Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/445C86F2A22A11EF9B03581FC4F9AE02.roa
File: 445C86F2A22A11EF9B03581FC4F9AE02.roa (raw, json)
Hash identifier: 1kx2ytdhTLUlrsljoOEufIp4559xGhk6GzSDbN3tqUM=
Subject key identifier: 38:74:C0:8F:85:08:CD:BF:26:02:DA:5E:05:D1:B9:C2:3A:E4:0F:41
Certificate issuer: /CN=A91A4402/serialNumber=B4116A8E6DA991FDCF71626E7BEA11FF69CBA846
Certificate serial: 0B5C
Authority key identifier: B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/445C86F2A22A11EF9B03581FC4F9AE02.roa
Signing time: Sun 02 Mar 2025 20:08:04 +0000
ROA not before: Sun 02 Mar 2025 20:08:04 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 17408
IP address blocks: 43.230.52.0/24 maxlen: 24
43.230.53.0/24 maxlen: 24
43.230.54.0/24 maxlen: 24
43.230.55.0/24 maxlen: 24
43.231.189.0/24 maxlen: 24
43.231.191.0/24 maxlen: 24
43.246.129.0/24 maxlen: 24
43.246.131.0/24 maxlen: 24
43.246.197.0/24 maxlen: 24
43.246.199.0/24 maxlen: 24
43.251.185.0/24 maxlen: 24
43.251.187.0/24 maxlen: 24
45.115.33.0/24 maxlen: 24
45.115.35.0/24 maxlen: 24
103.8.87.0/24 maxlen: 24
103.12.53.0/24 maxlen: 24
103.12.55.0/24 maxlen: 24
103.13.17.0/24 maxlen: 24
103.13.19.0/24 maxlen: 24
103.15.76.0/24 maxlen: 24
103.15.77.0/24 maxlen: 24
103.15.78.0/24 maxlen: 24
103.21.105.0/24 maxlen: 24
103.21.107.0/24 maxlen: 24
103.248.148.0/24 maxlen: 24
103.248.149.0/24 maxlen: 24
103.248.151.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2908 (0xb5c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4402
Validity
Not Before: Mar 2 20:08:04 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67c4baa4-bd07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:37:85:46:c4:bb:aa:66:36:1d:5d:32:db:48:
13:44:53:a5:b1:7b:79:4c:a5:b1:db:04:36:80:de:
bb:78:28:8d:a6:e2:75:ab:eb:bf:52:9d:3e:72:93:
21:9b:b6:b3:53:d7:57:a8:34:f8:06:d4:ab:ef:5f:
48:f1:62:ad:f2:22:32:c4:e6:58:55:97:58:57:58:
d1:24:31:06:bd:89:5f:30:45:fd:17:c3:f0:11:9e:
3d:c9:79:1d:8f:09:16:db:48:0b:e2:f6:9a:e5:d3:
1d:79:4f:62:e7:47:d5:00:44:15:04:e8:4d:36:64:
dc:1b:53:94:fd:66:45:aa:f7:b6:e1:63:5e:54:3b:
a5:12:40:83:f8:6d:df:ee:6d:38:bc:75:39:d1:ec:
64:87:b9:03:00:58:56:63:1a:d3:0e:d4:b2:1a:29:
1f:66:03:e6:f1:9d:6d:38:2f:95:68:bb:13:cd:68:
ec:5a:91:ef:77:6c:0f:ab:6c:23:70:53:b6:7a:50:
5b:af:4c:ae:e4:ff:44:c6:a9:39:9b:cc:6f:b4:57:
fe:8d:3c:1d:4b:99:78:e1:3b:68:b6:0a:64:9f:41:
95:56:3a:cf:af:a4:07:e3:33:65:e7:4b:03:bf:dd:
7b:0a:73:73:cd:ac:bc:21:69:82:0d:14:cc:ec:94:
35:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:74:C0:8F:85:08:CD:BF:26:02:DA:5E:05:D1:B9:C2:3A:E4:0F:41
X509v3 Authority Key Identifier:
keyid:B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/tBFqjm2pkf3PcWJue-oR_2nLqEY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/445C86F2A22A11EF9B03581FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.230.52.0/22
43.231.189.0/24
43.231.191.0/24
43.246.129.0/24
43.246.131.0/24
43.246.197.0/24
43.246.199.0/24
43.251.185.0/24
43.251.187.0/24
45.115.33.0/24
45.115.35.0/24
103.8.87.0/24
103.12.53.0/24
103.12.55.0/24
103.13.17.0/24
103.13.19.0/24
103.15.76.0-103.15.78.255
103.21.105.0/24
103.21.107.0/24
103.248.148.0/23
103.248.151.0/24
Signature Algorithm: sha256WithRSAEncryption
01:08:8b:f4:a4:c3:2b:c6:f3:0e:69:02:03:7d:b4:a0:d1:f9:
d4:1e:22:5c:6a:1d:53:ab:31:d3:81:37:2a:16:b6:1a:f3:72:
e7:56:ea:d4:a0:a5:26:53:77:5f:41:5d:4b:ba:68:7e:a0:83:
6f:12:57:72:b7:5d:b5:9e:12:88:0a:32:f4:64:e0:28:3a:c0:
a0:e6:c1:5d:49:c9:96:41:84:8a:6b:db:a8:f7:13:53:2b:9b:
18:22:a7:27:37:c9:9e:52:0d:69:9e:92:c1:a4:0e:be:78:46:
79:7e:95:3e:f4:d0:a2:b0:dd:98:16:0b:ee:1d:78:76:dd:84:
d3:ca:8d:cd:38:f0:12:71:c7:7e:99:5e:ce:f8:42:d6:24:ad:
9e:c3:a6:09:28:a3:1d:07:cf:56:a9:43:0d:65:5d:b4:9f:cf:
cb:0c:00:ee:d4:df:59:69:ea:4b:4f:40:9e:17:28:6a:3f:08:
a7:99:bd:3a:aa:24:2f:78:70:35:c1:6b:ba:32:7b:b1:74:1b:
27:bb:8c:31:0e:18:c0:a7:c4:c7:e3:d3:aa:da:67:b6:f7:98:
b3:dc:b3:30:b2:91:da:15:f8:50:05:95:a8:13:16:72:6e:d0:
79:92:c9:26:b8:81:df:1e:fa:d7:6a:fc:a3:aa:e4:9f:c7:b4:
9e:35:de:89
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgICC1wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTQ0MDIxMTAvBgNVBAUTKEI0MTE2QThFNkRBOTkxRkRDRjcxNjI2RTdCRUExMUZG
NjlDQkE4NDYwHhcNMjUwMzAyMjAwODA0WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M0YmFhNC1iZDA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4zeFRsS7qmY2HV0y20gTRFOlsXt5TKWx2wQ2gN67eCiNpuJ1q+u/Up0+cpMh
m7azU9dXqDT4BtSr719I8WKt8iIyxOZYVZdYV1jRJDEGvYlfMEX9F8PwEZ49yXkd
jwkW20gL4vaa5dMdeU9i50fVAEQVBOhNNmTcG1OU/WZFqve24WNeVDulEkCD+G3f
7m04vHU50exkh7kDAFhWYxrTDtSyGikfZgPm8Z1tOC+VaLsTzWjsWpHvd2wPq2wj
cFO2elBbr0yu5P9Exqk5m8xvtFf+jTwdS5l44Ttotgpkn0GVVjrPr6QH4zNl50sD
v917CnNzzay8IWmCDRTM7JQ17QIDAQABo4IDGjCCAxYwHQYDVR0OBBYEFDh0wI+F
CM2/JgLaXgXRucI65A9BMB8GA1UdIwQYMBaAFLQRao5tqZH9z3FibnvqEf9py6hG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNDQwMi9GREJGRDAyMDNE
OTYxMUVBOEVBMDcwMkZDNEY5QUUwMi90QkZxam0ycGtmM1BjV0p1ZS1vUl8ybkxx
RVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RCRnFqbTJwa2YzUGNXSnVlLW9SXzJuTHFFWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTQ0MDIvRkRCRkQwMjAzRDk2MTFFQThFQTA3MDJGQzRGOUFFMDIvNDQ1Qzg2RjJB
MjJBMTFFRjlCMDM1ODFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaMGCCsGAQUFBwEHAQH/
BIGTMIGQMIGNBAIAATCBhgMEAivmNAMEACvnvQMEACvnvwMEACv2gQMEACv2gwME
ACv2xQMEACv2xwMEACv7uQMEACv7uwMEAC1zIQMEAC1zIwMEAGcIVwMEAGcMNQME
AGcMNwMEAGcNEQMEAGcNEzAMAwQCZw9MAwQAZw9OAwQAZxVpAwQAZxVrAwQBZ/iU
AwQAZ/iXMA0GCSqGSIb3DQEBCwUAA4IBAQABCIv0pMMrxvMOaQIDfbSg0fnUHiJc
ah1TqzHTgTcqFrYa83LnVurUoKUmU3dfQV1Lumh+oINvEldyt121nhKICjL0ZOAo
OsCg5sFdScmWQYSKa9uo9xNTK5sYIqcnN8meUg1pnpLBpA6+eEZ5fpU+9NCisN2Y
FgvuHXh23YTTyo3NOPASccd+mV7O+ELWJK2ew6YJKKMdB89WqUMNZV20n8/LDADu
1N9ZaepLT0CeFyhqPwinmb06qiQveHA1wWu6MnuxdBsnu4wxDhjAp8TH49Oq2me2
95iz3LMwspHaFfhQBZWoExZybtB5kskmuIHfHvrXavyjquSfx7SeNd6J
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:20:25 2025 by rpki-client