Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/16A5E0449F2D11EC897FD30CC4F9AE02.roa
File: 16A5E0449F2D11EC897FD30CC4F9AE02.roa (raw, json)
Hash identifier: ECKw2AAbcehq1c769ogMb4YCMUCC+C6+Qq75AAed0Uc=
Subject key identifier: A8:7A:35:F2:87:F6:C6:8D:C8:D6:F8:AF:ED:35:16:26:DE:C3:55:A8
Certificate issuer: /CN=A9193045/serialNumber=66E85461BB352A498DB55703646305CA37E74FB4
Certificate serial: 02
Authority key identifier: 66:E8:54:61:BB:35:2A:49:8D:B5:57:03:64:63:05:CA:37:E7:4F:B4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/16A5E0449F2D11EC897FD30CC4F9AE02.roa
Signing time: Tue 08 Mar 2022 22:14:15 +0000
ROA not before: Tue 08 Mar 2022 22:14:15 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 131995
IP address blocks: 43.245.212.0/22 maxlen: 22
103.29.152.0/22 maxlen: 22
2401:af00::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9193045/serialNumber=66E85461BB352A498DB55703646305CA37E74FB4
Validity
Not Before: Mar 8 22:14:15 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=6227d536-01d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:03:25:eb:64:da:99:74:eb:1c:d4:95:a6:95:
5c:be:a2:5c:d6:ad:9d:18:e6:aa:1e:34:64:2b:6c:
43:86:5a:f1:8b:14:78:29:98:73:1f:8d:98:88:41:
5d:5f:40:a3:d4:ea:81:cb:db:67:ad:4b:d1:95:ef:
22:0e:3a:40:28:f7:dd:7f:f8:6c:9b:4b:48:19:18:
f9:96:d9:2c:37:ea:52:50:ae:0f:a4:34:f2:74:e8:
a7:94:d6:81:71:e5:83:fd:16:57:05:a4:d8:e1:de:
1a:38:34:80:2a:c6:d1:8f:fa:7f:34:b8:c5:38:89:
16:8e:bc:31:57:f7:59:80:83:9c:aa:70:4a:fe:4a:
d4:c5:00:42:1b:0b:1c:90:d1:b4:38:de:fa:aa:e2:
34:1f:fd:b0:92:c3:1f:94:9c:e4:2e:16:91:d2:29:
75:2a:23:52:0b:bb:1c:34:10:2f:9c:d8:1c:f4:56:
d2:37:5a:8a:5a:b0:60:0c:d1:32:ec:bb:82:50:d3:
cd:b2:d1:b6:6a:ef:a7:10:cd:be:42:43:26:36:cc:
6c:af:62:d4:22:46:67:d2:11:be:28:13:f6:48:39:
5e:9d:bd:b6:dd:cc:94:c6:9d:09:bf:a0:07:4c:d1:
72:25:ec:0c:18:97:7b:07:35:dd:ca:46:d7:6f:0f:
47:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:7A:35:F2:87:F6:C6:8D:C8:D6:F8:AF:ED:35:16:26:DE:C3:55:A8
X509v3 Authority Key Identifier:
keyid:66:E8:54:61:BB:35:2A:49:8D:B5:57:03:64:63:05:CA:37:E7:4F:B4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/16A5E0449F2D11EC897FD30CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.212.0/22
103.29.152.0/22
IPv6:
2401:af00::/32
Signature Algorithm: sha256WithRSAEncryption
98:d8:26:71:8b:65:49:6e:2f:bf:d9:f8:62:df:31:09:a5:e6:
ab:56:72:a0:cc:4e:92:c8:62:c6:5d:1e:5a:ab:df:06:e9:19:
b3:06:ac:05:a4:c0:5a:b5:24:89:70:15:95:9c:50:5b:78:6a:
01:d9:b8:79:7f:3e:6e:10:62:fb:8a:eb:0e:f7:76:21:11:6d:
c0:93:30:07:d5:4d:bd:99:39:89:fc:9d:98:8c:c4:0b:a6:26:
20:ce:7a:7a:ec:00:fe:48:5e:52:6a:cd:1c:58:9e:f6:0f:9a:
bb:52:c8:67:df:f6:9d:b2:a8:86:77:6a:72:fa:e0:cd:37:e7:
6f:2c:b4:93:03:0f:4b:81:ad:78:62:c7:05:a7:dc:65:33:f9:
8d:02:f9:61:a0:2c:b4:64:26:13:cc:ba:f9:eb:6d:72:73:46:
0c:9c:7c:e7:2e:93:9c:85:0b:41:ff:98:58:fb:eb:83:7d:38:
6b:6f:94:af:83:61:99:fa:31:25:3f:05:ab:c8:23:02:e9:d8:
14:f7:1b:8e:c5:6c:e8:9a:db:f7:bd:18:4c:f7:19:f1:f5:b7:
5d:96:8b:dc:f9:b5:dc:a9:f4:d0:80:e0:48:5e:2f:b0:9d:13:
c6:56:cf:ee:91:50:e7:48:6b:86:29:b7:3e:0c:12:d4:d5:bb:
03:70:14:c4
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
MzA0NTExMC8GA1UEBRMoNjZFODU0NjFCQjM1MkE0OThEQjU1NzAzNjQ2MzA1Q0Ez
N0U3NEZCNDAeFw0yMjAzMDgyMjE0MTVaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyMjdkNTM2LTAxZDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCrAyXrZNqZdOsc1JWmlVy+olzWrZ0Y5qoeNGQrbEOGWvGLFHgpmHMfjZiIQV1f
QKPU6oHL22etS9GV7yIOOkAo991/+GybS0gZGPmW2Sw36lJQrg+kNPJ06KeU1oFx
5YP9FlcFpNjh3ho4NIAqxtGP+n80uMU4iRaOvDFX91mAg5yqcEr+StTFAEIbCxyQ
0bQ43vqq4jQf/bCSwx+UnOQuFpHSKXUqI1ILuxw0EC+c2Bz0VtI3WopasGAM0TLs
u4JQ082y0bZq76cQzb5CQyY2zGyvYtQiRmfSEb4oE/ZIOV6dvbbdzJTGnQm/oAdM
0XIl7AwYl3sHNd3KRtdvD0fvAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUqHo18of2
xo3I1viv7TUWJt7DVagwHwYDVR0jBBgwFoAUZuhUYbs1KkmNtVcDZGMFyjfnT7Qw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTkzMDQ1L0JGQURDNjEwOUYy
OTExRUM5QzJENjc4NUM0RjlBRTAyL1p1aFVZYnMxS2ttTnRWY0RaR01GeWpmblQ3
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWnVoVVliczFLa21OdFZjRFpHTUZ5amZuVDdRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
MzA0NS9CRkFEQzYxMDlGMjkxMUVDOUMyRDY3ODVDNEY5QUUwMi8xNkE1RTA0NDlG
MkQxMUVDODk3RkQzMENDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAiv11AMEAmcdmDANBAIAAjAHAwUAJAGvADANBgkqhkiG9w0B
AQsFAAOCAQEAmNgmcYtlSW4vv9n4Yt8xCaXmq1ZyoMxOkshixl0eWqvfBukZswas
BaTAWrUkiXAVlZxQW3hqAdm4eX8+bhBi+4rrDvd2IRFtwJMwB9VNvZk5ifydmIzE
C6YmIM56euwA/kheUmrNHFie9g+au1LIZ9/2nbKohndqcvrgzTfnbyy0kwMPS4Gt
eGLHBafcZTP5jQL5YaAstGQmE8y6+ettcnNGDJx85y6TnIULQf+YWPvrg304a2+U
r4NhmfoxJT8Fq8gjAunYFPcbjsVs6Jrb970YTPcZ8fW3XZaL3Pm13Kn00IDgSF4v
sJ0TxlbP7pFQ50hrhim3PgwS1NW7A3AUxA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:56 2023 by rpki-client on console-ams.rpki-client.org