Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91475BA/D4F08EE6DAE911EA92CE345AC4F9AE02/1E1D32C22FF311EC9220256BC4F9AE02.roa
File: 1E1D32C22FF311EC9220256BC4F9AE02.roa (raw, json)
Hash identifier: pTjj2b7GgJwyDNJuxZHgCMBFpwcbCF/p1EbBwHpmEQ8=
Subject key identifier: 78:99:82:DA:65:DD:E1:DF:0B:02:05:41:78:58:73:22:46:62:97:AB
Certificate issuer: /CN=A91475BA/serialNumber=8389FD46FEF87E593DE81CFFDCDF20BA2CA7601E
Certificate serial: 07D9
Authority key identifier: 83:89:FD:46:FE:F8:7E:59:3D:E8:1C:FF:DC:DF:20:BA:2C:A7:60:1E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4n9Rv74flk96Bz_3N8guiynYB4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91475BA/D4F08EE6DAE911EA92CE345AC4F9AE02/1E1D32C22FF311EC9220256BC4F9AE02.roa
Signing time: Tue 04 Feb 2025 20:49:50 +0000
ROA not before: Tue 04 Feb 2025 20:49:50 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 9744
IP address blocks: 103.127.24.0/22 maxlen: 24
2404:1a40::/32 maxlen: 32
2404:1a40:100::/40 maxlen: 40
2404:1a40:1000::/36 maxlen: 36
2404:1a40:1000::/37 maxlen: 37
2404:1a40:1000::/38 maxlen: 40
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2009 (0x7d9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91475BA
Validity
Not Before: Feb 4 20:49:50 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67a27d6d-ed3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:85:76:88:02:86:57:6e:71:0d:60:0f:f0:6f:
96:51:92:a6:08:73:3f:5b:46:1c:86:4d:e3:8a:84:
27:1c:60:c3:f6:a6:86:fe:c5:f5:42:8c:22:c4:d9:
d4:c2:3a:ec:77:2d:95:08:d4:b1:d0:9e:69:a3:63:
05:53:de:1d:14:9b:95:39:50:de:c0:1e:c2:57:d5:
2c:bf:1b:8a:2d:cd:71:c9:28:42:3c:75:54:ef:03:
1a:fc:9f:7f:5f:91:28:a7:a1:a0:96:47:24:03:32:
90:a1:20:ff:7c:28:15:ec:c1:0b:f8:95:91:31:16:
d1:84:34:2c:da:9b:03:90:71:98:85:34:e1:29:a6:
09:8e:1f:45:62:60:25:53:ae:a8:09:8d:7a:89:42:
3b:10:20:8b:ea:57:85:f4:a5:fa:c4:1b:ec:50:5b:
d1:e9:07:b3:69:93:9a:ec:67:38:43:9e:7a:b9:94:
63:e2:21:ee:38:24:9c:8c:af:9f:67:54:b9:28:85:
6b:a1:24:20:8a:a2:a8:e7:5a:bc:d1:4e:88:74:f3:
0b:f9:bb:e7:9e:f3:d2:26:2c:09:6d:ba:47:3f:1e:
92:5b:e6:41:56:ec:c1:b5:5c:8f:06:0c:ca:8d:a0:
9d:12:83:b4:3a:a8:b7:d8:f9:92:d6:7b:ce:b5:b0:
ce:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:99:82:DA:65:DD:E1:DF:0B:02:05:41:78:58:73:22:46:62:97:AB
X509v3 Authority Key Identifier:
keyid:83:89:FD:46:FE:F8:7E:59:3D:E8:1C:FF:DC:DF:20:BA:2C:A7:60:1E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91475BA/D4F08EE6DAE911EA92CE345AC4F9AE02/g4n9Rv74flk96Bz_3N8guiynYB4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4n9Rv74flk96Bz_3N8guiynYB4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91475BA/D4F08EE6DAE911EA92CE345AC4F9AE02/1E1D32C22FF311EC9220256BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.127.24.0/22
IPv6:
2404:1a40::/32
Signature Algorithm: sha256WithRSAEncryption
4d:0d:1c:ef:49:e9:21:60:ec:72:76:de:2b:79:95:f0:0f:ff:
ec:f2:0c:03:a7:5e:19:d6:27:dc:b5:87:a2:1a:4b:31:16:d9:
26:af:1b:70:5e:4a:66:f0:e0:bc:dd:9d:10:8d:5f:08:7d:6f:
a4:98:aa:d8:10:a7:40:38:4c:93:36:2f:5e:04:34:65:5e:62:
9c:dc:1b:1e:da:5f:e9:0a:25:19:f4:f2:60:2d:60:8d:18:2e:
14:b6:0f:2a:4b:3a:b9:0f:44:18:30:6c:4e:1f:93:c0:12:b6:
e3:78:22:29:ce:91:67:fe:71:cd:77:75:5a:d3:96:0a:bc:44:
40:13:87:9c:57:bb:e3:b0:f5:58:73:34:f5:e5:bf:d4:06:0c:
35:c3:f4:7f:9c:cc:13:13:c2:60:9d:f7:88:eb:c3:34:0e:d7:
8a:10:86:33:62:13:74:06:ac:f7:84:a7:2b:36:5d:ac:75:4c:
6e:6a:9a:93:38:c7:0f:b0:77:7b:6d:4f:6f:e7:bf:41:20:c1:
37:63:15:83:ea:30:28:9d:35:09:38:9a:62:e0:f5:2f:f6:82:
d8:78:46:d7:bc:f3:ff:86:3f:4d:db:cb:b5:a2:5a:27:23:b3:
a4:49:c1:10:4d:78:f7:26:05:93:9d:e6:96:e2:ab:f5:86:fb:
d2:47:42:4b
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICB9kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDc1QkExMTAvBgNVBAUTKDgzODlGRDQ2RkVGODdFNTkzREU4MUNGRkRDREYyMEJB
MkNBNzYwMUUwHhcNMjUwMjA0MjA0OTUwWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EyN2Q2ZC1lZDNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwoV2iAKGV25xDWAP8G+WUZKmCHM/W0Ychk3jioQnHGDD9qaG/sX1QowixNnU
wjrsdy2VCNSx0J5po2MFU94dFJuVOVDewB7CV9UsvxuKLc1xyShCPHVU7wMa/J9/
X5Eop6GglkckAzKQoSD/fCgV7MEL+JWRMRbRhDQs2psDkHGYhTThKaYJjh9FYmAl
U66oCY16iUI7ECCL6leF9KX6xBvsUFvR6QezaZOa7Gc4Q556uZRj4iHuOCScjK+f
Z1S5KIVroSQgiqKo51q80U6IdPML+bvnnvPSJiwJbbpHPx6SW+ZBVuzBtVyPBgzK
jaCdEoO0Oqi32PmS1nvOtbDOEwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFHiZgtpl
3eHfCwIFQXhYcyJGYperMB8GA1UdIwQYMBaAFIOJ/Ub++H5ZPegc/9zfILosp2Ae
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NzVCQS9ENEYwOEVFNkRB
RTkxMUVBOTJDRTM0NUFDNEY5QUUwMi9nNG45UnY3NGZsazk2QnpfM044Z3VpeW5Z
QjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c0bjlSdjc0ZmxrOTZCel8zTjhndWl5bllCNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDc1QkEvRDRGMDhFRTZEQUU5MTFFQTkyQ0UzNDVBQzRGOUFFMDIvMUUxRDMyQzIy
RkYzMTFFQzkyMjAyNTZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnfxgwDQQCAAIwBwMFACQEGkAwDQYJKoZIhvcNAQELBQAD
ggEBAE0NHO9J6SFg7HJ23it5lfAP/+zyDAOnXhnWJ9y1h6IaSzEW2SavG3BeSmbw
4LzdnRCNXwh9b6SYqtgQp0A4TJM2L14ENGVeYpzcGx7aX+kKJRn08mAtYI0YLhS2
DypLOrkPRBgwbE4fk8AStuN4IinOkWf+cc13dVrTlgq8REATh5xXu+Ow9VhzNPXl
v9QGDDXD9H+czBMTwmCd94jrwzQO14oQhjNiE3QGrPeEpys2Xax1TG5qmpM4xw+w
d3ttT2/nv0EgwTdjFYPqMCidNQk4mmLg9S/2gth4Rte88/+GP03by7WiWicjs6RJ
wRBNePcmBZOd5pbiq/WG+9JHQks=
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:00:27 2025 by rpki-client