Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/4F2324164E2511EDA49B5C52C4F9AE02.roa
File: 4F2324164E2511EDA49B5C52C4F9AE02.roa (raw, json)
Hash identifier: SJFPTgubeoNEmLOcKtQ9x1+N8eM3oqSDQ6dLy+9wGeI=
Subject key identifier: 6A:04:50:16:8B:C8:A9:F3:B1:60:71:54:18:9D:CB:70:D9:BD:0D:CA
Certificate issuer: /CN=A91E6134/serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Certificate serial: 0946
Authority key identifier: 9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/4F2324164E2511EDA49B5C52C4F9AE02.roa
Signing time: Mon 27 Nov 2023 04:49:22 +0000
ROA not before: Mon 27 Nov 2023 04:49:22 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 139.190.4.0/22 maxlen: 22
139.190.20.0/22 maxlen: 22
139.190.28.0/22 maxlen: 22
139.190.48.0/22 maxlen: 24
139.190.56.0/22 maxlen: 24
139.190.96.0/22 maxlen: 24
139.190.116.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2374 (0x946)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E6134, serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Validity
Not Before: Nov 27 04:49:22 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=65641fd2-dd6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:bc:d8:84:6c:1e:a5:39:c4:e7:37:d5:55:72:
7c:d1:27:20:c9:b0:9d:f2:6d:91:05:3c:3d:fc:05:
dd:12:68:f8:11:15:56:17:09:58:2c:f1:6d:ea:f7:
20:76:50:5d:28:56:9e:f7:16:fe:f2:45:a3:7c:39:
85:bc:d4:84:a5:53:a1:b8:d9:1e:87:64:11:80:ca:
4e:23:a9:4d:44:b0:27:ec:be:8d:3d:18:c1:74:87:
5b:92:d9:49:1c:1a:4d:a9:15:05:eb:f6:39:b1:bf:
7d:0a:b0:ef:94:1c:7c:37:ca:ef:df:cc:31:a4:e5:
45:a8:cb:f5:ce:fd:31:8c:b2:d2:50:69:61:53:5d:
05:34:a9:ef:18:34:e7:4b:c0:1d:5c:bf:3f:50:cc:
9c:36:ae:6d:ef:7a:ae:9a:7f:52:31:bd:41:88:ee:
13:09:9f:a4:b4:d8:9c:2c:e9:9f:5e:38:9a:84:bd:
ef:19:89:f9:c6:f6:1b:2c:75:d5:fb:12:d2:92:ed:
64:33:51:44:97:93:fe:57:97:5a:2f:47:86:04:98:
f7:2f:3b:1a:1e:d9:0b:a7:f2:f4:a1:d2:a3:71:3a:
00:63:00:39:10:08:cb:8d:d0:2e:7f:8b:67:db:64:
ec:ef:cd:35:c7:44:8b:fb:8e:da:8b:ec:ed:a2:68:
e4:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:04:50:16:8B:C8:A9:F3:B1:60:71:54:18:9D:CB:70:D9:BD:0D:CA
X509v3 Authority Key Identifier:
keyid:9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/4F2324164E2511EDA49B5C52C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
139.190.4.0/22
139.190.20.0/22
139.190.28.0/22
139.190.48.0/22
139.190.56.0/22
139.190.96.0/22
139.190.116.0/22
Signature Algorithm: sha256WithRSAEncryption
58:59:f1:0b:81:0a:06:63:cf:1a:0c:9f:c8:c8:69:22:bc:74:
e3:66:37:78:30:3f:bf:d6:58:92:81:63:9a:0f:17:c2:2d:6a:
25:17:91:c7:ce:dc:25:63:08:b4:a0:b8:ca:90:70:18:86:26:
d4:73:25:cc:99:24:d4:45:1e:2d:62:da:f1:08:14:50:62:d0:
0e:7a:ea:d3:e6:da:fe:2f:15:98:c7:f8:2f:a9:b0:7a:cb:a9:
4a:66:3e:6e:58:01:0a:ed:e6:8f:ee:80:7d:2b:1f:e5:3d:93:
d1:18:34:d0:68:df:a7:ee:a5:a9:c7:d3:61:96:2e:6c:1a:24:
76:99:52:b0:2a:b6:bc:70:c7:c6:43:b2:c6:84:61:a0:7a:44:
10:5d:19:1a:c7:c6:91:c9:95:af:a5:e2:fc:53:77:42:dd:f8:
03:ee:10:6f:71:e4:a6:74:50:7b:3d:e1:65:14:15:40:8a:8d:
cb:31:c1:53:eb:da:35:4c:69:5b:de:6f:29:13:a5:22:e2:0b:
3b:a6:72:dc:1e:a0:1e:5d:7a:5a:5d:4e:ca:e2:ad:77:ff:e0:
19:26:1e:01:d0:fe:12:84:5d:e6:a7:99:42:50:73:1b:9e:2d:
25:ec:50:c3:b1:01:46:23:86:bb:3e:7d:e9:a2:79:35:6b:3b:
4d:19:d5:c6
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICCUYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDlBNzNGMUE5MTlGQkY0NkM4NzJFMzg4MDVCMTY1MEI1
Rjg4Mjc2RDMwHhcNMjMxMTI3MDQ0OTIyWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTY0MWZkMi1kZDZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA57zYhGwepTnE5zfVVXJ80ScgybCd8m2RBTw9/AXdEmj4ERVWFwlYLPFt6vcg
dlBdKFae9xb+8kWjfDmFvNSEpVOhuNkeh2QRgMpOI6lNRLAn7L6NPRjBdIdbktlJ
HBpNqRUF6/Y5sb99CrDvlBx8N8rv38wxpOVFqMv1zv0xjLLSUGlhU10FNKnvGDTn
S8AdXL8/UMycNq5t73qumn9SMb1BiO4TCZ+ktNicLOmfXjiahL3vGYn5xvYbLHXV
+xLSku1kM1FEl5P+V5daL0eGBJj3LzsaHtkLp/L0odKjcToAYwA5EAjLjdAuf4tn
22Ts7801x0SL+47ai+ztomjk/QIDAQABo4ICuTCCArUwHQYDVR0OBBYEFGoEUBaL
yKnzsWBxVBidy3DZvQ3KMB8GA1UdIwQYMBaAFJpz8akZ+/Rshy44gFsWULX4gnbT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81N0IzRTBCQ0My
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9tblB4cVJuNzlHeUhMamlBV3haUXRmaUNk
dE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL21uUHhxUm43OUd5SExqaUFXeFpRdGZpQ2R0TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNTdCM0UwQkNDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvNEYyMzI0MTY0
RTI1MTFFREE0OUI1QzUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMDAEAgABMCoDBAKLvgQDBAKLvhQDBAKLvhwDBAKLvjADBAKLvjgDBAKLvmAD
BAKLvnQwDQYJKoZIhvcNAQELBQADggEBAFhZ8QuBCgZjzxoMn8jIaSK8dONmN3gw
P7/WWJKBY5oPF8ItaiUXkcfO3CVjCLSguMqQcBiGJtRzJcyZJNRFHi1i2vEIFFBi
0A566tPm2v4vFZjH+C+psHrLqUpmPm5YAQrt5o/ugH0rH+U9k9EYNNBo36fupanH
02GWLmwaJHaZUrAqtrxwx8ZDssaEYaB6RBBdGRrHxpHJla+l4vxTd0Ld+APuEG9x
5KZ0UHs94WUUFUCKjcsxwVPr2jVMaVvebykTpSLiCzumctweoB5delpdTsrirXf/
4BkmHgHQ/hKEXeanmUJQcxueLSXsUMOxAUYjhrs+femieTVrO00Z1cY=
-----END CERTIFICATE-----
Generated at Fri May 9 09:30:45 2025 by rpki-client