Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/4B645F28795B11ED87628B3CC4F9AE02.roa
File: 4B645F28795B11ED87628B3CC4F9AE02.roa (raw, json)
Hash identifier: GoFs5umnOPi1eg9T5PlvNPK9TkXriAm7ROsuLG/CVw8=
Subject key identifier: 31:D1:41:65:89:05:C0:0E:FA:5C:32:6D:83:C7:BB:6D:FE:D8:C7:92
Certificate issuer: /CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Certificate serial: 41
Authority key identifier: 3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/4B645F28795B11ED87628B3CC4F9AE02.roa
Signing time: Wed 04 Jan 2023 04:24:19 +0000
ROA not before: Wed 04 Jan 2023 04:24:19 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 150311
IP address blocks: 103.250.28.0/24 maxlen: 24
103.250.28.64/28 maxlen: 28
103.250.29.0/24 maxlen: 24
2001:df1:4540::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65 (0x41)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Validity
Not Before: Jan 4 04:24:19 2023 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=63b4ff72-a1bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:66:06:85:18:09:35:30:e6:68:e7:26:4e:40:
f0:7a:c0:6f:e2:c9:31:69:81:79:e2:70:8a:0f:93:
7b:8b:5f:50:9f:9b:2a:03:90:46:3a:8a:40:4b:68:
e9:6f:cb:cd:3b:6c:cb:bb:95:29:1d:3c:7d:bc:0b:
a1:16:9a:b1:a1:97:4c:79:15:ef:08:cf:72:9b:a7:
9d:18:61:43:a9:c5:26:70:18:74:d2:9b:34:44:96:
7f:2a:75:6a:94:36:b4:2d:f4:5a:9e:ce:59:9a:77:
45:8c:0c:bd:28:c1:c1:b5:ac:3f:90:be:e1:74:15:
03:64:bd:e3:be:11:77:0f:9a:fa:5c:08:6c:14:b6:
d5:df:e8:2d:d5:f2:f0:36:94:cf:67:4e:a9:74:3d:
5d:dc:32:53:02:d2:a7:c5:9c:11:5a:66:f2:6a:87:
ff:d5:b7:9c:0d:e8:3a:0c:94:e6:01:40:80:f1:e7:
29:21:39:03:9f:ad:42:71:8c:0a:fa:94:e1:cf:ff:
92:06:a6:f1:d4:16:13:95:83:d8:ae:70:4e:4b:fa:
3b:b6:42:8d:70:53:6d:15:5d:be:39:28:5c:17:19:
05:e3:a2:be:0f:92:94:1e:31:91:33:43:f3:3d:ca:
26:7a:23:22:99:19:e0:10:6a:ef:85:8d:a6:3b:3a:
7b:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:D1:41:65:89:05:C0:0E:FA:5C:32:6D:83:C7:BB:6D:FE:D8:C7:92
X509v3 Authority Key Identifier:
keyid:3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/P7w69DECztpPoPf6m9kbLWU0bW4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/4B645F28795B11ED87628B3CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.250.28.0/23
IPv6:
2001:df1:4540::/48
Signature Algorithm: sha256WithRSAEncryption
11:1b:e4:5d:8e:37:f5:4d:ca:08:9a:84:f8:9c:8e:09:3e:ed:
53:af:c9:90:f2:ba:ad:d4:67:b4:b7:5c:eb:34:30:54:de:9b:
fb:61:36:a3:a4:27:59:7c:07:f3:60:56:de:14:6e:a2:be:b1:
67:86:ac:99:5f:d8:a3:ce:a0:6a:ae:b5:6c:bd:ba:46:8a:2e:
af:6e:06:2e:16:21:6f:c5:eb:f3:bb:e7:a5:76:40:ec:cf:04:
eb:55:8b:f6:e6:b4:e4:df:8f:20:2b:76:7f:55:67:ef:55:d1:
2c:e3:9c:c1:b1:7d:09:2f:97:a3:d7:72:30:9d:ed:3f:66:9b:
23:5b:c7:40:60:82:50:92:50:7e:ae:5f:1f:4e:48:03:d5:3c:
3e:9f:a7:05:08:aa:1a:60:b4:29:7f:d7:a9:79:f2:a0:f6:78:
24:f6:9c:31:1a:0f:d5:08:0e:b7:91:54:c9:79:3e:03:16:fb:
6e:d6:fa:32:6c:7c:aa:9b:7e:8e:d4:98:9a:57:f5:03:b4:70:
23:fb:59:8e:bd:2e:2a:3f:fa:c7:83:e7:6a:71:b7:e4:cc:8a:
3c:0e:8e:b1:4a:88:53:1e:88:6b:27:5f:62:89:e5:e1:70:ea:
66:40:51:0d:c3:36:61:3d:f7:da:f5:da:e8:2c:28:87:b2:8f:
fc:9c:7e:41
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBQTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
MURGODExMC8GA1UEBRMoM0ZCQzNBRjQzMTAyQ0VEQTRGQTBGN0ZBOUJEOTFCMkQ2
NTM0NkQ2RTAeFw0yMzAxMDQwNDI0MTlaFw0yMzEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYjRmZjcyLWExYmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC/ZgaFGAk1MOZo5yZOQPB6wG/iyTFpgXnicIoPk3uLX1CfmyoDkEY6ikBLaOlv
y807bMu7lSkdPH28C6EWmrGhl0x5Fe8Iz3Kbp50YYUOpxSZwGHTSmzREln8qdWqU
NrQt9Fqezlmad0WMDL0owcG1rD+QvuF0FQNkveO+EXcPmvpcCGwUttXf6C3V8vA2
lM9nTql0PV3cMlMC0qfFnBFaZvJqh//Vt5wN6DoMlOYBQIDx5ykhOQOfrUJxjAr6
lOHP/5IGpvHUFhOVg9iucE5L+ju2Qo1wU20VXb45KFwXGQXjor4PkpQeMZEzQ/M9
yiZ6IyKZGeAQau+FjaY7OntrAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUMdFBZYkF
wA76XDJtg8e7bf7Yx5IwHwYDVR0jBBgwFoAUP7w69DECztpPoPf6m9kbLWU0bW4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTYxREY4LzI2RTUzMTE0NTUw
NjExRUQ5NTA2QzA0NUM0RjlBRTAyL1A3dzY5REVDenRwUG9QZjZtOWtiTFdVMGJX
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUDd3NjlERUN6dHBQb1BmNm05a2JMV1UwYlc0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
MURGOC8yNkU1MzExNDU1MDYxMUVEOTUwNkMwNDVDNEY5QUUwMi80QjY0NUYyODc5
NUIxMUVEODc2MjhCM0NDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWf6HDAPBAIAAjAJAwcAIAEN8UVAMA0GCSqGSIb3DQEBCwUA
A4IBAQARG+Rdjjf1TcoImoT4nI4JPu1Tr8mQ8rqt1Ge0t1zrNDBU3pv7YTajpCdZ
fAfzYFbeFG6ivrFnhqyZX9ijzqBqrrVsvbpGii6vbgYuFiFvxevzu+eldkDszwTr
VYv25rTk348gK3Z/VWfvVdEs45zBsX0JL5ej13Iwne0/ZpsjW8dAYIJQklB+rl8f
TkgD1Tw+n6cFCKoaYLQpf9epefKg9ngk9pwxGg/VCA63kVTJeT4DFvtu1voybHyq
m36O1JiaV/UDtHAj+1mOvS4qP/rHg+dqcbfkzIo8Do6xSohTHohrJ19iieXhcOpm
QFENwzZhPffa9droLCiHso/8nH5B
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:09 2024 by rpki-client on console-fra.rpki-client.org