Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/BDCA35A877E711EDA34CD44FC4F9AE02.roa
File: BDCA35A877E711EDA34CD44FC4F9AE02.roa (raw, json)
Hash identifier: 2I4CwZbD7lnHSQgyjJVOawx1nt27uRxTrVGJbhPng1E=
Subject key identifier: 15:84:4A:9F:D7:02:19:F1:9C:4F:3E:A2:99:96:82:18:93:DD:AA:66
Certificate issuer: /CN=A91A0848/serialNumber=024229C81AC3535A21D60E2DC32A9B88BD6AD81F
Certificate serial: 02
Authority key identifier: 02:42:29:C8:1A:C3:53:5A:21:D6:0E:2D:C3:2A:9B:88:BD:6A:D8:1F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AkIpyBrDU1oh1g4twyqbiL1q2B8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/BDCA35A877E711EDA34CD44FC4F9AE02.roa
Signing time: Fri 09 Dec 2022 17:34:32 +0000
ROA not before: Fri 09 Dec 2022 17:34:32 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 150671
IP address blocks: 103.52.34.0/23 maxlen: 23
2001:df1:ac40::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A0848/serialNumber=024229C81AC3535A21D60E2DC32A9B88BD6AD81F
Validity
Not Before: Dec 9 17:34:32 2022 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=639371a8-a00d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:a1:16:79:b1:16:28:39:9a:1e:2a:e4:f7:5b:
44:ab:e9:8c:3f:1d:2e:d8:2c:18:3a:de:6a:9b:7f:
82:1c:7f:55:84:bf:29:d4:e7:63:c8:c7:4a:8b:03:
9c:de:84:6f:e7:7a:23:5f:c1:d1:49:e4:05:85:ab:
b8:6f:c3:4a:8b:4d:97:40:00:48:a4:6c:3e:26:6a:
13:19:9e:b7:d9:2a:f2:24:14:f2:c4:67:39:eb:6c:
d9:5e:7d:fe:86:8f:9b:60:cd:91:be:0e:55:27:d0:
b3:75:d3:65:a2:8f:ec:32:e5:68:b8:69:ad:0c:3a:
17:2c:ec:c3:8d:f8:b3:4f:78:c0:58:41:ee:8f:ba:
88:5b:d4:d6:27:1b:6d:e4:ca:30:84:26:ab:ca:eb:
ef:e4:46:a2:08:e3:e7:1c:03:54:b5:79:36:b2:04:
58:38:a2:4a:36:89:fb:ec:b1:e8:04:66:ab:c6:19:
ef:f8:14:67:02:60:31:bc:7b:24:3b:71:77:8f:30:
c6:34:49:07:e1:af:71:aa:28:99:a7:27:a7:f5:93:
69:e6:3e:78:3a:ac:a2:15:e7:39:67:8b:a6:8d:e6:
df:86:5b:f0:9a:c0:4c:16:80:16:06:98:ee:3f:8a:
a5:fb:6d:d4:e7:83:c4:46:4a:ee:e8:c6:e7:d8:d7:
99:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:84:4A:9F:D7:02:19:F1:9C:4F:3E:A2:99:96:82:18:93:DD:AA:66
X509v3 Authority Key Identifier:
keyid:02:42:29:C8:1A:C3:53:5A:21:D6:0E:2D:C3:2A:9B:88:BD:6A:D8:1F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/AkIpyBrDU1oh1g4twyqbiL1q2B8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AkIpyBrDU1oh1g4twyqbiL1q2B8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A0848/64D8B1DE77E411ED97F5934DC4F9AE02/BDCA35A877E711EDA34CD44FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.52.34.0/23
IPv6:
2001:df1:ac40::/48
Signature Algorithm: sha256WithRSAEncryption
a5:1f:b2:f0:c9:87:b2:ec:6c:60:a5:04:26:bf:e8:38:fc:4d:
6c:21:8f:70:f8:ad:28:1f:ee:1a:75:9e:44:e2:8a:4a:8a:90:
5d:c3:b6:cc:6e:f7:55:cb:58:07:50:e6:30:99:f3:94:0c:68:
85:c6:4d:b7:9a:f9:34:a0:09:1f:80:c7:b4:d7:da:25:35:5e:
db:fd:24:af:db:3c:f4:d7:e5:9a:65:6a:ee:77:fd:74:7c:b8:
c6:84:7f:3d:d8:43:43:5d:e7:e7:c1:97:8d:42:83:e7:0d:73:
d5:ff:e1:c5:5f:4d:4a:ca:27:0d:8c:5b:b3:3f:f1:50:ea:6e:
7f:53:20:fa:38:71:41:de:07:b0:4d:de:2f:28:12:d4:9d:75:
c4:73:c5:a0:b8:4f:0d:4b:93:b9:b7:f3:7d:f0:3d:ec:b0:47:
ca:08:25:65:4f:af:9e:08:ad:2d:33:3d:1f:25:e2:b1:15:b1:
dc:d7:82:4b:3a:89:4b:f3:4a:52:9a:99:3d:c4:5f:96:2b:2e:
ca:26:23:78:f5:3f:39:03:d4:75:1f:3e:3a:a1:44:6c:aa:e5:
92:d6:2c:1b:ad:39:e7:5e:c1:72:23:36:a2:1f:c7:ff:e7:16:
72:27:58:50:b8:b8:d5:21:17:c1:10:fd:6d:41:46:41:27:0d:
86:21:78:9c
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
MDg0ODExMC8GA1UEBRMoMDI0MjI5QzgxQUMzNTM1QTIxRDYwRTJEQzMyQTlCODhC
RDZBRDgxRjAeFw0yMjEyMDkxNzM0MzJaFw0yNDAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzOTM3MWE4LWEwMGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCmoRZ5sRYoOZoeKuT3W0Sr6Yw/HS7YLBg63mqbf4Icf1WEvynU52PIx0qLA5ze
hG/neiNfwdFJ5AWFq7hvw0qLTZdAAEikbD4mahMZnrfZKvIkFPLEZznrbNleff6G
j5tgzZG+DlUn0LN102Wij+wy5Wi4aa0MOhcs7MON+LNPeMBYQe6Puohb1NYnG23k
yjCEJqvK6+/kRqII4+ccA1S1eTayBFg4oko2ifvssegEZqvGGe/4FGcCYDG8eyQ7
cXePMMY0SQfhr3GqKJmnJ6f1k2nmPng6rKIV5zlni6aN5t+GW/CawEwWgBYGmO4/
iqX7bdTng8RGSu7oxufY15l/AgMBAAGjggKmMIICojAdBgNVHQ4EFgQUFYRKn9cC
GfGcTz6imZaCGJPdqmYwHwYDVR0jBBgwFoAUAkIpyBrDU1oh1g4twyqbiL1q2B8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUEwODQ4LzY0RDhCMURFNzdF
NDExRUQ5N0Y1OTM0REM0RjlBRTAyL0FrSXB5QnJEVTFvaDFnNHR3eXFiaUwxcTJC
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvQWtJcHlCckRVMW9oMWc0dHd5cWJpTDFxMkI4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
MDg0OC82NEQ4QjFERTc3RTQxMUVEOTdGNTkzNERDNEY5QUUwMi9CRENBMzVBODc3
RTcxMUVEQTM0Q0Q0NEZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWc0IjAPBAIAAjAJAwcAIAEN8axAMA0GCSqGSIb3DQEBCwUA
A4IBAQClH7LwyYey7GxgpQQmv+g4/E1sIY9w+K0oH+4adZ5E4opKipBdw7bMbvdV
y1gHUOYwmfOUDGiFxk23mvk0oAkfgMe019olNV7b/SSv2zz01+WaZWrud/10fLjG
hH892ENDXefnwZeNQoPnDXPV/+HFX01KyicNjFuzP/FQ6m5/UyD6OHFB3gewTd4v
KBLUnXXEc8WguE8NS5O5t/N98D3ssEfKCCVlT6+eCK0tMz0fJeKxFbHc14JLOolL
80pSmpk9xF+WKy7KJiN49T85A9R1Hz46oURsquWS1iwbrTnnXsFyIzaiH8f/5xZy
J1hQuLjVIRfBEP1tQUZBJw2GIXic
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:53 2024 by rpki-client on console-ams.rpki-client.org