Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9110D07/D3E889D48E7F11EE8E97B484C4F9AE02/394FFB60AA1211EE8C78FC31C4F9AE02.roa
File: 394FFB60AA1211EE8C78FC31C4F9AE02.roa (raw, json)
Hash identifier: Xm1w04xiBRppJF2hvZNZnqWc0GxvoUgLaysnM6BZ/hE=
Subject key identifier: CE:4C:35:F5:9A:94:BD:C2:BC:B5:25:22:58:D7:8B:D7:14:CF:D9:96
Certificate issuer: /CN=A9110D07/serialNumber=4AC95C8A975E4CF310842C95564051753DEB0289
Certificate serial: 2A
Authority key identifier: 4A:C9:5C:8A:97:5E:4C:F3:10:84:2C:95:56:40:51:75:3D:EB:02:89
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SslcipdeTPMQhCyVVkBRdT3rAok.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9110D07/D3E889D48E7F11EE8E97B484C4F9AE02/394FFB60AA1211EE8C78FC31C4F9AE02.roa
Signing time: Wed 03 Jan 2024 08:36:29 +0000
ROA not before: Wed 03 Jan 2024 08:36:29 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 152300
IP address blocks: 36.50.18.0/23 maxlen: 23
36.50.18.0/24 maxlen: 24
36.50.19.0/24 maxlen: 24
2001:df3:51c0::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42 (0x2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9110D07
Validity
Not Before: Jan 3 08:36:29 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=65951c8c-96af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:d1:6f:55:45:f7:9e:2f:ed:1c:84:72:2b:72:
48:e5:74:17:01:aa:cb:eb:b7:43:13:76:f0:3f:7a:
50:c6:37:ad:02:72:b5:8f:f8:a9:ab:33:ac:ab:60:
b0:a2:c7:3c:bf:4f:35:3f:99:f6:94:d1:91:0e:84:
e3:4e:4d:fd:2d:84:f7:54:3c:99:06:4d:1c:2a:2e:
c7:4a:5e:59:4b:22:42:b1:36:4c:d4:f7:25:9a:6c:
eb:d5:7f:c5:35:7e:41:44:11:b6:e7:d0:e6:c5:2c:
9f:20:56:76:d2:43:18:16:38:b6:3f:e4:82:21:dc:
f4:70:76:15:fc:81:93:da:59:e2:81:c3:8d:7e:25:
ea:3b:8c:f2:f5:a0:e3:c3:ab:03:82:34:60:06:35:
ce:a9:86:9a:0e:88:2a:0b:94:fd:80:69:f9:61:a3:
30:fa:4b:58:11:36:61:4e:8e:e9:12:b8:81:3e:b5:
e6:3c:e7:7e:0a:62:c3:48:ed:5e:a4:a3:2c:91:9c:
82:3a:63:2f:fb:d5:e6:0b:12:64:09:b2:62:05:32:
1b:7b:45:48:11:ba:44:1b:a9:17:ba:76:0b:5c:d3:
fc:8f:d2:4d:1d:e8:79:ac:33:a3:71:72:a4:d5:10:
73:44:09:12:89:97:1e:e4:22:ac:16:5c:f1:5b:85:
70:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:4C:35:F5:9A:94:BD:C2:BC:B5:25:22:58:D7:8B:D7:14:CF:D9:96
X509v3 Authority Key Identifier:
keyid:4A:C9:5C:8A:97:5E:4C:F3:10:84:2C:95:56:40:51:75:3D:EB:02:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9110D07/D3E889D48E7F11EE8E97B484C4F9AE02/SslcipdeTPMQhCyVVkBRdT3rAok.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SslcipdeTPMQhCyVVkBRdT3rAok.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9110D07/D3E889D48E7F11EE8E97B484C4F9AE02/394FFB60AA1211EE8C78FC31C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
36.50.18.0/23
IPv6:
2001:df3:51c0::/48
Signature Algorithm: sha256WithRSAEncryption
5e:e5:cf:3f:16:ef:90:d2:5c:8d:97:b2:29:c4:5d:57:f3:43:
c2:28:98:96:42:e0:44:1b:ab:fa:f9:7d:cc:1b:d0:16:59:28:
d4:a7:72:d6:1e:1d:20:21:c5:3c:07:8a:f2:3d:69:73:a0:af:
e7:b1:91:90:c9:eb:06:e4:1a:f6:1d:42:57:38:5e:15:a3:13:
9f:d5:31:e3:16:62:80:8b:0c:35:1f:ba:d5:44:f2:f2:ff:0d:
4d:9a:b2:a5:6c:e3:5d:24:c4:e5:ac:df:72:48:3a:bc:63:b4:
7b:1f:a3:c8:b3:bd:17:a2:a1:4c:8e:f8:c0:0e:60:b0:e2:e3:
87:c4:15:66:30:50:5a:58:2e:12:95:4b:3c:89:7f:03:49:74:
b5:9e:60:06:cb:f2:6b:94:21:3c:aa:4e:27:31:ba:53:f8:db:
34:73:9f:f1:26:ce:71:ed:d6:de:0e:a8:17:0a:32:f9:f1:23:
eb:b7:96:f1:75:78:73:f1:82:4b:16:95:6d:22:e3:f5:0d:85:
56:db:d8:67:c0:3d:87:5a:25:1a:b5:bb:e9:5f:5e:b5:5e:39:
5f:ed:9c:b0:15:c4:25:f9:12:9c:30:5c:74:54:7c:c3:cc:5f:
55:e2:9f:09:aa:50:6e:6e:d8:64:be:7d:94:32:01:92:29:e2:
58:94:b5:7b
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBKjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
MEQwNzExMC8GA1UEBRMoNEFDOTVDOEE5NzVFNENGMzEwODQyQzk1NTY0MDUxNzUz
REVCMDI4OTAeFw0yNDAxMDMwODM2MjlaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OTUxYzhjLTk2YWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCs0W9VRfeeL+0chHIrckjldBcBqsvrt0MTdvA/elDGN60CcrWP+KmrM6yrYLCi
xzy/TzU/mfaU0ZEOhONOTf0thPdUPJkGTRwqLsdKXllLIkKxNkzU9yWabOvVf8U1
fkFEEbbn0ObFLJ8gVnbSQxgWOLY/5IIh3PRwdhX8gZPaWeKBw41+Jeo7jPL1oOPD
qwOCNGAGNc6phpoOiCoLlP2AaflhozD6S1gRNmFOjukSuIE+teY8534KYsNI7V6k
oyyRnII6Yy/71eYLEmQJsmIFMht7RUgRukQbqRe6dgtc0/yP0k0d6HmsM6NxcqTV
EHNECRKJlx7kIqwWXPFbhXAhAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUzkw19ZqU
vcK8tSUiWNeL1xTP2ZYwHwYDVR0jBBgwFoAUSslcipdeTPMQhCyVVkBRdT3rAokw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTEwRDA3L0QzRTg4OUQ0OEU3
RjExRUU4RTk3QjQ4NEM0RjlBRTAyL1NzbGNpcGRlVFBNUWhDeVZWa0JSZFQzckFv
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvU3NsY2lwZGVUUE1RaEN5VlZrQlJkVDNyQW9rLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
MEQwNy9EM0U4ODlENDhFN0YxMUVFOEU5N0I0ODRDNEY5QUUwMi8zOTRGRkI2MEFB
MTIxMUVFOEM3OEZDMzFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEASQyEjAPBAIAAjAJAwcAIAEN81HAMA0GCSqGSIb3DQEBCwUA
A4IBAQBe5c8/Fu+Q0lyNl7IpxF1X80PCKJiWQuBEG6v6+X3MG9AWWSjUp3LWHh0g
IcU8B4ryPWlzoK/nsZGQyesG5Br2HUJXOF4VoxOf1THjFmKAiww1H7rVRPLy/w1N
mrKlbONdJMTlrN9ySDq8Y7R7H6PIs70XoqFMjvjADmCw4uOHxBVmMFBaWC4SlUs8
iX8DSXS1nmAGy/JrlCE8qk4nMbpT+Ns0c5/xJs5x7dbeDqgXCjL58SPrt5bxdXhz
8YJLFpVtIuP1DYVW29hnwD2HWiUatbvpX161Xjlf7ZywFcQl+RKcMFx0VHzDzF9V
4p8JqlBubthkvn2UMgGSKeJYlLV7
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:37:27 2025 by rpki-client