Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D9CA8/20DA2746E4FD11EFAC1CE67FC4F9AE02/B97BD74AE4FF11EFB75F5836C4F9AE02.roa
File: B97BD74AE4FF11EFB75F5836C4F9AE02.roa (raw, json)
Hash identifier: KR4Tx3kFeLSQKCW18mb5WqFjOSaFssRkJQn1FwH+pqg=
Subject key identifier: DA:10:CE:F6:0C:A4:1B:AD:7C:65:FA:14:60:BF:C1:4D:9B:D8:85:9A
Certificate issuer: /CN=A91D9CA8/serialNumber=CBC6603370FBE84CCCE064E84F4F26EDBEC267B1
Certificate serial: 02
Authority key identifier: CB:C6:60:33:70:FB:E8:4C:CC:E0:64:E8:4F:4F:26:ED:BE:C2:67:B1
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/y8ZgM3D76EzM4GToT08m7b7CZ7E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D9CA8/20DA2746E4FD11EFAC1CE67FC4F9AE02/B97BD74AE4FF11EFB75F5836C4F9AE02.roa
Signing time: Fri 07 Feb 2025 03:00:45 +0000
ROA not before: Fri 07 Feb 2025 03:00:45 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 153490
IP address blocks: 161.248.118.0/24 maxlen: 24
161.248.119.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D9CA8
Validity
Not Before: Feb 7 03:00:45 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67a5775d-c7b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:68:cf:12:0b:f2:4d:41:8d:bf:8d:85:c6:8f:
7c:a5:74:c4:1a:36:cb:9a:9a:3a:49:5b:d6:3e:0f:
f2:9b:5f:2a:03:b9:8a:38:8d:2d:c5:e8:9d:db:f2:
08:a5:33:9b:26:1c:f5:6d:5b:3c:97:26:67:a5:50:
a7:1d:bb:50:4a:a0:eb:f3:19:de:20:55:06:5b:27:
18:cf:8b:4e:55:dd:4c:0c:3e:33:b8:21:3d:d4:43:
e3:f6:41:d3:20:49:41:dc:ed:f3:44:d3:ab:05:4d:
18:2c:a5:e0:49:c5:6e:ba:90:9d:2a:ad:e5:2d:8b:
25:d6:e7:ec:b4:a2:4e:08:af:13:2b:64:a4:d1:8b:
36:a4:73:26:d2:e2:a6:5c:6c:6a:21:1f:e4:4f:77:
67:e0:da:71:07:78:38:28:df:63:15:e8:e1:ff:7e:
dd:bc:a6:e9:21:5a:49:03:3d:4e:df:9f:95:f4:61:
a6:5d:08:73:ab:fe:8c:72:21:54:76:e4:bd:33:88:
7c:dc:cc:a8:d0:aa:4b:f0:ff:1d:6a:49:e2:96:49:
c2:1b:94:b1:34:8f:8a:0c:65:a0:02:af:b2:5a:ef:
e5:cd:da:95:34:05:e1:4e:d6:a7:0d:18:80:03:50:
77:8b:5f:ad:32:33:2b:a4:7c:82:52:d3:f8:6a:6e:
fa:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:10:CE:F6:0C:A4:1B:AD:7C:65:FA:14:60:BF:C1:4D:9B:D8:85:9A
X509v3 Authority Key Identifier:
keyid:CB:C6:60:33:70:FB:E8:4C:CC:E0:64:E8:4F:4F:26:ED:BE:C2:67:B1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D9CA8/20DA2746E4FD11EFAC1CE67FC4F9AE02/y8ZgM3D76EzM4GToT08m7b7CZ7E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/y8ZgM3D76EzM4GToT08m7b7CZ7E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D9CA8/20DA2746E4FD11EFAC1CE67FC4F9AE02/B97BD74AE4FF11EFB75F5836C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
161.248.118.0/23
Signature Algorithm: sha256WithRSAEncryption
9e:8e:42:5c:da:33:3b:81:37:45:61:fe:ee:cb:e3:67:bc:a1:
8c:9f:b2:eb:72:c1:c7:d5:e9:e7:14:1d:bb:3a:bf:fb:dd:f3:
a3:14:1c:b8:75:06:05:0f:52:c8:8c:67:35:ae:a5:31:01:0f:
97:12:88:d5:21:3d:40:54:16:d6:c4:50:e9:49:bd:7c:e9:39:
a6:57:fc:9e:6f:89:61:b5:99:a7:17:6e:60:a6:81:62:48:a7:
30:a7:f2:34:ba:e6:96:67:3c:4c:50:ba:03:c2:b9:bd:53:ad:
50:aa:82:7c:4f:e6:c8:83:f5:74:7d:6e:50:56:58:c3:2d:8b:
bf:c8:23:7e:bb:17:3c:bb:5f:2a:57:9d:dc:e9:02:28:b8:9c:
c2:2c:0c:2c:b6:c0:81:20:67:66:8d:22:4b:07:d8:5e:47:4b:
77:0c:b2:af:24:d6:c3:db:09:33:32:e6:23:17:2b:aa:e1:af:
a3:99:1b:35:ca:ef:92:34:8b:86:0e:6e:36:1f:62:79:49:6c:
cf:4b:5c:a8:d9:49:c2:31:7a:97:2f:28:e3:35:71:73:11:a3:
95:cb:bd:ca:fd:18:f2:54:8b:9d:8e:1c:b8:69:78:05:b0:c0:
56:86:06:74:11:ac:2c:5f:18:e1:84:df:fc:73:5f:7b:95:8a:
cf:16:10:9a
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
OUNBODExMC8GA1UEBRMoQ0JDNjYwMzM3MEZCRTg0Q0NDRTA2NEU4NEY0RjI2RURC
RUMyNjdCMTAeFw0yNTAyMDcwMzAwNDVaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3YTU3NzVkLWM3YjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDDaM8SC/JNQY2/jYXGj3yldMQaNsuamjpJW9Y+D/KbXyoDuYo4jS3F6J3b8gil
M5smHPVtWzyXJmelUKcdu1BKoOvzGd4gVQZbJxjPi05V3UwMPjO4IT3UQ+P2QdMg
SUHc7fNE06sFTRgspeBJxW66kJ0qreUtiyXW5+y0ok4IrxMrZKTRizakcybS4qZc
bGohH+RPd2fg2nEHeDgo32MV6OH/ft28pukhWkkDPU7fn5X0YaZdCHOr/oxyIVR2
5L0ziHzczKjQqkvw/x1qSeKWScIblLE0j4oMZaACr7Ja7+XN2pU0BeFO1qcNGIAD
UHeLX60yMyukfIJS0/hqbvpPAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU2hDO9gyk
G618ZfoUYL/BTZvYhZowHwYDVR0jBBgwFoAUy8ZgM3D76EzM4GToT08m7b7CZ7Ew
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQ5Q0E4LzIwREEyNzQ2RTRG
RDExRUZBQzFDRTY3RkM0RjlBRTAyL3k4WmdNM0Q3NkV6TTRHVG9UMDhtN2I3Q1o3
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIveThaZ00zRDc2RXpNNEdUb1QwOG03YjdDWjdFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
OUNBOC8yMERBMjc0NkU0RkQxMUVGQUMxQ0U2N0ZDNEY5QUUwMi9COTdCRDc0QUU0
RkYxMUVGQjc1RjU4MzZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaH4djANBgkqhkiG9w0BAQsFAAOCAQEAno5CXNozO4E3RWH+
7svjZ7yhjJ+y63LBx9Xp5xQduzq/+93zoxQcuHUGBQ9SyIxnNa6lMQEPlxKI1SE9
QFQW1sRQ6Um9fOk5plf8nm+JYbWZpxduYKaBYkinMKfyNLrmlmc8TFC6A8K5vVOt
UKqCfE/myIP1dH1uUFZYwy2Lv8gjfrsXPLtfKled3OkCKLicwiwMLLbAgSBnZo0i
SwfYXkdLdwyyryTWw9sJMzLmIxcrquGvo5kbNcrvkjSLhg5uNh9ieUlsz0tcqNlJ
wjF6ly8o4zVxcxGjlcu9yv0Y8lSLnY4cuGl4BbDAVoYGdBGsLF8Y4YTf/HNfe5WK
zxYQmg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 11:40:58 2025 by rpki-client