Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/849EBBA60CCA11ED97820077C4F9AE02.roa
File: 849EBBA60CCA11ED97820077C4F9AE02.roa (raw, json)
Hash identifier: GSV2og2vZfzpYKFvoDWTGBKAz8dr3rumZNKGGO3jHY0=
Subject key identifier: 20:31:4D:18:97:2B:93:AE:3F:F7:20:88:3D:26:15:4C:B6:34:9D:2F
Certificate issuer: /CN=A91CFFA0/serialNumber=ADD9418F0F9B55F3B7376A093DB11DBAD3AEFEC8
Certificate serial: 0EB1
Authority key identifier: AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/849EBBA60CCA11ED97820077C4F9AE02.roa
Signing time: Tue 14 Jan 2025 18:16:14 +0000
ROA not before: Tue 14 Jan 2025 18:16:14 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 133772
IP address blocks: 61.14.172.0/24 maxlen: 24
125.252.69.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3761 (0xeb1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CFFA0
Validity
Not Before: Jan 14 18:16:14 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=6786a9ee-6bcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:9f:01:1d:71:d3:06:87:11:2e:c9:8a:7f:3a:
5c:fb:dc:6d:4b:7f:fc:7a:f1:5e:f3:ca:92:ed:f0:
73:16:cc:61:7f:48:2c:cb:35:32:9f:e6:68:87:34:
1e:9e:db:c9:16:ed:e5:80:5a:83:71:83:9b:e1:ca:
de:42:18:c7:8e:ad:43:4f:a7:da:3e:50:7d:51:75:
30:dd:07:09:67:e9:c2:ed:9b:4d:76:c1:3b:62:ef:
4b:86:6f:58:e5:93:9b:a9:a6:54:de:55:9a:61:3f:
e8:00:25:d8:25:99:d8:d9:ee:4e:86:f9:37:bd:4c:
0b:de:d6:6d:56:f2:ec:1f:0c:a0:ae:9e:0a:39:f7:
c0:48:66:6d:67:cd:47:3e:b1:d7:1a:f7:14:b9:0e:
c0:85:37:c1:0f:9a:f5:fb:cd:0f:bd:de:88:0f:71:
cb:e4:29:84:90:02:03:de:bb:91:fd:d6:47:7e:5f:
72:13:d8:27:de:f5:86:5f:2f:77:d8:02:47:32:66:
fa:17:5c:cf:53:2a:ad:d2:f9:d1:9f:eb:37:55:b2:
73:a4:2c:08:20:45:c9:26:54:f3:b2:dd:9d:b2:7f:
66:4a:23:11:65:0b:03:88:d2:3f:35:e0:3d:0f:99:
0e:0e:b0:5f:20:d1:35:08:e3:79:ca:c2:73:9b:54:
c1:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:31:4D:18:97:2B:93:AE:3F:F7:20:88:3D:26:15:4C:B6:34:9D:2F
X509v3 Authority Key Identifier:
keyid:AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/rdlBjw-bVfO3N2oJPbEdutOu_sg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/849EBBA60CCA11ED97820077C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
61.14.172.0/24
125.252.69.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:21:ae:18:3f:5e:60:dd:03:c8:12:0f:d9:c8:0f:11:5e:dd:
de:6e:42:41:a5:a7:e0:02:04:5a:6b:d4:c8:e4:2c:9b:06:54:
af:f8:e9:0c:9e:0f:31:b5:cc:8a:84:fa:85:cd:16:1c:9d:4b:
30:19:91:f0:6d:2a:74:79:5a:96:ae:06:3d:db:06:8e:5e:2a:
be:88:b7:01:87:51:59:4a:5b:99:57:ba:e2:15:be:0d:18:19:
e8:94:f4:92:d3:a6:4f:32:56:6f:de:73:7c:87:5a:86:c4:ae:
95:ee:63:c2:00:43:b6:29:af:42:9a:81:fd:61:83:b3:cb:91:
a1:9e:95:0a:50:d5:8b:27:23:af:7c:ad:81:2b:8b:e4:03:e4:
0f:ae:bb:09:9e:63:37:73:92:e9:c0:b3:c0:04:4e:ac:53:d6:
07:eb:0f:9a:58:34:f8:62:6d:cd:1b:a0:50:a7:54:30:b3:2f:
5a:ad:a3:0b:a2:3c:6e:3b:79:5f:a0:23:af:a3:e0:00:05:a3:
54:1c:12:dd:db:51:d7:58:e3:85:a9:fe:64:59:cf:a1:de:21:
dd:ac:d8:ad:10:4b:6f:98:79:55:6b:8f:fe:75:26:da:16:01:
ce:be:b0:7e:22:41:fe:73:64:db:eb:20:ad:ac:0e:5f:75:42:
cb:b8:da:60
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDrEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0ZGQTAxMTAvBgNVBAUTKEFERDk0MThGMEY5QjU1RjNCNzM3NkEwOTNEQjExREJB
RDNBRUZFQzgwHhcNMjUwMTE0MTgxNjE0WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzg2YTllZS02YmNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs58BHXHTBocRLsmKfzpc+9xtS3/8evFe88qS7fBzFsxhf0gsyzUyn+ZohzQe
ntvJFu3lgFqDcYOb4creQhjHjq1DT6faPlB9UXUw3QcJZ+nC7ZtNdsE7Yu9Lhm9Y
5ZObqaZU3lWaYT/oACXYJZnY2e5Ohvk3vUwL3tZtVvLsHwygrp4KOffASGZtZ81H
PrHXGvcUuQ7AhTfBD5r1+80Pvd6ID3HL5CmEkAID3ruR/dZHfl9yE9gn3vWGXy93
2AJHMmb6F1zPUyqt0vnRn+s3VbJzpCwIIEXJJlTzst2dsn9mSiMRZQsDiNI/NeA9
D5kODrBfINE1CON5ysJzm1TBywIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCAxTRiX
K5OuP/cgiD0mFUy2NJ0vMB8GA1UdIwQYMBaAFK3ZQY8Pm1XztzdqCT2xHbrTrv7I
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRkZBMC8xRDY2RDQ4NkQ4
Q0IxMUU5QkFFMjREMjFDNEY5QUUwMi9yZGxCanctYlZmTzNOMm9KUGJFZHV0T3Vf
c2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JkbEJqdy1iVmZPM04yb0pQYkVkdXRPdV9zZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0ZGQTAvMUQ2NkQ0ODZEOENCMTFFOUJBRTI0RDIxQzRGOUFFMDIvODQ5RUJCQTYw
Q0NBMTFFRDk3ODIwMDc3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAA9DqwDBAB9/EUwDQYJKoZIhvcNAQELBQADggEBAI0hrhg/
XmDdA8gSD9nIDxFe3d5uQkGlp+ACBFpr1MjkLJsGVK/46QyeDzG1zIqE+oXNFhyd
SzAZkfBtKnR5WpauBj3bBo5eKr6ItwGHUVlKW5lXuuIVvg0YGeiU9JLTpk8yVm/e
c3yHWobErpXuY8IAQ7Ypr0Kagf1hg7PLkaGelQpQ1YsnI698rYEri+QD5A+uuwme
YzdzkunAs8AETqxT1gfrD5pYNPhibc0boFCnVDCzL1qtowuiPG47eV+gI6+j4AAF
o1QcEt3bUddY44Wp/mRZz6HeId2s2K0QS2+YeVVrj/51JtoWAc6+sH4iQf5zZNvr
IK2sDl91Qsu42mA=
-----END CERTIFICATE-----
Generated at Mon Apr 7 04:14:40 2025 by rpki-client