Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/7D8F1670845C11EE845EB417C4F9AE02.roa
File: 7D8F1670845C11EE845EB417C4F9AE02.roa (raw, json)
Hash identifier: yM4tTEtmLGzys5Mh31DDccQf5WIagWqW9w2/9zgvbkU=
Subject key identifier: 7E:5D:8E:E8:C1:84:47:FD:73:F7:1A:7A:D9:71:28:FA:6C:5B:E0:10
Certificate issuer: /CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Certificate serial: FB
Authority key identifier: 3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/7D8F1670845C11EE845EB417C4F9AE02.roa
Signing time: Fri 01 Dec 2023 05:16:12 +0000
ROA not before: Fri 01 Dec 2023 05:16:12 +0000
ROA not after: Sat 30 Mar 2024 00:00:00 +0000
asID: 137047
IP address blocks: 103.250.28.0/24 maxlen: 24
103.250.29.0/24 maxlen: 24
2001:df1:4540::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 251 (0xfb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Validity
Not Before: Dec 1 05:16:12 2023 GMT
Not After : Mar 30 00:00:00 2024 GMT
Subject: CN=65696c1c-10ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:a1:9e:db:49:bf:b0:83:9a:61:db:ae:f9:82:
83:37:41:61:07:41:50:dc:b7:c2:d5:49:ff:3a:e0:
89:52:d2:fb:e0:19:3a:5f:20:75:a7:ed:9b:c3:8e:
93:15:49:44:25:6d:13:e6:6d:23:f9:92:dc:7c:7f:
24:c7:99:e7:dd:d9:ff:ae:b7:20:a1:f2:2c:45:8a:
31:cc:93:66:dc:96:ac:10:ae:00:bf:1c:9b:fc:4d:
e9:af:f9:c1:d1:0e:d6:cf:12:bb:46:e2:2f:dd:2d:
a9:ca:95:04:40:0f:ce:40:7c:8f:d4:98:08:63:3d:
f7:94:48:85:5d:dc:4f:0d:44:85:3b:1b:03:a1:73:
75:18:b0:bd:5f:fb:15:d5:1e:3b:d9:21:5a:8a:9f:
a1:9f:2c:32:6d:ff:da:f0:e0:be:a0:31:95:21:ce:
69:4d:5d:0f:40:ff:a4:9d:01:5b:b3:6b:68:1f:36:
1c:c4:c9:0b:c9:c0:5b:0b:13:05:9f:2a:6d:27:32:
3b:49:75:17:b7:7e:54:91:cf:45:0b:79:cb:c6:1b:
f3:ce:50:c7:d0:99:4b:86:56:ba:8d:61:f9:7d:17:
6e:8a:6a:e4:c4:7f:d8:72:da:b9:13:19:d2:64:a2:
4b:40:98:4f:ef:fc:2d:2d:66:05:bb:1b:6f:a5:13:
03:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:5D:8E:E8:C1:84:47:FD:73:F7:1A:7A:D9:71:28:FA:6C:5B:E0:10
X509v3 Authority Key Identifier:
keyid:3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/P7w69DECztpPoPf6m9kbLWU0bW4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/7D8F1670845C11EE845EB417C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.250.28.0/23
IPv6:
2001:df1:4540::/48
Signature Algorithm: sha256WithRSAEncryption
67:46:c8:6a:f5:6b:d0:93:0e:c8:80:00:1c:f4:cc:81:15:c2:
f0:e7:27:42:e1:98:cd:fb:c3:09:1e:37:99:50:6d:42:aa:eb:
e5:f0:ce:4c:8a:f0:ee:28:c8:a6:33:85:52:d0:fe:0d:2d:6d:
78:46:c2:99:f3:da:e1:d7:70:4f:22:15:d7:3d:c6:04:3d:c3:
a4:6d:96:04:81:ff:80:fb:61:4c:a2:fa:e3:1f:20:7c:fb:7a:
e4:15:84:68:6b:80:91:6d:d3:5d:be:2d:2d:58:ec:79:ee:12:
3d:a2:a5:3b:57:a2:8c:8a:58:b4:70:68:2a:de:0c:39:6d:fd:
44:c1:bb:14:74:ba:74:af:30:c3:89:38:d2:5c:53:83:05:64:
67:71:90:f7:ef:74:0f:78:10:cb:24:70:a7:cf:57:bc:a5:3c:
63:11:71:30:45:0b:dd:f6:e1:69:b5:f6:b3:03:99:1f:c6:1c:
75:14:ec:a9:5a:10:c4:c2:1e:b5:c4:f3:32:42:cf:2b:da:a7:
5c:72:9c:db:1e:69:ec:ef:a0:98:94:99:85:be:6e:e3:b0:3a:
70:24:a7:47:8d:65:bf:aa:0a:45:af:2e:b2:38:35:bf:a4:76:
6d:ab:20:98:bc:47:4b:29:aa:4e:07:bc:fd:2a:da:0e:3a:7b:
11:5c:1a:01
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAPswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjFERjgxMTAvBgNVBAUTKDNGQkMzQUY0MzEwMkNFREE0RkEwRjdGQTlCRDkxQjJE
NjUzNDZENkUwHhcNMjMxMjAxMDUxNjEyWhcNMjQwMzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTY5NmMxYy0xMGFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArqGe20m/sIOaYduu+YKDN0FhB0FQ3LfC1Un/OuCJUtL74Bk6XyB1p+2bw46T
FUlEJW0T5m0j+ZLcfH8kx5nn3dn/rrcgofIsRYoxzJNm3JasEK4Avxyb/E3pr/nB
0Q7WzxK7RuIv3S2pypUEQA/OQHyP1JgIYz33lEiFXdxPDUSFOxsDoXN1GLC9X/sV
1R472SFaip+hnywybf/a8OC+oDGVIc5pTV0PQP+knQFbs2toHzYcxMkLycBbCxMF
nyptJzI7SXUXt35Ukc9FC3nLxhvzzlDH0JlLhla6jWH5fRduimrkxH/Yctq5ExnS
ZKJLQJhP7/wtLWYFuxtvpRMDMwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFH5djujB
hEf9c/caetlxKPpsW+AQMB8GA1UdIwQYMBaAFD+8OvQxAs7aT6D3+pvZGy1lNG1u
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MURGOC8yNkU1MzExNDU1
MDYxMUVEOTUwNkMwNDVDNEY5QUUwMi9QN3c2OURFQ3p0cFBvUGY2bTlrYkxXVTBi
VzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1A3dzY5REVDenRwUG9QZjZtOWtiTFdVMGJXNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjFERjgvMjZFNTMxMTQ1NTA2MTFFRDk1MDZDMDQ1QzRGOUFFMDIvN0Q4RjE2NzA4
NDVDMTFFRTg0NUVCNDE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFn+hwwDwQCAAIwCQMHACABDfFFQDANBgkqhkiG9w0BAQsF
AAOCAQEAZ0bIavVr0JMOyIAAHPTMgRXC8OcnQuGYzfvDCR43mVBtQqrr5fDOTIrw
7ijIpjOFUtD+DS1teEbCmfPa4ddwTyIV1z3GBD3DpG2WBIH/gPthTKL64x8gfPt6
5BWEaGuAkW3TXb4tLVjsee4SPaKlO1eijIpYtHBoKt4MOW39RMG7FHS6dK8ww4k4
0lxTgwVkZ3GQ9+90D3gQyyRwp89XvKU8YxFxMEUL3fbhabX2swOZH8YcdRTsqVoQ
xMIetcTzMkLPK9qnXHKc2x5p7O+gmJSZhb5u47A6cCSnR41lv6oKRa8usjg1v6R2
basgmLxHSymqTge8/SraDjp7EVwaAQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-ams.rpki-client.org