Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/89C32F76FA4411EFAE3BCB3CC4F9AE02.roa
File: 89C32F76FA4411EFAE3BCB3CC4F9AE02.roa (raw, json)
Hash identifier: AQzzk/rWhzseYQfSfb9Zo07bYUnHZSwlrLb2YgMY0rA=
Subject key identifier: 6C:08:9B:FF:E7:E0:81:43:E7:8D:6D:E1:B6:3D:A8:66:0E:A1:BD:40
Certificate issuer: /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial: 0753
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/89C32F76FA4411EFAE3BCB3CC4F9AE02.roa
Signing time: Thu 06 Mar 2025 04:36:59 +0000
ROA not before: Thu 06 Mar 2025 04:36:59 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 64021
IP address blocks: 43.252.209.0/24 maxlen: 24
43.252.210.0/24 maxlen: 24
103.20.220.0/24 maxlen: 24
103.20.221.0/24 maxlen: 24
103.225.198.0/24 maxlen: 24
103.228.64.0/24 maxlen: 24
103.234.54.0/24 maxlen: 24
150.107.1.0/24 maxlen: 24
150.107.2.0/24 maxlen: 24
150.107.3.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 02 Apr 2025 04:53:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1875 (0x753)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911B412
Validity
Not Before: Mar 6 04:36:59 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=67c9266b-a142
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f8:51:b5:5b:f0:67:45:72:73:28:11:5b:4d:
ff:0c:5e:41:e4:dd:23:21:d9:a9:02:63:43:79:81:
cb:72:40:de:31:fb:a8:99:f5:b6:62:22:20:a9:3e:
40:7e:82:f9:1a:5a:4f:05:42:a3:c3:43:ee:35:45:
b1:b6:ac:55:ec:e7:e0:51:1e:4e:67:00:bd:b3:94:
9e:a4:4a:9d:a9:96:d6:45:a0:24:99:1c:fc:f8:22:
90:6a:a3:c7:4e:ac:87:ff:30:c0:9e:cd:1e:54:29:
a1:6f:e5:51:9c:0a:c9:4d:20:ae:09:b4:e2:f5:4f:
3f:e5:b4:b9:e9:12:0e:db:d4:a5:b4:1e:9f:5c:7d:
5f:d3:b1:08:44:2b:79:93:c8:f6:5d:a7:93:35:46:
6b:9b:c3:bc:d5:96:06:7e:15:cb:fe:71:a3:37:01:
dc:88:20:54:ed:31:f7:8b:5a:84:2f:d3:30:6a:79:
70:56:59:d7:d9:d4:06:b4:9e:1a:72:7c:9c:92:6c:
65:d2:c2:3d:ab:36:a7:4c:32:39:8c:4b:6b:ff:5e:
e4:80:c6:6c:b9:3f:21:86:a1:12:63:41:02:fb:80:
01:c5:39:28:18:0d:d9:83:3d:f3:cd:1d:c1:4e:3e:
34:a7:b1:ee:dc:37:ec:5c:11:ff:96:28:e9:60:1b:
18:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:08:9B:FF:E7:E0:81:43:E7:8D:6D:E1:B6:3D:A8:66:0E:A1:BD:40
X509v3 Authority Key Identifier:
keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/89C32F76FA4411EFAE3BCB3CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.209.0-43.252.210.255
103.20.220.0/23
103.225.198.0/24
103.228.64.0/24
103.234.54.0/24
150.107.1.0-150.107.3.255
Signature Algorithm: sha256WithRSAEncryption
29:6c:03:b9:16:27:cb:45:e2:98:15:12:d0:5c:95:ae:13:c0:
6a:94:bd:a0:20:38:e5:77:45:8a:f0:b9:e2:37:21:f5:94:8c:
cc:be:da:de:99:f8:ed:89:36:c5:e4:f5:61:52:86:75:b2:a8:
59:88:df:26:ca:61:84:d9:b7:3f:b2:97:8e:b6:4d:51:c7:f0:
d6:43:11:ac:79:d2:04:fa:0c:ea:c4:4c:da:32:83:d0:3b:d3:
8e:ad:5e:1b:b9:ed:be:7e:91:7d:b3:25:82:e1:e2:24:37:41:
f6:39:f5:db:67:70:f1:2a:42:3d:56:b9:e9:20:2b:c5:bf:fd:
f5:b6:be:67:d6:b9:37:73:6a:3a:6a:12:8b:1f:56:cf:1a:46:
3f:ef:f7:8d:ca:ad:86:16:6b:c3:b8:0d:c7:d7:98:7e:da:20:
9d:21:da:e1:16:16:9e:6e:36:4f:54:b3:3c:f2:e2:b9:e5:b5:
99:4d:10:79:8f:55:14:44:d0:8c:85:51:5b:c0:8f:86:5d:1d:
69:21:2f:77:2b:91:fe:52:4f:4d:80:2d:cf:b0:8c:05:ef:ae:
9f:07:53:d4:6f:e1:8b:67:0d:d3:44:18:71:75:eb:7a:2f:4a:
2e:d5:24:8c:03:5a:84:53:76:54:07:9d:c8:9c:93:6a:3f:a8:
89:bf:e1:2b
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICB1MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjUwMzA2MDQzNjU5WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M5MjY2Yi1hMTQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsvhRtVvwZ0VycygRW03/DF5B5N0jIdmpAmNDeYHLckDeMfuomfW2YiIgqT5A
foL5GlpPBUKjw0PuNUWxtqxV7OfgUR5OZwC9s5SepEqdqZbWRaAkmRz8+CKQaqPH
TqyH/zDAns0eVCmhb+VRnArJTSCuCbTi9U8/5bS56RIO29SltB6fXH1f07EIRCt5
k8j2XaeTNUZrm8O81ZYGfhXL/nGjNwHciCBU7TH3i1qEL9MwanlwVlnX2dQGtJ4a
cnyckmxl0sI9qzanTDI5jEtr/17kgMZsuT8hhqESY0EC+4ABxTkoGA3Zgz3zzR3B
Tj40p7Hu3DfsXBH/lijpYBsY6wIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFGwIm//n
4IFD541t4bY9qGYOob1AMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvODlDMzJGNzZG
QTQ0MTFFRkFFM0JDQjNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQwDAMEACv80QMEACv80gMEAWcU3AMEAGfhxgMEAGfkQAMEAGfq
NjAMAwQAlmsBAwQClmsAMA0GCSqGSIb3DQEBCwUAA4IBAQApbAO5FifLReKYFRLQ
XJWuE8BqlL2gIDjld0WK8LniNyH1lIzMvtremfjtiTbF5PVhUoZ1sqhZiN8mymGE
2bc/speOtk1Rx/DWQxGsedIE+gzqxEzaMoPQO9OOrV4bue2+fpF9syWC4eIkN0H2
OfXbZ3DxKkI9VrnpICvFv/31tr5n1rk3c2o6ahKLH1bPGkY/7/eNyq2GFmvDuA3H
15h+2iCdIdrhFhaebjZPVLM88uK55bWZTRB5j1UURNCMhVFbwI+GXR1pIS93K5H+
Uk9NgC3PsIwF766fB1PUb+GLZw3TRBhxdet6L0ou1SSMA1qEU3ZUB53InJNqP6iJ
v+Er
-----END CERTIFICATE-----
Generated at Sat Apr 5 02:15:48 2025 by rpki-client