Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/DE542790058711F0928FB866C4F9AE02.roa
File: DE542790058711F0928FB866C4F9AE02.roa (raw, json)
Hash identifier: oZxBVSj1Mv8VRpXOWfSpeRcfrv00LslYo58qNkYud80=
Subject key identifier: 09:C7:0E:85:FD:54:EC:68:15:71:BF:61:42:1D:70:39:9A:3F:52:FA
Certificate issuer: /CN=A915D03A/serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Certificate serial: 198A
Authority key identifier: 61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/DE542790058711F0928FB866C4F9AE02.roa
Signing time: Thu 20 Mar 2025 12:35:56 +0000
ROA not before: Thu 20 Mar 2025 12:35:56 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 20940
IP address blocks: 43.254.120.0/22 maxlen: 22
59.151.128.0/18 maxlen: 18
60.254.128.0/18 maxlen: 18
60.254.143.0/24 maxlen: 24
60.254.148.0/24 maxlen: 24
60.254.173.0/24 maxlen: 24
103.238.148.0/22 maxlen: 22
118.214.0.0/16 maxlen: 16
118.214.1.0/24 maxlen: 24
118.214.167.0/24 maxlen: 24
118.214.171.0/24 maxlen: 24
118.214.178.0/24 maxlen: 24
118.214.181.0/24 maxlen: 24
118.214.185.0/24 maxlen: 24
118.214.186.0/24 maxlen: 24
118.214.187.0/24 maxlen: 24
118.214.188.0/23 maxlen: 23
118.214.190.0/24 maxlen: 24
118.215.0.0/17 maxlen: 17
118.215.128.0/18 maxlen: 18
122.252.32.0/19 maxlen: 19
122.252.128.0/20 maxlen: 20
125.56.128.0/17 maxlen: 17
125.56.184.0/24 maxlen: 24
125.56.185.0/24 maxlen: 24
125.56.186.0/24 maxlen: 24
125.56.199.0/24 maxlen: 24
125.56.201.0/24 maxlen: 24
125.56.205.0/24 maxlen: 24
125.56.218.0/24 maxlen: 24
125.56.219.0/24 maxlen: 24
125.56.222.0/24 maxlen: 24
125.252.192.0/18 maxlen: 18
125.252.224.0/24 maxlen: 24
2405:9600::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6538 (0x198a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915D03A
Validity
Not Before: Mar 20 12:35:56 2025 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67dc0bab-35a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b3:34:c2:51:0a:94:6e:1e:e3:3f:78:2d:ba:
00:38:34:c0:1d:d3:c6:c8:37:63:d3:2e:56:c7:74:
ba:e7:03:d0:1c:4e:58:f9:6a:00:e1:b2:03:69:10:
0f:54:90:85:36:b6:d3:b6:8d:1a:c6:de:06:bc:90:
c1:71:ea:3c:83:b8:38:4e:24:02:bb:1f:41:7b:a8:
3f:fa:ef:93:2b:f0:f0:44:9c:e8:92:a5:a7:59:29:
f1:1c:8f:d0:92:b7:9e:92:62:94:a3:0a:af:3a:50:
4b:54:52:a6:62:b0:68:1b:5a:48:ca:5e:d2:5e:b7:
8d:51:0e:3d:c2:fa:23:13:cd:f2:cc:bd:35:6c:a2:
e5:c4:6a:25:70:3f:90:b7:7f:80:d3:f0:b5:e4:75:
a6:c1:e5:79:64:f7:93:0c:52:30:dc:d6:dc:92:bf:
33:f0:e0:9d:8a:54:8c:72:89:78:b8:67:c8:c8:4a:
3f:63:cc:8b:9f:46:de:78:9e:67:7a:e0:83:ac:4c:
5e:b7:c5:02:0e:eb:70:83:47:30:76:70:44:9f:1f:
f5:e9:bd:d8:b9:f1:25:49:2c:30:9d:f4:44:77:b6:
a1:a0:79:d9:eb:d5:d9:2a:49:45:4e:d2:f7:e2:6d:
a9:d2:24:a8:d9:3b:14:c5:25:c8:10:39:1d:5c:15:
e3:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:C7:0E:85:FD:54:EC:68:15:71:BF:61:42:1D:70:39:9A:3F:52:FA
X509v3 Authority Key Identifier:
keyid:61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/DE542790058711F0928FB866C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.120.0/22
59.151.128.0/18
60.254.128.0/18
103.238.148.0/22
118.214.0.0-118.215.191.255
122.252.32.0/19
122.252.128.0/20
125.56.128.0/17
125.252.192.0/18
IPv6:
2405:9600::/32
Signature Algorithm: sha256WithRSAEncryption
3a:10:e7:e5:41:0e:d8:b2:78:8c:0d:9a:7b:a6:fb:87:2d:f0:
cc:92:13:0d:7b:d6:f6:93:53:6a:3b:05:10:18:88:0b:fa:50:
50:ae:9a:fe:02:01:1f:fa:38:27:b4:6d:8d:71:b2:27:6b:ac:
91:c8:e8:10:03:ce:cb:c1:71:4b:5a:4d:5b:b6:18:78:6c:31:
86:4a:0e:29:2f:e7:23:97:1d:26:53:a2:7f:f4:73:39:1a:29:
68:7e:49:5c:9b:ca:c1:55:e9:b7:72:55:14:f1:9b:8f:d4:69:
66:bb:fd:cf:00:c6:9a:32:e8:de:e4:91:51:eb:26:e9:ad:8b:
76:e5:31:2a:b2:14:0d:7e:ed:a3:55:6b:5f:43:3f:44:65:91:
b0:8e:96:cd:c5:96:c8:b6:19:37:08:b6:1b:05:b1:03:86:71:
2b:9b:10:b9:25:cd:59:81:77:6a:22:d3:e7:8b:36:ea:fc:49:
66:b2:ae:e3:21:8a:cf:1a:8d:08:b8:45:83:fa:bc:fa:27:c9:
df:60:e0:14:37:90:0d:51:2a:41:82:83:5c:bd:8c:a2:7b:7a:
f9:fc:bc:62:f1:c5:5f:9c:61:e7:aa:c2:a3:fe:82:7f:76:a8:
37:68:50:ca:89:cc:9a:d7:b4:5d:d5:ec:01:04:33:e4:de:e6:
8e:83:0a:f4
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICGYowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUQwM0ExMTAvBgNVBAUTKDYxNUVEODRDNDRFNjU3RjcwOTVFMDIxMkFGRUEwNTJD
NTQyQTBEOTEwHhcNMjUwMzIwMTIzNTU2WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2RjMGJhYi0zNWExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr7M0wlEKlG4e4z94LboAODTAHdPGyDdj0y5Wx3S65wPQHE5Y+WoA4bIDaRAP
VJCFNrbTto0axt4GvJDBceo8g7g4TiQCux9Be6g/+u+TK/DwRJzokqWnWSnxHI/Q
kreekmKUowqvOlBLVFKmYrBoG1pIyl7SXreNUQ49wvojE83yzL01bKLlxGolcD+Q
t3+A0/C15HWmweV5ZPeTDFIw3Nbckr8z8OCdilSMcol4uGfIyEo/Y8yLn0beeJ5n
euCDrExet8UCDutwg0cwdnBEnx/16b3YufElSSwwnfREd7ahoHnZ69XZKklFTtL3
4m2p0iSo2TsUxSXIEDkdXBXjpwIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFAnHDoX9
VOxoFXG/YUIdcDmaP1L6MB8GA1UdIwQYMBaAFGFe2ExE5lf3CV4CEq/qBSxUKg2R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1RDAzQS8xQjY0NzcxMDky
NDYxMUU3OUFBRUJFMTBDNEY5QUUwMi9ZVjdZVEVUbVZfY0pYZ0lTci1vRkxGUXFE
WkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lWN1lURVRtVl9jSlhnSVNyLW9GTEZRcURaRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUQwM0EvMUI2NDc3MTA5MjQ2MTFFNzlBQUVCRTEwQzRGOUFFMDIvREU1NDI3OTAw
NTg3MTFGMDkyOEZCODY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMEMEAgABMD0DBAIr/ngDBAY7l4ADBAY8/oADBAJn7pQwCwMDAXbWAwQGdteA
AwQFevwgAwQEevyAAwQHfTiAAwQGffzAMA0EAgACMAcDBQAkBZYAMA0GCSqGSIb3
DQEBCwUAA4IBAQA6EOflQQ7YsniMDZp7pvuHLfDMkhMNe9b2k1NqOwUQGIgL+lBQ
rpr+AgEf+jgntG2NcbIna6yRyOgQA87LwXFLWk1bthh4bDGGSg4pL+cjlx0mU6J/
9HM5Gilofklcm8rBVem3clUU8ZuP1Glmu/3PAMaaMuje5JFR6ybprYt25TEqshQN
fu2jVWtfQz9EZZGwjpbNxZbIthk3CLYbBbEDhnErmxC5Jc1ZgXdqItPnizbq/Elm
sq7jIYrPGo0IuEWD+rz6J8nfYOAUN5ANUSpBgoNcvYyie3r5/Lxi8cVfnGHnqsKj
/oJ/dqg3aFDKicya17Rd1ewBBDPk3uaOgwr0
-----END CERTIFICATE-----
Generated at Sat Apr 5 23:06:03 2025 by rpki-client