Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/8B54AE6E91BE11EDBEFDD64CC4F9AE02.roa
File: 8B54AE6E91BE11EDBEFDD64CC4F9AE02.roa (raw, json)
Hash identifier: f5DNqwovF9Nmoni0oiKapWAQyYjdLXtncmyQhHMbjlw=
Subject key identifier: 32:1A:86:52:DA:03:89:C9:47:1E:63:A3:AC:C6:D5:EF:52:90:8C:86
Certificate issuer: /CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
Certificate serial: 0D
Authority key identifier: 2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/8B54AE6E91BE11EDBEFDD64CC4F9AE02.roa
Signing time: Wed 11 Jan 2023 14:45:09 +0000
ROA not before: Wed 11 Jan 2023 14:45:09 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 134450
IP address blocks: 45.252.189.0/24 maxlen: 24
103.221.233.0/24 maxlen: 24
103.241.52.0/22 maxlen: 22
160.20.8.0/22 maxlen: 23
202.94.174.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
Validity
Not Before: Jan 11 14:45:09 2023 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=63becb74-b513
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:3d:fe:c0:01:0f:c1:50:ea:2f:77:40:b3:4f:
c7:71:96:9f:a1:9d:01:41:9c:d9:50:b2:88:84:75:
1e:ba:91:cc:01:87:3d:ef:2d:c3:ab:4a:80:e9:af:
7a:8d:84:00:ff:c2:bc:5e:76:aa:05:49:5e:70:ca:
a2:af:67:f5:17:03:4c:2c:17:d0:b5:e8:d0:b8:95:
58:85:af:39:76:54:65:3b:ee:35:49:b2:57:e9:d9:
1c:6a:b3:6e:5c:03:78:a3:fc:0f:a8:29:d3:01:91:
a3:2e:11:02:b5:5e:b9:54:b9:94:b9:0d:d6:76:92:
7a:b3:2b:e8:36:e3:ac:32:2d:c1:6e:1a:f6:85:65:
40:0f:99:96:0e:13:ab:7d:1b:9d:04:42:bd:ef:6c:
37:c4:2e:a0:ba:ed:fd:9a:a6:1d:db:26:0c:d0:a6:
d4:42:61:50:74:74:37:5a:93:51:fa:1d:5a:96:65:
52:06:5d:ad:db:4d:a6:60:a7:b6:a2:36:c3:f0:06:
0e:4d:ad:a7:ed:a3:38:9a:cf:06:00:b0:8f:84:50:
36:00:f3:55:48:f4:d3:06:53:a5:4b:2b:18:40:3c:
f2:dc:45:bf:92:2f:c2:57:c0:7a:04:eb:44:e3:05:
2d:a0:ec:26:72:cd:a7:cd:72:a4:98:f8:56:bb:07:
51:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:1A:86:52:DA:03:89:C9:47:1E:63:A3:AC:C6:D5:EF:52:90:8C:86
X509v3 Authority Key Identifier:
keyid:2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/LWNAd8yEe1nUBI1D4EszCWmP5jg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/8B54AE6E91BE11EDBEFDD64CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.252.189.0/24
103.221.233.0/24
103.241.52.0/22
160.20.8.0/22
202.94.174.0/24
Signature Algorithm: sha256WithRSAEncryption
83:08:e1:e6:93:b2:3e:8a:c7:2b:97:c5:c2:25:12:81:eb:78:
b4:aa:fb:3b:0c:f6:c7:c9:67:5e:72:a7:59:1a:97:ec:1c:ec:
b6:6d:4e:4a:aa:dd:97:16:02:15:db:c3:c4:47:cc:c1:69:b0:
18:3b:e1:50:04:4d:56:97:68:0b:96:fd:ab:7f:79:7f:81:77:
30:2c:cd:dc:63:2f:d8:84:37:73:b0:c1:a3:1b:71:de:fa:7e:
ee:18:05:67:a2:5b:41:03:9c:8d:41:60:76:25:4f:9e:eb:a4:
14:a9:15:b8:cd:b9:ce:80:02:9d:f4:48:82:4f:77:21:6b:9a:
36:bb:f7:68:24:67:fb:3f:36:ab:d4:3b:bc:c8:1d:2f:7d:40:
03:5f:22:62:02:81:d5:4d:af:4b:ec:ad:46:75:d1:e3:2e:8d:
d4:ab:a8:18:8f:42:06:83:2d:27:55:54:bc:5b:32:e3:d6:42:
17:41:9a:98:3b:bf:e3:47:81:b5:f3:05:a1:f5:d0:4d:4b:9d:
5d:b9:44:4c:cb:5c:7b:92:a8:df:aa:2f:9e:3b:71:c5:93:e8:
92:56:47:18:eb:7b:85:3e:ea:f5:af:a1:36:e5:8a:c0:fe:e0:
41:28:e1:a7:63:55:1a:e3:c6:29:53:9e:69:5c:7f:e2:2b:21:
92:5e:58:18
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NjU4NzExMC8GA1UEBRMoMkQ2MzQwNzdDQzg0N0I1OUQ0MDQ4RDQzRTA0QjMzMDk2
OThGRTYzODAeFw0yMzAxMTExNDQ1MDlaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYmVjYjc0LWI1MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCsPf7AAQ/BUOovd0CzT8dxlp+hnQFBnNlQsoiEdR66kcwBhz3vLcOrSoDpr3qN
hAD/wrxedqoFSV5wyqKvZ/UXA0wsF9C16NC4lViFrzl2VGU77jVJslfp2Rxqs25c
A3ij/A+oKdMBkaMuEQK1XrlUuZS5DdZ2knqzK+g246wyLcFuGvaFZUAPmZYOE6t9
G50EQr3vbDfELqC67f2aph3bJgzQptRCYVB0dDdak1H6HVqWZVIGXa3bTaZgp7ai
NsPwBg5NraftoziazwYAsI+EUDYA81VI9NMGU6VLKxhAPPLcRb+SL8JXwHoE60Tj
BS2g7CZyzafNcqSY+Fa7B1E9AgMBAAGjggKtMIICqTAdBgNVHQ4EFgQUMhqGUtoD
iclHHmOjrMbV71KQjIYwHwYDVR0jBBgwFoAULWNAd8yEe1nUBI1D4EszCWmP5jgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI2NTg3LzQxN0Q3MUI0OTE4
NjExRURBODRBMTI0REM0RjlBRTAyL0xXTkFkOHlFZTFuVUJJMUQ0RXN6Q1dtUDVq
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTFdOQWQ4eUVlMW5VQkkxRDRFc3pDV21QNWpnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NjU4Ny80MTdENzFCNDkxODYxMUVEQTg0QTEyNERDNEY5QUUwMi84QjU0QUU2RTkx
QkUxMUVEQkVGREQ2NENDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA3BggrBgEFBQcBBwEB/wQo
MCYwJAQCAAEwHgMEAC38vQMEAGfd6QMEAmfxNAMEAqAUCAMEAMperjANBgkqhkiG
9w0BAQsFAAOCAQEAgwjh5pOyPorHK5fFwiUSget4tKr7Owz2x8lnXnKnWRqX7Bzs
tm1OSqrdlxYCFdvDxEfMwWmwGDvhUARNVpdoC5b9q395f4F3MCzN3GMv2IQ3c7DB
oxtx3vp+7hgFZ6JbQQOcjUFgdiVPnuukFKkVuM25zoACnfRIgk93IWuaNrv3aCRn
+z82q9Q7vMgdL31AA18iYgKB1U2vS+ytRnXR4y6N1KuoGI9CBoMtJ1VUvFsy49ZC
F0GamDu/40eBtfMFofXQTUudXblETMtce5Ko36ovnjtxxZPoklZHGOt7hT7q9a+h
NuWKwP7gQSjhp2NVGuPGKVOeaVx/4ishkl5YGA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org