Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEB81/CF9663C670F711ECB318E43AC4F9AE02/BAEF2460DE4F11ECA307A636C4F9AE02.roa
File: BAEF2460DE4F11ECA307A636C4F9AE02.roa (raw, json)
Hash identifier: O1wyafjMfskx1asdpmNsr4QvquwPYdeiJ19/vmGyw7c=
Subject key identifier: DD:BE:0A:81:0F:5C:F4:51:C3:BB:D6:9B:93:DA:54:3E:00:2B:F6:04
Certificate issuer: /CN=A91DEB81/serialNumber=7776612A43C22D0A66B8F13680B3058BED5D9892
Certificate serial: 026B
Authority key identifier: 77:76:61:2A:43:C2:2D:0A:66:B8:F1:36:80:B3:05:8B:ED:5D:98:92
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d3ZhKkPCLQpmuPE2gLMFi-1dmJI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DEB81/CF9663C670F711ECB318E43AC4F9AE02/BAEF2460DE4F11ECA307A636C4F9AE02.roa
Signing time: Fri 13 Jan 2023 04:03:42 +0000
ROA not before: Fri 13 Jan 2023 04:03:42 +0000
ROA not after: Fri 01 Mar 2024 00:00:00 +0000
asID: 212921
IP address blocks: 103.254.72.0/24 maxlen: 24
103.254.75.0/24 maxlen: 24
192.197.113.0/24 maxlen: 24
199.212.57.0/24 maxlen: 24
204.52.191.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 619 (0x26b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DEB81/serialNumber=7776612A43C22D0A66B8F13680B3058BED5D9892
Validity
Not Before: Jan 13 04:03:42 2023 GMT
Not After : Mar 1 00:00:00 2024 GMT
Subject: CN=63c0d81e-aa40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:8c:bf:d9:7a:5d:e0:59:ad:77:69:18:2e:d8:
ab:8f:f1:a9:16:a4:6c:6c:d3:b5:d4:32:e4:72:49:
38:ce:ba:2b:05:af:49:bb:c9:57:9e:c3:a8:43:87:
9f:db:ee:85:22:76:b8:4b:be:c2:4c:c7:91:68:0c:
d6:33:82:a5:c3:88:98:cf:a0:f6:f3:20:a8:10:6e:
4d:1a:7d:98:e5:7b:fa:97:d5:b6:8b:ca:d0:c7:dc:
40:20:7e:56:20:d1:de:31:00:8d:fa:7d:78:c2:1c:
f4:a7:83:10:89:7d:74:34:7b:8a:22:b8:78:7e:7a:
cf:62:29:76:d6:51:07:b8:fd:9a:ef:f6:a7:84:63:
7c:dc:5b:c0:f1:d4:2d:20:1d:04:a7:2f:da:28:f0:
10:00:17:13:54:e2:22:d3:0a:8d:26:89:44:f9:92:
26:6b:bf:c5:10:9c:16:b1:31:74:95:7a:07:da:94:
5a:2f:9e:52:82:a5:7a:be:48:90:b4:90:0b:ef:1f:
c4:60:2a:73:4e:f5:7c:fb:4c:5b:72:5e:dc:b7:2a:
8d:9c:4f:d2:dd:24:d9:15:03:78:18:e8:03:7d:ff:
e6:7b:5a:33:85:5f:9e:f6:47:fd:35:ea:79:b9:b9:
79:66:e9:83:a6:56:74:e0:89:70:ea:35:06:e2:73:
03:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:BE:0A:81:0F:5C:F4:51:C3:BB:D6:9B:93:DA:54:3E:00:2B:F6:04
X509v3 Authority Key Identifier:
keyid:77:76:61:2A:43:C2:2D:0A:66:B8:F1:36:80:B3:05:8B:ED:5D:98:92
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DEB81/CF9663C670F711ECB318E43AC4F9AE02/d3ZhKkPCLQpmuPE2gLMFi-1dmJI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d3ZhKkPCLQpmuPE2gLMFi-1dmJI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEB81/CF9663C670F711ECB318E43AC4F9AE02/BAEF2460DE4F11ECA307A636C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.254.72.0/24
103.254.75.0/24
192.197.113.0/24
199.212.57.0/24
204.52.191.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:63:96:6a:84:58:40:4f:c6:4a:43:9c:25:a7:bd:4a:79:62:
dc:27:c9:ed:04:9c:66:42:3e:2f:6d:bc:17:be:da:75:71:6f:
ea:96:40:8d:56:40:5e:52:fa:09:48:12:c5:62:f8:c1:1e:01:
88:1d:73:ac:cc:95:90:86:4e:27:4b:b5:f5:02:49:e1:34:a8:
57:f5:9c:0f:2e:ec:00:bb:39:b7:b5:11:ee:a5:a2:12:9e:f6:
66:7d:9a:06:11:45:5d:c6:1e:8e:92:54:cf:21:7b:bb:01:53:
62:d0:e8:e8:ea:c5:86:4a:34:ee:15:4b:1f:2d:94:c8:db:f6:
ee:68:11:37:0d:df:8f:79:61:1c:cd:f3:27:95:2f:3b:64:b1:
23:c1:90:93:16:8d:22:12:c7:73:65:5c:0b:f8:a6:be:3b:d8:
59:e7:72:cb:95:be:0d:00:ac:37:13:75:39:10:ca:06:23:a5:
38:55:dd:2d:4a:fb:d7:f9:49:c9:9c:b0:26:15:95:a8:56:46:
23:e0:09:e1:a0:06:a8:1e:6e:d4:b7:37:2d:8f:5f:e8:10:c6:
f5:d7:e9:6c:a5:95:39:c8:15:9e:3e:a2:0e:e0:31:d6:d2:d5:
03:a7:1b:8d:50:21:48:77:17:e9:9b:ec:5f:e6:3d:af:aa:91:
a4:9b:78:24
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICAmswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REVCODExMTAvBgNVBAUTKDc3NzY2MTJBNDNDMjJEMEE2NkI4RjEzNjgwQjMwNThC
RUQ1RDk4OTIwHhcNMjMwMTEzMDQwMzQyWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2MwZDgxZS1hYTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA64y/2Xpd4Fmtd2kYLtirj/GpFqRsbNO11DLkckk4zrorBa9Ju8lXnsOoQ4ef
2+6FIna4S77CTMeRaAzWM4Klw4iYz6D28yCoEG5NGn2Y5Xv6l9W2i8rQx9xAIH5W
INHeMQCN+n14whz0p4MQiX10NHuKIrh4fnrPYil21lEHuP2a7/anhGN83FvA8dQt
IB0Epy/aKPAQABcTVOIi0wqNJolE+ZIma7/FEJwWsTF0lXoH2pRaL55SgqV6vkiQ
tJAL7x/EYCpzTvV8+0xbcl7ctyqNnE/S3STZFQN4GOgDff/me1ozhV+e9kf9Nep5
ubl5ZumDplZ04Ilw6jUG4nMDgQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFN2+CoEP
XPRRw7vWm5PaVD4AK/YEMB8GA1UdIwQYMBaAFHd2YSpDwi0KZrjxNoCzBYvtXZiS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERUI4MS9DRjk2NjNDNjcw
RjcxMUVDQjMxOEU0M0FDNEY5QUUwMi9kM1poS2tQQ0xRcG11UEUyZ0xNRmktMWRt
SkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2QzWmhLa1BDTFFwbXVQRTJnTE1GaS0xZG1KSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REVCODEvQ0Y5NjYzQzY3MEY3MTFFQ0IzMThFNDNBQzRGOUFFMDIvQkFFRjI0NjBE
RTRGMTFFQ0EzMDdBNjM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBABn/kgDBABn/ksDBADAxXEDBADH1DkDBADMNL8wDQYJKoZI
hvcNAQELBQADggEBAKVjlmqEWEBPxkpDnCWnvUp5Ytwnye0EnGZCPi9tvBe+2nVx
b+qWQI1WQF5S+glIEsVi+MEeAYgdc6zMlZCGTidLtfUCSeE0qFf1nA8u7AC7Obe1
Ee6lohKe9mZ9mgYRRV3GHo6SVM8he7sBU2LQ6OjqxYZKNO4VSx8tlMjb9u5oETcN
3495YRzN8yeVLztksSPBkJMWjSISx3NlXAv4pr472FnncsuVvg0ArDcTdTkQygYj
pThV3S1K+9f5ScmcsCYVlahWRiPgCeGgBqgebtS3Ny2PX+gQxvXX6WyllTnIFZ4+
og7gMdbS1QOnG41QIUh3F+mb7F/mPa+qkaSbeCQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:43 2024 by rpki-client on console-fra.rpki-client.org