Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/30068D301D8A11EA8ECDAA75C4F9AE02.roa
File: 30068D301D8A11EA8ECDAA75C4F9AE02.roa (raw, json)
Hash identifier: dCID94OHPNrmQ2OU28/YHUtC8QgeqLQDTH1JmOwkgGA=
Subject key identifier: 9D:66:09:FC:0C:2B:C6:52:ED:AF:5A:90:30:9B:1F:5F:4A:60:CD:29
Certificate issuer: /CN=A9152D08/serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Certificate serial: 08CF
Authority key identifier: 34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/30068D301D8A11EA8ECDAA75C4F9AE02.roa
Signing time: Wed 30 Mar 2022 21:07:12 +0000
ROA not before: Wed 30 Mar 2022 21:07:12 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 201133
IP address blocks: 101.99.94.0/24 maxlen: 24
101.99.95.0/24 maxlen: 24
103.155.92.0/24 maxlen: 24
111.90.156.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2255 (0x8cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152D08/serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Validity
Not Before: Mar 30 21:07:12 2022 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=6244c67f-dbdd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:92:f1:0e:b0:8f:82:1b:8d:a8:d9:6c:23:80:
77:6e:b6:a9:19:a9:cf:f8:ce:df:04:fc:73:75:7b:
05:5e:92:16:9a:0c:0d:27:93:36:96:d7:0c:27:65:
5a:b7:1a:d3:59:a1:fc:26:40:e3:0c:99:98:0a:82:
05:d5:c2:66:f6:af:fc:dc:4e:0f:07:b5:57:cb:fa:
58:e7:31:16:c6:f9:4b:87:df:e0:24:a8:6b:08:3a:
cb:8f:89:56:31:3a:c3:40:cf:3d:0a:4b:08:9c:ee:
89:11:3a:14:bc:d9:b6:83:30:a9:ae:b6:a8:44:3c:
1f:fe:1c:78:f7:a9:ae:0f:c3:37:6d:2a:6b:c2:e0:
c8:9c:f6:56:8c:99:49:80:2a:e8:71:5c:df:77:d3:
32:7e:95:5b:27:d0:0d:87:80:b0:f9:65:36:f5:25:
be:76:6c:11:c8:34:b3:ac:a6:30:37:db:39:d8:14:
95:e5:fb:19:18:d3:b4:3d:20:3e:74:cd:21:4a:c0:
95:25:01:07:3c:e3:38:c2:f7:02:b5:3b:50:39:2c:
7e:c5:23:27:54:e7:fd:ef:7b:22:44:55:19:22:5e:
74:56:55:3d:5c:f7:69:df:a2:25:ca:c1:22:1e:90:
44:16:83:2a:7d:3c:bb:82:a5:ee:4b:cd:10:2c:82:
8c:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:66:09:FC:0C:2B:C6:52:ED:AF:5A:90:30:9B:1F:5F:4A:60:CD:29
X509v3 Authority Key Identifier:
keyid:34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/30068D301D8A11EA8ECDAA75C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.99.94.0/23
103.155.92.0/24
111.90.156.0/24
Signature Algorithm: sha256WithRSAEncryption
33:48:b0:12:52:e6:7c:f4:30:44:cd:7e:8f:13:6f:50:52:97:
9d:3c:d9:22:54:16:ae:ba:fa:90:bf:f8:57:46:ea:15:12:4a:
93:0e:c7:42:d2:0a:2e:dc:71:de:94:d6:22:c8:0d:f2:0f:69:
73:07:1d:e3:70:c4:16:7c:b7:38:78:e2:e9:80:97:c4:e9:8e:
ec:33:6e:35:b2:bc:c4:5d:bd:24:a9:bd:b4:16:6a:8f:e3:2a:
6b:7f:a8:98:49:07:0c:03:25:2d:76:c5:b6:49:c8:a3:c5:11:
df:9e:26:90:f6:17:b2:18:16:ff:23:9d:c4:7b:66:8a:0a:e5:
78:60:a0:f9:db:9e:c2:fd:81:55:02:e9:e2:ea:1d:78:91:93:
17:f1:2a:3c:2b:a7:36:42:e1:83:78:b6:a9:b3:54:6a:ea:03:
8b:c0:ab:b1:70:17:0b:b0:4d:27:b4:b1:c5:35:b0:d5:4e:09:
c9:ba:3a:7d:a3:3a:07:a5:ac:e9:20:c0:dd:70:32:85:44:8d:
15:67:ea:f0:1e:34:d6:ba:b3:84:aa:8b:79:bb:15:f1:b1:55:
65:9b:a4:0e:93:4b:53:e6:6e:aa:8f:e5:9c:87:c7:fa:23:aa:
44:e7:9d:f0:03:f3:53:7b:37:3d:db:c0:34:ec:d3:ae:d7:ca:
f9:f6:2a:9d
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICCM8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJEMDgxMTAvBgNVBAUTKDM0REMyMDEyOUVBRDZGNDFBN0NBMkQ5OUM5QkQzRTdF
NjAzM0NCODgwHhcNMjIwMzMwMjEwNzEyWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQ0YzY3Zi1kYmRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsJLxDrCPghuNqNlsI4B3brapGanP+M7fBPxzdXsFXpIWmgwNJ5M2ltcMJ2Va
txrTWaH8JkDjDJmYCoIF1cJm9q/83E4PB7VXy/pY5zEWxvlLh9/gJKhrCDrLj4lW
MTrDQM89CksInO6JEToUvNm2gzCprraoRDwf/hx496muD8M3bSprwuDInPZWjJlJ
gCrocVzfd9MyfpVbJ9ANh4Cw+WU29SW+dmwRyDSzrKYwN9s52BSV5fsZGNO0PSA+
dM0hSsCVJQEHPOM4wvcCtTtQOSx+xSMnVOf973siRFUZIl50VlU9XPdp36IlysEi
HpBEFoMqfTy7gqXuS80QLIKMvwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFJ1mCfwM
K8ZS7a9akDCbH19KYM0pMB8GA1UdIwQYMBaAFDTcIBKerW9Bp8otmcm9Pn5gM8uI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkQwOC9GOUMzMzM5MjFE
ODcxMUVBQTlDNUIxNzBDNEY5QUUwMi9OTndnRXA2dGIwR255aTJaeWIwLWZtQXp5
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05Od2dFcDZ0YjBHbnlpMlp5YjAtZm1Benk0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJEMDgvRjlDMzMzOTIxRDg3MTFFQUE5QzVCMTcwQzRGOUFFMDIvMzAwNjhEMzAx
RDhBMTFFQThFQ0RBQTc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAFlY14DBABnm1wDBABvWpwwDQYJKoZIhvcNAQELBQADggEB
ADNIsBJS5nz0METNfo8Tb1BSl5082SJUFq66+pC/+FdG6hUSSpMOx0LSCi7ccd6U
1iLIDfIPaXMHHeNwxBZ8tzh44umAl8TpjuwzbjWyvMRdvSSpvbQWao/jKmt/qJhJ
BwwDJS12xbZJyKPFEd+eJpD2F7IYFv8jncR7ZooK5XhgoPnbnsL9gVUC6eLqHXiR
kxfxKjwrpzZC4YN4tqmzVGrqA4vAq7FwFwuwTSe0scU1sNVOCcm6On2jOgelrOkg
wN1wMoVEjRVn6vAeNNa6s4Sqi3m7FfGxVWWbpA6TS1PmbqqP5ZyHx/ojqkTnnfAD
81N7Nz3bwDTs067Xyvn2Kp0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:05 2024 by rpki-client on console-ams.rpki-client.org