Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1A14/F7E864468FBC11EAA8C3127BC4F9AE02/7B8BE75E8FBE11EA9797847DC4F9AE02.roa
File: 7B8BE75E8FBE11EA9797847DC4F9AE02.roa (raw, json)
Hash identifier: kqrF4dNluJ8Lnc9MKXnQ+C0n9upk2RyWbJ/mtacgHEc=
Subject key identifier: 68:10:E4:7F:70:B8:E9:E0:47:14:A5:1F:FB:7A:3C:08:E0:74:86:C6
Certificate issuer: /CN=A91C1A14/serialNumber=598DD5A39AE477658AD5BCBFE36264A1A61D6708
Certificate serial: 095F
Authority key identifier: 59:8D:D5:A3:9A:E4:77:65:8A:D5:BC:BF:E3:62:64:A1:A6:1D:67:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WY3Vo5rkd2WK1by_42JkoaYdZwg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C1A14/F7E864468FBC11EAA8C3127BC4F9AE02/7B8BE75E8FBE11EA9797847DC4F9AE02.roa
Signing time: Mon 03 Feb 2025 10:48:45 +0000
ROA not before: Mon 03 Feb 2025 10:48:45 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 136030
IP address blocks: 43.225.98.0/24 maxlen: 24
43.225.99.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2399 (0x95f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C1A14
Validity
Not Before: Feb 3 10:48:45 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=67a09f0c-aa15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:29:74:ff:e1:49:cb:26:8a:0a:a5:30:b4:73:
fc:45:d7:9d:5d:90:4e:49:b1:1f:17:0f:62:55:e4:
6a:f0:8e:af:f1:19:e9:b9:1b:46:8d:69:8b:35:87:
91:b4:c4:7b:53:9c:15:94:cc:cc:15:6e:11:4d:72:
f0:55:c9:ec:e2:0b:42:b5:78:ae:95:2a:fc:80:04:
52:89:9c:ce:5c:28:e6:89:69:03:c6:dc:16:98:6f:
37:b8:5a:ee:20:da:ab:a9:cc:36:8c:2e:61:e2:0f:
b6:e1:61:e6:87:f7:71:76:16:4d:b2:82:49:19:0d:
4e:a4:67:f7:79:8c:14:d5:b2:11:ed:9b:a3:ce:02:
61:66:06:f8:23:0b:dc:28:f0:cd:80:b9:ad:36:09:
4f:0b:56:2d:ad:93:24:3e:a9:60:4c:3e:1d:4e:5d:
5a:d3:d8:2c:67:3e:11:fc:42:a5:18:81:79:ef:49:
a5:f8:22:4e:38:02:ca:23:0a:76:a7:48:c3:b0:b0:
92:84:91:e4:f0:a1:9f:45:9a:10:6a:bf:61:a4:d9:
2c:70:9e:0a:ce:60:96:8d:8a:8a:1b:82:0c:39:b1:
89:5e:dd:28:12:cd:c5:59:fc:a6:50:d6:5d:c4:e0:
43:41:52:e6:ee:ee:68:a8:66:64:28:74:0b:59:0b:
0c:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:10:E4:7F:70:B8:E9:E0:47:14:A5:1F:FB:7A:3C:08:E0:74:86:C6
X509v3 Authority Key Identifier:
keyid:59:8D:D5:A3:9A:E4:77:65:8A:D5:BC:BF:E3:62:64:A1:A6:1D:67:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C1A14/F7E864468FBC11EAA8C3127BC4F9AE02/WY3Vo5rkd2WK1by_42JkoaYdZwg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WY3Vo5rkd2WK1by_42JkoaYdZwg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1A14/F7E864468FBC11EAA8C3127BC4F9AE02/7B8BE75E8FBE11EA9797847DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.98.0/23
Signature Algorithm: sha256WithRSAEncryption
88:96:3b:78:6c:8c:5a:7c:a7:80:99:8b:e7:0c:64:3e:70:85:
8b:d5:89:86:23:28:68:49:32:0a:50:aa:32:ac:5a:9d:8a:90:
be:0c:49:5c:25:9e:8d:27:1c:85:bc:30:19:8d:97:49:fe:5e:
89:44:aa:70:18:3b:6e:b7:fe:94:71:fa:46:25:95:bc:de:75:
0a:16:f3:ac:8b:3d:e9:b1:45:eb:ac:82:53:65:03:57:ef:52:
dd:43:fc:37:6e:2d:12:f7:c1:53:61:6f:3d:6c:bd:20:7d:8c:
71:8f:18:e8:02:bf:3b:65:6e:9f:7d:47:89:bd:7b:4c:fe:fd:
40:71:d3:7e:4f:7e:b0:b2:34:ce:30:c2:48:53:9d:13:cd:63:
1b:35:d8:b1:d0:aa:7f:9f:36:52:23:5c:92:5d:4d:ef:2f:50:
76:cc:b5:29:d6:5b:2e:33:e2:c2:de:83:6d:5a:9c:7b:dc:29:
8b:a1:0b:ed:e8:9e:c9:d6:a9:2f:a7:27:aa:7c:92:29:67:20:
f4:66:92:3d:3e:7d:13:42:6d:5f:44:18:f5:e3:c2:be:b2:d6:
8b:67:4b:af:61:d4:78:2e:86:1c:96:80:0a:55:d6:f1:e9:61:
56:8d:4b:39:93:f5:04:1b:90:c1:9b:d0:ab:52:56:8d:11:89:
83:6f:00:78
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCV8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzFBMTQxMTAvBgNVBAUTKDU5OERENUEzOUFFNDc3NjU4QUQ1QkNCRkUzNjI2NEEx
QTYxRDY3MDgwHhcNMjUwMjAzMTA0ODQ1WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EwOWYwYy1hYTE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0Sl0/+FJyyaKCqUwtHP8RdedXZBOSbEfFw9iVeRq8I6v8RnpuRtGjWmLNYeR
tMR7U5wVlMzMFW4RTXLwVcns4gtCtXiulSr8gARSiZzOXCjmiWkDxtwWmG83uFru
INqrqcw2jC5h4g+24WHmh/dxdhZNsoJJGQ1OpGf3eYwU1bIR7ZujzgJhZgb4Iwvc
KPDNgLmtNglPC1YtrZMkPqlgTD4dTl1a09gsZz4R/EKlGIF570ml+CJOOALKIwp2
p0jDsLCShJHk8KGfRZoQar9hpNkscJ4KzmCWjYqKG4IMObGJXt0oEs3FWfymUNZd
xOBDQVLm7u5oqGZkKHQLWQsMbQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGgQ5H9w
uOngRxSlH/t6PAjgdIbGMB8GA1UdIwQYMBaAFFmN1aOa5HdlitW8v+NiZKGmHWcI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMUExNC9GN0U4NjQ0NjhG
QkMxMUVBQThDMzEyN0JDNEY5QUUwMi9XWTNWbzVya2QyV0sxYnlfNDJKa29hWWRa
d2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dZM1ZvNXJrZDJXSzFieV80Mkprb2FZZFp3Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzFBMTQvRjdFODY0NDY4RkJDMTFFQUE4QzMxMjdCQzRGOUFFMDIvN0I4QkU3NUU4
RkJFMTFFQTk3OTc4NDdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAEr4WIwDQYJKoZIhvcNAQELBQADggEBAIiWO3hsjFp8p4CZ
i+cMZD5whYvViYYjKGhJMgpQqjKsWp2KkL4MSVwlno0nHIW8MBmNl0n+XolEqnAY
O263/pRx+kYllbzedQoW86yLPemxReusglNlA1fvUt1D/DduLRL3wVNhbz1svSB9
jHGPGOgCvztlbp99R4m9e0z+/UBx035PfrCyNM4wwkhTnRPNYxs12LHQqn+fNlIj
XJJdTe8vUHbMtSnWWy4z4sLeg21anHvcKYuhC+3onsnWqS+nJ6p8kilnIPRmkj0+
fRNCbV9EGPXjwr6y1otnS69h1HguhhyWgApV1vHpYVaNSzmT9QQbkMGb0KtSVo0R
iYNvAHg=
-----END CERTIFICATE-----
Generated at Sat Apr 5 01:58:02 2025 by rpki-client