Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F3C87/E782854EEF0B11ED81DD2D72C4F9AE02/B326CA5AB13111EFBACF333EC4F9AE02.roa
File: B326CA5AB13111EFBACF333EC4F9AE02.roa (raw, json)
Hash identifier: H8zdkrGthHk8NmbQYFUavu8h3cVzhyPvPMPf4V004AY=
Subject key identifier: 68:5C:27:D0:91:C9:5E:59:3D:9C:CA:3D:03:53:14:33:83:6D:82:63
Certificate issuer: /CN=A91F3C87/serialNumber=EF9FE381DA3D42EB7C4E0D049CCAE7228E28FB4B
Certificate serial: 0149
Authority key identifier: EF:9F:E3:81:DA:3D:42:EB:7C:4E:0D:04:9C:CA:E7:22:8E:28:FB:4B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/75_jgdo9Qut8Tg0EnMrnIo4o-0s.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F3C87/E782854EEF0B11ED81DD2D72C4F9AE02/B326CA5AB13111EFBACF333EC4F9AE02.roa
Signing time: Sat 07 Dec 2024 12:48:50 +0000
ROA not before: Sat 07 Dec 2024 12:48:50 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 20473
IP address blocks: 43.224.150.0/24 maxlen: 24
103.43.173.0/24 maxlen: 24
103.43.174.0/24 maxlen: 24
103.43.175.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 329 (0x149)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F3C87, serialNumber=EF9FE381DA3D42EB7C4E0D049CCAE7228E28FB4B
Validity
Not Before: Dec 7 12:48:50 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=67544432-abe1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:9e:57:4a:10:32:5f:e5:f7:2b:7b:43:91:88:
f6:14:65:fe:bb:06:5e:30:b9:12:0f:d6:e2:52:fc:
a1:50:c4:36:74:1e:fe:27:57:ef:95:78:f5:7a:96:
bb:bf:01:b2:30:0b:2e:96:1f:2a:59:a3:6e:8d:c1:
8f:91:1c:db:76:46:60:c0:f5:ae:35:0d:41:0f:e1:
86:f1:48:f6:42:ef:89:47:91:a9:8f:38:8a:2d:c5:
a1:55:67:9a:cf:d9:c6:57:01:10:fe:8b:b3:51:d6:
03:51:49:60:71:7c:b3:00:4a:27:1f:c7:ee:b6:75:
ec:a1:34:c0:05:d1:2b:97:8f:16:e9:75:bf:d6:56:
de:3c:70:58:2f:45:11:93:52:02:4d:d9:52:41:36:
4d:ca:b7:d2:2c:10:93:cb:b4:e2:8f:a6:87:ed:fe:
b0:bc:f9:eb:99:5b:f6:db:e6:3e:a5:43:70:d1:28:
45:a5:10:18:23:c3:94:2e:58:c1:ec:06:b9:64:df:
b4:fa:69:0e:fb:bd:9b:df:da:6a:fe:80:fc:a9:3f:
e4:9a:9c:5d:79:f2:54:68:a4:2f:13:86:b3:01:6e:
b7:bb:47:53:3a:25:35:ed:0c:72:d3:5d:60:af:6f:
dd:1e:61:11:68:bb:8b:35:ae:95:73:42:82:6b:e0:
40:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:5C:27:D0:91:C9:5E:59:3D:9C:CA:3D:03:53:14:33:83:6D:82:63
X509v3 Authority Key Identifier:
keyid:EF:9F:E3:81:DA:3D:42:EB:7C:4E:0D:04:9C:CA:E7:22:8E:28:FB:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F3C87/E782854EEF0B11ED81DD2D72C4F9AE02/75_jgdo9Qut8Tg0EnMrnIo4o-0s.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/75_jgdo9Qut8Tg0EnMrnIo4o-0s.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F3C87/E782854EEF0B11ED81DD2D72C4F9AE02/B326CA5AB13111EFBACF333EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.150.0/24
103.43.173.0-103.43.175.255
Signature Algorithm: sha256WithRSAEncryption
00:3c:b8:13:8e:09:5a:70:db:ac:54:9f:8a:7b:81:b1:2a:30:
44:ad:f8:09:1e:7e:39:a0:35:8f:8b:8a:63:71:78:33:73:da:
1f:1c:30:08:6f:13:b7:cd:f9:28:19:e2:c4:3c:15:8c:b8:21:
be:c5:4c:c3:03:ec:1e:fd:c5:c6:44:0c:e2:d9:ae:27:6c:7d:
d3:92:2f:56:57:3d:76:fb:74:91:86:9f:b6:eb:3f:a4:29:99:
7d:96:a9:7e:32:f6:94:30:1c:24:a1:48:13:0b:10:77:b7:3d:
dc:d8:af:0c:31:b2:51:2f:5f:48:fe:4e:68:a8:68:54:d6:dd:
64:73:c9:85:2c:fc:82:80:78:18:4f:f5:99:11:ea:83:f2:83:
70:5e:5b:08:d0:6e:72:31:ba:45:04:3b:64:f0:75:c8:d8:d9:
4e:85:b7:9c:04:1b:e3:d8:28:64:ab:c3:d9:3c:82:4a:c1:ba:
26:b2:8c:05:78:73:35:6c:c2:fe:c1:d5:4e:b7:49:3d:80:0d:
07:33:bc:b0:4c:1f:67:b8:48:fc:ee:b0:fd:7e:26:ff:53:80:
cc:cc:cd:c9:95:ce:90:0b:54:1e:6a:7f:db:48:a7:82:78:57:
c6:c7:e6:ff:fc:ae:28:c3:c4:6e:61:78:4d:be:61:d3:02:05:
c7:8d:8c:15
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICAUkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjNDODcxMTAvBgNVBAUTKEVGOUZFMzgxREEzRDQyRUI3QzRFMEQwNDlDQ0FFNzIy
OEUyOEZCNEIwHhcNMjQxMjA3MTI0ODUwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU0NDQzMi1hYmUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxJ5XShAyX+X3K3tDkYj2FGX+uwZeMLkSD9biUvyhUMQ2dB7+J1fvlXj1epa7
vwGyMAsulh8qWaNujcGPkRzbdkZgwPWuNQ1BD+GG8Uj2Qu+JR5GpjziKLcWhVWea
z9nGVwEQ/ouzUdYDUUlgcXyzAEonH8futnXsoTTABdErl48W6XW/1lbePHBYL0UR
k1ICTdlSQTZNyrfSLBCTy7Tij6aH7f6wvPnrmVv22+Y+pUNw0ShFpRAYI8OULljB
7Aa5ZN+0+mkO+72b39pq/oD8qT/kmpxdefJUaKQvE4azAW63u0dTOiU17Qxy011g
r2/dHmERaLuLNa6Vc0KCa+BA/QIDAQABo4ICozCCAp8wHQYDVR0OBBYEFGhcJ9CR
yV5ZPZzKPQNTFDODbYJjMB8GA1UdIwQYMBaAFO+f44HaPULrfE4NBJzK5yKOKPtL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGM0M4Ny9FNzgyODU0RUVG
MEIxMUVEODFERDJENzJDNEY5QUUwMi83NV9qZ2RvOVF1dDhUZzBFbk1ybklvNG8t
MHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzc1X2pnZG85UXV0OFRnMEVuTXJuSW80by0wcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjNDODcvRTc4Mjg1NEVFRjBCMTFFRDgxREQyRDcyQzRGOUFFMDIvQjMyNkNBNUFC
MTMxMTFFRkJBQ0YzMzNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBAAr4JYwDAMEAGcrrQMEBGcroDANBgkqhkiG9w0BAQsFAAOC
AQEAADy4E44JWnDbrFSfinuBsSowRK34CR5+OaA1j4uKY3F4M3PaHxwwCG8Tt835
KBnixDwVjLghvsVMwwPsHv3FxkQM4tmuJ2x905IvVlc9dvt0kYaftus/pCmZfZap
fjL2lDAcJKFIEwsQd7c93NivDDGyUS9fSP5OaKhoVNbdZHPJhSz8goB4GE/1mRHq
g/KDcF5bCNBucjG6RQQ7ZPB1yNjZToW3nAQb49goZKvD2TyCSsG6JrKMBXhzNWzC
/sHVTrdJPYANBzO8sEwfZ7hI/O6w/X4m/1OAzMzNyZXOkAtUHmp/20ingnhXxsfm
//yuKMPEbmF4Tb5h0wIFx42MFQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:03:12 2025 by rpki-client