Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/890DF822FA4411EFAE3BCB3CC4F9AE02.roa
File: 890DF822FA4411EFAE3BCB3CC4F9AE02.roa (raw, json)
Hash identifier: 8RVQ/v+vZFxXGeibcpu8Nd/wzU9sdJs6znnk+5MjJPc=
Subject key identifier: AB:90:3D:49:06:58:18:66:A4:41:DE:4A:EC:55:70:DB:1F:98:91:CC
Certificate issuer: /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial: 0752
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/890DF822FA4411EFAE3BCB3CC4F9AE02.roa
Signing time: Thu 06 Mar 2025 04:36:59 +0000
ROA not before: Thu 06 Mar 2025 04:36:59 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 137451
IP address blocks: 43.252.209.0/24 maxlen: 24
43.252.210.0/24 maxlen: 24
103.20.220.0/24 maxlen: 24
103.20.221.0/24 maxlen: 24
103.225.198.0/24 maxlen: 24
103.228.64.0/24 maxlen: 24
103.234.54.0/24 maxlen: 24
150.107.1.0/24 maxlen: 24
150.107.2.0/24 maxlen: 24
150.107.3.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1874 (0x752)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911B412
Validity
Not Before: Mar 6 04:36:59 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67c9266b-bc65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:6c:ba:4d:b8:4e:7c:44:ff:6a:cd:2c:d3:b1:
0e:1d:9f:d2:7a:2d:00:c2:47:21:02:be:30:8d:19:
b2:7e:65:f9:6f:6d:ce:21:4a:91:e5:d4:58:d3:f9:
47:8c:08:47:aa:a3:96:52:b6:1c:6e:39:91:1d:49:
f7:af:4e:74:9b:3f:26:3b:41:b8:78:3c:25:f9:d6:
21:75:2c:42:1f:8c:fe:8d:1b:cb:d8:33:28:e1:30:
04:47:43:70:50:96:bd:8c:65:21:60:bc:5f:a4:ce:
da:f1:40:c2:74:33:7e:01:25:be:2c:a9:63:18:16:
ef:d1:e7:ea:d1:7f:13:e1:9d:f0:ff:f9:f1:6c:7c:
85:f2:33:bb:13:88:ea:51:df:62:31:07:29:ea:30:
ea:45:68:d8:11:a2:8c:f1:a7:32:01:62:26:8e:6e:
d3:ab:e3:33:1f:de:8f:84:e7:ca:6f:b4:ae:5f:2f:
78:6d:fc:ad:55:a9:9e:92:89:f4:51:e9:bc:f7:37:
22:c2:4e:15:55:66:9c:d2:5b:c6:8c:b5:d8:83:ed:
a8:89:36:2f:b4:14:a5:03:66:a4:c4:7e:b2:df:7a:
7c:98:0c:8b:73:ab:8a:e6:1d:3d:0d:9c:78:14:d2:
e2:5f:9c:5c:04:4c:8e:fa:51:4d:09:7c:b1:de:e7:
cd:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:90:3D:49:06:58:18:66:A4:41:DE:4A:EC:55:70:DB:1F:98:91:CC
X509v3 Authority Key Identifier:
keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/890DF822FA4411EFAE3BCB3CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.209.0-43.252.210.255
103.20.220.0/23
103.225.198.0/24
103.228.64.0/24
103.234.54.0/24
150.107.1.0-150.107.3.255
Signature Algorithm: sha256WithRSAEncryption
80:fd:e2:86:57:62:fe:7a:9c:59:93:81:51:33:41:80:32:e9:
ef:45:b3:b2:5e:26:ab:73:d3:83:d9:03:93:e5:c5:5c:f3:02:
d6:8f:31:fd:5e:6b:d0:9a:14:54:90:94:44:e0:ad:83:93:a9:
01:d7:5a:69:76:51:a6:f9:a5:55:ec:65:20:90:cc:fb:06:b5:
1b:ec:70:70:a3:79:b8:f4:68:be:a0:75:d3:49:18:57:bf:be:
f6:62:1e:76:b7:78:12:9d:67:51:78:a6:fd:91:9e:31:29:38:
3d:75:0e:b5:e8:6b:b6:a7:bc:2d:88:62:68:b0:7f:99:f8:ac:
24:65:61:6c:3d:8b:1a:62:d7:f3:dd:50:20:24:e6:07:55:36:
34:29:24:0f:cd:09:03:c5:97:c1:e9:83:86:ce:5d:71:c3:d3:
02:45:37:ec:33:e2:41:0a:45:0a:0c:82:6e:84:95:b3:ae:79:
40:9f:5c:ec:92:ad:e5:eb:75:dd:59:65:ec:9c:94:ae:94:8a:
45:d5:23:c8:c2:c1:ff:3e:d5:e9:0a:6e:34:78:7e:bb:e3:1e:
35:03:7a:0c:77:20:08:93:27:1a:f7:fc:6d:90:f3:6a:c4:c0:
70:0d:f3:2e:9f:9b:b7:36:55:b4:f8:e8:39:67:50:84:6b:23:
d1:cf:62:6b
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICB1IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjUwMzA2MDQzNjU5WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M5MjY2Yi1iYzY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm2y6TbhOfET/as0s07EOHZ/Sei0AwkchAr4wjRmyfmX5b23OIUqR5dRY0/lH
jAhHqqOWUrYcbjmRHUn3r050mz8mO0G4eDwl+dYhdSxCH4z+jRvL2DMo4TAER0Nw
UJa9jGUhYLxfpM7a8UDCdDN+ASW+LKljGBbv0efq0X8T4Z3w//nxbHyF8jO7E4jq
Ud9iMQcp6jDqRWjYEaKM8acyAWImjm7Tq+MzH96PhOfKb7SuXy94bfytVamekon0
Uem89zciwk4VVWac0lvGjLXYg+2oiTYvtBSlA2akxH6y33p8mAyLc6uK5h09DZx4
FNLiX5xcBEyO+lFNCXyx3ufNWQIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFKuQPUkG
WBhmpEHeSuxVcNsfmJHMMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvODkwREY4MjJG
QTQ0MTFFRkFFM0JDQjNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQwDAMEACv80QMEACv80gMEAWcU3AMEAGfhxgMEAGfkQAMEAGfq
NjAMAwQAlmsBAwQClmsAMA0GCSqGSIb3DQEBCwUAA4IBAQCA/eKGV2L+epxZk4FR
M0GAMunvRbOyXiarc9OD2QOT5cVc8wLWjzH9XmvQmhRUkJRE4K2Dk6kB11ppdlGm
+aVV7GUgkMz7BrUb7HBwo3m49Gi+oHXTSRhXv772Yh52t3gSnWdReKb9kZ4xKTg9
dQ616Gu2p7wtiGJosH+Z+KwkZWFsPYsaYtfz3VAgJOYHVTY0KSQPzQkDxZfB6YOG
zl1xw9MCRTfsM+JBCkUKDIJuhJWzrnlAn1zskq3l63XdWWXsnJSulIpF1SPIwsH/
PtXpCm40eH674x41A3oMdyAIkyca9/xtkPNqxMBwDfMun5u3NlW0+Og5Z1CEayPR
z2Jr
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:15:42 2025 by rpki-client