Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/8B57A5763FCD11ED8BFD083FC4F9AE02.roa
File: 8B57A5763FCD11ED8BFD083FC4F9AE02.roa (raw, json)
Hash identifier: 65FHbIhz8N+O/7n/rhB0bIR2PZcRKSQMd76PRl4+Eos=
Subject key identifier: 5F:0F:72:F8:31:DE:74:78:C2:9B:9B:7D:26:80:BB:CF:15:B3:13:91
Certificate issuer: /CN=A9128C7F/serialNumber=8976B5FB48F2E4111D78D5A3CD5A2FCA1961397A
Certificate serial: 04
Authority key identifier: 89:76:B5:FB:48:F2:E4:11:1D:78:D5:A3:CD:5A:2F:CA:19:61:39:7A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iXa1-0jy5BEdeNWjzVovyhlhOXo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/8B57A5763FCD11ED8BFD083FC4F9AE02.roa
Signing time: Thu 29 Sep 2022 08:05:56 +0000
ROA not before: Thu 29 Sep 2022 08:05:56 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 141731
IP address blocks: 103.14.168.0/23 maxlen: 23
103.14.168.0/24 maxlen: 24
103.14.169.0/24 maxlen: 24
2001:df1:55c0::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9128C7F/serialNumber=8976B5FB48F2E4111D78D5A3CD5A2FCA1961397A
Validity
Not Before: Sep 29 08:05:56 2022 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=633551e4-6b25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:03:99:f0:66:2f:90:e5:7b:2d:3b:15:ae:05:
20:b8:f2:d6:45:e5:38:ec:ed:56:2e:00:c8:93:3f:
03:08:d4:14:ec:be:78:d3:7f:b6:4c:7b:82:5b:51:
bd:e5:96:92:25:b6:3c:91:f9:94:f6:f2:b6:13:81:
a7:4d:93:38:a1:3e:9b:6d:c2:45:07:3a:5b:44:a0:
d5:63:a8:53:78:87:89:7f:68:c2:b2:89:cb:95:05:
a2:23:cd:9c:33:b4:4f:fb:a2:0d:ae:35:b7:48:7c:
2f:95:87:40:be:c9:17:c5:3f:3b:dd:18:4b:f6:c7:
91:04:f1:ed:9f:5e:5f:bc:83:fe:c1:46:04:e5:c4:
76:71:e6:70:d2:f7:1a:6c:cf:d3:57:26:4c:e2:a5:
c1:36:d7:55:77:83:ec:44:96:24:46:88:6a:92:af:
00:ac:d7:4e:dd:0b:d1:91:d2:32:4c:65:d4:3f:a3:
81:cb:4b:1f:63:cf:18:a9:49:19:a1:91:87:d2:a2:
58:89:43:1d:11:b2:ac:44:d9:71:d2:97:2f:e1:24:
c7:c5:1d:1f:ec:b0:c7:28:9d:9e:ae:e1:67:19:37:
b9:a7:d0:1d:2a:aa:69:43:1d:05:d5:67:18:92:80:
f7:db:18:d5:52:45:e7:c2:97:24:bc:8a:c4:82:39:
7c:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:0F:72:F8:31:DE:74:78:C2:9B:9B:7D:26:80:BB:CF:15:B3:13:91
X509v3 Authority Key Identifier:
keyid:89:76:B5:FB:48:F2:E4:11:1D:78:D5:A3:CD:5A:2F:CA:19:61:39:7A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/iXa1-0jy5BEdeNWjzVovyhlhOXo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iXa1-0jy5BEdeNWjzVovyhlhOXo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/8B57A5763FCD11ED8BFD083FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.14.168.0/23
IPv6:
2001:df1:55c0::/48
Signature Algorithm: sha256WithRSAEncryption
03:be:21:74:ea:43:ae:65:f7:8c:46:2b:60:38:5b:4b:2b:7b:
bc:2f:30:dd:a5:d7:05:08:0d:1d:3e:b8:c1:ad:1f:6f:11:c7:
7e:a9:c0:00:14:57:51:80:2b:ad:7c:49:62:05:bd:ab:2d:9e:
5b:40:97:fc:92:49:ee:7f:8e:6b:46:4d:31:8f:c4:85:22:07:
b2:30:b6:15:a8:64:ef:63:7a:01:fb:56:67:31:68:58:49:c0:
bf:53:5e:1d:c7:d6:2e:e4:92:39:91:1f:46:3d:06:02:f8:e3:
bd:7f:ff:fc:13:b6:4a:b8:6f:fb:af:1f:b6:86:43:30:9e:c8:
2f:56:bc:d4:06:20:f1:17:df:66:1d:7d:9e:15:42:54:42:4d:
b7:59:31:cd:63:80:e7:e8:f9:28:7b:5f:f9:43:18:13:60:5e:
29:46:9e:3b:40:41:2e:e8:38:3a:14:fa:92:aa:0f:e2:4f:40:
1e:de:f2:95:10:a9:79:e9:c0:e6:61:29:02:b3:e5:be:87:da:
1c:52:91:42:5c:31:e4:f4:c3:d0:70:d9:32:2f:63:f7:02:fd:
69:88:ba:bc:8e:b2:e3:58:cd:cd:44:d1:f0:3f:0a:8b:35:9f:
c1:4f:8c:56:50:4f:df:03:15:c4:4b:b5:55:dd:26:d7:ce:a2:
be:cc:94:c7
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
OEM3RjExMC8GA1UEBRMoODk3NkI1RkI0OEYyRTQxMTFENzhENUEzQ0Q1QTJGQ0Ex
OTYxMzk3QTAeFw0yMjA5MjkwODA1NTZaFw0yMzEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzMzU1MWU0LTZiMjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCZA5nwZi+Q5XstOxWuBSC48tZF5Tjs7VYuAMiTPwMI1BTsvnjTf7ZMe4JbUb3l
lpIltjyR+ZT28rYTgadNkzihPpttwkUHOltEoNVjqFN4h4l/aMKyicuVBaIjzZwz
tE/7og2uNbdIfC+Vh0C+yRfFPzvdGEv2x5EE8e2fXl+8g/7BRgTlxHZx5nDS9xps
z9NXJkzipcE211V3g+xEliRGiGqSrwCs107dC9GR0jJMZdQ/o4HLSx9jzxipSRmh
kYfSoliJQx0RsqxE2XHSly/hJMfFHR/ssMconZ6u4WcZN7mn0B0qqmlDHQXVZxiS
gPfbGNVSRefClyS8isSCOXxNAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUXw9y+DHe
dHjCm5t9JoC7zxWzE5EwHwYDVR0jBBgwFoAUiXa1+0jy5BEdeNWjzVovyhlhOXow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTI4QzdGLzNCN0JEQUJFM0ZD
NzExRURBQzlCMjIxREM0RjlBRTAyL2lYYTEtMGp5NUJFZGVOV2p6Vm92eWhsaE9Y
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaVhhMS0wank1QkVkZU5XanpWb3Z5aGxoT1hvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
OEM3Ri8zQjdCREFCRTNGQzcxMUVEQUM5QjIyMURDNEY5QUUwMi84QjU3QTU3NjNG
Q0QxMUVEOEJGRDA4M0ZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWcOqDAPBAIAAjAJAwcAIAEN8VXAMA0GCSqGSIb3DQEBCwUA
A4IBAQADviF06kOuZfeMRitgOFtLK3u8LzDdpdcFCA0dPrjBrR9vEcd+qcAAFFdR
gCutfEliBb2rLZ5bQJf8kknuf45rRk0xj8SFIgeyMLYVqGTvY3oB+1ZnMWhYScC/
U14dx9Yu5JI5kR9GPQYC+OO9f//8E7ZKuG/7rx+2hkMwnsgvVrzUBiDxF99mHX2e
FUJUQk23WTHNY4Dn6Pkoe1/5QxgTYF4pRp47QEEu6Dg6FPqSqg/iT0Ae3vKVEKl5
6cDmYSkCs+W+h9ocUpFCXDHk9MPQcNkyL2P3Av1piLq8jrLjWM3NRNHwPwqLNZ/B
T4xWUE/fAxXES7VV3SbXzqK+zJTH
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:49 2024 by rpki-client on console-ams.rpki-client.org