Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91637DD/DE59F6025E7311EC8BE4CC4EC4F9AE02/A7D1341C67DB11EC8278D413C4F9AE02.roa
File: A7D1341C67DB11EC8278D413C4F9AE02.roa (raw, json)
Hash identifier: Yu2AlZ6bhIEhbfXufRUnv9Q0V6KLhJoi8502zTga07s=
Subject key identifier: 21:7E:82:CC:A8:5B:87:8E:0D:16:3B:A4:2C:FA:BD:DD:D1:24:78:9D
Certificate issuer: /CN=A91637DD/serialNumber=7C131EE0A80B834D48D17D69655A5BC7BE668B6A
Certificate serial: 3B
Authority key identifier: 7C:13:1E:E0:A8:0B:83:4D:48:D1:7D:69:65:5A:5B:C7:BE:66:8B:6A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fBMe4KgLg01I0X1pZVpbx75mi2o.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91637DD/DE59F6025E7311EC8BE4CC4EC4F9AE02/A7D1341C67DB11EC8278D413C4F9AE02.roa
Signing time: Sun 09 Jan 2022 18:41:50 +0000
ROA not before: Sun 09 Jan 2022 18:41:50 +0000
ROA not after: Thu 02 Mar 2023 00:00:00 +0000
asID: 149295
IP address blocks: 103.177.242.0/23 maxlen: 23
103.177.242.0/24 maxlen: 24
103.177.243.0/24 maxlen: 24
2001:df0:2dc0::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 59 (0x3b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91637DD/serialNumber=7C131EE0A80B834D48D17D69655A5BC7BE668B6A
Validity
Not Before: Jan 9 18:41:50 2022 GMT
Not After : Mar 2 00:00:00 2023 GMT
Subject: CN=61db2c6e-57b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:33:60:8c:59:7c:54:65:25:e5:0d:78:0b:0d:
63:11:19:6f:14:28:1f:81:db:c6:78:7c:f1:cd:31:
84:c6:b1:b6:1d:6f:3d:57:22:ed:3b:2e:52:ca:04:
7f:6d:62:89:8e:38:52:7d:6e:a5:d5:b1:09:88:00:
27:63:98:6b:75:4b:c2:a9:9d:44:6c:16:49:2f:c1:
96:b4:6d:67:39:c9:8c:da:fa:36:f1:55:5e:53:96:
cc:c8:70:9f:bf:24:8b:ef:c8:51:4b:07:7b:9e:35:
e5:5f:8d:5c:7a:04:73:9b:10:26:5b:99:0b:b9:58:
75:da:65:b1:2a:c2:8a:e2:86:c8:e0:4d:21:d3:a2:
99:49:fb:24:86:4f:d9:a4:20:00:b2:41:a3:61:2a:
69:39:d9:e1:50:2e:d9:06:fa:c4:a1:74:fd:fd:a5:
02:b4:27:fb:8e:14:5a:48:23:d3:4e:30:b4:9b:61:
7b:18:6c:75:ac:6d:fc:8b:f7:f1:c0:46:24:ac:5d:
02:cf:10:3a:ef:91:ae:2d:54:b7:0f:1e:83:05:a4:
46:9b:21:82:66:01:a7:4d:6c:05:e9:b5:f2:e8:d2:
b7:93:79:58:16:bb:d6:6a:ea:77:49:43:03:4d:80:
0d:1f:5c:58:15:5c:03:69:a6:2b:e6:be:6d:c7:eb:
6a:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:7E:82:CC:A8:5B:87:8E:0D:16:3B:A4:2C:FA:BD:DD:D1:24:78:9D
X509v3 Authority Key Identifier:
keyid:7C:13:1E:E0:A8:0B:83:4D:48:D1:7D:69:65:5A:5B:C7:BE:66:8B:6A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91637DD/DE59F6025E7311EC8BE4CC4EC4F9AE02/fBMe4KgLg01I0X1pZVpbx75mi2o.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fBMe4KgLg01I0X1pZVpbx75mi2o.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91637DD/DE59F6025E7311EC8BE4CC4EC4F9AE02/A7D1341C67DB11EC8278D413C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.177.242.0/23
IPv6:
2001:df0:2dc0::/48
Signature Algorithm: sha256WithRSAEncryption
a1:92:13:b7:a3:84:37:36:73:9e:48:78:81:b8:90:6e:ee:8f:
ab:95:de:1a:58:a0:79:a0:01:14:cd:f2:a0:dc:c5:bd:a7:36:
03:16:c2:b4:fb:b7:25:1e:f3:28:24:dd:f6:79:71:29:8d:bb:
59:33:97:b4:38:91:b7:68:d0:b8:14:73:8a:10:2b:87:ee:82:
cf:14:ba:46:e7:06:9d:95:a2:b2:4a:58:1b:79:bb:e1:13:65:
1a:6b:83:46:c8:16:83:02:b5:be:6c:c4:d1:b6:ae:65:6c:54:
7d:a9:1c:c3:21:0a:c8:46:90:f2:8b:87:00:2f:ca:d2:be:d3:
78:f7:6f:ed:c4:28:10:60:35:d3:95:79:97:ae:9f:68:58:54:
61:0b:87:70:9f:0a:68:5e:1a:9e:aa:31:d7:69:0b:5d:cc:43:
d5:dd:a4:fe:45:b0:ce:41:51:61:93:39:79:53:5b:32:ee:f6:
1f:8b:eb:b4:71:4e:f3:81:8d:3b:94:b4:f5:46:0d:11:16:68:
75:db:d7:bb:bb:d4:d6:9c:10:27:6a:b7:be:74:58:54:4c:c3:
9a:89:82:e5:65:02:ba:c5:19:24:d3:43:8d:3c:7c:30:de:88:
1d:42:ee:f7:80:30:96:38:c7:97:5c:9d:ff:42:e9:46:f5:4b:
dc:e6:ba:b8
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBOzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
MzdERDExMC8GA1UEBRMoN0MxMzFFRTBBODBCODM0RDQ4RDE3RDY5NjU1QTVCQzdC
RTY2OEI2QTAeFw0yMjAxMDkxODQxNTBaFw0yMzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTYxZGIyYzZlLTU3YjcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPM2CMWXxUZSXlDXgLDWMRGW8UKB+B28Z4fPHNMYTGsbYdbz1XIu07LlLKBH9t
YomOOFJ9bqXVsQmIACdjmGt1S8KpnURsFkkvwZa0bWc5yYza+jbxVV5TlszIcJ+/
JIvvyFFLB3ueNeVfjVx6BHObECZbmQu5WHXaZbEqworihsjgTSHToplJ+ySGT9mk
IACyQaNhKmk52eFQLtkG+sShdP39pQK0J/uOFFpII9NOMLSbYXsYbHWsbfyL9/HA
RiSsXQLPEDrvka4tVLcPHoMFpEabIYJmAadNbAXptfLo0reTeVgWu9Zq6ndJQwNN
gA0fXFgVXANppivmvm3H62p7AgMBAAGjggKmMIICojAdBgNVHQ4EFgQUIX6CzKhb
h44NFjukLPq93dEkeJ0wHwYDVR0jBBgwFoAUfBMe4KgLg01I0X1pZVpbx75mi2ow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTYzN0REL0RFNTlGNjAyNUU3
MzExRUM4QkU0Q0M0RUM0RjlBRTAyL2ZCTWU0S2dMZzAxSTBYMXBaVnBieDc1bWky
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZkJNZTRLZ0xnMDFJMFgxcFpWcGJ4NzVtaTJvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
MzdERC9ERTU5RjYwMjVFNzMxMUVDOEJFNENDNEVDNEY5QUUwMi9BN0QxMzQxQzY3
REIxMUVDODI3OEQ0MTNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWex8jAPBAIAAjAJAwcAIAEN8C3AMA0GCSqGSIb3DQEBCwUA
A4IBAQChkhO3o4Q3NnOeSHiBuJBu7o+rld4aWKB5oAEUzfKg3MW9pzYDFsK0+7cl
HvMoJN32eXEpjbtZM5e0OJG3aNC4FHOKECuH7oLPFLpG5wadlaKySlgbebvhE2Ua
a4NGyBaDArW+bMTRtq5lbFR9qRzDIQrIRpDyi4cAL8rSvtN492/txCgQYDXTlXmX
rp9oWFRhC4dwnwpoXhqeqjHXaQtdzEPV3aT+RbDOQVFhkzl5U1sy7vYfi+u0cU7z
gY07lLT1Rg0RFmh129e7u9TWnBAnare+dFhUTMOaiYLlZQK6xRkk00ONPHww3ogd
Qu73gDCWOMeXXJ3/QulG9Uvc5rq4
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:45 2023 by rpki-client on console-fra.rpki-client.org