Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E7CA9A12F28F11EF94898048C4F9AE02.roa
File: E7CA9A12F28F11EF94898048C4F9AE02.roa (raw, json)
Hash identifier: rJGKRn0XyR4kN0LyLJ82cFypSKxMq+DWtPISJ48AypM=
Subject key identifier: 5F:6F:9D:6C:DC:C2:E6:EC:C3:4B:5C:CC:A6:97:82:06:AF:D6:FA:D1
Certificate issuer: /CN=A9157DA0/serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
Certificate serial: 3466
Authority key identifier: 88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E7CA9A12F28F11EF94898048C4F9AE02.roa
Signing time: Mon 24 Feb 2025 09:15:36 +0000
ROA not before: Mon 24 Feb 2025 09:15:36 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 58524
IP address blocks: 43.248.158.0/23 maxlen: 24
119.252.122.0/24 maxlen: 24
119.252.126.0/23 maxlen: 23
2407:4800:c000::/36 maxlen: 36
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13414 (0x3466)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157DA0
Validity
Not Before: Feb 24 09:15:36 2025 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=67bc38b7-fdd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:2c:b5:d9:ac:7d:c1:33:80:94:ec:0c:87:d8:
43:11:5d:ac:da:f9:44:20:09:fd:c4:58:8f:c1:c9:
6f:3d:43:db:d5:ae:92:8d:3a:22:22:f8:64:18:ae:
bb:04:a1:b4:49:b2:07:24:29:7e:24:78:39:87:0a:
80:a7:e3:3f:cf:42:e8:39:57:1e:fe:ef:4c:40:52:
98:13:b1:63:9e:05:22:82:ff:77:21:c7:be:20:69:
ff:4b:1d:b1:b7:ac:13:d9:86:82:40:35:20:97:bc:
83:07:97:e3:69:91:43:ce:dd:1c:f1:9c:00:bf:ea:
d8:4d:67:3f:c4:76:a1:2f:05:5d:1b:1f:1d:bb:e4:
5b:be:70:56:14:3d:3f:f8:55:b2:a6:9d:43:51:46:
72:55:9c:82:bc:a5:3e:53:2e:28:da:bd:a4:51:9a:
a0:42:61:4b:aa:72:d0:94:30:cd:ce:c0:1e:07:7c:
88:a4:39:02:53:d2:8f:60:92:7c:3d:76:09:9b:1c:
79:11:2a:4f:3d:06:21:52:a7:e0:d7:13:b3:3b:6f:
09:4b:f6:dc:37:e4:63:e8:06:2c:e5:e2:fb:90:7a:
30:45:b1:c9:70:30:f7:c1:d5:6e:5a:1c:e6:96:54:
d2:0e:60:07:43:4f:88:f3:cf:00:32:c7:76:2a:d2:
a7:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:6F:9D:6C:DC:C2:E6:EC:C3:4B:5C:CC:A6:97:82:06:AF:D6:FA:D1
X509v3 Authority Key Identifier:
keyid:88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E7CA9A12F28F11EF94898048C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.158.0/23
119.252.122.0/24
119.252.126.0/23
IPv6:
2407:4800:c000::/36
Signature Algorithm: sha256WithRSAEncryption
5f:e5:a4:04:45:97:5c:54:60:2e:e2:c7:33:ca:db:29:91:8c:
0b:a3:f1:72:ae:04:11:54:a8:01:a4:47:b4:e2:86:3d:53:f6:
57:14:24:06:8b:81:75:a5:7c:35:ba:55:5f:88:9c:36:78:7f:
4d:92:9f:cd:b7:3b:60:45:26:fc:8c:21:77:14:dc:19:b2:8d:
eb:ce:a0:ad:67:bb:44:25:74:14:a7:bd:b4:43:13:d2:06:3e:
94:83:4c:76:ee:1c:d8:03:d8:0c:dc:3a:d6:4c:34:c5:c9:2c:
21:e2:e4:d1:1c:21:e0:09:47:7e:f3:db:55:9b:a7:37:43:4d:
6a:47:a9:63:a0:5b:7c:c9:b1:35:e2:5f:f5:45:c5:b9:d6:63:
3a:ec:88:66:59:19:48:f6:35:e0:f3:9d:44:39:73:59:a2:bc:
88:79:9b:fe:15:2a:e9:8c:96:e9:dd:d3:e9:9a:d4:dc:65:14:
1f:e2:8c:e1:84:bc:27:69:95:c5:06:59:5d:47:1c:84:e3:c6:
3c:a9:11:04:45:45:ff:c1:3d:67:04:fb:56:98:95:d6:bc:1c:
66:07:e6:ed:ce:bc:6b:94:47:e9:fe:87:80:1c:c6:aa:06:3c:
a9:00:d4:61:aa:3a:47:f3:a2:b5:75:44:f0:f2:c8:7d:2c:fa:
02:d5:20:4a
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICNGYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEQTAxMTAvBgNVBAUTKDg4ODdDRjZDRjUxMDJGMEZCNzEzRjRDNEExQkRFMzg5
NDgxRjFDNDQwHhcNMjUwMjI0MDkxNTM2WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2JjMzhiNy1mZGQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxCy12ax9wTOAlOwMh9hDEV2s2vlEIAn9xFiPwclvPUPb1a6SjToiIvhkGK67
BKG0SbIHJCl+JHg5hwqAp+M/z0LoOVce/u9MQFKYE7FjngUigv93Ice+IGn/Sx2x
t6wT2YaCQDUgl7yDB5fjaZFDzt0c8ZwAv+rYTWc/xHahLwVdGx8du+RbvnBWFD0/
+FWypp1DUUZyVZyCvKU+Uy4o2r2kUZqgQmFLqnLQlDDNzsAeB3yIpDkCU9KPYJJ8
PXYJmxx5ESpPPQYhUqfg1xOzO28JS/bcN+Rj6AYs5eL7kHowRbHJcDD3wdVuWhzm
llTSDmAHQ0+I888AMsd2KtKn9QIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFF9vnWzc
wubsw0tczKaXggav1vrRMB8GA1UdIwQYMBaAFIiHz2z1EC8PtxP0xKG944lIHxxE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0RBMC8zQTBEOTMxMDFE
OEMxMUUyOEVGRjU3RTcwOEIwMkNEMi9pSWZQYlBVUUx3LTNFX1RFb2IzamlVZ2ZI
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lJZlBiUFVRTHctM0VfVEVvYjNqaVVnZkhFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEQTAvM0EwRDkzMTAxRDhDMTFFMjhFRkY1N0U3MDhCMDJDRDIvRTdDQTlBMTJG
MjhGMTFFRjk0ODk4MDQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBgEAgABMBIDBAEr+J4DBAB3/HoDBAF3/H4wDgQCAAIwCAMGBCQHSADAMA0G
CSqGSIb3DQEBCwUAA4IBAQBf5aQERZdcVGAu4sczytspkYwLo/FyrgQRVKgBpEe0
4oY9U/ZXFCQGi4F1pXw1ulVfiJw2eH9Nkp/NtztgRSb8jCF3FNwZso3rzqCtZ7tE
JXQUp720QxPSBj6Ug0x27hzYA9gM3DrWTDTFySwh4uTRHCHgCUd+89tVm6c3Q01q
R6ljoFt8ybE14l/1RcW51mM67IhmWRlI9jXg851EOXNZoryIeZv+FSrpjJbp3dPp
mtTcZRQf4ozhhLwnaZXFBlldRxyE48Y8qREERUX/wT1nBPtWmJXWvBxmB+btzrxr
lEfp/oeAHMaqBjypANRhqjpH86K1dUTw8sh9LPoC1SBK
-----END CERTIFICATE-----
Generated at Sat Apr 5 04:03:12 2025 by rpki-client