Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/6A2303767AD011EDBB0E666BC4F9AE02.roa
File: 6A2303767AD011EDBB0E666BC4F9AE02.roa (raw, json)
Hash identifier: OiO8vTw1XHmaDiKRkFtXvuRpnuYtS792EXeIPzvJSsc=
Subject key identifier: FE:71:D8:7E:29:48:71:6D:D1:54:15:B7:D9:9A:4E:31:CE:8C:D5:D0
Certificate issuer: /CN=A91A0848/serialNumber=024229C81AC3535A21D60E2DC32A9B88BD6AD81F
Certificate serial: 1C
Authority key identifier: 02:42:29:C8:1A:C3:53:5A:21:D6:0E:2D:C3:2A:9B:88:BD:6A:D8:1F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AkIpyBrDU1oh1g4twyqbiL1q2B8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/6A2303767AD011EDBB0E666BC4F9AE02.roa
Signing time: Wed 04 Jan 2023 19:24:41 +0000
ROA not before: Wed 04 Jan 2023 19:24:41 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 150671
IP address blocks: 103.52.34.0/23 maxlen: 23
103.52.34.0/24 maxlen: 24
103.52.35.0/24 maxlen: 24
2001:df1:ac40::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28 (0x1c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A0848/serialNumber=024229C81AC3535A21D60E2DC32A9B88BD6AD81F
Validity
Not Before: Jan 4 19:24:41 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=63b5d279-1ced
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:65:fa:60:7e:57:54:71:59:27:67:0f:c9:ef:
3f:84:27:e8:84:fe:ea:cb:34:1e:3e:f1:73:c5:a4:
12:de:ef:13:70:2e:78:6d:7b:77:2c:fd:fc:bf:c4:
ed:2b:6a:70:a4:f8:b3:a8:8d:05:dc:29:26:ca:2c:
fb:f3:b8:de:17:22:4c:47:32:74:2b:8b:61:58:52:
45:a9:ef:bf:9d:c9:5b:49:12:9c:0d:e6:db:b3:62:
b5:73:22:fc:32:d8:05:83:9d:d0:d4:83:ea:99:4d:
a3:ad:b8:cf:b8:d9:69:0c:20:e0:51:0f:94:47:35:
03:5a:a4:3b:88:6e:fd:c8:be:ce:7f:a2:41:57:a4:
f6:92:e7:10:09:20:9c:31:16:51:55:52:a1:aa:91:
a8:c5:62:a1:c3:d1:fe:8d:be:80:ad:a3:ae:ef:e1:
18:2e:f3:f6:2d:eb:46:e0:ec:63:a2:a5:b2:34:a3:
07:78:37:f4:99:5b:e7:c1:03:91:4c:a0:fe:5c:ba:
9c:f1:dc:95:3b:11:d4:d2:5e:5e:47:ea:9e:31:ea:
61:04:92:6b:b0:94:b0:6f:d1:92:75:44:45:ac:4c:
14:0a:28:76:eb:2f:96:19:a3:ce:3a:1d:8d:af:d4:
a1:27:28:fa:a4:36:92:60:24:46:a5:95:c5:bf:46:
72:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:71:D8:7E:29:48:71:6D:D1:54:15:B7:D9:9A:4E:31:CE:8C:D5:D0
X509v3 Authority Key Identifier:
keyid:02:42:29:C8:1A:C3:53:5A:21:D6:0E:2D:C3:2A:9B:88:BD:6A:D8:1F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/AkIpyBrDU1oh1g4twyqbiL1q2B8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AkIpyBrDU1oh1g4twyqbiL1q2B8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/6A2303767AD011EDBB0E666BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.52.34.0/23
IPv6:
2001:df1:ac40::/48
Signature Algorithm: sha256WithRSAEncryption
c9:64:02:5b:c5:34:d4:52:fc:f2:ee:d2:bc:03:a6:2f:d0:60:
56:ff:b3:0e:c0:0a:39:12:86:e9:83:7f:1d:c1:11:d9:5f:dd:
00:bd:d2:c7:97:3e:e9:d1:ea:81:ce:9c:2d:72:8a:57:8d:15:
b3:37:2b:9c:1b:48:80:29:4b:e5:04:f3:7f:da:e1:2a:ab:d0:
1e:49:ea:39:e1:ce:a7:05:dc:9c:66:2d:13:0f:08:1f:d7:a9:
3b:ed:52:34:64:e1:4f:7a:2a:7b:ca:0a:f6:0f:8a:a8:a3:f9:
14:bb:37:72:57:bc:da:a9:46:52:fe:04:61:af:3d:f9:e7:de:
07:68:a9:ba:a0:4c:9e:3d:aa:27:c8:0d:89:86:27:c4:d9:85:
ae:ae:6f:cc:b7:b1:66:67:bf:ec:0d:94:c8:03:aa:81:f2:de:
fc:86:db:9f:e7:d9:6b:30:d7:cb:5b:6e:19:65:d9:d6:f6:5b:
55:e2:fb:9e:2b:e9:f9:b4:7f:e2:2b:f6:76:3e:f9:a8:d9:c3:
8b:f8:c9:9b:91:87:87:6b:9e:bb:74:10:9d:29:d1:4d:87:42:
a1:70:0b:3e:5c:93:72:2c:04:d4:12:fa:dd:13:b5:ea:f3:61:
79:1f:99:4f:ba:a4:93:5f:89:98:25:7d:b8:e0:e5:a0:72:c6:
4e:c1:a3:4a
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
MDg0ODExMC8GA1UEBRMoMDI0MjI5QzgxQUMzNTM1QTIxRDYwRTJEQzMyQTlCODhC
RDZBRDgxRjAeFw0yMzAxMDQxOTI0NDFaFw0yNDAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYjVkMjc5LTFjZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCzZfpgfldUcVknZw/J7z+EJ+iE/urLNB4+8XPFpBLe7xNwLnhte3cs/fy/xO0r
anCk+LOojQXcKSbKLPvzuN4XIkxHMnQri2FYUkWp77+dyVtJEpwN5tuzYrVzIvwy
2AWDndDUg+qZTaOtuM+42WkMIOBRD5RHNQNapDuIbv3Ivs5/okFXpPaS5xAJIJwx
FlFVUqGqkajFYqHD0f6NvoCto67v4Rgu8/Yt60bg7GOipbI0owd4N/SZW+fBA5FM
oP5cupzx3JU7EdTSXl5H6p4x6mEEkmuwlLBv0ZJ1REWsTBQKKHbrL5YZo846HY2v
1KEnKPqkNpJgJEallcW/RnJNAgMBAAGjggKmMIICojAdBgNVHQ4EFgQU/nHYfilI
cW3RVBW32ZpOMc6M1dAwHwYDVR0jBBgwFoAUAkIpyBrDU1oh1g4twyqbiL1q2B8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUEwODQ4LzY0RDhCMURFNzdF
NDExRUQ5N0Y1OTM0REM0RjlBRTAyL0FrSXB5QnJEVTFvaDFnNHR3eXFiaUwxcTJC
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvQWtJcHlCckRVMW9oMWc0dHd5cWJpTDFxMkI4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
MDg0OC82NEQ4QjFERTc3RTQxMUVEOTdGNTkzNERDNEY5QUUwMi82QTIzMDM3NjdB
RDAxMUVEQkIwRTY2NkJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWc0IjAPBAIAAjAJAwcAIAEN8axAMA0GCSqGSIb3DQEBCwUA
A4IBAQDJZAJbxTTUUvzy7tK8A6Yv0GBW/7MOwAo5Eobpg38dwRHZX90AvdLHlz7p
0eqBzpwtcopXjRWzNyucG0iAKUvlBPN/2uEqq9AeSeo54c6nBdycZi0TDwgf16k7
7VI0ZOFPeip7ygr2D4qoo/kUuzdyV7zaqUZS/gRhrz35594HaKm6oEyePaonyA2J
hifE2YWurm/Mt7FmZ7/sDZTIA6qB8t78htuf59lrMNfLW24ZZdnW9ltV4vueK+n5
tH/iK/Z2Pvmo2cOL+MmbkYeHa567dBCdKdFNh0KhcAs+XJNyLATUEvrdE7Xq82F5
H5lPuqSTX4mYJX244OWgcsZOwaNK
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org