Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE65A/66E6FE36497A11EFAF551842C4F9AE02/77BDF1A0497B11EFAE69D243C4F9AE02.roa
File: 77BDF1A0497B11EFAE69D243C4F9AE02.roa (raw, json)
Hash identifier: EAkL+z2TTbEwn03dT2Ny9vtbrcbH4dnoXpbzZjpawbU=
Subject key identifier: B0:23:57:A9:2C:CA:BB:43:DA:21:12:80:8C:1E:0E:D7:2C:72:61:EE
Certificate issuer: /CN=A91CE65A/serialNumber=293BF069C4F4D831EEE769D5B139E3021DB34B00
Certificate serial: 04
Authority key identifier: 29:3B:F0:69:C4:F4:D8:31:EE:E7:69:D5:B1:39:E3:02:1D:B3:4B:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KTvwacT02DHu52nVsTnjAh2zSwA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE65A/66E6FE36497A11EFAF551842C4F9AE02/77BDF1A0497B11EFAE69D243C4F9AE02.roa
Signing time: Wed 24 Jul 2024 05:14:00 +0000
ROA not before: Wed 24 Jul 2024 05:14:00 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 7545
IP address blocks: 203.8.2.0/24 maxlen: 24
2001:df4:1340::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE65A
Validity
Not Before: Jul 24 05:14:00 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a08d98-e383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:f1:81:81:aa:ae:43:1d:20:ee:d0:9f:5f:57:
41:5a:9f:7c:5e:f9:51:47:f2:d5:8e:91:71:d2:19:
af:51:9b:83:40:b9:7d:59:ce:08:e2:85:57:3f:4d:
cd:7a:a2:1e:57:17:8a:b7:54:f7:a7:43:d9:7f:da:
b2:c3:83:43:74:2d:ff:4e:98:78:ab:34:c5:b1:d3:
4c:44:de:43:a4:87:28:da:9e:1f:4b:91:af:d3:59:
46:48:75:2b:b9:5f:d9:86:e7:2d:ed:3b:e1:b5:0a:
9c:08:c8:20:4d:2c:b9:42:3e:82:c4:11:ae:ee:d2:
1e:4c:ae:7c:71:c9:d6:f9:d2:e6:c5:5e:0f:d8:d2:
20:80:b2:2b:c5:dc:fe:f8:11:79:a1:82:db:0f:d8:
41:d8:cd:2e:eb:16:a2:ba:37:12:88:6f:d7:8e:9d:
1e:4b:e2:58:86:fe:8d:ab:e9:6f:01:1d:32:b3:f6:
47:c2:28:ab:c6:c0:0b:10:cd:22:0e:f4:c7:d4:e1:
72:82:ae:df:7a:dc:2d:43:a7:20:ee:aa:23:cf:ae:
d2:6c:34:dc:69:8b:4b:cf:0a:46:bd:01:d1:57:d7:
51:c9:a0:3a:89:a1:bf:9b:6f:af:bd:bc:ad:5e:b1:
a6:79:95:a6:d9:f7:2e:0e:49:40:fa:1e:9e:21:17:
b3:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:23:57:A9:2C:CA:BB:43:DA:21:12:80:8C:1E:0E:D7:2C:72:61:EE
X509v3 Authority Key Identifier:
keyid:29:3B:F0:69:C4:F4:D8:31:EE:E7:69:D5:B1:39:E3:02:1D:B3:4B:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE65A/66E6FE36497A11EFAF551842C4F9AE02/KTvwacT02DHu52nVsTnjAh2zSwA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KTvwacT02DHu52nVsTnjAh2zSwA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE65A/66E6FE36497A11EFAF551842C4F9AE02/77BDF1A0497B11EFAE69D243C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.8.2.0/24
IPv6:
2001:df4:1340::/48
Signature Algorithm: sha256WithRSAEncryption
33:d0:73:99:b9:21:29:37:8e:8a:d6:9d:02:86:11:0a:cd:2f:
d1:9f:98:d3:6f:cb:45:89:9f:e2:0b:05:ef:62:3c:e5:72:54:
97:ac:5d:47:c8:a3:7a:bf:10:cc:dd:96:11:b6:89:4c:70:06:
2c:d2:7f:d4:0f:74:6f:13:31:46:eb:07:5d:4e:59:dd:25:51:
d8:a6:31:6e:a4:a7:1c:51:b6:42:d1:97:bf:98:d8:09:15:40:
ad:e1:63:fe:30:9f:ae:12:c1:d8:52:04:73:d6:80:41:49:84:
de:ba:43:d9:d2:36:56:08:31:e3:1d:33:a1:00:e5:4f:7a:57:
0e:48:52:d6:6a:53:0e:f3:6e:1e:74:60:90:2c:a9:15:e6:76:
62:62:e0:8d:25:1e:13:ce:48:d2:4e:d4:a2:a3:41:db:38:71:
a0:a2:d2:4c:38:c7:3f:69:b8:e4:e9:7f:b1:6f:b1:e1:8a:e5:
76:9b:2b:65:4a:4d:ea:5a:19:c6:ca:68:1b:b8:e2:ce:0d:a2:
5d:d6:8b:4d:92:a3:26:3c:85:ad:56:10:4e:7f:62:f5:9f:d9:
8b:42:1e:d4:cd:30:d9:a1:1a:d2:31:53:b7:c3:78:38:11:78:
a5:a3:d5:81:a4:d3:0e:4e:38:08:be:d3:2a:fa:e8:30:75:25:
fa:2f:da:ff
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RTY1QTExMC8GA1UEBRMoMjkzQkYwNjlDNEY0RDgzMUVFRTc2OUQ1QjEzOUUzMDIx
REIzNEIwMDAeFw0yNDA3MjQwNTE0MDBaFw0yNTA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2YTA4ZDk4LWUzODMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDF8YGBqq5DHSDu0J9fV0Fan3xe+VFH8tWOkXHSGa9Rm4NAuX1ZzgjihVc/Tc16
oh5XF4q3VPenQ9l/2rLDg0N0Lf9OmHirNMWx00xE3kOkhyjanh9Lka/TWUZIdSu5
X9mG5y3tO+G1CpwIyCBNLLlCPoLEEa7u0h5Mrnxxydb50ubFXg/Y0iCAsivF3P74
EXmhgtsP2EHYzS7rFqK6NxKIb9eOnR5L4liG/o2r6W8BHTKz9kfCKKvGwAsQzSIO
9MfU4XKCrt963C1DpyDuqiPPrtJsNNxpi0vPCka9AdFX11HJoDqJob+bb6+9vK1e
saZ5labZ9y4OSUD6Hp4hF7OxAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUsCNXqSzK
u0PaIRKAjB4O1yxyYe4wHwYDVR0jBBgwFoAUKTvwacT02DHu52nVsTnjAh2zSwAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNFNjVBLzY2RTZGRTM2NDk3
QTExRUZBRjU1MTg0MkM0RjlBRTAyL0tUdndhY1QwMkRIdTUyblZzVG5qQWgyelN3
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvS1R2d2FjVDAyREh1NTJuVnNUbmpBaDJ6U3dBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RTY1QS82NkU2RkUzNjQ5N0ExMUVGQUY1NTE4NDJDNEY5QUUwMi83N0JERjFBMDQ5
N0IxMUVGQUU2OUQyNDNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAMsIAjAPBAIAAjAJAwcAIAEN9BNAMA0GCSqGSIb3DQEBCwUA
A4IBAQAz0HOZuSEpN46K1p0ChhEKzS/Rn5jTb8tFiZ/iCwXvYjzlclSXrF1HyKN6
vxDM3ZYRtolMcAYs0n/UD3RvEzFG6wddTlndJVHYpjFupKccUbZC0Ze/mNgJFUCt
4WP+MJ+uEsHYUgRz1oBBSYTeukPZ0jZWCDHjHTOhAOVPelcOSFLWalMO824edGCQ
LKkV5nZiYuCNJR4TzkjSTtSio0HbOHGgotJMOMc/abjk6X+xb7HhiuV2mytlSk3q
WhnGymgbuOLODaJd1otNkqMmPIWtVhBOf2L1n9mLQh7UzTDZoRrSMVO3w3g4EXil
o9WBpNMOTjgIvtMq+ugwdSX6L9r/
-----END CERTIFICATE-----
Generated at Sat Apr 5 05:55:20 2025 by rpki-client