Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/176EB58C9F2D11EC897FD30CC4F9AE02.roa
File: 176EB58C9F2D11EC897FD30CC4F9AE02.roa (raw, json)
Hash identifier: yfRSSPtsL48ZbCRFRMHDs8ixIo+F5Ycsnc0j8nCvgD4=
Subject key identifier: 50:B3:BD:C9:BB:7F:48:F3:D3:C7:02:40:47:9B:5D:13:BB:A1:49:B2
Certificate issuer: /CN=A9193045/serialNumber=66E85461BB352A498DB55703646305CA37E74FB4
Certificate serial: 03
Authority key identifier: 66:E8:54:61:BB:35:2A:49:8D:B5:57:03:64:63:05:CA:37:E7:4F:B4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/176EB58C9F2D11EC897FD30CC4F9AE02.roa
Signing time: Tue 08 Mar 2022 22:14:16 +0000
ROA not before: Tue 08 Mar 2022 22:14:16 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 45345
IP address blocks: 43.245.212.0/22 maxlen: 22
103.29.152.0/24 maxlen: 24
2401:af00::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9193045/serialNumber=66E85461BB352A498DB55703646305CA37E74FB4
Validity
Not Before: Mar 8 22:14:16 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=6227d538-439a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ff:e8:a1:1d:3e:41:ea:85:75:77:67:a1:a3:
92:2b:08:2f:d1:04:75:1c:45:ed:fc:82:ef:6f:c2:
a7:82:83:c9:07:51:3e:7e:65:5e:15:02:18:ca:f4:
c9:30:2d:82:79:aa:1d:73:ad:f4:d0:19:f7:e1:7e:
6a:74:73:52:2b:80:a9:1c:6c:dc:82:4d:f5:f1:18:
df:91:93:9b:f1:d1:b5:3d:0e:92:60:2b:83:8e:d9:
88:54:ab:53:64:92:b1:51:a4:84:69:3d:38:7a:b3:
b6:d2:38:2f:45:2b:bb:eb:5e:9d:98:5a:f5:7f:12:
ed:7b:93:31:19:1e:bf:1e:bd:ed:da:d2:82:63:29:
f0:08:a5:03:3b:94:41:85:5b:53:ea:75:ea:0d:c3:
8a:64:1b:65:d4:65:e9:26:16:d5:cc:c6:d1:b2:f8:
de:5b:05:5e:bf:b2:05:d7:9c:21:af:0e:f2:d4:d1:
c3:75:fb:91:6f:cc:45:6e:e6:13:e1:ca:96:aa:0b:
82:cf:7d:c5:75:c5:88:6b:d4:b7:54:69:b8:ba:a3:
1d:75:c2:3b:70:42:1f:50:4e:dd:28:d5:b8:12:d0:
16:8f:59:97:4d:82:78:b2:8a:8b:58:cf:6e:35:88:
a1:d3:f8:52:8d:3a:c6:87:e3:a9:09:7c:07:e6:32:
bd:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:B3:BD:C9:BB:7F:48:F3:D3:C7:02:40:47:9B:5D:13:BB:A1:49:B2
X509v3 Authority Key Identifier:
keyid:66:E8:54:61:BB:35:2A:49:8D:B5:57:03:64:63:05:CA:37:E7:4F:B4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZuhUYbs1KkmNtVcDZGMFyjfnT7Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9193045/BFADC6109F2911EC9C2D6785C4F9AE02/176EB58C9F2D11EC897FD30CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.245.212.0/22
103.29.152.0/24
IPv6:
2401:af00::/32
Signature Algorithm: sha256WithRSAEncryption
7f:c2:c9:ec:02:c8:54:5d:ff:84:f8:17:5e:9e:41:79:70:2e:
b5:35:be:6a:b2:ac:56:1c:1a:a8:57:7c:05:5b:c9:b0:b5:4e:
52:e9:3c:4b:98:50:0c:f4:aa:b3:72:29:36:57:00:f9:a2:97:
0a:53:ef:a1:1f:57:32:2d:7d:7b:3d:79:ac:97:a8:d2:23:47:
28:96:5f:55:32:6d:8f:2a:44:cc:c0:fa:0a:ac:7a:15:27:14:
8e:20:cc:7a:4c:3a:89:92:03:81:f9:cf:e0:f7:f8:f6:79:70:
aa:f2:a1:09:33:07:8d:56:6a:b7:5e:3f:11:51:38:be:4e:ca:
ad:35:70:a2:1b:1f:c8:aa:57:18:5f:e0:cd:45:42:fd:a6:58:
7d:af:45:44:de:8a:34:8f:b4:46:dd:37:e9:01:c8:15:80:01:
fc:d4:4f:2b:c3:a3:96:3f:d7:34:cc:da:f2:83:d8:d3:ff:5f:
e9:47:9a:1d:e2:c3:a7:ab:5a:14:9f:b1:11:08:97:be:2d:90:
76:76:fb:d4:f1:59:35:d3:2f:5f:b5:52:bc:2f:e1:0a:1a:6a:
a0:a0:10:1c:a5:6b:91:a9:c2:2a:ff:42:5b:30:9b:b5:20:ea:
6c:19:72:ea:6c:a9:48:5b:6d:18:1f:ef:95:8b:d3:fa:24:85:
6e:2c:3d:e0
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
MzA0NTExMC8GA1UEBRMoNjZFODU0NjFCQjM1MkE0OThEQjU1NzAzNjQ2MzA1Q0Ez
N0U3NEZCNDAeFw0yMjAzMDgyMjE0MTZaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyMjdkNTM4LTQzOWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCo/+ihHT5B6oV1d2eho5IrCC/RBHUcRe38gu9vwqeCg8kHUT5+ZV4VAhjK9Mkw
LYJ5qh1zrfTQGffhfmp0c1IrgKkcbNyCTfXxGN+Rk5vx0bU9DpJgK4OO2YhUq1Nk
krFRpIRpPTh6s7bSOC9FK7vrXp2YWvV/Eu17kzEZHr8eve3a0oJjKfAIpQM7lEGF
W1PqdeoNw4pkG2XUZekmFtXMxtGy+N5bBV6/sgXXnCGvDvLU0cN1+5FvzEVu5hPh
ypaqC4LPfcV1xYhr1LdUabi6ox11wjtwQh9QTt0o1bgS0BaPWZdNgniyiotYz241
iKHT+FKNOsaH46kJfAfmMr1vAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUULO9ybt/
SPPTxwJAR5tdE7uhSbIwHwYDVR0jBBgwFoAUZuhUYbs1KkmNtVcDZGMFyjfnT7Qw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTkzMDQ1L0JGQURDNjEwOUYy
OTExRUM5QzJENjc4NUM0RjlBRTAyL1p1aFVZYnMxS2ttTnRWY0RaR01GeWpmblQ3
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWnVoVVliczFLa21OdFZjRFpHTUZ5amZuVDdRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
MzA0NS9CRkFEQzYxMDlGMjkxMUVDOUMyRDY3ODVDNEY5QUUwMi8xNzZFQjU4QzlG
MkQxMUVDODk3RkQzMENDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAiv11AMEAGcdmDANBAIAAjAHAwUAJAGvADANBgkqhkiG9w0B
AQsFAAOCAQEAf8LJ7ALIVF3/hPgXXp5BeXAutTW+arKsVhwaqFd8BVvJsLVOUuk8
S5hQDPSqs3IpNlcA+aKXClPvoR9XMi19ez15rJeo0iNHKJZfVTJtjypEzMD6Cqx6
FScUjiDMekw6iZIDgfnP4Pf49nlwqvKhCTMHjVZqt14/EVE4vk7KrTVwohsfyKpX
GF/gzUVC/aZYfa9FRN6KNI+0Rt036QHIFYAB/NRPK8Ojlj/XNMza8oPY0/9f6Uea
HeLDp6taFJ+xEQiXvi2Qdnb71PFZNdMvX7VSvC/hChpqoKAQHKVrkanCKv9CWzCb
tSDqbBly6mypSFttGB/vlYvT+iSFbiw94A==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:56 2023 by rpki-client on console-ams.rpki-client.org