Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/AEAE9A2A5CD911EC981F6C87C4F9AE02.roa
File: AEAE9A2A5CD911EC981F6C87C4F9AE02.roa (raw, json)
Hash identifier: mrkw2iUTGV3+NI7KFHsrT7qbE+gph4ECyivYFI291kA=
Subject key identifier: 59:6E:5B:F2:5A:F6:5F:31:00:74:D5:C2:85:4B:7C:49:7C:F9:65:45
Certificate issuer: /CN=A914BC7A/serialNumber=5312F399A6F7EB0DDCD51C039F83F7B7A47A5F09
Certificate serial: 3288
Authority key identifier: 53:12:F3:99:A6:F7:EB:0D:DC:D5:1C:03:9F:83:F7:B7:A4:7A:5F:09
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UxLzmab36w3c1RwDn4P3t6R6Xwk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/AEAE9A2A5CD911EC981F6C87C4F9AE02.roa
Signing time: Mon 31 Oct 2022 16:01:13 +0000
ROA not before: Mon 31 Oct 2022 16:01:13 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 148000
IP address blocks: 2409::/40 maxlen: 40
2409::/48 maxlen: 48
240a:e000::/20 maxlen: 20
240a:eabc:abcd::/48 maxlen: 48
240a:eabc:d00d::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12936 (0x3288)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914BC7A, serialNumber=5312F399A6F7EB0DDCD51C039F83F7B7A47A5F09
Validity
Not Before: Oct 31 16:01:13 2022 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=635ff148-d29a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:2b:f4:23:9d:41:68:a3:4b:c2:44:04:74:b6:
a8:c4:14:30:0b:ce:ab:f2:f7:ef:1d:a1:da:7f:61:
0c:68:a1:57:89:45:ce:be:b4:cf:77:a8:b7:86:5f:
b2:ee:bb:03:f7:45:e4:11:0e:91:20:28:38:6f:f7:
23:ed:45:8f:c7:7a:3c:17:64:ba:79:b1:84:83:8e:
3c:a6:cf:0d:48:aa:d1:13:0f:3c:9c:63:7d:93:a3:
7e:e6:fd:c6:9e:cb:f0:18:fe:02:49:59:87:de:76:
8a:d1:26:81:94:d4:88:9e:ab:a1:22:07:a8:3c:9b:
84:d2:32:e5:89:15:69:a2:41:95:61:d3:21:3a:2b:
96:95:ef:d4:bc:6b:1e:12:2a:ea:da:39:14:b7:09:
ec:66:dd:ca:5c:f3:6e:97:70:b8:3a:96:05:be:48:
4b:e7:ed:b3:22:da:e9:11:5e:8e:81:94:cb:f5:d5:
58:45:d3:02:63:b4:78:41:c5:cc:c3:a1:ac:f5:5b:
b2:13:4a:62:30:20:08:b1:37:30:dc:6f:d8:4f:31:
14:dd:a5:30:87:11:e5:a6:75:e0:ef:db:f7:5f:0f:
34:79:ed:e6:17:76:81:ed:25:23:07:d8:16:5a:4a:
67:d5:a2:43:06:0e:91:4c:e5:6e:df:be:57:ea:86:
53:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:6E:5B:F2:5A:F6:5F:31:00:74:D5:C2:85:4B:7C:49:7C:F9:65:45
X509v3 Authority Key Identifier:
keyid:53:12:F3:99:A6:F7:EB:0D:DC:D5:1C:03:9F:83:F7:B7:A4:7A:5F:09
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/UxLzmab36w3c1RwDn4P3t6R6Xwk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UxLzmab36w3c1RwDn4P3t6R6Xwk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/AEAE9A2A5CD911EC981F6C87C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2409::/40
240a:e000::/20
Signature Algorithm: sha256WithRSAEncryption
a2:c4:d1:cc:c1:b1:93:7a:ca:b7:49:0b:89:64:c9:92:c9:7f:
71:51:99:31:10:8e:80:3e:63:47:36:e5:d9:70:dc:05:e1:ee:
c9:e2:6e:44:e7:1f:57:03:42:20:45:f8:2b:5c:01:70:7a:61:
7f:45:d4:12:37:2c:79:2d:7a:8a:9f:a3:85:2b:ca:14:3f:71:
14:af:5b:e4:64:0c:1d:06:26:13:99:e5:26:fd:b2:df:d5:54:
ad:f2:1d:de:64:e8:09:e3:9b:4f:47:e7:b5:73:e9:4f:96:db:
aa:9b:a2:85:78:00:e0:0f:ac:d5:82:cd:d8:04:c3:3f:b1:a6:
14:bb:a5:34:cd:15:8a:d2:dd:36:33:9b:b7:2d:70:a7:6d:cf:
45:a7:0b:2e:ba:01:5c:9e:44:92:9c:9b:6f:c2:08:cf:d2:a4:
0f:f7:39:91:0d:cf:85:7c:f1:94:8e:25:ac:b1:f0:a2:42:12:
a3:20:0c:94:11:60:74:ca:c3:03:e0:3b:f6:8d:59:82:b2:9e:
63:fb:d3:f5:88:cd:29:c2:7a:39:4a:db:ec:2a:6c:1a:77:04:
63:25:35:bf:c3:32:78:58:a6:4e:23:11:48:ad:67:66:06:c6:
d2:73:c3:67:e5:47:fb:76:d1:81:78:d1:4a:44:73:2b:6c:b7:
53:8b:19:41
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICMogwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEJDN0ExMTAvBgNVBAUTKDUzMTJGMzk5QTZGN0VCMEREQ0Q1MUMwMzlGODNGN0I3
QTQ3QTVGMDkwHhcNMjIxMDMxMTYwMTEzWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzVmZjE0OC1kMjlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwyv0I51BaKNLwkQEdLaoxBQwC86r8vfvHaHaf2EMaKFXiUXOvrTPd6i3hl+y
7rsD90XkEQ6RICg4b/cj7UWPx3o8F2S6ebGEg448ps8NSKrREw88nGN9k6N+5v3G
nsvwGP4CSVmH3naK0SaBlNSInquhIgeoPJuE0jLliRVpokGVYdMhOiuWle/UvGse
Eirq2jkUtwnsZt3KXPNul3C4OpYFvkhL5+2zItrpEV6OgZTL9dVYRdMCY7R4QcXM
w6Gs9VuyE0piMCAIsTcw3G/YTzEU3aUwhxHlpnXg79v3Xw80ee3mF3aB7SUjB9gW
Wkpn1aJDBg6RTOVu375X6oZTcwIDAQABo4ICnTCCApkwHQYDVR0OBBYEFFluW/Ja
9l8xAHTVwoVLfEl8+WVFMB8GA1UdIwQYMBaAFFMS85mm9+sN3NUcA5+D97ekel8J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QkM3QS80QzUyOEY3ODQ1
MDMxMUUyQkRDQTFGNzMyOTc5QkIyMC9VeEx6bWFiMzZ3M2MxUndEbjRQM3Q2UjZY
d2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V4THptYWIzNnczYzFSd0RuNFAzdDZSNlh3ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEJDN0EvNEM1MjhGNzg0NTAzMTFFMkJEQ0ExRjczMjk3OUJCMjAvQUVBRTlBMkE1
Q0Q5MTFFQzk4MUY2Qzg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgACMA4DBgAkCQAAAAMEBCQK4DANBgkqhkiG9w0BAQsFAAOCAQEAosTR
zMGxk3rKt0kLiWTJksl/cVGZMRCOgD5jRzbl2XDcBeHuyeJuROcfVwNCIEX4K1wB
cHphf0XUEjcseS16ip+jhSvKFD9xFK9b5GQMHQYmE5nlJv2y39VUrfId3mToCeOb
T0fntXPpT5bbqpuihXgA4A+s1YLN2ATDP7GmFLulNM0VitLdNjObty1wp23PRacL
LroBXJ5Ekpybb8IIz9KkD/c5kQ3PhXzxlI4lrLHwokISoyAMlBFgdMrDA+A79o1Z
grKeY/vT9YjNKcJ6OUrb7CpsGncEYyU1v8MyeFimTiMRSK1nZgbG0nPDZ+VH+3bR
gXjRSkRzK2y3U4sZQQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 09:25:13 2025 by rpki-client