Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91771E3/9383E646AD6511E8ACBD0D6AC4F9AE02/4B18BBA8A9F811EEB85DBD24C4F9AE02.roa
File: 4B18BBA8A9F811EEB85DBD24C4F9AE02.roa (raw, json)
Hash identifier: sd3UhNYbHggo+XcciVWTFZxv/tGVhGFf2hY/GpsuhSs=
Subject key identifier: 5A:36:50:D0:92:DB:AE:4E:B6:9D:BB:1B:1B:F4:CA:DE:60:CE:50:B0
Certificate issuer: /CN=A91771E3/serialNumber=1596C4BBE732DA85CB83E8A770873EA3413701A5
Certificate serial: 12FF
Authority key identifier: 15:96:C4:BB:E7:32:DA:85:CB:83:E8:A7:70:87:3E:A3:41:37:01:A5
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FZbEu-cy2oXLg-incIc-o0E3AaU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91771E3/9383E646AD6511E8ACBD0D6AC4F9AE02/4B18BBA8A9F811EEB85DBD24C4F9AE02.roa
Signing time: Tue 10 Dec 2024 17:15:12 +0000
ROA not before: Tue 10 Dec 2024 17:15:12 +0000
ROA not after: Mon 02 Mar 2026 00:00:00 +0000
asID: 132856
IP address blocks: 101.251.6.0/23 maxlen: 23
101.251.6.0/24 maxlen: 24
101.251.7.0/24 maxlen: 24
2404:2c00:600::/47 maxlen: 47
2404:2c00:600::/48 maxlen: 48
2404:2c00:601::/48 maxlen: 48
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4863 (0x12ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91771E3
Validity
Not Before: Dec 10 17:15:12 2024 GMT
Not After : Mar 2 00:00:00 2026 GMT
Subject: CN=67587720-951d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:89:49:37:ba:7f:71:ba:88:05:a9:c7:5a:e9:
bd:50:2b:fb:88:7f:be:41:a6:a6:79:d4:21:2f:f0:
52:22:74:07:c0:ac:35:1d:25:da:70:59:6e:e0:70:
ba:ee:ab:2e:0b:1d:e0:9d:c8:1e:e1:ae:e6:93:21:
f5:8c:0c:1c:22:e1:89:71:59:63:f2:bf:92:1f:66:
e1:9d:72:70:bd:57:ed:69:15:b5:ee:aa:9a:8e:97:
4b:ab:70:7f:fd:1e:c3:43:62:98:43:39:85:00:9e:
23:33:c0:00:e8:d0:f8:52:24:ae:0b:01:9e:a2:4e:
c1:99:a4:52:c3:7f:24:48:ab:00:04:a6:5b:5c:40:
19:39:4e:04:28:51:50:ca:b0:93:2e:6f:58:22:dc:
89:72:ae:63:0e:58:14:0a:63:fb:ed:4b:48:cb:77:
8b:87:03:7b:39:49:69:f0:92:40:00:26:d1:a6:ab:
a0:6d:f9:e6:8d:93:6d:8b:09:b2:93:21:03:89:28:
d0:45:03:da:a3:b3:ad:23:fb:4c:a7:fa:3e:ae:a9:
71:04:79:ab:ef:a9:93:12:d8:55:34:f0:09:7e:04:
00:da:6f:16:77:4b:f1:fa:9b:99:0d:f6:4a:e3:4d:
14:14:5c:53:d0:94:aa:ea:73:a6:7a:87:4b:e6:cc:
83:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:36:50:D0:92:DB:AE:4E:B6:9D:BB:1B:1B:F4:CA:DE:60:CE:50:B0
X509v3 Authority Key Identifier:
keyid:15:96:C4:BB:E7:32:DA:85:CB:83:E8:A7:70:87:3E:A3:41:37:01:A5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91771E3/9383E646AD6511E8ACBD0D6AC4F9AE02/FZbEu-cy2oXLg-incIc-o0E3AaU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FZbEu-cy2oXLg-incIc-o0E3AaU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91771E3/9383E646AD6511E8ACBD0D6AC4F9AE02/4B18BBA8A9F811EEB85DBD24C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.251.6.0/23
IPv6:
2404:2c00:600::/47
Signature Algorithm: sha256WithRSAEncryption
95:9e:31:88:bb:b0:19:e7:25:54:73:16:83:2e:4b:81:2c:c0:
ac:c0:e6:e8:6d:2e:5a:20:4c:52:41:21:b5:ed:8d:02:20:aa:
4e:b2:b9:6c:d1:38:64:9c:d5:6b:f7:b8:3e:72:f2:9d:fc:c1:
6b:10:20:8e:7b:1b:05:b0:58:fe:20:93:2e:ea:f1:8f:d4:56:
fd:d5:c7:ef:21:2b:1f:50:12:97:f7:49:30:78:6e:5c:73:0d:
9d:df:1b:80:c6:62:fe:e8:66:1b:d1:19:9a:07:c0:a2:64:80:
4c:7c:17:a8:f3:c9:16:55:86:c6:03:12:69:64:a8:37:59:9d:
a1:1e:da:ba:78:75:51:e4:b8:05:c8:e3:6c:35:81:61:01:95:
c6:d2:f7:cd:3c:fe:34:7b:11:38:21:4b:19:6d:6c:97:0b:68:
3a:a2:c3:6e:ff:22:6a:b7:f1:d0:60:44:67:d1:14:54:69:d5:
c9:fe:10:84:a8:70:5e:fe:65:8a:1f:49:b6:9a:a8:35:2a:c3:
e9:70:ee:44:8e:8c:ce:d4:a0:ca:67:1b:8f:6f:6d:12:b4:25:
8b:09:f4:62:ff:bc:21:cc:bb:2c:83:c7:22:f2:89:03:10:ee:
60:0e:e9:dd:81:96:3c:ab:1d:b2:28:24:0a:4c:e0:51:19:b5:
80:cd:47:6e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICEv8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzcxRTMxMTAvBgNVBAUTKDE1OTZDNEJCRTczMkRBODVDQjgzRThBNzcwODczRUEz
NDEzNzAxQTUwHhcNMjQxMjEwMTcxNTEyWhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU4NzcyMC05NTFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA84lJN7p/cbqIBanHWum9UCv7iH++QaamedQhL/BSInQHwKw1HSXacFlu4HC6
7qsuCx3gncge4a7mkyH1jAwcIuGJcVlj8r+SH2bhnXJwvVftaRW17qqajpdLq3B/
/R7DQ2KYQzmFAJ4jM8AA6ND4UiSuCwGeok7BmaRSw38kSKsABKZbXEAZOU4EKFFQ
yrCTLm9YItyJcq5jDlgUCmP77UtIy3eLhwN7OUlp8JJAACbRpqugbfnmjZNtiwmy
kyEDiSjQRQPao7OtI/tMp/o+rqlxBHmr76mTEthVNPAJfgQA2m8Wd0vx+puZDfZK
400UFFxT0JSq6nOmeodL5syDKQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFFo2UNCS
265Otp27Gxv0yt5gzlCwMB8GA1UdIwQYMBaAFBWWxLvnMtqFy4Pop3CHPqNBNwGl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NzFFMy85MzgzRTY0NkFE
NjUxMUU4QUNCRDBENkFDNEY5QUUwMi9GWmJFdS1jeTJvWExnLWluY0ljLW8wRTNB
YVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZaYkV1LWN5Mm9YTGctaW5jSWMtbzBFM0FhVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzcxRTMvOTM4M0U2NDZBRDY1MTFFOEFDQkQwRDZBQzRGOUFFMDIvNEIxOEJCQThB
OUY4MTFFRUI4NURCRDI0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFl+wYwDwQCAAIwCQMHASQELAAGADANBgkqhkiG9w0BAQsF
AAOCAQEAlZ4xiLuwGeclVHMWgy5LgSzArMDm6G0uWiBMUkEhte2NAiCqTrK5bNE4
ZJzVa/e4PnLynfzBaxAgjnsbBbBY/iCTLurxj9RW/dXH7yErH1ASl/dJMHhuXHMN
nd8bgMZi/uhmG9EZmgfAomSATHwXqPPJFlWGxgMSaWSoN1mdoR7aunh1UeS4Bcjj
bDWBYQGVxtL3zTz+NHsROCFLGW1slwtoOqLDbv8iarfx0GBEZ9EUVGnVyf4QhKhw
Xv5lih9JtpqoNSrD6XDuRI6MztSgymcbj29tErQliwn0Yv+8Icy7LIPHIvKJAxDu
YA7p3YGWPKsdsigkCkzgURm1gM1Hbg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 04:14:39 2025 by rpki-client