Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
File: 2AECA58494EE11EE84F9D73CC4F9AE02.roa (raw, json)
Hash identifier: 47tXXOX+6JbaiLW8oz6RWvc/L98lvJJCB2C4ifvRS0g=
Subject key identifier: F6:F5:B2:91:E1:80:4A:BD:59:3F:D7:AA:04:5F:52:66:C9:ED:49:96
Certificate issuer: /CN=A91DC31B/serialNumber=8B8AD5CA1C3E8B8CF468B5F496A91ABB0E48CFA8
Certificate serial: 06E9
Authority key identifier: 8B:8A:D5:CA:1C:3E:8B:8C:F4:68:B5:F4:96:A9:1A:BB:0E:48:CF:A8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/i4rVyhw-i4z0aLX0lqkauw5Iz6g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
Signing time: Wed 29 Jan 2025 08:35:08 +0000
ROA not before: Wed 29 Jan 2025 08:35:08 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 19551
IP address blocks: 166.81.2.0/24 maxlen: 24
166.81.62.0/24 maxlen: 24
166.81.63.0/24 maxlen: 24
166.81.83.0/24 maxlen: 24
166.81.84.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1769 (0x6e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DC31B
Validity
Not Before: Jan 29 08:35:08 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=6799e83c-fd89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:17:f5:f5:e4:2c:fc:74:d2:80:29:6c:26:0a:
3e:58:5a:ee:9a:e3:39:a0:0b:d1:59:55:62:6d:2f:
85:0f:62:11:c3:c8:cc:8c:5f:0c:56:88:71:89:33:
3a:75:96:d2:31:99:01:bf:a4:7b:3b:4b:6d:03:14:
8b:f8:67:9e:04:45:b1:d8:23:d1:29:28:13:19:3c:
91:41:07:3f:b2:51:0a:37:6e:86:16:f0:2b:5f:fb:
38:b7:15:95:a3:8b:a4:f5:e8:f4:f5:50:a1:67:fb:
09:de:68:07:e6:52:39:8c:ac:91:e7:67:63:a6:03:
ba:b7:b3:e9:93:71:c4:e4:84:fe:ae:44:c7:48:18:
bf:6c:36:38:cd:49:c7:e8:93:01:79:ad:46:82:bb:
27:a2:39:1b:34:4c:03:f1:1b:9a:fc:be:bf:ef:eb:
70:22:c5:62:49:08:85:5a:cd:7b:be:27:f6:36:ab:
b8:30:5a:df:cb:53:d7:70:a8:1c:6f:a6:ad:d1:9e:
cc:a4:48:e0:b1:fe:ef:28:c2:b5:57:40:4c:8a:f3:
fa:b8:e5:85:9f:1a:37:01:82:2d:2e:42:37:08:7b:
a5:59:e2:7a:0e:cb:5c:01:a3:ff:18:26:8b:e3:5c:
c8:e7:ba:97:0f:02:55:6b:27:b8:e2:fa:7a:86:c8:
5e:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:F5:B2:91:E1:80:4A:BD:59:3F:D7:AA:04:5F:52:66:C9:ED:49:96
X509v3 Authority Key Identifier:
keyid:8B:8A:D5:CA:1C:3E:8B:8C:F4:68:B5:F4:96:A9:1A:BB:0E:48:CF:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/i4rVyhw-i4z0aLX0lqkauw5Iz6g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/i4rVyhw-i4z0aLX0lqkauw5Iz6g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
166.81.2.0/24
166.81.62.0/23
166.81.83.0-166.81.84.255
Signature Algorithm: sha256WithRSAEncryption
8c:f2:88:52:f9:fe:8a:c2:3e:a1:fc:21:ab:64:6a:f0:19:a6:
68:df:40:58:1e:f9:16:41:cb:45:4e:9e:63:4a:79:a1:2b:fc:
32:80:d0:de:be:a7:11:19:6a:4b:9e:e5:ba:12:ea:66:8f:94:
34:b9:ef:2b:d0:00:6a:e8:2e:e5:7f:c6:ec:58:1f:f8:1a:f5:
44:96:f2:2a:cc:24:58:60:b6:31:dc:ec:2d:4e:d3:c1:4a:40:
04:ae:ca:a6:89:51:11:d4:13:e6:e8:90:c0:92:b0:82:d2:11:
cb:ad:a6:cf:28:6b:57:44:88:d8:1c:a7:96:e1:43:fc:be:1e:
e9:b9:db:d9:5d:f7:b3:3a:1a:41:3d:07:80:a9:f3:9d:22:bd:
12:4d:9f:7f:86:7d:05:26:bc:0a:4c:89:33:55:59:e8:1c:5c:
01:5d:f8:c5:d9:d0:06:6d:98:65:e8:b2:c9:16:8e:ff:e2:ba:
e5:c1:9e:b2:b7:df:95:cc:28:c5:3a:35:1c:54:2b:4c:3b:ed:
60:70:92:74:94:6c:3c:67:cd:d1:c3:a7:f4:7f:64:91:0f:aa:
dc:ad:ef:ab:ee:a7:14:30:da:09:c4:c2:d0:57:95:fd:1c:04:
99:43:1d:aa:6e:66:6d:7a:7c:3a:1b:86:e9:09:cd:c3:fc:a4:
c8:9d:93:aa
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBukwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REMzMUIxMTAvBgNVBAUTKDhCOEFENUNBMUMzRThCOENGNDY4QjVGNDk2QTkxQUJC
MEU0OENGQTgwHhcNMjUwMTI5MDgzNTA4WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzk5ZTgzYy1mZDg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArxf19eQs/HTSgClsJgo+WFrumuM5oAvRWVVibS+FD2IRw8jMjF8MVohxiTM6
dZbSMZkBv6R7O0ttAxSL+GeeBEWx2CPRKSgTGTyRQQc/slEKN26GFvArX/s4txWV
o4uk9ej09VChZ/sJ3mgH5lI5jKyR52djpgO6t7Ppk3HE5IT+rkTHSBi/bDY4zUnH
6JMBea1GgrsnojkbNEwD8Rua/L6/7+twIsViSQiFWs17vif2Nqu4MFrfy1PXcKgc
b6at0Z7MpEjgsf7vKMK1V0BMivP6uOWFnxo3AYItLkI3CHulWeJ6DstcAaP/GCaL
41zI57qXDwJVaye44vp6hshepQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFPb1spHh
gEq9WT/XqgRfUmbJ7UmWMB8GA1UdIwQYMBaAFIuK1cocPouM9Gi19JapGrsOSM+o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzMxQi9EMEVDQ0Q0ODg5
M0QxMUVCOTE2REYwMjJDNEY5QUUwMi9pNHJWeWh3LWk0ejBhTFgwbHFrYXV3NUl6
NmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2k0clZ5aHctaTR6MGFMWDBscWthdXc1SXo2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REMzMUIvRDBFQ0NENDg4OTNEMTFFQjkxNkRGMDIyQzRGOUFFMDIvMkFFQ0E1ODQ5
NEVFMTFFRTg0RjlENzNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBACmUQIDBAGmUT4wDAMEAKZRUwMEAKZRVDANBgkqhkiG9w0B
AQsFAAOCAQEAjPKIUvn+isI+ofwhq2Rq8BmmaN9AWB75FkHLRU6eY0p5oSv8MoDQ
3r6nERlqS57luhLqZo+UNLnvK9AAaugu5X/G7Fgf+Br1RJbyKswkWGC2MdzsLU7T
wUpABK7KpolREdQT5uiQwJKwgtIRy62mzyhrV0SI2BynluFD/L4e6bnb2V33szoa
QT0HgKnznSK9Ek2ff4Z9BSa8CkyJM1VZ6BxcAV34xdnQBm2YZeiyyRaO/+K65cGe
srfflcwoxTo1HFQrTDvtYHCSdJRsPGfN0cOn9H9kkQ+q3K3vq+6nFDDaCcTC0FeV
/RwEmUMdqm5mbXp8OhuG6QnNw/ykyJ2Tqg==
-----END CERTIFICATE-----
Generated at Sun Apr 6 06:13:11 2025 by rpki-client