Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D3B9F3D8146311EBB558DE47C4F9AE02.roa
File: D3B9F3D8146311EBB558DE47C4F9AE02.roa (raw, json)
Hash identifier: nJw9RH8oltRpom5dtoQuiOF3n/L1kwNHfCztbMZeITg=
Subject key identifier: B0:84:55:E1:54:DE:B8:1E:43:A7:BD:59:2F:98:20:8D:36:97:88:B0
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A290
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D3B9F3D8146311EBB558DE47C4F9AE02.roa
Signing time: Mon 13 Jan 2025 10:45:05 +0000
ROA not before: Mon 13 Jan 2025 10:45:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 134345
IP address blocks: 103.76.56.0/22 maxlen: 24
103.157.130.0/23 maxlen: 24
2001:df4:bcc0::/48 maxlen: 48
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 41616 (0xa290)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jan 13 10:45:04 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6784eeb0-c10a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:e5:5b:81:d2:b7:f2:5c:a9:7e:83:7e:d0:01:
d1:84:ab:a3:db:14:7f:1e:05:fe:4a:56:5e:23:19:
ff:91:be:dc:dd:95:57:5f:61:a6:52:f0:27:53:7a:
71:4a:41:86:4b:3a:aa:1d:ad:39:a5:83:de:d5:24:
e1:ee:4d:87:1a:11:3e:88:6c:7a:69:ee:ce:cf:95:
0b:4a:cf:75:98:b5:b0:74:8b:1f:6d:c2:7a:b1:59:
c0:3f:0c:2f:a4:ff:38:f1:f2:f2:a8:8f:b6:3a:22:
5c:f1:42:34:69:69:5a:ef:0e:58:b5:5e:9c:3d:15:
a5:19:ff:c6:6a:7f:2b:4a:d2:8b:0d:e0:89:fb:ba:
8c:24:05:5a:d6:98:6a:be:87:7b:7b:c2:54:6c:61:
fb:67:c4:1d:5c:09:83:09:d0:c8:39:ba:0a:e2:d3:
f4:d8:62:90:2e:6f:e4:f9:01:4c:76:07:7e:ac:d3:
b1:d2:0e:fd:36:f0:12:54:89:b3:ef:79:a8:2a:36:
45:75:dd:d2:16:1b:23:72:7e:a5:66:2c:05:6f:d9:
72:78:56:b3:41:38:ab:d4:eb:de:1a:b1:67:38:fa:
1d:0e:bb:a7:9b:01:f1:09:1b:46:4c:9d:58:5d:59:
db:e2:2f:b4:25:2b:a3:a7:5f:73:73:70:a0:73:f3:
26:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:84:55:E1:54:DE:B8:1E:43:A7:BD:59:2F:98:20:8D:36:97:88:B0
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D3B9F3D8146311EBB558DE47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.76.56.0/22
103.157.130.0/23
IPv6:
2001:df4:bcc0::/48
Signature Algorithm: sha256WithRSAEncryption
6a:db:5e:76:62:17:03:c3:8b:22:fe:2a:27:b3:5e:ef:30:5e:
71:df:98:02:1a:f0:81:3a:91:67:a4:97:06:71:f7:9e:ae:b6:
c7:21:f4:f6:7c:e5:14:d3:fe:06:2e:c1:9d:32:cf:dc:9d:e9:
c3:f6:f1:6f:ee:b9:e7:da:5d:34:f5:af:95:44:76:78:dc:e5:
b7:6b:16:24:78:45:79:08:d8:67:24:1f:d2:50:cf:7a:01:f4:
f8:e9:29:45:9c:75:09:4b:1f:89:20:0f:91:c4:72:43:56:da:
67:8b:ea:85:fc:c2:79:d0:8a:89:26:35:41:07:bd:ae:dc:e9:
5a:4f:90:ce:88:9b:10:9a:b4:34:9f:9c:4f:a7:b1:00:4d:ea:
7c:6a:80:95:88:c0:9f:b7:d7:79:81:f5:bb:52:da:6b:b5:be:
3f:70:1d:51:95:e9:8f:f9:82:09:81:23:af:b2:78:8e:fe:ef:
d9:2d:e5:41:41:67:5f:73:7b:d1:57:7b:cf:3d:38:72:9e:42:
c0:7d:ea:15:ab:4c:31:f8:b3:d2:13:92:13:80:a9:25:2d:66:
36:d8:94:71:54:34:f2:a3:97:ca:c5:50:7c:49:85:e4:18:c6:
af:c4:90:2f:63:16:92:04:3b:a4:7a:e9:e9:f6:73:cb:c1:74:
5c:cf:1b:09
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIDAKKQMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDExMzEwNDUwNFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjc4NGVlYjAtYzEwYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJrlW4HSt/JcqX6DftAB0YSro9sUfx4F/kpWXiMZ/5G+3N2VV19hplLwJ1N6
cUpBhks6qh2tOaWD3tUk4e5NhxoRPohsemnuzs+VC0rPdZi1sHSLH23CerFZwD8M
L6T/OPHy8qiPtjoiXPFCNGlpWu8OWLVenD0VpRn/xmp/K0rSiw3gifu6jCQFWtaY
ar6He3vCVGxh+2fEHVwJgwnQyDm6CuLT9NhikC5v5PkBTHYHfqzTsdIO/TbwElSJ
s+95qCo2RXXd0hYbI3J+pWYsBW/ZcnhWs0E4q9Tr3hqxZzj6HQ67p5sB8QkbRkyd
WF1Z2+IvtCUro6dfc3NwoHPzJkMCAwEAAaOCAqwwggKoMB0GA1UdDgQWBBSwhFXh
VN64HkOnvVkvmCCNNpeIsDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0QzQjlGM0Q4
MTQ2MzExRUJCNTU4REU0N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDYGCCsGAQUFBwEHAQH/
BCcwJTASBAIAATAMAwQCZ0w4AwQBZ52CMA8EAgACMAkDBwAgAQ30vMAwDQYJKoZI
hvcNAQELBQADggEBAGrbXnZiFwPDiyL+KiezXu8wXnHfmAIa8IE6kWeklwZx956u
tsch9PZ85RTT/gYuwZ0yz9yd6cP28W/uuefaXTT1r5VEdnjc5bdrFiR4RXkI2Gck
H9JQz3oB9PjpKUWcdQlLH4kgD5HEckNW2meL6oX8wnnQiokmNUEHva7c6VpPkM6I
mxCatDSfnE+nsQBN6nxqgJWIwJ+313mB9btS2mu1vj9wHVGV6Y/5ggmBI6+yeI7+
79kt5UFBZ19ze9FXe889OHKeQsB96hWrTDH4s9ITkhOAqSUtZjbYlHFUNPKjl8rF
UHxJheQYxq/EkC9jFpIEO6R66en2c8vBdFzPGwk=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:19:47 2025 by rpki-client