Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/7BA53380915011EDB4C0C570C4F9AE02.roa
File: 7BA53380915011EDB4C0C570C4F9AE02.roa (raw, json)
Hash identifier: LhisCoF0wZyiSZ8H2I/mGwFfvve5rJDbuUYk+Nsw1rw=
Subject key identifier: 8D:D7:4F:B9:AD:1A:A9:58:E4:8F:F9:11:91:1C:24:6E:AE:0D:36:AD
Certificate issuer: /CN=A9152D08/serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Certificate serial: 0A92
Authority key identifier: 34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/7BA53380915011EDB4C0C570C4F9AE02.roa
Signing time: Wed 11 Jan 2023 03:57:07 +0000
ROA not before: Wed 11 Jan 2023 03:57:07 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 201133
IP address blocks: 101.99.94.0/24 maxlen: 24
101.99.95.0/24 maxlen: 24
103.155.92.0/24 maxlen: 24
111.90.156.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2706 (0xa92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152D08/serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Validity
Not Before: Jan 11 03:57:07 2023 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=63be3393-817f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:e5:13:7c:06:87:aa:41:36:72:3f:33:6a:65:
35:87:e9:dd:e4:b5:05:bc:fa:5b:5c:dd:cd:81:22:
5a:c3:42:ab:e7:46:83:55:17:9f:ff:e6:48:f7:00:
45:66:f2:f8:74:cb:23:6d:35:da:20:1b:8d:f0:cb:
55:34:5d:5b:90:e2:52:a8:b9:49:e1:cc:a9:4d:a9:
8e:0f:60:75:07:7e:4b:2b:e8:22:68:91:fc:76:76:
43:85:57:bb:18:89:03:6b:5e:13:b7:29:db:b6:7c:
f3:00:35:e1:90:30:b6:53:e9:a9:23:5e:a3:ed:3b:
15:e2:4c:13:5c:7d:59:2b:33:58:19:91:5c:da:a0:
19:c8:73:9d:f4:9c:63:12:61:d7:56:a5:fc:48:c1:
c9:c5:10:92:82:ef:85:27:2a:a4:1d:42:03:ab:5c:
2b:5c:a0:04:f5:83:80:e3:ba:66:d0:9f:bf:52:0f:
94:ac:1e:27:94:cf:50:1c:4e:03:89:24:06:1b:4d:
d6:a9:b0:7a:25:e2:49:87:68:e2:9a:f2:4e:08:66:
de:0f:c4:76:ff:56:c2:19:eb:0a:30:05:fe:56:bd:
f2:0c:f0:2b:6b:da:b1:f3:b8:b9:68:1c:43:cb:70:
25:61:b1:1c:65:8f:5c:f2:28:e7:00:21:6a:4a:ff:
b0:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:D7:4F:B9:AD:1A:A9:58:E4:8F:F9:11:91:1C:24:6E:AE:0D:36:AD
X509v3 Authority Key Identifier:
keyid:34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/7BA53380915011EDB4C0C570C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.99.94.0/23
103.155.92.0/24
111.90.156.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:00:53:55:47:54:d6:4b:60:ad:72:68:e3:82:8e:27:d8:78:
3f:f7:78:3f:35:d3:fe:33:e1:99:ea:48:35:31:42:9b:58:6f:
a4:5c:61:50:32:48:fe:28:af:17:1b:70:b3:f9:07:ba:57:7c:
e9:80:1d:81:e6:42:bd:21:f0:a8:14:21:00:76:0a:f7:94:85:
11:62:0c:b1:54:38:7e:2c:1d:73:ec:d1:9e:10:01:5d:d7:03:
f6:ef:1e:2a:9d:d5:25:56:6c:85:a3:0c:28:1a:38:21:3a:1f:
23:bc:fd:a8:c0:91:b7:43:59:97:7f:fd:7e:af:a0:ce:45:c2:
42:1b:87:e5:d2:0c:b9:41:9f:21:b6:86:77:2f:cf:d4:cd:72:
4a:da:49:26:93:7f:50:67:af:80:ea:80:e6:69:46:db:0f:23:
d0:02:16:ec:d5:e0:38:e5:f8:de:3a:e8:02:4e:0a:72:02:24:
a7:cf:91:af:ef:76:c8:8a:50:38:b9:16:56:76:ce:6e:e8:a2:
4f:63:3f:11:5e:9a:e4:64:73:fb:af:b6:d0:31:fb:80:b5:37:
1e:fc:12:0d:28:af:85:fc:62:c7:e9:69:1b:dc:03:96:d6:e3:
63:65:65:6d:cb:e0:6f:93:7c:47:a8:e6:1a:0b:d2:c7:87:e5:
e2:c8:6e:62
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICCpIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJEMDgxMTAvBgNVBAUTKDM0REMyMDEyOUVBRDZGNDFBN0NBMkQ5OUM5QkQzRTdF
NjAzM0NCODgwHhcNMjMwMTExMDM1NzA3WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02M2JlMzM5My04MTdmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwOUTfAaHqkE2cj8zamU1h+nd5LUFvPpbXN3NgSJaw0Kr50aDVRef/+ZI9wBF
ZvL4dMsjbTXaIBuN8MtVNF1bkOJSqLlJ4cypTamOD2B1B35LK+giaJH8dnZDhVe7
GIkDa14TtynbtnzzADXhkDC2U+mpI16j7TsV4kwTXH1ZKzNYGZFc2qAZyHOd9Jxj
EmHXVqX8SMHJxRCSgu+FJyqkHUIDq1wrXKAE9YOA47pm0J+/Ug+UrB4nlM9QHE4D
iSQGG03WqbB6JeJJh2jimvJOCGbeD8R2/1bCGesKMAX+Vr3yDPAra9qx87i5aBxD
y3AlYbEcZY9c8ijnACFqSv+wHwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFI3XT7mt
GqlY5I/5EZEcJG6uDTatMB8GA1UdIwQYMBaAFDTcIBKerW9Bp8otmcm9Pn5gM8uI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkQwOC9GOUMzMzM5MjFE
ODcxMUVBQTlDNUIxNzBDNEY5QUUwMi9OTndnRXA2dGIwR255aTJaeWIwLWZtQXp5
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05Od2dFcDZ0YjBHbnlpMlp5YjAtZm1Benk0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJEMDgvRjlDMzMzOTIxRDg3MTFFQUE5QzVCMTcwQzRGOUFFMDIvN0JBNTMzODA5
MTUwMTFFREI0QzBDNTcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAFlY14DBABnm1wDBABvWpwwDQYJKoZIhvcNAQELBQADggEB
AD4AU1VHVNZLYK1yaOOCjifYeD/3eD810/4z4ZnqSDUxQptYb6RcYVAySP4orxcb
cLP5B7pXfOmAHYHmQr0h8KgUIQB2CveUhRFiDLFUOH4sHXPs0Z4QAV3XA/bvHiqd
1SVWbIWjDCgaOCE6HyO8/ajAkbdDWZd//X6voM5FwkIbh+XSDLlBnyG2hncvz9TN
ckraSSaTf1Bnr4DqgOZpRtsPI9ACFuzV4Djl+N466AJOCnICJKfPka/vdsiKUDi5
FlZ2zm7ook9jPxFemuRkc/uvttAx+4C1Nx78Eg0or4X8YsfpaRvcA5bW42NlZW3L
4G+TfEeo5hoL0seH5eLIbmI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:05 2024 by rpki-client on console-ams.rpki-client.org