier: Kqxe3AlQssfHaUaGQ94xh+g433EOzW+NAhxS/kOyvHs=
Subject key identifier: 9D:41:93:BD:DE:5B:E2:13:B6:80:97:7B:8C:1C:4A:91:FD:39:21:F1
Certificate issuer: /CN=A91C77BD/serialNumber=A3EB7C435063BC54D3573D81DBDC1873987663E0
Certificate serial: 214C
Authority key identifier: A3:EB:7C:43:50:63:BC:54:D3:57:3D:81:DB:DC:18:73:98:76:63:E0
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
Signing time: Fri 21 Mar 2025 02:45:51 +0000
ROA not before: Fri 21 Mar 2025 02:45:51 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134707
IP address blocks: 103.196.136.0/22 maxlen: 22
103.196.136.0/24 maxlen: 24
103.196.137.0/24 maxlen: 24
103.196.138.0/24 maxlen: 24
103.196.139.0/24 maxlen: 24
203.189.116.0/22 maxlen: 22
203.189.116.0/24 maxlen: 24
203.189.117.0/24 maxlen: 24
203.189.118.0/24 maxlen: 24
203.189.119.0/24 maxlen: 24
223.25.60.0/22 maxlen: 22
223.25.60.0/24 maxlen: 24
223.25.61.0/24 maxlen: 24
223.25.62.0/24 maxlen: 24
223.25.63.0/24 maxlen: 24
2404:3380::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8524 (0x214c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C77BD
Validity
Not Before: Mar 21 02:45:51 2025 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=67dcd2df-2a13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:21:40:62:98:69:f2:80:fc:50:27:85:87:bd:
5e:e3:77:40:9d:10:b5:b4:33:d7:b4:fd:84:07:aa:
7b:29:5c:df:7f:df:eb:c0:67:5b:66:7c:77:43:91:
a5:20:a5:ee:93:ad:99:68:dd:b8:04:11:c0:b2:30:
5a:47:7d:34:9b:4b:b1:79:84:6e:36:2e:10:11:cc:
1d:51:61:08:4d:bb:36:c8:b8:31:99:fc:7c:8f:94:
5a:f3:ea:f1:7e:70:4f:49:65:7a:8d:86:03:ae:a2:
5f:09:e9:af:1f:a9:a1:c1:fc:f4:97:ad:0e:ca:f5:
02:e6:be:7a:9f:81:8e:75:88:f6:ae:99:16:93:7a:
60:df:e2:37:42:6f:7a:c7:dd:38:c5:5c:c3:f5:93:
85:63:24:6f:cd:da:b6:5c:1c:e2:c7:01:2e:b9:3a:
14:5c:db:ae:c7:e8:71:32:34:7d:18:96:03:39:98:
46:ef:8e:b0:00:04:ac:85:65:75:4d:6c:51:44:cb:
b2:f1:72:fa:d7:e9:06:17:f0:f2:c8:c1:f1:2a:b5:
72:95:cf:88:54:06:06:5a:3d:7b:e4:50:3d:34:0c:
ee:31:7c:e6:46:12:77:d1:15:0d:11:89:d1:cf:d1:
41:52:ab:f2:f1:d3:68:18:9e:fa:86:ce:11:e3:d4:
82:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:41:93:BD:DE:5B:E2:13:B6:80:97:7B:8C:1C:4A:91:FD:39:21:F1
X509v3 Authority Key Identifier:
keyid:A3:EB:7C:43:50:63:BC:54:D3:57:3D:81:DB:DC:18:73:98:76:63:E0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o-t8Q1BjvFTTVz2B29wYc5h2Y-A.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C77BD/38937198DF4011E58232734AC4F9AE02/A257A95EA9DC11E9AA03780DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.196.136.0/22
203.189.116.0/22
223.25.60.0/22
IPv6:
2404:3380::/32
Signature Algorithm: sha256WithRSAEncryption
21:46:7c:54:9a:f7:65:24:b2:cd:87:1e:5e:0c:31:2c:92:16:
64:77:b2:10:33:47:f4:fa:65:59:fc:a5:e3:d2:e1:a6:3c:81:
f0:da:fb:f1:06:26:8a:00:35:cb:89:cd:3b:0c:6c:bc:58:61:
77:7e:4f:c7:da:0f:01:b3:8c:25:cc:a7:24:3c:ce:82:c7:51:
9d:9b:96:a5:16:e8:9d:2a:f0:3f:4f:b1:14:1b:7b:af:55:77:
a3:b8:a5:8f:26:0e:3e:4f:70:f4:d1:70:8b:86:4c:f3:79:40:
e8:17:57:22:7a:d4:18:2f:69:0e:0a:f2:0f:ba:01:d2:b4:4d:
c2:f7:ad:18:39:53:28:8e:d5:f5:f8:62:39:30:77:0b:3a:62:
fa:73:b3:bd:6c:e2:46:01:59:f5:63:aa:6e:65:4e:e1:d9:09:
c6:74:62:10:61:26:11:65:03:27:15:a9:59:5e:5b:17:05:27:
61:55:90:9a:da:e8:d0:cf:36:8a:db:65:7c:02:66:61:a6:21:
92:dd:6d:f5:7e:ee:ac:bb:03:85:0e:a4:96:d1:e3:56:24:39:
cb:64:3a:1f:77:65:c8:be:6f:a0:2f:7a:3a:84:c6:f7:83:12:
d8:08:14:75:f4:a6:a1:64:0a:8b:c3:a2:a8:74:4d:46:a3:fb:
8a:2e:8d:ab
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICIUwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc3QkQxMTAvBgNVBAUTKEEzRUI3QzQzNTA2M0JDNTREMzU3M0Q4MURCREMxODcz
OTg3NjYzRTAwHhcNMjUwMzIxMDI0NTUxWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2RjZDJkZi0yYTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxCFAYphp8oD8UCeFh71e43dAnRC1tDPXtP2EB6p7KVzff9/rwGdbZnx3Q5Gl
IKXuk62ZaN24BBHAsjBaR300m0uxeYRuNi4QEcwdUWEITbs2yLgxmfx8j5Ra8+rx
fnBPSWV6jYYDrqJfCemvH6mhwfz0l60OyvUC5r56n4GOdYj2rpkWk3pg3+I3Qm96
x904xVzD9ZOFYyRvzdq2XBzixwEuuToUXNuux+hxMjR9GJYDOZhG746wAASshWV1
TWxRRMuy8XL61+kGF/DyyMHxKrVylc+IVAYGWj175FA9NAzuMXzmRhJ30RUNEYnR
z9FBUqvy8dNoGJ76hs4R49SCcwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFJ1Bk73e
W+ITtoCXe4wcSpH9OSHxMB8GA1UdIwQYMBaAFKPrfENQY7xU01c9gdvcGHOYdmPg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzdCRC8zODkzNzE5OERG
NDAxMUU1ODIzMjczNEFDNEY5QUUwMi9vLXQ4UTFCanZGVFRWejJCMjl3WWM1aDJZ
LUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL28tdDhRMUJqdkZUVFZ6MkIyOXdZYzVoMlktQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc3QkQvMzg5MzcxOThERjQwMTFFNTgyMzI3MzRBQzRGOUFFMDIvQTI1N0E5NUVB
OURDMTFFOUFBMDM3ODBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJnxIgDBALLvXQDBALfGTwwDQQCAAIwBwMFACQEM4AwDQYJ
KoZIhvcNAQELBQADggEBACFGfFSa92Ukss2HHl4MMSySFmR3shAzR/T6ZVn8pePS
4aY8gfDa+/EGJooANcuJzTsMbLxYYXd+T8faDwGzjCXMpyQ8zoLHUZ2blqUW6J0q
8D9PsRQbe69Vd6O4pY8mDj5PcPTRcIuGTPN5QOgXVyJ61BgvaQ4K8g+6AdK0TcL3
rRg5UyiO1fX4Yjkwdws6Yvpzs71s4kYBWfVjqm5lTuHZCcZ0YhBhJhFlAycVqVle
WxcFJ2FVkJra6NDPNorbZXwCZmGmIZLdbfV+7qy7A4UOpJbR41YkOctkOh93Zci+
b6AvejqExveDEtgIFHX0pqFkCovDoqh0TUaj+4oujas=
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:06:56 2025 by rpki-client