Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/9D9259E83E0911EFAF2BF672C4F9AE02.roa
File: 9D9259E83E0911EFAF2BF672C4F9AE02.roa (raw, json)
Hash identifier: a+wNAIARCCTsHD5ERZJXJSTwmGtVHa1VqX5Xz0ml3C8=
Subject key identifier: 9E:25:17:7A:22:5E:1A:EB:D7:B7:49:82:02:FD:66:81:5B:CD:2D:44
Certificate issuer: /CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Certificate serial: 2765
Authority key identifier: 99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/9D9259E83E0911EFAF2BF672C4F9AE02.roa
Signing time: Tue 30 Jul 2024 16:04:14 +0000
ROA not before: Tue 30 Jul 2024 16:04:14 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 14315
IP address blocks: 103.196.20.0/24 maxlen: 24
103.196.21.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 28 Aug 2024 15:07:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10085 (0x2765)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Validity
Not Before: Jul 30 16:04:14 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a90efe-2cd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:c3:a1:4d:23:c7:2a:48:05:52:92:f8:ae:ea:
7a:ba:22:02:37:55:2b:74:6f:4a:27:d8:04:21:08:
a7:5d:54:06:93:86:ad:ec:b1:8f:92:b3:72:dd:30:
65:70:4f:8f:e9:a8:92:93:be:5b:39:eb:82:01:87:
29:30:8b:40:06:1d:e2:0a:2c:ee:13:d3:65:51:23:
c2:6f:bf:74:d2:d9:f5:99:08:c7:e7:12:5d:a9:0f:
0a:e5:ce:fa:cc:d1:11:3b:8b:60:dc:52:46:3c:ec:
7b:76:0e:0f:74:76:d0:a4:9a:f8:43:d0:d8:fe:ed:
08:71:6a:91:06:fd:60:76:0d:5e:cf:9c:4e:81:3e:
8d:0f:67:2c:a7:c1:91:38:9f:2a:09:c0:e9:9f:2b:
83:ba:a6:08:ca:06:21:3b:e5:8b:b4:39:e4:41:8e:
37:e4:8b:91:b2:56:9d:4d:29:e4:98:1e:cb:20:7c:
54:48:ff:de:34:fa:fc:60:cb:e0:d2:c4:85:b8:20:
a7:ab:34:9e:0f:09:c4:66:2e:0c:59:39:0e:ee:62:
ec:02:56:ed:db:bc:f1:fe:db:10:12:9f:5e:cb:01:
12:34:f5:b1:95:f0:d3:a8:91:e9:8f:0c:3a:67:ce:
e7:35:7a:37:44:d7:4a:5e:ff:21:20:60:89:d9:ee:
b9:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:25:17:7A:22:5E:1A:EB:D7:B7:49:82:02:FD:66:81:5B:CD:2D:44
X509v3 Authority Key Identifier:
keyid:99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/9D9259E83E0911EFAF2BF672C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.196.20.0/23
Signature Algorithm: sha256WithRSAEncryption
28:9a:b3:54:1e:2f:19:12:8c:5f:57:4a:f8:ab:cd:2a:b6:48:
62:b9:36:97:06:e6:68:07:91:fb:59:20:7d:57:a7:2f:83:40:
6e:c4:53:8f:60:41:fa:0b:69:c6:53:c0:8b:a7:84:b3:bb:98:
ab:00:d6:ca:13:a5:64:20:f2:b3:04:73:31:fb:e0:ca:38:c7:
ba:92:cc:a1:e2:ba:47:1b:d1:38:12:09:84:68:7a:d2:69:37:
11:5c:48:20:1a:5f:1e:f6:11:d1:93:31:7f:e8:90:c2:9c:67:
5c:90:06:10:d4:d0:a6:39:f9:45:54:43:37:2c:6d:ee:a3:b3:
67:3e:a8:b7:ca:4c:63:49:b5:b3:5f:e9:5f:e6:cf:4f:dc:1c:
36:7f:e2:dd:42:cd:2a:fb:22:d8:dd:8b:db:19:fb:9a:06:0d:
73:16:60:6e:9b:3b:42:c6:11:f3:05:df:95:90:43:fa:e9:51:
44:be:7e:4b:56:26:93:2d:5e:dc:49:16:f8:b0:99:da:f1:77:
0b:57:fb:39:76:3f:5c:d2:48:fe:9c:2b:0c:d8:70:68:e5:4e:
42:84:50:5b:8d:ab:47:df:d0:6a:0f:51:0c:ab:20:ed:93:04:
0b:2e:8c:17:0d:4d:bb:b0:6e:77:29:66:8f:e8:55:00:fa:0b:
57:49:2c:b2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICJ2UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMyOEQxMTAvBgNVBAUTKDk5REZCNkJGNzk1MEU2QjQwMTk1QTU5MDI0RjRCNzUw
ODYzRDNEOTMwHhcNMjQwNzMwMTYwNDE0WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE5MGVmZS0yY2QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1sOhTSPHKkgFUpL4rup6uiICN1UrdG9KJ9gEIQinXVQGk4at7LGPkrNy3TBl
cE+P6aiSk75bOeuCAYcpMItABh3iCizuE9NlUSPCb7900tn1mQjH5xJdqQ8K5c76
zNERO4tg3FJGPOx7dg4PdHbQpJr4Q9DY/u0IcWqRBv1gdg1ez5xOgT6ND2csp8GR
OJ8qCcDpnyuDuqYIygYhO+WLtDnkQY435IuRsladTSnkmB7LIHxUSP/eNPr8YMvg
0sSFuCCnqzSeDwnEZi4MWTkO7mLsAlbt27zx/tsQEp9eywESNPWxlfDTqJHpjww6
Z87nNXo3RNdKXv8hIGCJ2e65fwIDAQABo4IClTCCApEwHQYDVR0OBBYEFJ4lF3oi
Xhrr17dJggL9ZoFbzS1EMB8GA1UdIwQYMBaAFJnftr95UOa0AZWlkCT0t1CGPT2T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzI4RC9CREFCNjdGNjNB
ODAxMUU1QUUzOTAxNTVDNEY5QUUwMi9tZC0ydjNsUTVyUUJsYVdRSlBTM1VJWTlQ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21kLTJ2M2xRNXJRQmxhV1FKUFMzVUlZOVBaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMyOEQvQkRBQjY3RjYzQTgwMTFFNUFFMzkwMTU1QzRGOUFFMDIvOUQ5MjU5RTgz
RTA5MTFFRkFGMkJGNjcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnxBQwDQYJKoZIhvcNAQELBQADggEBACias1QeLxkSjF9X
SvirzSq2SGK5NpcG5mgHkftZIH1Xpy+DQG7EU49gQfoLacZTwIunhLO7mKsA1soT
pWQg8rMEczH74Mo4x7qSzKHiukcb0TgSCYRoetJpNxFcSCAaXx72EdGTMX/okMKc
Z1yQBhDU0KY5+UVUQzcsbe6js2c+qLfKTGNJtbNf6V/mz0/cHDZ/4t1CzSr7Itjd
i9sZ+5oGDXMWYG6bO0LGEfMF35WQQ/rpUUS+fktWJpMtXtxJFviwmdrxdwtX+zl2
P1zSSP6cKwzYcGjlTkKEUFuNq0ff0GoPUQyrIO2TBAsujBcNTbuwbncpZo/oVQD6
C1dJLLI=
-----END CERTIFICATE-----
Generated at Wed Aug 28 19:49:08 2024 by rpki-client on console-ams.rpki-client.org