Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/CA435B425FCA11ECB8BF1642C4F9AE02.roa
File: CA435B425FCA11ECB8BF1642C4F9AE02.roa (raw, json)
Hash identifier: lJrKikKtdXLx8kf/Be8yud1E3DoBH2baJKqg7a5k+DQ=
Subject key identifier: FA:37:24:6F:11:4F:9C:9D:E2:EA:12:FB:43:BA:B6:6A:2B:FF:8D:5D
Certificate issuer: /CN=A919C19A/serialNumber=D89CFF6D7D9551AE704D93E97553616C8DB13F5E
Certificate serial: 46
Authority key identifier: D8:9C:FF:6D:7D:95:51:AE:70:4D:93:E9:75:53:61:6C:8D:B1:3F:5E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Jz_bX2VUa5wTZPpdVNhbI2xP14.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/CA435B425FCA11ECB8BF1642C4F9AE02.roa
Signing time: Thu 30 Dec 2021 16:02:33 +0000
ROA not before: Thu 30 Dec 2021 16:02:33 +0000
ROA not after: Thu 02 Mar 2023 00:00:00 +0000
asID: 141439
IP address blocks: 103.159.126.0/23 maxlen: 23
103.159.126.0/24 maxlen: 24
103.159.127.0/24 maxlen: 24
2001:df5:7f80::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 70 (0x46)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919C19A/serialNumber=D89CFF6D7D9551AE704D93E97553616C8DB13F5E
Validity
Not Before: Dec 30 16:02:33 2021 GMT
Not After : Mar 2 00:00:00 2023 GMT
Subject: CN=61cdd819-d503
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8a:70:70:76:a2:47:00:ba:ed:27:31:63:9d:
86:1a:5a:f2:13:e7:9e:ad:29:61:c0:13:da:08:0a:
c8:20:5a:72:a5:43:3d:1b:3a:57:c5:63:6f:cf:f7:
cf:49:ea:eb:1c:12:49:3b:de:9a:e2:c8:33:27:95:
d5:d9:7c:8a:3c:df:57:b3:8e:93:5d:ea:37:3a:31:
c6:8b:5a:66:de:f2:43:15:b7:e7:22:69:04:3e:a7:
c5:d4:66:97:49:34:33:25:52:99:b3:8f:7f:8f:5d:
45:02:22:5d:fc:df:73:0d:fd:28:aa:e5:4e:fa:28:
c0:ed:54:d8:60:b5:79:45:ae:db:be:42:35:e8:ff:
5c:4f:de:f7:4f:1d:85:ee:88:09:60:f6:cf:74:5e:
2a:ff:f4:3d:f5:e7:f9:dd:eb:80:96:ae:a1:9c:0b:
e7:a9:30:b6:64:08:ed:9d:9d:56:dd:2e:e3:a3:85:
1f:28:46:b7:ad:78:51:ee:ee:ba:c3:37:7a:35:aa:
a2:81:bf:cd:e1:27:fe:df:8c:08:83:4d:70:cb:a6:
71:03:c1:74:4b:1c:6d:40:01:4d:fe:88:73:ca:53:
64:d4:0e:3f:d4:be:f5:d5:8b:36:8f:63:b4:79:86:
86:7f:24:f6:85:48:78:55:24:46:a2:51:9c:a7:45:
53:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:37:24:6F:11:4F:9C:9D:E2:EA:12:FB:43:BA:B6:6A:2B:FF:8D:5D
X509v3 Authority Key Identifier:
keyid:D8:9C:FF:6D:7D:95:51:AE:70:4D:93:E9:75:53:61:6C:8D:B1:3F:5E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/2Jz_bX2VUa5wTZPpdVNhbI2xP14.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Jz_bX2VUa5wTZPpdVNhbI2xP14.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/CA435B425FCA11ECB8BF1642C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.159.126.0/23
IPv6:
2001:df5:7f80::/48
Signature Algorithm: sha256WithRSAEncryption
32:a5:48:10:16:18:4a:07:f8:35:49:13:85:cc:24:59:be:2c:
63:30:87:0b:88:a4:21:d6:9b:e9:ae:2e:cd:97:77:55:61:ff:
67:44:30:3f:e8:4e:18:a4:3a:c0:f9:41:05:5c:62:f3:69:5c:
59:e7:81:58:a5:8b:c9:40:9f:fe:84:38:cd:23:dc:e8:cd:f4:
d8:8f:e9:6e:cb:0d:67:09:84:e8:11:38:95:04:67:a8:4f:ea:
fd:52:fa:34:fe:6a:29:91:c7:a6:d3:73:e5:34:74:e6:73:d2:
23:e1:cf:1d:5a:d4:1b:8a:70:95:4c:b9:82:09:d0:4e:88:7a:
3d:88:4f:79:78:00:01:59:13:c2:9f:b3:86:81:fd:ba:00:2d:
70:a5:21:d6:db:7b:65:17:16:cb:70:5a:87:83:59:95:85:f7:
d1:f5:9b:05:29:bd:0b:64:63:52:43:dc:c3:67:a2:5a:a9:cc:
f4:4c:37:48:5d:21:ea:ea:6f:b0:e0:7a:1b:fa:b8:68:8e:c3:
2d:01:87:c9:4a:7c:f2:06:86:95:69:fd:76:02:a3:f0:fc:70:
50:1e:6c:7d:5f:52:8a:d3:9c:da:fb:a2:71:d3:dc:99:5d:9b:
f4:cd:0b:49:c7:dc:69:6b:15:a3:ce:a7:15:1b:4a:bf:9b:74:
53:16:f4:2f
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBRjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
QzE5QTExMC8GA1UEBRMoRDg5Q0ZGNkQ3RDk1NTFBRTcwNEQ5M0U5NzU1MzYxNkM4
REIxM0Y1RTAeFw0yMTEyMzAxNjAyMzNaFw0yMzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTYxY2RkODE5LWQ1MDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCpinBwdqJHALrtJzFjnYYaWvIT556tKWHAE9oICsggWnKlQz0bOlfFY2/P989J
6uscEkk73priyDMnldXZfIo831ezjpNd6jc6McaLWmbe8kMVt+ciaQQ+p8XUZpdJ
NDMlUpmzj3+PXUUCIl3833MN/Siq5U76KMDtVNhgtXlFrtu+QjXo/1xP3vdPHYXu
iAlg9s90Xir/9D315/nd64CWrqGcC+epMLZkCO2dnVbdLuOjhR8oRreteFHu7rrD
N3o1qqKBv83hJ/7fjAiDTXDLpnEDwXRLHG1AAU3+iHPKU2TUDj/UvvXVizaPY7R5
hoZ/JPaFSHhVJEaiUZynRVNRAgMBAAGjggKmMIICojAdBgNVHQ4EFgQU+jckbxFP
nJ3i6hL7Q7q2aiv/jV0wHwYDVR0jBBgwFoAU2Jz/bX2VUa5wTZPpdVNhbI2xP14w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlDMTlBLzI0QUIyQzNFNEY4
RDExRUM4MTU3MTI1RkM0RjlBRTAyLzJKel9iWDJWVWE1d1RaUHBkVk5oYkkyeFAx
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMkp6X2JYMlZVYTV3VFpQcGRWTmhiSTJ4UDE0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
QzE5QS8yNEFCMkMzRTRGOEQxMUVDODE1NzEyNUZDNEY5QUUwMi9DQTQzNUI0MjVG
Q0ExMUVDQjhCRjE2NDJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWeffjAPBAIAAjAJAwcAIAEN9X+AMA0GCSqGSIb3DQEBCwUA
A4IBAQAypUgQFhhKB/g1SROFzCRZvixjMIcLiKQh1pvpri7Nl3dVYf9nRDA/6E4Y
pDrA+UEFXGLzaVxZ54FYpYvJQJ/+hDjNI9zozfTYj+luyw1nCYToETiVBGeoT+r9
Uvo0/mopkcem03PlNHTmc9Ij4c8dWtQbinCVTLmCCdBOiHo9iE95eAABWRPCn7OG
gf26AC1wpSHW23tlFxbLcFqHg1mVhffR9ZsFKb0LZGNSQ9zDZ6Jaqcz0TDdIXSHq
6m+w4Hob+rhojsMtAYfJSnzyBoaVaf12AqPw/HBQHmx9X1KK05za+6Jx09yZXZv0
zQtJx9xpaxWjzqcVG0q/m3RTFvQv
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:49 2024 by rpki-client on console-ams.rpki-client.org