Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91472E2/2F19535C0CB211ED95CEC95CC4F9AE02/CA240DD4F84711EDABF60938C4F9AE02.roa
File: CA240DD4F84711EDABF60938C4F9AE02.roa (raw, json)
Hash identifier: 0oaAtOtPDUBIZ64DJPqRYcMlqIl8ACA3XklmXzLFRV4=
Subject key identifier: 43:4E:D9:73:41:04:BE:B1:0D:25:FF:E3:7E:0D:F0:D0:33:4C:47:A6
Certificate issuer: /CN=A91472E2/serialNumber=C65FFCFB2CFCD9BCD68DAEB0697D316CF35B23F0
Certificate serial: 010B
Authority key identifier: C6:5F:FC:FB:2C:FC:D9:BC:D6:8D:AE:B0:69:7D:31:6C:F3:5B:23:F0
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xl_8-yz82bzWja6waX0xbPNbI_A.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91472E2/2F19535C0CB211ED95CEC95CC4F9AE02/CA240DD4F84711EDABF60938C4F9AE02.roa
Signing time: Mon 22 May 2023 02:24:34 +0000
ROA not before: Mon 22 May 2023 02:24:34 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 150137
IP address blocks: 103.90.12.0/23 maxlen: 24
103.191.181.0/24 maxlen: 24
2001:df1:940::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 267 (0x10b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91472E2/serialNumber=C65FFCFB2CFCD9BCD68DAEB0697D316CF35B23F0
Validity
Not Before: May 22 02:24:34 2023 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=646ad261-41d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:f7:1f:8c:41:67:f1:19:6b:bd:30:35:a3:05:
40:81:70:7d:8b:d2:3b:6f:20:86:61:8d:94:30:31:
ed:c2:8f:3f:2a:51:46:c1:87:89:a6:21:db:e5:1c:
b1:ea:62:05:f1:8c:ef:31:b5:88:0f:ec:56:7f:98:
ee:57:c1:15:c3:ee:0f:50:5a:80:d0:f7:c6:24:6f:
b5:91:23:ee:09:ff:50:c3:d4:2a:a3:f5:c6:0d:41:
ed:d3:39:8f:4e:8b:b7:d1:a1:ae:c7:d6:43:7d:58:
f8:94:9e:d8:4a:76:77:e6:7e:f2:46:0a:e7:79:51:
41:fa:d6:e5:fc:d1:31:25:68:a9:10:e7:0e:35:c9:
dc:67:3f:1b:6c:bb:1d:cf:a5:89:eb:cd:32:77:6a:
ad:fe:d4:c4:0c:17:ab:16:c3:46:9c:ff:16:ab:8d:
1f:4d:88:08:f1:b9:10:ee:b2:07:be:f7:c6:57:22:
0b:8a:49:17:45:80:91:46:4b:b4:00:7a:67:6d:24:
a1:a6:58:cf:36:3e:08:97:c7:8d:a2:ff:2e:c5:05:
e4:66:ec:c7:a1:1e:d5:b8:e4:3a:60:ce:26:d7:49:
37:53:c6:64:ad:5b:36:e4:8b:2c:59:65:01:dd:57:
20:6f:be:23:d4:2c:36:15:90:76:c6:24:86:d5:5f:
b4:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:4E:D9:73:41:04:BE:B1:0D:25:FF:E3:7E:0D:F0:D0:33:4C:47:A6
X509v3 Authority Key Identifier:
keyid:C6:5F:FC:FB:2C:FC:D9:BC:D6:8D:AE:B0:69:7D:31:6C:F3:5B:23:F0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91472E2/2F19535C0CB211ED95CEC95CC4F9AE02/xl_8-yz82bzWja6waX0xbPNbI_A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xl_8-yz82bzWja6waX0xbPNbI_A.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91472E2/2F19535C0CB211ED95CEC95CC4F9AE02/CA240DD4F84711EDABF60938C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.90.12.0/23
103.191.181.0/24
IPv6:
2001:df1:940::/48
Signature Algorithm: sha256WithRSAEncryption
4c:94:4f:f9:d1:5a:c0:db:8d:86:6d:33:04:9a:f0:a4:aa:08:
63:41:49:ac:ad:d4:16:b6:21:e2:1d:a4:5a:33:60:df:e1:1c:
13:d5:7a:2d:4a:47:4a:e0:79:81:80:43:d8:9f:97:12:6f:f9:
6c:97:f1:1a:86:08:e3:3c:f5:73:8e:44:2b:f9:a1:e9:53:d8:
6e:7c:d2:58:d3:99:84:81:79:e9:2a:68:da:fc:56:4b:36:41:
d1:46:11:f8:9e:54:d0:13:fb:e8:9b:6c:40:35:7b:a2:bd:48:
c0:1e:a9:82:dc:30:10:a4:14:ee:e7:18:48:60:d8:32:e5:f3:
8b:87:ca:cf:4a:98:e3:b9:1b:43:98:54:6b:ed:b0:f2:d4:cd:
32:33:5c:39:0a:f2:18:ea:48:aa:78:87:4b:6d:9d:f8:2e:4b:
a4:6e:a0:e1:9e:b5:15:0b:f1:ce:27:f8:65:69:8a:82:30:b1:
a0:8f:b1:5a:be:3d:df:73:cf:e7:93:57:60:3e:05:08:2c:78:
85:fc:e8:14:18:17:b9:1f:29:0a:fb:40:b7:e2:c6:5a:ee:f6:
45:61:18:e9:72:d1:7d:c9:c2:dd:6c:64:60:ff:95:44:29:da:
d2:61:83:07:66:f1:ab:dd:e0:95:e2:5b:d0:27:48:09:a8:a4:
24:a5:91:f1
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICAQswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDcyRTIxMTAvBgNVBAUTKEM2NUZGQ0ZCMkNGQ0Q5QkNENjhEQUVCMDY5N0QzMTZD
RjM1QjIzRjAwHhcNMjMwNTIyMDIyNDM0WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDZhZDI2MS00MWQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArfcfjEFn8RlrvTA1owVAgXB9i9I7byCGYY2UMDHtwo8/KlFGwYeJpiHb5Ryx
6mIF8YzvMbWID+xWf5juV8EVw+4PUFqA0PfGJG+1kSPuCf9Qw9Qqo/XGDUHt0zmP
Tou30aGux9ZDfVj4lJ7YSnZ35n7yRgrneVFB+tbl/NExJWipEOcONcncZz8bbLsd
z6WJ680yd2qt/tTEDBerFsNGnP8Wq40fTYgI8bkQ7rIHvvfGVyILikkXRYCRRku0
AHpnbSShpljPNj4Il8eNov8uxQXkZuzHoR7VuOQ6YM4m10k3U8ZkrVs25IssWWUB
3Vcgb74j1Cw2FZB2xiSG1V+0qQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFENO2XNB
BL6xDSX/434N8NAzTEemMB8GA1UdIwQYMBaAFMZf/Pss/Nm81o2usGl9MWzzWyPw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NzJFMi8yRjE5NTM1QzBD
QjIxMUVEOTVDRUM5NUNDNEY5QUUwMi94bF84LXl6ODJieldqYTZ3YVgweGJQTmJJ
X0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hsXzgteXo4MmJ6V2phNndhWDB4YlBOYklfQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDcyRTIvMkYxOTUzNUMwQ0IyMTFFRDk1Q0VDOTVDQzRGOUFFMDIvQ0EyNDBERDRG
ODQ3MTFFREFCRjYwOTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBAFnWgwDBABnv7UwDwQCAAIwCQMHACABDfEJQDANBgkqhkiG
9w0BAQsFAAOCAQEATJRP+dFawNuNhm0zBJrwpKoIY0FJrK3UFrYh4h2kWjNg3+Ec
E9V6LUpHSuB5gYBD2J+XEm/5bJfxGoYI4zz1c45EK/mh6VPYbnzSWNOZhIF56Spo
2vxWSzZB0UYR+J5U0BP76JtsQDV7or1IwB6pgtwwEKQU7ucYSGDYMuXzi4fKz0qY
47kbQ5hUa+2w8tTNMjNcOQryGOpIqniHS22d+C5LpG6g4Z61FQvxzif4ZWmKgjCx
oI+xWr4933PP55NXYD4FCCx4hfzoFBgXuR8pCvtAt+LGWu72RWEY6XLRfcnC3Wxk
YP+VRCna0mGDB2bxq93gleJb0CdICaikJKWR8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:04 2024 by rpki-client on console-fra.rpki-client.org