Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9156342/BDF8908099E411EA89A4C240C4F9AE02/3AFD491C99E611EAB3C00943C4F9AE02.roa
File: 3AFD491C99E611EAB3C00943C4F9AE02.roa (raw, json)
Hash identifier: fDQ1zYNxLplPrz4Qpls9Fd7tB57/fNGS1+72t/RyA84=
Subject key identifier: 06:76:41:2D:44:83:A1:79:89:2E:E1:98:87:A1:BB:94:EA:01:34:1D
Certificate issuer: /CN=A9156342/serialNumber=77DA248004E8C5872BDF72BAC1222C7CCB6E8E37
Certificate serial: 0952
Authority key identifier: 77:DA:24:80:04:E8:C5:87:2B:DF:72:BA:C1:22:2C:7C:CB:6E:8E:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d9okgAToxYcr33K6wSIsfMtujjc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9156342/BDF8908099E411EA89A4C240C4F9AE02/3AFD491C99E611EAB3C00943C4F9AE02.roa
Signing time: Thu 20 Mar 2025 20:30:39 +0000
ROA not before: Thu 20 Mar 2025 20:30:39 +0000
ROA not after: Fri 01 May 2026 00:00:00 +0000
asID: 55799
IP address blocks: 43.245.220.0/22 maxlen: 22
43.245.220.0/24 maxlen: 24
43.245.222.0/24 maxlen: 24
43.245.223.0/24 maxlen: 24
103.209.100.0/24 maxlen: 24
103.209.101.0/24 maxlen: 24
103.209.102.0/24 maxlen: 24
103.209.103.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2386 (0x952)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9156342
Validity
Not Before: Mar 20 20:30:39 2025 GMT
Not After : May 1 00:00:00 2026 GMT
Subject: CN=67dc7aef-ab30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:de:d5:cd:71:97:7a:36:3c:7c:31:8d:c7:ac:
53:96:96:de:14:ef:91:fa:70:d4:21:05:ad:b9:ed:
4e:a7:f5:4f:96:f5:ee:e0:cf:b5:81:5e:ab:3d:89:
85:f1:b7:93:d8:02:b5:9b:1b:02:cd:65:61:f8:ca:
f0:a0:76:41:0f:b5:4f:61:9d:bd:f5:e5:c4:dd:b8:
99:8f:ce:c0:b0:19:a3:85:c8:c6:26:09:fb:86:dc:
51:99:23:e4:cf:df:b4:06:6b:c6:93:4c:64:06:43:
57:dd:86:29:99:94:0c:7d:1f:c8:3a:ee:8a:6e:a7:
8f:ee:2b:e9:36:92:51:87:97:3e:c3:89:37:ad:73:
0c:98:16:fc:32:60:8a:7c:e0:89:1f:71:dc:0f:c3:
e9:05:63:17:43:8a:25:f5:27:30:a2:1a:fe:35:bd:
e8:1a:9f:97:2a:d0:54:16:11:bd:c8:57:92:0d:e2:
3c:68:f9:b3:4b:8f:de:27:8b:84:91:4c:e8:37:3f:
6c:45:70:64:3c:f2:2f:e5:00:33:13:58:18:75:4e:
8f:ff:6b:f1:7a:6e:60:d2:1e:df:b8:30:0b:9c:89:
cd:5e:37:f8:5c:58:ff:4f:b3:9d:b3:73:ce:90:49:
85:97:b5:0e:8e:a8:f3:a7:1e:55:75:4f:37:59:0c:
f6:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:76:41:2D:44:83:A1:79:89:2E:E1:98:87:A1:BB:94:EA:01:34:1D
X509v3 Authority Key Identifier:
keyid:77:DA:24:80:04:E8:C5:87:2B:DF:72:BA:C1:22:2C:7C:CB:6E:8E:37
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9156342/BDF8908099E411EA89A4C240C4F9AE02/d9okgAToxYcr33K6wSIsfMtujjc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d9okgAToxYcr33K6wSIsfMtujjc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9156342/BDF8908099E411EA89A4C240C4F9AE02/3AFD491C99E611EAB3C00943C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.220.0/22
103.209.100.0/22
Signature Algorithm: sha256WithRSAEncryption
15:ad:7d:0f:a1:d0:7c:1a:47:59:31:04:09:d3:56:1d:49:86:
05:b5:ca:96:cb:3c:22:a0:46:26:b1:5e:bd:0d:ef:5b:7c:d8:
ed:ef:af:c7:cd:6d:86:d9:e9:ae:73:a4:49:bd:43:a3:70:4b:
15:8c:55:5b:f7:14:ce:53:d3:18:c5:c9:06:50:b4:86:3f:5c:
04:19:60:33:ba:ef:7c:4e:47:10:20:3c:31:2b:0d:50:f9:15:
ca:6e:06:77:c9:74:03:9b:25:3c:c9:43:80:f8:80:bf:73:69:
ea:db:fc:ff:0f:4e:0b:a2:4e:f6:fd:58:15:6e:c0:f1:ee:96:
69:d7:54:3e:76:64:0a:bd:ca:4c:d4:72:7d:31:93:29:6a:bf:
4a:48:5a:60:75:e6:13:51:6e:52:69:f6:4e:62:0f:ee:34:4d:
96:3b:a0:26:6d:ab:08:f1:34:39:20:43:a5:1a:29:25:31:43:
0a:ba:05:36:2e:45:93:b4:2d:0c:e3:96:a1:d2:8e:74:81:a9:
18:38:3a:94:69:c9:fd:e1:7d:11:b9:b1:ce:69:7a:a8:03:07:
78:6e:67:12:0e:bc:ba:22:b8:d8:a5:88:c4:ae:28:32:00:c5:
8e:22:8d:4d:16:a1:d4:67:42:67:75:b5:5d:de:0e:5e:bb:91:
df:5e:1b:96
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCVIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTYzNDIxMTAvBgNVBAUTKDc3REEyNDgwMDRFOEM1ODcyQkRGNzJCQUMxMjIyQzdD
Q0I2RThFMzcwHhcNMjUwMzIwMjAzMDM5WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2RjN2FlZi1hYjMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp97VzXGXejY8fDGNx6xTlpbeFO+R+nDUIQWtue1Op/VPlvXu4M+1gV6rPYmF
8beT2AK1mxsCzWVh+MrwoHZBD7VPYZ299eXE3biZj87AsBmjhcjGJgn7htxRmSPk
z9+0BmvGk0xkBkNX3YYpmZQMfR/IOu6KbqeP7ivpNpJRh5c+w4k3rXMMmBb8MmCK
fOCJH3HcD8PpBWMXQ4ol9Scwohr+Nb3oGp+XKtBUFhG9yFeSDeI8aPmzS4/eJ4uE
kUzoNz9sRXBkPPIv5QAzE1gYdU6P/2vxem5g0h7fuDALnInNXjf4XFj/T7Ods3PO
kEmFl7UOjqjzpx5VdU83WQz2VQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAZ2QS1E
g6F5iS7hmIehu5TqATQdMB8GA1UdIwQYMBaAFHfaJIAE6MWHK99yusEiLHzLbo43
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NjM0Mi9CREY4OTA4MDk5
RTQxMUVBODlBNEMyNDBDNEY5QUUwMi9kOW9rZ0FUb3hZY3IzM0s2d1NJc2ZNdHVq
amMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2Q5b2tnQVRveFljcjMzSzZ3U0lzZk10dWpqYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTYzNDIvQkRGODkwODA5OUU0MTFFQTg5QTRDMjQwQzRGOUFFMDIvM0FGRDQ5MUM5
OUU2MTFFQUIzQzAwOTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr9dwDBAJn0WQwDQYJKoZIhvcNAQELBQADggEBABWtfQ+h
0HwaR1kxBAnTVh1JhgW1ypbLPCKgRiaxXr0N71t82O3vr8fNbYbZ6a5zpEm9Q6Nw
SxWMVVv3FM5T0xjFyQZQtIY/XAQZYDO673xORxAgPDErDVD5FcpuBnfJdAObJTzJ
Q4D4gL9zaerb/P8PTguiTvb9WBVuwPHulmnXVD52ZAq9ykzUcn0xkylqv0pIWmB1
5hNRblJp9k5iD+40TZY7oCZtqwjxNDkgQ6UaKSUxQwq6BTYuRZO0LQzjlqHSjnSB
qRg4OpRpyf3hfRG5sc5peqgDB3huZxIOvLoiuNiliMSuKDIAxY4ijU0WodRnQmd1
tV3eDl67kd9eG5Y=
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:00:46 2025 by rpki-client