Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9A8D/32F1F4C283E911ECB873C871C4F9AE02/5ADC253683EC11ECB7EC3B76C4F9AE02.roa
File: 5ADC253683EC11ECB7EC3B76C4F9AE02.roa (raw, json)
Hash identifier: sEHTmY3KRAy38fGnqpRT0VDyKMXJeroHr8uKywdfezo=
Subject key identifier: 23:7A:9D:2C:D3:EE:8A:EA:64:16:53:BA:FF:5F:E1:A5:35:80:44:BE
Certificate issuer: /CN=A91C9A8D/serialNumber=E18F9E85743ABECAC0462B8FDF43A7DB4A628FF9
Certificate serial: 0384
Authority key identifier: E1:8F:9E:85:74:3A:BE:CA:C0:46:2B:8F:DF:43:A7:DB:4A:62:8F:F9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4Y-ehXQ6vsrARiuP30On20pij_k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C9A8D/32F1F4C283E911ECB873C871C4F9AE02/5ADC253683EC11ECB7EC3B76C4F9AE02.roa
Signing time: Sun 01 Dec 2024 01:03:52 +0000
ROA not before: Sun 01 Dec 2024 01:03:52 +0000
ROA not after: Sun 30 Mar 2025 00:00:00 +0000
asID: 135594
IP address blocks: 103.67.165.0/24 maxlen: 24
103.152.4.0/24 maxlen: 24
2001:df3:4a00::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 900 (0x384)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C9A8D, serialNumber=E18F9E85743ABECAC0462B8FDF43A7DB4A628FF9
Validity
Not Before: Dec 1 01:03:52 2024 GMT
Not After : Mar 30 00:00:00 2025 GMT
Subject: CN=674bb5f7-2a23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:0e:f1:f1:02:df:2a:44:1f:33:3b:83:d1:db:
1a:e2:62:7a:ff:7f:b4:50:c9:f9:41:6c:0a:bf:75:
c3:7f:c5:30:4d:c0:2f:f4:49:ab:22:f8:6f:d9:7c:
86:70:9e:30:84:89:fd:51:c4:9f:31:8f:65:46:c1:
61:ed:ed:25:9d:e8:3b:b5:49:28:7f:aa:22:25:0a:
20:25:05:e1:cd:54:12:97:f3:54:f1:f2:4b:66:84:
07:45:37:60:36:e7:9a:85:16:3a:7e:13:56:77:0e:
b8:6e:ae:98:a8:72:33:ef:2b:09:19:17:6f:f0:5c:
61:51:b7:18:60:f5:10:43:e9:f7:cc:3d:93:27:18:
d2:37:44:92:8b:b1:5c:20:65:24:78:3f:3f:5a:22:
3c:85:df:cd:12:0d:ac:a8:c6:88:d1:57:bf:14:2a:
e5:ac:5d:44:4f:23:51:61:fb:1c:ad:d0:c6:be:42:
f4:9e:ff:66:af:83:be:77:87:0e:4f:3f:90:d0:cd:
8b:54:b8:b1:55:b2:01:03:31:21:b0:a3:16:15:51:
48:eb:81:aa:ec:20:78:77:a7:ca:4b:34:e5:23:52:
4c:5e:c5:8d:78:1d:25:61:49:61:70:e6:1d:e1:cd:
aa:2d:78:ec:04:52:25:2b:c8:94:1a:99:fd:60:8e:
af:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:7A:9D:2C:D3:EE:8A:EA:64:16:53:BA:FF:5F:E1:A5:35:80:44:BE
X509v3 Authority Key Identifier:
keyid:E1:8F:9E:85:74:3A:BE:CA:C0:46:2B:8F:DF:43:A7:DB:4A:62:8F:F9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C9A8D/32F1F4C283E911ECB873C871C4F9AE02/4Y-ehXQ6vsrARiuP30On20pij_k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4Y-ehXQ6vsrARiuP30On20pij_k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9A8D/32F1F4C283E911ECB873C871C4F9AE02/5ADC253683EC11ECB7EC3B76C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.67.165.0/24
103.152.4.0/24
IPv6:
2001:df3:4a00::/48
Signature Algorithm: sha256WithRSAEncryption
9c:77:8f:c3:a1:f9:6d:30:fa:c1:b9:e8:37:50:2f:79:18:9d:
2f:79:bd:72:94:50:50:44:3b:58:c0:6a:ff:a5:eb:ba:30:db:
b5:51:0e:84:24:7c:06:f3:be:44:12:1d:21:d4:63:e4:72:00:
3d:bf:88:e3:2a:17:cd:1d:fe:32:57:ba:f3:a0:f0:95:46:fa:
d3:bb:76:fe:b9:bc:13:12:fe:75:4e:f6:5e:df:5c:ab:3a:47:
02:c6:f1:f9:5a:ae:b6:da:e1:97:df:4f:2b:fb:1c:6b:9a:6c:
78:c2:78:db:23:bf:66:1c:40:04:15:9b:82:ab:2d:fc:88:4e:
05:c3:22:42:de:9c:c3:41:2b:5e:a1:70:89:34:6a:45:4e:9a:
4a:d6:05:b9:a0:4d:a8:dc:4c:33:13:f1:25:56:e9:68:fe:88:
d5:4f:8e:48:84:28:3b:da:07:a2:de:08:7f:8a:7d:ad:38:f9:
6d:bc:83:a5:bc:0e:77:4e:6b:bd:62:36:23:ed:c9:27:ee:d8:
65:5a:4c:a4:6c:4a:08:89:01:bd:33:12:96:35:1d:cd:5d:d4:
86:0e:ea:92:73:28:a2:15:4c:f4:2d:a6:74:9c:46:41:49:6d:
a5:87:97:27:22:cd:17:d9:0b:e2:7e:a8:f6:17:ec:12:77:b5:
e8:96:2e:2e
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICA4QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzlBOEQxMTAvBgNVBAUTKEUxOEY5RTg1NzQzQUJFQ0FDMDQ2MkI4RkRGNDNBN0RC
NEE2MjhGRjkwHhcNMjQxMjAxMDEwMzUyWhcNMjUwMzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzRiYjVmNy0yYTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2g7x8QLfKkQfMzuD0dsa4mJ6/3+0UMn5QWwKv3XDf8UwTcAv9EmrIvhv2XyG
cJ4whIn9UcSfMY9lRsFh7e0lneg7tUkof6oiJQogJQXhzVQSl/NU8fJLZoQHRTdg
NueahRY6fhNWdw64bq6YqHIz7ysJGRdv8FxhUbcYYPUQQ+n3zD2TJxjSN0SSi7Fc
IGUkeD8/WiI8hd/NEg2sqMaI0Ve/FCrlrF1ETyNRYfscrdDGvkL0nv9mr4O+d4cO
Tz+Q0M2LVLixVbIBAzEhsKMWFVFI64Gq7CB4d6fKSzTlI1JMXsWNeB0lYUlhcOYd
4c2qLXjsBFIlK8iUGpn9YI6vdwIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFCN6nSzT
7orqZBZTuv9f4aU1gES+MB8GA1UdIwQYMBaAFOGPnoV0Or7KwEYrj99Dp9tKYo/5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOUE4RC8zMkYxRjRDMjgz
RTkxMUVDQjg3M0M4NzFDNEY5QUUwMi80WS1laFhRNnZzckFSaXVQMzBPbjIwcGlq
X2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRZLWVoWFE2dnNyQVJpdVAzME9uMjBwaWpfay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzlBOEQvMzJGMUY0QzI4M0U5MTFFQ0I4NzNDODcxQzRGOUFFMDIvNUFEQzI1MzY4
M0VDMTFFQ0I3RUMzQjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnQ6UDBABnmAQwDwQCAAIwCQMHACABDfNKADANBgkqhkiG
9w0BAQsFAAOCAQEAnHePw6H5bTD6wbnoN1AveRidL3m9cpRQUEQ7WMBq/6XrujDb
tVEOhCR8BvO+RBIdIdRj5HIAPb+I4yoXzR3+Mle686DwlUb607t2/rm8ExL+dU72
Xt9cqzpHAsbx+Vquttrhl99PK/sca5pseMJ42yO/ZhxABBWbgqst/IhOBcMiQt6c
w0ErXqFwiTRqRU6aStYFuaBNqNxMMxPxJVbpaP6I1U+OSIQoO9oHot4If4p9rTj5
bbyDpbwOd05rvWI2I+3JJ+7YZVpMpGxKCIkBvTMSljUdzV3Uhg7qknMoohVM9C2m
dJxGQUltpYeXJyLNF9kL4n6o9hfsEne16JYuLg==
-----END CERTIFICATE-----
Generated at Sat Apr 26 07:34:25 2025 by rpki-client