Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3CC0FF4CFAEE11EEA5643026C4F9AE02.roa
File: 3CC0FF4CFAEE11EEA5643026C4F9AE02.roa (raw, json)
Hash identifier: XkJvWmB7wGNPepUX2A6mL2ge7Rnre3bCpmgQPxJxpsM=
Subject key identifier: A3:E7:93:00:83:98:5A:66:0F:11:26:8A:9E:69:82:A7:C9:EA:E1:7C
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8C9E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3CC0FF4CFAEE11EEA5643026C4F9AE02.roa
Signing time: Thu 30 May 2024 16:12:07 +0000
ROA not before: Thu 30 May 2024 16:12:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 139555
IP address blocks: 103.168.78.0/24 maxlen: 24
103.176.139.0/24 maxlen: 24
103.181.212.0/23 maxlen: 24
2001:df3:d7c0::/48 maxlen: 48
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35998 (0x8c9e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:12:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a556-d496
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:de:35:da:ab:ed:5d:1b:52:15:55:87:b3:9a:
2e:80:31:29:70:33:46:ee:70:bb:8a:f9:07:3c:19:
fc:9c:e9:17:37:b8:b8:ef:0a:dc:62:d4:fd:6e:cb:
10:81:08:b3:d7:ba:c6:4b:85:30:8b:77:2c:67:08:
17:1c:35:2a:ad:0f:07:5c:20:23:65:08:2c:ea:36:
0e:d0:a3:67:17:9b:96:76:8c:51:5a:35:9e:72:df:
0c:a8:94:c4:5d:1f:a5:7f:6c:b3:55:c5:77:76:b7:
85:14:09:0b:53:96:e9:ef:6f:b7:3e:3f:3b:32:2b:
0d:b9:7d:ad:8d:ac:26:c8:a2:85:10:b1:e2:d8:a9:
d5:4a:39:01:c7:e3:b3:1f:c2:c0:c7:39:f5:f0:c6:
a7:eb:49:a6:35:d9:07:07:d9:66:24:9a:3a:49:84:
64:d7:78:90:26:65:9d:84:80:37:dd:1f:7a:9c:3a:
27:94:11:41:7f:03:68:63:26:80:fd:70:56:9d:ef:
bc:33:8a:b4:d8:4d:bb:f5:e6:3d:fb:c0:6b:cd:b0:
52:20:d1:c9:4f:fe:5c:3b:4c:69:b2:1a:25:66:98:
10:e8:3d:78:a9:5e:43:0a:e2:77:19:ac:00:9f:ef:
27:59:de:e9:26:66:93:c2:ad:ff:09:f3:38:e9:74:
aa:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:E7:93:00:83:98:5A:66:0F:11:26:8A:9E:69:82:A7:C9:EA:E1:7C
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3CC0FF4CFAEE11EEA5643026C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.168.78.0/24
103.176.139.0/24
103.181.212.0/23
IPv6:
2001:df3:d7c0::/48
Signature Algorithm: sha256WithRSAEncryption
2a:cd:55:8c:b8:8f:6f:15:12:07:64:cf:15:c6:a1:27:79:ee:
85:e0:55:95:d0:fc:d8:83:1b:f7:b6:6e:5c:81:c7:b8:a1:da:
c0:7f:53:ae:16:9d:c4:da:ec:b6:f2:68:8e:47:d8:2b:14:fb:
7a:84:e3:fa:73:2f:28:b3:4d:7b:44:66:a7:30:03:f9:8a:14:
a1:f9:d3:3e:29:a2:c0:5c:ff:93:8b:b2:0f:21:5d:22:bc:4a:
0f:f8:d4:25:64:3b:05:f8:00:a0:ff:0e:19:83:03:10:6b:d7:
19:72:c7:f0:b7:5f:81:3c:d4:27:e3:6c:a4:14:9e:ee:67:60:
01:90:2b:eb:27:cf:d6:27:6e:dc:9d:8d:5f:56:87:6d:5f:8b:
42:7a:ce:6f:2a:54:23:14:15:fd:45:33:0c:bc:8c:d8:61:82:
46:4d:de:f9:86:ed:28:83:6f:8b:63:b6:a5:40:44:dd:56:fe:
66:6c:63:a6:ef:8f:c7:76:d3:9a:4c:1e:60:c0:70:81:a8:9a:
79:23:f6:ad:f8:8d:b0:c9:36:cf:33:d6:71:25:2b:13:e4:f6:
37:f9:a8:15:3c:49:31:15:04:9a:65:cb:07:eb:70:fc:52:de:
49:b0:6f:5f:8c:6e:b1:4c:a2:3f:bd:2a:ff:d5:99:7f:c6:8d:
78:d6:27:70
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIDAIyeMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MTIwN1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE1NTYtZDQ5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPeNdqr7V0bUhVVh7OaLoAxKXAzRu5wu4r5BzwZ/JzpFze4uO8K3GLU/W7L
EIEIs9e6xkuFMIt3LGcIFxw1Kq0PB1wgI2UILOo2DtCjZxeblnaMUVo1nnLfDKiU
xF0fpX9ss1XFd3a3hRQJC1OW6e9vtz4/OzIrDbl9rY2sJsiihRCx4tip1Uo5Acfj
sx/CwMc59fDGp+tJpjXZBwfZZiSaOkmEZNd4kCZlnYSAN90fepw6J5QRQX8DaGMm
gP1wVp3vvDOKtNhNu/XmPfvAa82wUiDRyU/+XDtMabIaJWaYEOg9eKleQwridxms
AJ/vJ1ne6SZmk8Kt/wnzOOl0qvcCAwEAAaOCArIwggKuMB0GA1UdDgQWBBSj55MA
g5haZg8RJoqeaYKnyerhfDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzNDQzBGRjRD
RkFFRTExRUVBNTY0MzAyNkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDwGCCsGAQUFBwEHAQH/
BC0wKzAYBAIAATASAwQAZ6hOAwQAZ7CLAwQBZ7XUMA8EAgACMAkDBwAgAQ3z18Aw
DQYJKoZIhvcNAQELBQADggEBACrNVYy4j28VEgdkzxXGoSd57oXgVZXQ/NiDG/e2
blyBx7ih2sB/U64WncTa7LbyaI5H2CsU+3qE4/pzLyizTXtEZqcwA/mKFKH50z4p
osBc/5OLsg8hXSK8Sg/41CVkOwX4AKD/DhmDAxBr1xlyx/C3X4E81CfjbKQUnu5n
YAGQK+snz9YnbtydjV9Wh21fi0J6zm8qVCMUFf1FMwy8jNhhgkZN3vmG7SiDb4tj
tqVARN1W/mZsY6bvj8d205pMHmDAcIGomnkj9q34jbDJNs8z1nElKxPk9jf5qBU8
STEVBJplywfrcPxS3kmwb1+MbrFMoj+9Kv/VmX/GjXjWJ3A=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:17:09 2025 by rpki-client