Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/476CAD520AC811F0A8700787C4F9AE02.roa
File: 476CAD520AC811F0A8700787C4F9AE02.roa (raw, json)
Hash identifier: GES2aJGb9vKXtXOggNobGX6z89xMp2LAUs1LwtMA5BI=
Subject key identifier: 8B:98:74:69:08:3F:7C:2A:8B:36:07:35:9B:75:7C:FF:09:9A:42:B9
Certificate issuer: /CN=A91450A4/serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Certificate serial: 07C1
Authority key identifier: 3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/476CAD520AC811F0A8700787C4F9AE02.roa
Signing time: Thu 27 Mar 2025 04:59:36 +0000
ROA not before: Thu 27 Mar 2025 04:59:36 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 133739
IP address blocks: 43.243.236.0/22 maxlen: 24
103.24.240.0/22 maxlen: 22
103.24.240.0/23 maxlen: 24
103.39.60.0/22 maxlen: 22
103.39.60.0/23 maxlen: 24
103.39.62.0/24 maxlen: 24
103.39.63.0/24 maxlen: 24
103.224.208.0/22 maxlen: 22
103.224.208.0/23 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1985 (0x7c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91450A4
Validity
Not Before: Mar 27 04:59:36 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67e4db37-ab70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:e6:43:28:b3:eb:b5:74:bc:f0:b6:03:60:e2:
f2:60:86:fb:b9:b9:12:27:28:d5:f0:b7:51:9a:4d:
1a:cb:0c:9f:17:1b:5e:2d:1c:c7:3e:e9:88:54:fd:
9a:5b:4a:36:d9:07:c0:21:56:ea:3a:45:86:b9:2c:
4a:68:4a:15:74:56:b7:24:79:e0:da:cb:f0:e8:8f:
5f:fb:7b:92:f5:1c:7a:4c:b9:56:65:fc:df:cd:9c:
40:e6:1c:d3:42:d6:8b:63:ce:b2:fa:d1:cf:f7:22:
9a:66:48:e1:ba:dd:36:82:3a:61:0b:cb:51:32:13:
80:4e:4d:f0:13:55:06:4e:a3:c7:5e:46:d7:d4:5c:
08:75:ee:91:54:91:08:52:68:42:bd:1b:16:9f:50:
4d:42:3b:ed:da:71:44:e9:ab:37:bc:6a:04:84:06:
c2:1f:3e:a7:6a:83:1f:e4:42:2f:b9:18:56:42:c2:
89:e1:dc:8a:9a:c9:a2:b8:4c:54:de:69:c9:3c:47:
01:33:d4:eb:d5:e6:11:26:82:e3:07:f1:06:c8:82:
25:ac:f6:4c:14:9f:98:60:2c:69:3a:24:67:87:a9:
12:1b:84:78:9c:88:6b:74:dd:ff:48:a4:fb:f7:20:
62:3f:fe:09:8e:25:9c:48:65:7f:15:9c:10:84:50:
11:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:98:74:69:08:3F:7C:2A:8B:36:07:35:9B:75:7C:FF:09:9A:42:B9
X509v3 Authority Key Identifier:
keyid:3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/476CAD520AC811F0A8700787C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.236.0/22
103.24.240.0/22
103.39.60.0/22
103.224.208.0/22
Signature Algorithm: sha256WithRSAEncryption
3b:2f:f2:a5:a2:7c:a8:4f:16:47:19:c9:e6:14:79:7e:fc:26:
fe:3b:2b:8c:fc:ac:83:2e:27:27:fd:89:aa:34:94:04:a9:a8:
71:b1:24:35:5a:a8:2c:ee:7e:2c:85:a6:1a:45:44:7b:9d:d0:
44:bd:a0:ad:c9:5b:d2:29:6a:80:11:67:87:5f:ad:30:64:78:
10:07:8c:b5:a3:61:87:68:71:06:2e:c2:66:c9:1f:d6:2d:9e:
f4:3f:99:1f:0b:a6:b7:1f:40:df:40:ca:cf:05:45:e2:ec:a2:
67:ab:46:d3:59:5f:ef:f5:3c:7a:55:0a:0e:b2:39:cb:5e:ae:
5f:40:5a:04:9e:ef:9e:d5:b1:20:01:a0:e3:5c:68:f7:5c:c9:
29:ff:40:98:11:ed:b0:4f:31:ef:8e:4b:1a:6b:a0:42:f2:70:
3e:44:0d:76:b6:c4:a0:47:f3:12:39:23:d8:d1:38:51:57:e0:
f5:4f:73:48:2c:6b:cd:84:2c:23:e2:d9:3f:79:36:6c:e7:58:
e7:d6:2d:6f:47:0d:38:45:f0:89:41:50:54:29:44:1d:0f:c7:
6e:fe:d9:62:b0:3b:3c:60:be:fd:1a:4a:ab:b2:04:dd:37:dd:
04:ab:ec:14:8a:18:a7:d0:47:fa:58:8c:02:a9:11:15:86:b7:
0c:13:b7:11
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICB8EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUwQTQxMTAvBgNVBAUTKDNEMUQ2QTMzMkFFQTRFQzUwMjAzN0EwOTA5RjRDQzE5
RDQyREIxOTgwHhcNMjUwMzI3MDQ1OTM2WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2U0ZGIzNy1hYjcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5uZDKLPrtXS88LYDYOLyYIb7ubkSJyjV8LdRmk0aywyfFxteLRzHPumIVP2a
W0o22QfAIVbqOkWGuSxKaEoVdFa3JHng2svw6I9f+3uS9Rx6TLlWZfzfzZxA5hzT
QtaLY86y+tHP9yKaZkjhut02gjphC8tRMhOATk3wE1UGTqPHXkbX1FwIde6RVJEI
UmhCvRsWn1BNQjvt2nFE6as3vGoEhAbCHz6naoMf5EIvuRhWQsKJ4dyKmsmiuExU
3mnJPEcBM9Tr1eYRJoLjB/EGyIIlrPZMFJ+YYCxpOiRnh6kSG4R4nIhrdN3/SKT7
9yBiP/4JjiWcSGV/FZwQhFARFwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFIuYdGkI
P3wqizYHNZt1fP8JmkK5MB8GA1UdIwQYMBaAFD0dajMq6k7FAgN6CQn0zBnULbGY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTBBNC9ERDQ3MzY5ODBD
MzYxMUVCQTRFNDlFMjFDNEY5QUUwMi9QUjFxTXlycVRzVUNBM29KQ2ZUTUdkUXRz
WmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BSMXFNeXJxVHNVQ0Ezb0pDZlRNR2RRdHNaZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUwQTQvREQ0NzM2OTgwQzM2MTFFQkE0RTQ5RTIxQzRGOUFFMDIvNDc2Q0FENTIw
QUM4MTFGMEE4NzAwNzg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAIr8+wDBAJnGPADBAJnJzwDBAJn4NAwDQYJKoZIhvcNAQEL
BQADggEBADsv8qWifKhPFkcZyeYUeX78Jv47K4z8rIMuJyf9iao0lASpqHGxJDVa
qCzufiyFphpFRHud0ES9oK3JW9IpaoARZ4dfrTBkeBAHjLWjYYdocQYuwmbJH9Yt
nvQ/mR8LprcfQN9Ays8FReLsomerRtNZX+/1PHpVCg6yOcterl9AWgSe757VsSAB
oONcaPdcySn/QJgR7bBPMe+OSxproELycD5EDXa2xKBH8xI5I9jROFFX4PVPc0gs
a82ELCPi2T95NmznWOfWLW9HDThF8IlBUFQpRB0Px27+2WKwOzxgvv0aSquyBN03
3QSr7BSKGKfQR/pYjAKpERWGtwwTtxE=
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:22:36 2025 by rpki-client