Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EBA1C/63B214A2C81511E581D20884C4F9AE02/15CD0FA689FD11EDA18A396FC4F9AE02.roa
File: 15CD0FA689FD11EDA18A396FC4F9AE02.roa (raw, json)
Hash identifier: /wbo3hLWa5Kc8cPGOsnI6/DTKWCt2PK7SMSh1XzXEpg=
Subject key identifier: 23:ED:20:92:63:33:9F:B6:AA:B1:A0:79:8A:AA:BE:55:BA:18:81:A0
Certificate issuer: /CN=A91EBA1C/serialNumber=51C2611B461DD511835A5141F8AEE502D3A39AEB
Certificate serial: 2048
Authority key identifier: 51:C2:61:1B:46:1D:D5:11:83:5A:51:41:F8:AE:E5:02:D3:A3:9A:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UcJhG0Yd1RGDWlFB-K7lAtOjmus.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EBA1C/63B214A2C81511E581D20884C4F9AE02/15CD0FA689FD11EDA18A396FC4F9AE02.roa
Signing time: Sun 01 Jan 2023 18:12:40 +0000
ROA not before: Sun 01 Jan 2023 18:12:40 +0000
ROA not after: Sun 30 Jul 2023 00:00:00 +0000
asID: 132352
IP address blocks: 59.153.200.0/22 maxlen: 24
103.57.20.0/22 maxlen: 24
2402:5380::/31 maxlen: 37
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8264 (0x2048)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EBA1C/serialNumber=51C2611B461DD511835A5141F8AEE502D3A39AEB
Validity
Not Before: Jan 1 18:12:40 2023 GMT
Not After : Jul 30 00:00:00 2023 GMT
Subject: CN=63b1cd17-ea18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:89:b2:26:d3:a7:66:8b:a5:84:50:4f:46:61:
82:3d:05:ec:4a:2b:e6:5b:5e:8c:a9:80:b7:7f:30:
ed:fb:43:2d:4f:56:d5:03:27:3f:1a:97:77:cb:24:
37:32:dd:10:64:5d:1a:fe:ca:fe:6a:9e:48:8f:87:
89:5d:60:a6:f6:5d:7c:ed:be:7d:93:48:94:10:30:
ae:0c:c1:94:32:81:d6:d7:ea:4e:44:7d:aa:43:b8:
95:88:9f:21:20:af:3d:17:99:17:ef:2e:4a:39:50:
64:c4:48:a8:75:18:01:09:dd:76:49:10:72:4f:d6:
19:0c:a2:67:8c:04:e0:23:38:fd:27:6b:9b:aa:2f:
f7:b7:39:e2:c5:fd:90:39:08:0f:e9:23:2c:5b:70:
17:d5:9d:48:d2:ab:76:83:24:97:fd:5b:86:6e:99:
ac:ed:4d:e6:f1:ac:90:d8:8a:66:94:d9:ca:f7:20:
09:29:55:78:c3:8f:6b:93:c8:4b:b2:21:1e:71:92:
43:ff:30:2f:b3:34:5b:31:7b:d4:36:e3:c3:43:5c:
89:d2:60:65:77:0b:b2:a3:4c:69:b0:ef:9e:dd:12:
75:d9:df:06:f1:11:6b:89:13:2d:75:58:04:37:ec:
e3:de:cf:f8:7f:3e:ff:9c:24:74:0f:18:55:01:4d:
ef:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:ED:20:92:63:33:9F:B6:AA:B1:A0:79:8A:AA:BE:55:BA:18:81:A0
X509v3 Authority Key Identifier:
keyid:51:C2:61:1B:46:1D:D5:11:83:5A:51:41:F8:AE:E5:02:D3:A3:9A:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EBA1C/63B214A2C81511E581D20884C4F9AE02/UcJhG0Yd1RGDWlFB-K7lAtOjmus.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UcJhG0Yd1RGDWlFB-K7lAtOjmus.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EBA1C/63B214A2C81511E581D20884C4F9AE02/15CD0FA689FD11EDA18A396FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.153.200.0/22
103.57.20.0/22
IPv6:
2402:5380::/31
Signature Algorithm: sha256WithRSAEncryption
62:93:93:64:a7:15:d9:48:d8:c4:87:e9:33:91:cf:15:ac:dc:
1f:f5:de:46:f4:6b:0e:f4:71:67:41:0a:dd:9f:f8:69:36:33:
0d:69:b6:40:b0:43:dc:69:de:62:64:da:47:d7:7d:d4:07:08:
7e:42:f3:80:fd:ac:ca:6a:aa:29:8a:42:90:9e:2c:8b:27:d7:
30:37:1e:a1:2b:d8:d3:13:3d:09:e5:e1:7d:91:16:55:b8:7f:
a6:3b:cb:5e:86:20:83:ff:04:92:c4:00:46:c3:45:e7:2e:93:
16:28:d5:8e:c4:2d:5e:bb:9a:01:d6:46:a5:29:fa:34:b9:0a:
9f:84:de:0f:d8:72:78:19:19:91:68:64:86:55:cd:84:e7:27:
1e:b5:b5:ee:3a:00:33:ac:33:8b:a2:6b:55:0a:7c:2d:73:26:
6c:16:7c:70:ef:35:89:f5:19:64:91:ad:db:a1:8c:2b:7b:63:
7b:f1:ee:7b:15:c4:7c:a0:82:24:5c:00:5d:cd:89:da:a5:73:
df:bd:d2:63:a6:15:2b:3f:57:bd:f4:cd:ec:77:b4:ee:91:8e:
53:25:e1:6e:60:63:e7:fe:9b:c3:98:b7:b2:f4:e7:f1:9e:7d:
c8:5f:e2:7b:b7:39:b0:cb:2e:bf:06:54:1f:35:f5:6c:e5:3f:
90:5a:60:08
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICIEgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUJBMUMxMTAvBgNVBAUTKDUxQzI2MTFCNDYxREQ1MTE4MzVBNTE0MUY4QUVFNTAy
RDNBMzlBRUIwHhcNMjMwMTAxMTgxMjQwWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2IxY2QxNy1lYTE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnImyJtOnZoulhFBPRmGCPQXsSivmW16MqYC3fzDt+0MtT1bVAyc/Gpd3yyQ3
Mt0QZF0a/sr+ap5Ij4eJXWCm9l187b59k0iUEDCuDMGUMoHW1+pORH2qQ7iViJ8h
IK89F5kX7y5KOVBkxEiodRgBCd12SRByT9YZDKJnjATgIzj9J2ubqi/3tznixf2Q
OQgP6SMsW3AX1Z1I0qt2gySX/VuGbpms7U3m8ayQ2IpmlNnK9yAJKVV4w49rk8hL
siEecZJD/zAvszRbMXvUNuPDQ1yJ0mBldwuyo0xpsO+e3RJ12d8G8RFriRMtdVgE
N+zj3s/4fz7/nCR0DxhVAU3v5wIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFCPtIJJj
M5+2qrGgeYqqvlW6GIGgMB8GA1UdIwQYMBaAFFHCYRtGHdURg1pRQfiu5QLTo5rr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQkExQy82M0IyMTRBMkM4
MTUxMUU1ODFEMjA4ODRDNEY5QUUwMi9VY0poRzBZZDFSR0RXbEZCLUs3bEF0T2pt
dXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1VjSmhHMFlkMVJHRFdsRkItSzdsQXRPam11cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUJBMUMvNjNCMjE0QTJDODE1MTFFNTgxRDIwODg0QzRGOUFFMDIvMTVDRDBGQTY4
OUZEMTFFREExOEEzOTZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAI7mcgDBAJnORQwDQQCAAIwBwMFASQCU4AwDQYJKoZIhvcN
AQELBQADggEBAGKTk2SnFdlI2MSH6TORzxWs3B/13kb0aw70cWdBCt2f+Gk2Mw1p
tkCwQ9xp3mJk2kfXfdQHCH5C84D9rMpqqimKQpCeLIsn1zA3HqEr2NMTPQnl4X2R
FlW4f6Y7y16GIIP/BJLEAEbDRecukxYo1Y7ELV67mgHWRqUp+jS5Cp+E3g/YcngZ
GZFoZIZVzYTnJx61te46ADOsM4uia1UKfC1zJmwWfHDvNYn1GWSRrduhjCt7Y3vx
7nsVxHyggiRcAF3Nidqlc9+90mOmFSs/V730zex3tO6RjlMl4W5gY+f+m8OYt7L0
5/Gefchf4nu3ObDLLr8GVB819WzlP5BaYAg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:37 2024 by rpki-client on console-ams.rpki-client.org