Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/B43DA4A87A0511EFBB046B51C4F9AE02.roa
File: B43DA4A87A0511EFBB046B51C4F9AE02.roa (raw, json)
Hash identifier: J0lUWv90uI4AQahWaH6MYwf2+W9Jy7Tpc810hB+aeHw=
Subject key identifier: 8E:B5:22:50:31:CD:86:5D:16:6F:18:73:D0:84:EB:C1:41:C9:2B:C5
Certificate issuer: /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial: 0718
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/B43DA4A87A0511EFBB046B51C4F9AE02.roa
Signing time: Sun 09 Feb 2025 03:07:37 +0000
ROA not before: Sun 09 Feb 2025 03:07:37 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 137451
IP address blocks: 43.252.209.0/24 maxlen: 24
43.252.210.0/24 maxlen: 24
103.20.220.0/24 maxlen: 24
103.20.221.0/24 maxlen: 24
103.225.198.0/24 maxlen: 24
103.228.64.0/24 maxlen: 24
103.234.54.0/24 maxlen: 24
150.107.1.0/24 maxlen: 24
150.107.2.0/24 maxlen: 24
150.107.3.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1816 (0x718)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911B412
Validity
Not Before: Feb 9 03:07:37 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67a81bf9-fee3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:e3:f0:36:8d:d4:51:3b:a3:75:4b:ca:2a:4f:
60:f0:b3:a7:43:61:99:f5:af:89:51:79:eb:e6:19:
35:03:7e:81:a2:96:f8:40:d9:24:33:6a:33:cc:69:
ba:ad:87:4e:d5:f3:22:90:e0:f9:05:92:32:aa:1b:
14:eb:52:f8:85:90:e4:56:7c:41:0c:04:2a:85:b8:
eb:4f:fd:9b:a9:45:dd:6d:f4:7e:ab:b2:58:49:04:
0c:6a:e0:27:dd:9d:a9:fb:6a:81:a6:ef:3f:46:a9:
c1:d4:36:15:1f:26:b0:e4:7a:bd:36:96:03:b3:f9:
be:d2:cb:cb:de:84:cd:7f:53:5e:31:0d:99:ef:30:
a8:b2:2d:f9:41:90:c7:1c:04:61:da:96:da:7c:d0:
8e:55:d8:33:d9:88:b6:4c:a0:6b:90:d8:66:1f:03:
df:6d:36:d5:ae:9e:6c:87:94:98:ad:f1:1d:55:e2:
9f:3a:51:b9:7c:65:df:ec:fa:16:6f:ff:63:89:26:
a0:15:0d:07:27:36:fe:c5:34:72:6f:48:c2:a9:d8:
53:9b:06:5d:f1:30:6d:cf:e9:73:24:16:45:3d:38:
92:ea:82:5f:13:b4:c5:31:22:6d:aa:80:2f:d7:00:
f6:e4:05:1d:93:e8:15:6d:f4:c8:be:fb:d4:01:b2:
fe:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:B5:22:50:31:CD:86:5D:16:6F:18:73:D0:84:EB:C1:41:C9:2B:C5
X509v3 Authority Key Identifier:
keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/B43DA4A87A0511EFBB046B51C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.209.0-43.252.210.255
103.20.220.0/23
103.225.198.0/24
103.228.64.0/24
103.234.54.0/24
150.107.1.0-150.107.3.255
Signature Algorithm: sha256WithRSAEncryption
64:dd:71:bd:78:4f:a1:b3:98:55:5b:63:27:b9:86:88:2a:fa:
ce:04:3f:cf:08:b0:7a:d9:26:b3:11:0a:65:4a:40:0f:19:e5:
ca:2b:61:22:dc:a0:2f:bf:f6:d5:09:95:34:fc:ed:7a:59:6e:
b0:3e:3c:86:20:e5:ab:6e:38:b8:fe:dd:6b:66:a6:d3:13:e5:
f5:10:20:bc:4c:4a:2a:9e:f1:61:ed:c8:7d:77:ca:6c:c0:5b:
19:6f:64:89:85:08:45:78:c0:df:36:5c:75:9e:fc:75:ba:0c:
9b:bf:a4:f8:20:9f:21:ed:c1:09:6f:e7:a8:f2:a4:45:4b:91:
18:b9:a7:7b:01:fc:cf:d0:cf:cc:4a:8d:84:5a:78:fb:18:4d:
3c:65:10:43:44:b2:f8:4a:a3:37:e6:84:69:40:b3:f9:0d:1a:
b7:03:54:76:a1:18:e5:ba:08:fb:3d:38:85:52:1c:2b:dc:80:
e8:20:e9:63:3c:a5:33:19:b2:6d:37:63:a9:4f:56:f7:87:4c:
dc:5c:95:c5:01:3f:a6:85:0a:50:ff:e0:c7:3b:37:7a:0a:50:
b8:ff:b8:41:9c:40:44:bf:f7:ec:50:f0:7b:69:66:8a:d6:44:
96:fb:51:e9:71:1b:ff:49:1d:e0:d2:5d:87:10:5a:24:0c:3d:
be:67:4b:62
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICBxgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjUwMjA5MDMwNzM3WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2E4MWJmOS1mZWUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu+PwNo3UUTujdUvKKk9g8LOnQ2GZ9a+JUXnr5hk1A36Bopb4QNkkM2ozzGm6
rYdO1fMikOD5BZIyqhsU61L4hZDkVnxBDAQqhbjrT/2bqUXdbfR+q7JYSQQMauAn
3Z2p+2qBpu8/RqnB1DYVHyaw5Hq9NpYDs/m+0svL3oTNf1NeMQ2Z7zCosi35QZDH
HARh2pbafNCOVdgz2Yi2TKBrkNhmHwPfbTbVrp5sh5SYrfEdVeKfOlG5fGXf7PoW
b/9jiSagFQ0HJzb+xTRyb0jCqdhTmwZd8TBtz+lzJBZFPTiS6oJfE7TFMSJtqoAv
1wD25AUdk+gVbfTIvvvUAbL+1wIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFI61IlAx
zYZdFm8Yc9CE68FBySvFMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvQjQzREE0QTg3
QTA1MTFFRkJCMDQ2QjUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQwDAMEACv80QMEACv80gMEAWcU3AMEAGfhxgMEAGfkQAMEAGfq
NjAMAwQAlmsBAwQClmsAMA0GCSqGSIb3DQEBCwUAA4IBAQBk3XG9eE+hs5hVW2Mn
uYaIKvrOBD/PCLB62SazEQplSkAPGeXKK2Ei3KAvv/bVCZU0/O16WW6wPjyGIOWr
bji4/t1rZqbTE+X1ECC8TEoqnvFh7ch9d8pswFsZb2SJhQhFeMDfNlx1nvx1ugyb
v6T4IJ8h7cEJb+eo8qRFS5EYuad7AfzP0M/MSo2EWnj7GE08ZRBDRLL4SqM35oRp
QLP5DRq3A1R2oRjlugj7PTiFUhwr3IDoIOljPKUzGbJtN2OpT1b3h0zcXJXFAT+m
hQpQ/+DHOzd6ClC4/7hBnEBEv/fsUPB7aWaK1kSW+1HpcRv/SR3g0l2HEFokDD2+
Z0ti
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:22:54 2025 by rpki-client