Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/9BA0497CB67611EDA32C9C33C4F9AE02.roa
File: 9BA0497CB67611EDA32C9C33C4F9AE02.roa (raw, json)
Hash identifier: nERTqNgeB9r63Wy9i+jc/f63rUntcn/SCcrCkjFH5mU=
Subject key identifier: 5F:9B:B7:30:20:7D:1C:8B:49:53:27:BE:48:6B:4D:50:C0:28:A2:74
Certificate issuer: /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial: 0444
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/9BA0497CB67611EDA32C9C33C4F9AE02.roa
Signing time: Wed 22 Mar 2023 02:12:05 +0000
ROA not before: Wed 22 Mar 2023 02:12:05 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 137451
IP address blocks: 43.229.152.0/24 maxlen: 24
43.229.153.0/24 maxlen: 24
103.48.168.0/24 maxlen: 24
103.228.64.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1092 (0x444)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Validity
Not Before: Mar 22 02:12:05 2023 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=641a63f5-3468
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:2b:08:73:0f:c2:a3:05:53:1f:88:27:13:8e:
42:3a:fd:4b:2c:85:7a:46:10:68:ee:cc:dc:de:e6:
ac:02:37:17:86:4c:4a:58:63:10:f3:64:eb:90:5c:
6d:26:1e:4a:51:37:bb:df:b2:4e:64:55:58:be:66:
0e:e4:43:c8:8f:d6:15:00:5b:31:17:6a:2e:c8:f1:
5e:c0:53:2f:02:07:a9:51:0e:d5:b9:4e:69:8a:98:
50:5b:6a:45:08:c5:3d:44:e8:90:70:21:2e:92:46:
13:42:36:ba:17:5a:97:9b:8e:fb:d6:c7:c7:da:f0:
b7:f0:c9:78:05:68:77:c7:ee:b1:86:26:9a:03:81:
25:5d:35:02:a8:e3:2a:70:c2:73:cf:13:71:57:4b:
4e:d5:b4:bc:91:38:bc:e6:d4:76:30:10:1f:19:52:
b7:41:7e:d0:91:0e:3f:16:3e:d1:56:69:92:e4:6e:
2c:7e:0a:8a:c9:65:8b:43:f7:d1:0a:43:b2:37:30:
7c:a8:f5:f0:8c:03:f2:47:85:6a:40:fa:fd:66:47:
ca:cb:75:1d:b3:fd:f2:e8:b3:6a:36:ee:42:4e:05:
87:e9:25:70:49:c1:31:37:24:e1:2b:e8:64:83:b5:
1b:44:43:cf:4e:4c:79:12:af:a0:c8:14:ec:b8:63:
ff:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:9B:B7:30:20:7D:1C:8B:49:53:27:BE:48:6B:4D:50:C0:28:A2:74
X509v3 Authority Key Identifier:
keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/9BA0497CB67611EDA32C9C33C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.229.152.0/23
103.48.168.0/24
103.228.64.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:90:02:53:2b:5f:ac:32:8c:76:9c:af:6d:b7:c5:d4:fc:c1:
62:b7:50:5b:19:23:17:d4:1b:f8:c9:ce:38:89:7f:58:e9:2c:
ee:fc:1c:2c:3d:7d:12:1e:87:b2:b6:22:bb:b0:33:47:7b:1b:
f4:a0:2c:0b:08:41:8d:3e:71:53:80:58:22:71:4d:0a:5a:61:
56:e4:01:21:70:a5:7c:9e:6b:75:74:f9:8a:3c:60:de:f8:58:
aa:77:cc:da:49:56:60:2b:f8:ad:01:5f:2d:83:f5:26:af:aa:
84:be:31:b6:e0:fd:6b:f2:40:14:d2:36:3d:fd:5f:fa:d2:a1:
23:f1:86:ad:25:1a:6e:ab:d7:f1:44:b8:49:0c:51:e0:c2:f9:
de:83:55:52:3f:63:ff:99:bb:47:cd:ef:e7:9d:b3:e6:14:92:
04:7c:c3:ab:86:0d:ef:31:df:84:8c:29:17:7b:b7:20:0f:73:
92:ac:70:af:3e:7d:bd:c7:6e:6d:a7:2b:bd:13:c1:a7:75:79:
c0:10:eb:23:0e:87:05:54:e6:18:3d:39:2d:85:a2:19:96:34:
dc:52:e4:9e:39:72:be:61:42:2c:f7:a4:51:2e:0d:ed:81:7c:
c5:8a:8d:1b:b3:dd:61:15:74:c8:b7:da:7c:0a:e2:46:2e:eb:
49:10:be:e9
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBEQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMwMzIyMDIxMjA1WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDFhNjNmNS0zNDY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6ysIcw/CowVTH4gnE45COv1LLIV6RhBo7szc3uasAjcXhkxKWGMQ82TrkFxt
Jh5KUTe737JOZFVYvmYO5EPIj9YVAFsxF2ouyPFewFMvAgepUQ7VuU5piphQW2pF
CMU9ROiQcCEukkYTQja6F1qXm4771sfH2vC38Ml4BWh3x+6xhiaaA4ElXTUCqOMq
cMJzzxNxV0tO1bS8kTi85tR2MBAfGVK3QX7QkQ4/Fj7RVmmS5G4sfgqKyWWLQ/fR
CkOyNzB8qPXwjAPyR4VqQPr9ZkfKy3Uds/3y6LNqNu5CTgWH6SVwScExNyThK+hk
g7UbREPPTkx5Eq+gyBTsuGP/bwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFF+btzAg
fRyLSVMnvkhrTVDAKKJ0MB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvOUJBMDQ5N0NC
Njc2MTFFREEzMkM5QzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAEr5ZgDBABnMKgDBABn5EAwDQYJKoZIhvcNAQELBQADggEB
ALSQAlMrX6wyjHacr223xdT8wWK3UFsZIxfUG/jJzjiJf1jpLO78HCw9fRIeh7K2
IruwM0d7G/SgLAsIQY0+cVOAWCJxTQpaYVbkASFwpXyea3V0+Yo8YN74WKp3zNpJ
VmAr+K0BXy2D9SavqoS+Mbbg/WvyQBTSNj39X/rSoSPxhq0lGm6r1/FEuEkMUeDC
+d6DVVI/Y/+Zu0fN7+eds+YUkgR8w6uGDe8x34SMKRd7tyAPc5KscK8+fb3Hbm2n
K70Twad1ecAQ6yMOhwVU5hg9OS2FohmWNNxS5J45cr5hQiz3pFEuDe2BfMWKjRuz
3WEVdMi32nwK4kYu60kQvuk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:46 2024 by rpki-client on console-ams.rpki-client.org