Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/3C1DF00C368D11EEA7B3FA13C4F9AE02.roa
File: 3C1DF00C368D11EEA7B3FA13C4F9AE02.roa (raw, json)
Hash identifier: IscVLiJumvpDTuWKLpbUJMJQdbaI+3Hbxqo/gKyEhNY=
Subject key identifier: 70:A4:BC:BC:37:8F:4A:D7:BC:C9:A6:A9:3B:07:00:91:F6:C5:48:B3
Certificate issuer: /CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Certificate serial: 045F
Authority key identifier: ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/3C1DF00C368D11EEA7B3FA13C4F9AE02.roa
Signing time: Wed 09 Aug 2023 08:17:52 +0000
ROA not before: Wed 09 Aug 2023 08:17:52 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 834
IP address blocks: 43.247.134.0/24 maxlen: 24
43.254.166.0/24 maxlen: 24
43.255.120.0/24 maxlen: 24
43.255.156.0/24 maxlen: 24
43.255.158.0/23 maxlen: 24
103.24.216.0/23 maxlen: 24
103.231.58.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1119 (0x45f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9139322
Validity
Not Before: Aug 9 08:17:52 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=64d34bb0-afb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:73:b3:36:47:b4:37:fe:24:de:c0:09:c1:66:
95:13:34:d6:23:9e:14:f0:a5:93:88:8b:0a:6d:4b:
23:20:49:9c:7b:eb:46:f3:e3:fe:21:a8:c9:d8:ef:
24:bd:7f:e2:7d:a2:d3:1f:3c:8e:f3:6f:e1:bc:59:
0e:a3:7d:94:37:73:06:34:bc:5b:e6:c4:e2:85:08:
a6:f6:24:55:c5:ef:55:e5:4f:4a:9a:ed:7a:9d:dd:
5b:1c:9e:ce:bc:08:a0:4b:69:c7:77:12:53:fc:23:
2b:62:56:22:4b:38:1e:00:72:be:71:71:59:8b:02:
43:62:75:1c:a0:bc:1e:47:eb:47:95:a9:31:e7:64:
a4:02:37:b7:eb:69:9e:85:d6:a5:fd:e1:13:c6:32:
aa:80:c5:53:6d:dd:bf:5b:07:86:ff:96:40:f4:1d:
06:9e:3e:bd:24:cd:08:cb:04:b2:05:2d:de:c5:55:
86:5c:04:2f:c1:63:52:df:fd:dd:77:e5:e0:e6:df:
b1:ea:d8:53:ba:92:7b:61:34:f4:47:5f:83:25:95:
8e:a4:6c:26:77:5d:d2:02:b7:d5:74:64:9e:72:50:
c3:d3:06:f4:b5:ea:84:ab:1b:a6:18:a9:0c:9c:c8:
9b:d0:8f:d3:17:80:b7:a9:95:25:4b:6c:a9:63:e6:
ed:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:A4:BC:BC:37:8F:4A:D7:BC:C9:A6:A9:3B:07:00:91:F6:C5:48:B3
X509v3 Authority Key Identifier:
keyid:ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/7cVHvQ5sDAcGoYWDODX2XqPHEBM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/3C1DF00C368D11EEA7B3FA13C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.247.134.0/24
43.254.166.0/24
43.255.120.0/24
43.255.156.0/24
43.255.158.0/23
103.24.216.0/23
103.231.58.0/23
Signature Algorithm: sha256WithRSAEncryption
af:06:32:4f:26:36:fd:1c:7e:7b:d5:20:f0:b6:89:d7:e4:dc:
05:53:1b:8f:dc:6b:44:54:21:7f:79:9d:d4:d9:49:96:3b:21:
22:68:16:78:57:7e:cf:17:d6:d9:a6:a2:f3:07:e8:27:dd:76:
ed:a1:77:57:2c:d6:c3:d3:5a:40:af:5f:81:e2:10:7f:80:b1:
cf:e9:13:3d:8a:9e:9e:c1:b6:b7:0d:ca:8c:cd:a5:18:2d:44:
9d:78:03:f0:a9:e5:d0:57:c4:d2:3c:68:58:8e:b0:a9:29:d7:
e9:91:12:a1:26:07:13:e6:30:6c:56:21:68:14:16:2d:d6:a4:
b6:1d:97:30:db:c2:e5:0b:38:08:93:6f:91:73:5d:eb:d1:4e:
de:ee:f5:4f:da:a2:10:3b:a1:82:ff:ff:69:81:8f:eb:e7:cf:
d8:9e:86:46:df:68:2b:b5:61:21:04:a4:37:33:3a:a8:7c:f3:
80:e9:37:7e:44:45:fd:a1:94:41:f1:ac:24:bd:f3:91:a6:da:
8e:9c:4f:fd:cc:11:9f:61:32:23:99:dd:f2:e2:44:64:f8:05:
09:f4:45:83:94:55:d8:40:a6:a1:ed:de:ce:00:90:7e:7c:52:
b8:71:c3:54:3a:24:d6:81:a7:73:af:ee:bd:c1:ed:49:d0:fc:
19:05:89:99
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICBF8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzkzMjIxMTAvBgNVBAUTKEVEQzU0N0JEMEU2QzBDMDcwNkExODU4MzM4MzVGNjVF
QTNDNzEwMTMwHhcNMjMwODA5MDgxNzUyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGQzNGJiMC1hZmIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2HOzNke0N/4k3sAJwWaVEzTWI54U8KWTiIsKbUsjIEmce+tG8+P+IajJ2O8k
vX/ifaLTHzyO82/hvFkOo32UN3MGNLxb5sTihQim9iRVxe9V5U9Kmu16nd1bHJ7O
vAigS2nHdxJT/CMrYlYiSzgeAHK+cXFZiwJDYnUcoLweR+tHlakx52SkAje362me
hdal/eETxjKqgMVTbd2/WweG/5ZA9B0Gnj69JM0IywSyBS3exVWGXAQvwWNS3/3d
d+Xg5t+x6thTupJ7YTT0R1+DJZWOpGwmd13SArfVdGSeclDD0wb0teqEqxumGKkM
nMib0I/TF4C3qZUlS2ypY+bt+QIDAQABo4ICuTCCArUwHQYDVR0OBBYEFHCkvLw3
j0rXvMmmqTsHAJH2xUizMB8GA1UdIwQYMBaAFO3FR70ObAwHBqGFgzg19l6jxxAT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTMyMi8yQ0IxRUVCQUY2
NTMxMUVCQTFCNEE2MUFDNEY5QUUwMi83Y1ZIdlE1c0RBY0dvWVdET0RYMlhxUEhF
Qk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdjVkh2UTVzREFjR29ZV0RPRFgyWHFQSEVCTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzkzMjIvMkNCMUVFQkFGNjUzMTFFQkExQjRBNjFBQzRGOUFFMDIvM0MxREYwMEMz
NjhEMTFFRUE3QjNGQTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMDAEAgABMCoDBAAr94YDBAAr/qYDBAAr/3gDBAAr/5wDBAEr/54DBAFnGNgD
BAFn5zowDQYJKoZIhvcNAQELBQADggEBAK8GMk8mNv0cfnvVIPC2idfk3AVTG4/c
a0RUIX95ndTZSZY7ISJoFnhXfs8X1tmmovMH6Cfddu2hd1cs1sPTWkCvX4HiEH+A
sc/pEz2Knp7BtrcNyozNpRgtRJ14A/Cp5dBXxNI8aFiOsKkp1+mREqEmBxPmMGxW
IWgUFi3WpLYdlzDbwuULOAiTb5FzXevRTt7u9U/aohA7oYL//2mBj+vnz9iehkbf
aCu1YSEEpDczOqh884DpN35ERf2hlEHxrCS985Gm2o6cT/3MEZ9hMiOZ3fLiRGT4
BQn0RYOUVdhApqHt3s4AkH58Urhxw1Q6JNaBp3Ov7r3B7UnQ/BkFiZk=
-----END CERTIFICATE-----
Generated at Fri Apr 11 16:12:16 2025 by rpki-client