Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E9580/C7CE2E107F8D11EAAD8CD51EC4F9AE02/DE76B04EC2BA11EB99E5E36FC4F9AE02.roa
File: DE76B04EC2BA11EB99E5E36FC4F9AE02.roa (raw, json)
Hash identifier: qU5SgxuYfj9EbloGsgp5NlU+LGZow7QsAYGZSye/EIM=
Subject key identifier: E6:A8:A9:0B:44:63:BA:A8:EE:9F:D2:29:39:FC:95:80:CB:52:FC:90
Certificate issuer: /CN=A91E9580/serialNumber=FE4FDA3967016C113AC807B849340AC6520F0802
Certificate serial: 09C3
Authority key identifier: FE:4F:DA:39:67:01:6C:11:3A:C8:07:B8:49:34:0A:C6:52:0F:08:02
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_k_aOWcBbBE6yAe4STQKxlIPCAI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E9580/C7CE2E107F8D11EAAD8CD51EC4F9AE02/DE76B04EC2BA11EB99E5E36FC4F9AE02.roa
Signing time: Fri 14 Feb 2025 21:09:56 +0000
ROA not before: Fri 14 Feb 2025 21:09:56 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 136170
IP address blocks: 123.100.226.0/24 maxlen: 24
202.157.176.0/23 maxlen: 24
202.157.184.0/23 maxlen: 24
202.157.186.0/23 maxlen: 23
202.157.186.0/24 maxlen: 24
202.157.187.0/24 maxlen: 24
202.157.188.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2499 (0x9c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E9580
Validity
Not Before: Feb 14 21:09:56 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67afb123-9930
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:c1:ce:82:d2:1c:2a:a5:5c:e4:80:6d:47:89:
4b:d5:d6:78:19:2c:83:cd:d0:15:fd:27:55:ee:49:
0e:ee:8a:e5:97:ed:3a:f2:de:2c:ad:b7:42:b6:b0:
85:05:13:bc:0a:1d:d6:34:99:4e:a6:ca:86:20:f3:
7d:7a:57:a9:11:0d:d3:bc:ac:7d:1d:49:39:cf:e5:
e7:68:0c:d8:e5:13:3d:f3:6c:9e:4b:2a:14:e6:cf:
fa:ee:d2:92:5c:8a:eb:e5:d6:6b:aa:8a:10:e0:89:
ec:b9:43:18:5f:84:55:6a:e6:39:ee:03:c0:29:5b:
22:13:40:d4:3a:c5:22:9e:10:f1:f3:fe:a3:8f:f6:
ba:90:95:42:4e:7e:ed:db:00:71:a2:fa:a6:e6:28:
c4:d5:ed:33:98:b0:79:a3:94:fd:45:6e:65:3c:7b:
f6:2a:51:e8:c7:79:f2:44:d1:b9:cc:ba:f2:f7:f0:
ec:54:63:ba:cd:1f:e6:fb:c1:00:c3:a0:42:1c:c2:
c4:4a:2b:20:ba:db:4c:94:93:f3:f9:84:f6:3c:9d:
20:df:6d:bc:42:8e:de:e3:0f:a1:ef:40:d4:77:bc:
4e:6b:43:93:39:05:f4:7e:fc:c4:35:ae:d5:95:bb:
cb:24:de:75:9e:5d:f7:ec:88:f8:f5:88:9d:c8:26:
67:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:A8:A9:0B:44:63:BA:A8:EE:9F:D2:29:39:FC:95:80:CB:52:FC:90
X509v3 Authority Key Identifier:
keyid:FE:4F:DA:39:67:01:6C:11:3A:C8:07:B8:49:34:0A:C6:52:0F:08:02
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E9580/C7CE2E107F8D11EAAD8CD51EC4F9AE02/_k_aOWcBbBE6yAe4STQKxlIPCAI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_k_aOWcBbBE6yAe4STQKxlIPCAI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E9580/C7CE2E107F8D11EAAD8CD51EC4F9AE02/DE76B04EC2BA11EB99E5E36FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
123.100.226.0/24
202.157.176.0/23
202.157.184.0-202.157.189.255
Signature Algorithm: sha256WithRSAEncryption
96:43:9e:39:14:a2:bd:d0:53:94:bc:f0:1b:59:48:83:f5:00:
c8:91:96:ba:8f:9e:bb:22:72:41:9d:08:37:c9:ee:b7:a0:c6:
29:ba:89:09:16:5e:bc:81:21:b4:48:50:ac:84:57:eb:4e:61:
ad:72:54:5f:0d:c3:a7:bc:39:ab:40:bd:a1:8f:eb:f7:b5:4c:
78:41:06:11:c5:c7:35:66:2b:96:ad:f2:39:fb:08:28:52:80:
16:41:88:53:ab:1e:28:74:88:a8:c3:07:c9:7b:5a:7b:61:5a:
03:cf:cf:5c:9a:d6:15:a2:5d:05:1a:95:ce:12:f1:65:c7:c1:
c5:b1:75:31:04:f2:07:99:4f:32:2e:31:c3:af:af:4d:a7:76:
89:26:1e:27:02:59:e3:23:f5:a5:19:54:f1:d6:c0:43:d0:7e:
ba:9c:1e:07:89:7f:f4:34:eb:7f:b7:eb:c9:69:69:ab:7c:96:
b8:7d:2c:41:fc:62:00:6b:b6:05:1a:35:e5:78:b5:f1:3f:0f:
29:36:29:e1:49:c2:fc:4c:61:39:7c:a4:ed:06:dc:ee:fd:cf:
6d:26:66:e9:80:59:27:9f:fc:89:06:7d:c8:15:a1:1e:70:e4:
d7:97:28:f5:bf:85:2d:09:4c:32:67:73:32:76:36:19:e5:9e:
64:9b:60:0e
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICCcMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTk1ODAxMTAvBgNVBAUTKEZFNEZEQTM5NjcwMTZDMTEzQUM4MDdCODQ5MzQwQUM2
NTIwRjA4MDIwHhcNMjUwMjE0MjEwOTU2WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2FmYjEyMy05OTMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA08HOgtIcKqVc5IBtR4lL1dZ4GSyDzdAV/SdV7kkO7orll+068t4srbdCtrCF
BRO8Ch3WNJlOpsqGIPN9elepEQ3TvKx9HUk5z+XnaAzY5RM982yeSyoU5s/67tKS
XIrr5dZrqooQ4InsuUMYX4RVauY57gPAKVsiE0DUOsUinhDx8/6jj/a6kJVCTn7t
2wBxovqm5ijE1e0zmLB5o5T9RW5lPHv2KlHox3nyRNG5zLry9/DsVGO6zR/m+8EA
w6BCHMLESisguttMlJPz+YT2PJ0g3228Qo7e4w+h70DUd7xOa0OTOQX0fvzENa7V
lbvLJN51nl337Ij49YidyCZn5QIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFOaoqQtE
Y7qo7p/SKTn8lYDLUvyQMB8GA1UdIwQYMBaAFP5P2jlnAWwROsgHuEk0CsZSDwgC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFOTU4MC9DN0NFMkUxMDdG
OEQxMUVBQUQ4Q0Q1MUVDNEY5QUUwMi9fa19hT1djQmJCRTZ5QWU0U1RRS3hsSVBD
QUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19rX2FPV2NCYkJFNnlBZTRTVFFLeGxJUENBSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTk1ODAvQzdDRTJFMTA3RjhEMTFFQUFEOENENTFFQzRGOUFFMDIvREU3NkIwNEVD
MkJBMTFFQjk5RTVFMzZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAB7ZOIDBAHKnbAwDAMEA8qduAMEAcqdvDANBgkqhkiG9w0B
AQsFAAOCAQEAlkOeORSivdBTlLzwG1lIg/UAyJGWuo+euyJyQZ0IN8nut6DGKbqJ
CRZevIEhtEhQrIRX605hrXJUXw3Dp7w5q0C9oY/r97VMeEEGEcXHNWYrlq3yOfsI
KFKAFkGIU6seKHSIqMMHyXtae2FaA8/PXJrWFaJdBRqVzhLxZcfBxbF1MQTyB5lP
Mi4xw6+vTad2iSYeJwJZ4yP1pRlU8dbAQ9B+upweB4l/9DTrf7fryWlpq3yWuH0s
QfxiAGu2BRo15Xi18T8PKTYp4UnC/ExhOXyk7Qbc7v3PbSZm6YBZJ5/8iQZ9yBWh
HnDk15co9b+FLQlMMmdzMnY2GeWeZJtgDg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 11:33:06 2025 by rpki-client