Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/4E8E4E4272C611E98D657D5AC4F9AE02.roa
File: 4E8E4E4272C611E98D657D5AC4F9AE02.roa (raw, json)
Hash identifier: 03eXIRxRCGm6Y2IlImfgWH3R43qEIrng7UbM/YyBbVE=
Subject key identifier: BE:74:5F:02:10:A5:49:27:63:6C:EE:A6:C3:74:56:78:18:F4:0E:1E
Certificate issuer: /CN=A91E0CE8/serialNumber=06C627D9C312C7B47D1C3A53B44755A10A68487C
Certificate serial: 14AF
Authority key identifier: 06:C6:27:D9:C3:12:C7:B4:7D:1C:3A:53:B4:47:55:A1:0A:68:48:7C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BsYn2cMSx7R9HDpTtEdVoQpoSHw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/4E8E4E4272C611E98D657D5AC4F9AE02.roa
Signing time: Tue 06 Dec 2022 17:44:31 +0000
ROA not before: Tue 06 Dec 2022 17:44:31 +0000
ROA not after: Fri 01 Mar 2024 00:00:00 +0000
asID: 139021
IP address blocks: 43.224.152.0/24 maxlen: 24
43.224.153.0/24 maxlen: 24
43.224.154.0/24 maxlen: 24
43.224.155.0/24 maxlen: 24
103.43.188.0/24 maxlen: 24
103.43.189.0/24 maxlen: 24
103.43.190.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5295 (0x14af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E0CE8
Validity
Not Before: Dec 6 17:44:31 2022 GMT
Not After : Mar 1 00:00:00 2024 GMT
Subject: CN=638f7f7f-b604
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:6e:b9:8d:19:98:01:35:5e:b5:f2:1a:92:e5:
03:9f:66:48:a2:f1:39:49:9f:df:29:ca:07:44:72:
9c:95:65:1c:16:45:50:e2:6c:13:fd:48:8b:64:4d:
50:eb:d5:40:4a:27:03:83:c8:13:32:52:9f:12:5f:
e5:ea:ef:17:32:a8:68:d5:5a:d4:9d:49:38:ff:0e:
61:55:03:ad:ae:1e:fb:7d:4c:7f:be:5f:91:75:35:
aa:de:10:6a:a7:52:f2:6b:49:34:33:89:0b:04:8f:
8a:c1:99:23:ea:e8:9d:c4:d9:2d:25:5a:1d:dd:a7:
70:48:91:b2:64:fe:be:44:b1:89:db:44:57:03:7a:
2d:9c:09:b8:8c:9a:5c:a4:0e:cb:21:25:77:70:5a:
51:49:a6:4e:66:09:1f:79:1b:47:47:f9:58:f8:a4:
41:e9:ce:ba:94:aa:7c:c8:3a:7e:ef:a8:38:c7:58:
a7:66:57:6e:38:86:88:c4:2f:a4:8f:16:c5:9d:54:
db:c9:37:de:1b:37:aa:ea:86:1e:37:88:39:69:89:
b2:ea:a0:31:4c:ce:78:08:01:9f:0b:d9:22:89:dc:
26:a8:df:36:9a:13:45:b8:68:fa:80:88:a8:57:9c:
36:ca:76:48:0b:48:3c:54:71:7f:3b:45:71:d4:b1:
86:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:74:5F:02:10:A5:49:27:63:6C:EE:A6:C3:74:56:78:18:F4:0E:1E
X509v3 Authority Key Identifier:
keyid:06:C6:27:D9:C3:12:C7:B4:7D:1C:3A:53:B4:47:55:A1:0A:68:48:7C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/BsYn2cMSx7R9HDpTtEdVoQpoSHw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BsYn2cMSx7R9HDpTtEdVoQpoSHw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/4E8E4E4272C611E98D657D5AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.152.0/22
103.43.188.0/22
Signature Algorithm: sha256WithRSAEncryption
01:c5:83:17:b1:5b:5a:8f:57:66:51:94:a4:36:ff:63:24:b3:
1e:00:4e:fa:e7:28:ca:12:65:74:0c:d6:18:58:e5:3a:e8:ab:
85:57:4e:23:88:fd:f1:1e:39:14:60:91:2d:47:2c:67:ba:15:
53:b6:64:5e:c1:01:8b:51:15:b4:46:b0:42:8f:50:42:57:66:
ca:7c:3f:e2:7a:31:b2:18:ef:fe:1f:58:30:54:d1:b6:a6:cb:
83:ae:0c:a9:14:16:d8:f4:7c:ba:12:1c:15:dc:5c:23:bc:c6:
21:29:7f:c3:da:ba:f1:e3:aa:2f:0f:3d:da:84:f5:1b:51:d6:
5d:17:0d:c9:bc:56:eb:c1:78:ee:c5:99:cb:36:0e:b0:cf:0b:
0d:2a:7b:25:a4:c6:6a:29:d3:99:19:6d:f8:fb:b2:92:7f:cd:
0b:59:13:1a:55:a7:2f:42:fb:2c:4f:4e:90:82:4b:11:4e:6d:
4b:7c:3b:5b:b2:a0:42:a7:36:dc:dc:7e:19:e9:b3:eb:9f:7b:
b2:a3:22:73:8c:70:d4:7d:41:0a:e5:7b:74:9d:b4:c5:4f:12:
18:55:36:7b:48:4f:99:a4:cd:01:59:6f:d8:69:48:e3:d4:3f:
a3:c8:75:82:02:4b:c9:ae:18:a7:a1:12:50:ff:b1:2d:9b:fe:
b9:11:5a:b0
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICFK8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTBDRTgxMTAvBgNVBAUTKDA2QzYyN0Q5QzMxMkM3QjQ3RDFDM0E1M0I0NDc1NUEx
MEE2ODQ4N0MwHhcNMjIxMjA2MTc0NDMxWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzhmN2Y3Zi1iNjA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0m65jRmYATVetfIakuUDn2ZIovE5SZ/fKcoHRHKclWUcFkVQ4mwT/UiLZE1Q
69VASicDg8gTMlKfEl/l6u8XMqho1VrUnUk4/w5hVQOtrh77fUx/vl+RdTWq3hBq
p1Lya0k0M4kLBI+KwZkj6uidxNktJVod3adwSJGyZP6+RLGJ20RXA3otnAm4jJpc
pA7LISV3cFpRSaZOZgkfeRtHR/lY+KRB6c66lKp8yDp+76g4x1inZlduOIaIxC+k
jxbFnVTbyTfeGzeq6oYeN4g5aYmy6qAxTM54CAGfC9kiidwmqN82mhNFuGj6gIio
V5w2ynZIC0g8VHF/O0Vx1LGGYwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFL50XwIQ
pUknY2zupsN0VngY9A4eMB8GA1UdIwQYMBaAFAbGJ9nDEse0fRw6U7RHVaEKaEh8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMENFOC85MDBEMjY0NjA2
NkExMUU4QjlCQUY2ODJDNEY5QUUwMi9Cc1luMmNNU3g3UjlIRHBUdEVkVm9RcG9T
SHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JzWW4yY01TeDdSOUhEcFR0RWRWb1Fwb1NIdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTBDRTgvOTAwRDI2NDYwNjZBMTFFOEI5QkFGNjgyQzRGOUFFMDIvNEU4RTRFNDI3
MkM2MTFFOThENjU3RDVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr4JgDBAJnK7wwDQYJKoZIhvcNAQELBQADggEBAAHFgxex
W1qPV2ZRlKQ2/2Mksx4ATvrnKMoSZXQM1hhY5Troq4VXTiOI/fEeORRgkS1HLGe6
FVO2ZF7BAYtRFbRGsEKPUEJXZsp8P+J6MbIY7/4fWDBU0bamy4OuDKkUFtj0fLoS
HBXcXCO8xiEpf8PauvHjqi8PPdqE9RtR1l0XDcm8VuvBeO7Fmcs2DrDPCw0qeyWk
xmop05kZbfj7spJ/zQtZExpVpy9C+yxPTpCCSxFObUt8O1uyoEKnNtzcfhnps+uf
e7KjInOMcNR9QQrle3SdtMVPEhhVNntIT5mkzQFZb9hpSOPUP6PIdYICS8muGKeh
ElD/sS2b/rkRWrA=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:49:56 2025 by rpki-client