Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CC1E9/BBCD5D2CEFCC11EDB29BB06CC4F9AE02/2B5E3BBCEFD611ED8B67F517C4F9AE02.roa
File: 2B5E3BBCEFD611ED8B67F517C4F9AE02.roa (raw, json)
Hash identifier: GgZEl+8SnNKEiC2bfZZsd8RJfxcJkKgjSbftDig7sng=
Subject key identifier: 95:E4:30:F7:35:34:74:38:11:81:FC:AE:48:47:50:61:6B:E4:75:03
Certificate issuer: /CN=A91CC1E9/serialNumber=72D15743F59C83A5C195A5E6DB1EA4647634BEF7
Certificate serial: 02
Authority key identifier: 72:D1:57:43:F5:9C:83:A5:C1:95:A5:E6:DB:1E:A4:64:76:34:BE:F7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ctFXQ_Wcg6XBlaXm2x6kZHY0vvc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CC1E9/BBCD5D2CEFCC11EDB29BB06CC4F9AE02/2B5E3BBCEFD611ED8B67F517C4F9AE02.roa
Signing time: Thu 11 May 2023 08:31:05 +0000
ROA not before: Thu 11 May 2023 08:31:05 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 136993
IP address blocks: 103.206.188.0/22 maxlen: 23
137.59.100.0/22 maxlen: 23
2404:2480::/32 maxlen: 32
2404:2480:6500::/48 maxlen: 48
2404:2480:8100::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CC1E9/serialNumber=72D15743F59C83A5C195A5E6DB1EA4647634BEF7
Validity
Not Before: May 11 08:31:05 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=645ca7c9-cb38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:fb:4a:86:00:14:05:14:b9:ab:47:d9:db:81:
cb:77:81:06:63:3e:6f:59:b6:58:32:9b:ff:f6:8b:
1f:e4:47:3b:db:db:70:cb:57:1a:2f:df:d7:b5:53:
28:02:c9:d2:40:8c:9b:73:d0:3a:63:93:fb:df:bd:
bb:d2:c6:5f:f8:89:bf:88:7a:00:c3:10:9f:36:b1:
0a:ab:73:ef:c9:47:3e:33:bc:44:a3:16:70:4d:93:
a2:6a:ee:d6:d8:08:72:ef:8f:c3:9a:71:e6:46:ca:
00:d8:5f:14:27:36:13:c4:fa:36:cc:74:dc:82:84:
80:c0:6a:d9:0e:3e:d7:51:b0:0b:f2:48:e0:49:ee:
a8:ed:e9:ee:12:c8:b0:17:44:2a:a6:7a:90:bf:eb:
4b:ff:64:db:3f:e9:01:0c:68:85:6c:a3:c5:58:1a:
a0:c9:2b:d2:25:40:e5:b5:4e:7a:a3:27:7a:d1:5e:
a6:d7:7d:e4:dc:42:54:e3:47:fe:df:9e:eb:e5:fd:
c6:0a:24:05:e6:25:89:a4:41:24:a6:a4:04:e7:33:
69:60:9a:1f:af:86:ba:f3:94:4c:a6:68:16:cc:ad:
d0:4f:33:ad:e5:00:95:3d:6f:6f:11:7c:fe:fe:53:
41:9c:ea:5f:5d:2f:0b:ad:da:b5:6f:71:3e:a7:3b:
c5:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:E4:30:F7:35:34:74:38:11:81:FC:AE:48:47:50:61:6B:E4:75:03
X509v3 Authority Key Identifier:
keyid:72:D1:57:43:F5:9C:83:A5:C1:95:A5:E6:DB:1E:A4:64:76:34:BE:F7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CC1E9/BBCD5D2CEFCC11EDB29BB06CC4F9AE02/ctFXQ_Wcg6XBlaXm2x6kZHY0vvc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ctFXQ_Wcg6XBlaXm2x6kZHY0vvc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CC1E9/BBCD5D2CEFCC11EDB29BB06CC4F9AE02/2B5E3BBCEFD611ED8B67F517C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.206.188.0/22
137.59.100.0/22
IPv6:
2404:2480::/32
Signature Algorithm: sha256WithRSAEncryption
62:76:ea:5d:1a:ab:a9:2e:4d:b6:dd:bb:93:c7:63:f3:70:95:
54:8b:37:38:ca:c9:29:83:18:7e:45:0f:1c:92:6c:26:8a:1e:
4d:3e:41:41:3e:04:83:2c:9a:61:be:8c:35:45:74:ea:8b:da:
e0:ce:57:8f:fe:02:bf:5a:58:e3:be:5c:97:aa:66:6d:8d:f4:
75:4a:39:eb:5c:27:a5:0f:b5:b9:3c:ef:a6:15:6a:9b:48:c5:
18:a8:d0:e5:6b:88:b6:9a:12:3e:4d:93:d1:36:a9:d9:a5:47:
c6:9f:b4:3c:b6:29:38:bd:cf:c3:0c:a0:ba:4a:dc:ba:03:0c:
f7:e6:7d:61:da:8b:1b:33:77:92:2d:e8:68:05:55:8b:dc:4a:
a9:be:af:42:1e:64:70:10:cf:94:54:71:dc:44:1e:a3:2d:25:
ff:5b:c2:4e:48:47:ab:0a:29:ce:be:46:02:5b:96:5f:4a:45:
90:b4:89:66:39:0d:7c:88:a4:03:86:e0:21:81:a3:73:a5:75:
d0:a4:27:6e:2e:cf:4d:e9:b2:22:22:55:d6:9d:cb:bf:1e:3f:
18:d1:f2:41:aa:ee:3a:b0:98:56:1f:f5:13:8f:38:bf:8e:b8:
75:67:5e:8f:36:32:8d:1c:1a:a6:42:2b:e0:6b:dd:02:ba:90:
60:60:da:2c
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
QzFFOTExMC8GA1UEBRMoNzJEMTU3NDNGNTlDODNBNUMxOTVBNUU2REIxRUE0NjQ3
NjM0QkVGNzAeFw0yMzA1MTEwODMxMDVaFw0yNDA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NWNhN2M5LWNiMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCg+0qGABQFFLmrR9nbgct3gQZjPm9Ztlgym//2ix/kRzvb23DLVxov39e1UygC
ydJAjJtz0Dpjk/vfvbvSxl/4ib+IegDDEJ82sQqrc+/JRz4zvESjFnBNk6Jq7tbY
CHLvj8OaceZGygDYXxQnNhPE+jbMdNyChIDAatkOPtdRsAvySOBJ7qjt6e4SyLAX
RCqmepC/60v/ZNs/6QEMaIVso8VYGqDJK9IlQOW1TnqjJ3rRXqbXfeTcQlTjR/7f
nuvl/cYKJAXmJYmkQSSmpATnM2lgmh+vhrrzlEymaBbMrdBPM63lAJU9b28RfP7+
U0Gc6l9dLwut2rVvcT6nO8XVAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUleQw9zU0
dDgRgfyuSEdQYWvkdQMwHwYDVR0jBBgwFoAUctFXQ/Wcg6XBlaXm2x6kZHY0vvcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNDMUU5L0JCQ0Q1RDJDRUZD
QzExRURCMjlCQjA2Q0M0RjlBRTAyL2N0RlhRX1djZzZYQmxhWG0yeDZrWkhZMHZ2
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvY3RGWFFfV2NnNlhCbGFYbTJ4NmtaSFkwdnZjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
QzFFOS9CQkNENUQyQ0VGQ0MxMUVEQjI5QkIwNkNDNEY5QUUwMi8yQjVFM0JCQ0VG
RDYxMUVEOEI2N0Y1MTdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAmfOvAMEAok7ZDANBAIAAjAHAwUAJAQkgDANBgkqhkiG9w0B
AQsFAAOCAQEAYnbqXRqrqS5Ntt27k8dj83CVVIs3OMrJKYMYfkUPHJJsJooeTT5B
QT4EgyyaYb6MNUV06ova4M5Xj/4Cv1pY475cl6pmbY30dUo561wnpQ+1uTzvphVq
m0jFGKjQ5WuItpoSPk2T0Tap2aVHxp+0PLYpOL3PwwygukrcugMM9+Z9YdqLGzN3
ki3oaAVVi9xKqb6vQh5kcBDPlFRx3EQeoy0l/1vCTkhHqwopzr5GAluWX0pFkLSJ
ZjkNfIikA4bgIYGjc6V10KQnbi7PTemyIiJV1p3Lvx4/GNHyQaruOrCYVh/1E484
v464dWdejzYyjRwapkIr4GvdArqQYGDaLA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:27 2024 by rpki-client on console-ams.rpki-client.org