Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91228BC/0E7D64D6DF0D11EBB1130D81C4F9AE02/9017F7B806EC11EF8B407A22C4F9AE02.roa
File: 9017F7B806EC11EF8B407A22C4F9AE02.roa (raw, json)
Hash identifier: mpl4hJ+NMAY1gOUxqxUqBs9knKAVweb8fEmuf7JRC2E=
Subject key identifier: 90:D7:59:D2:57:33:6C:AB:A8:AD:AE:52:A9:46:03:86:EA:4E:BC:F2
Certificate issuer: /CN=A91228BC/serialNumber=98B5C6147618FCB64C214DCCC0777413087E9770
Certificate serial: 04F6
Authority key identifier: 98:B5:C6:14:76:18:FC:B6:4C:21:4D:CC:C0:77:74:13:08:7E:97:70
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mLXGFHYY_LZMIU3MwHd0Ewh-l3A.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91228BC/0E7D64D6DF0D11EBB1130D81C4F9AE02/9017F7B806EC11EF8B407A22C4F9AE02.roa
Signing time: Wed 31 Jul 2024 00:42:51 +0000
ROA not before: Wed 31 Jul 2024 00:42:51 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 142559
IP address blocks: 103.169.99.0/24 maxlen: 24
2001:df6:f580::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 20 Aug 2024 09:58:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1270 (0x4f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91228BC/serialNumber=98B5C6147618FCB64C214DCCC0777413087E9770
Validity
Not Before: Jul 31 00:42:51 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a9888b-aa21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:91:07:c2:78:97:d3:38:1b:cc:32:f4:15:48:
2d:c0:c1:02:1f:5a:c4:63:50:ff:93:e9:8e:42:f5:
60:c6:6a:df:e2:8d:c6:5e:67:42:09:67:7c:f3:36:
bb:11:97:08:8a:79:43:b3:c5:e1:2e:1d:9c:ae:77:
13:7b:84:c6:21:ae:39:98:e8:61:4a:de:27:a6:76:
41:9f:d7:d8:71:18:36:92:ec:f2:d5:44:de:4d:fc:
24:f7:9d:b1:4c:a5:d5:3c:e8:84:ad:17:a5:85:37:
b2:93:b4:10:2e:5f:a1:49:ec:ca:9c:59:07:f7:d0:
1b:22:30:70:58:5e:4f:3e:4a:5a:dd:cc:13:27:84:
4a:f0:1d:6f:3c:1f:07:c7:4b:dc:ce:99:52:c7:21:
51:b6:df:d9:88:b7:88:c6:d4:b8:b1:58:cd:9f:c1:
b9:dd:f4:c7:25:af:14:7b:04:e3:4f:4a:a6:fa:a6:
5e:f9:5f:7f:ba:6c:f0:20:8a:54:98:11:c1:64:43:
f2:fa:ba:a4:f8:5d:78:84:9b:4c:c6:b4:ae:2c:08:
01:71:f7:1a:1e:71:ea:20:b2:0a:5b:3d:31:6d:cc:
a9:70:22:f9:65:c2:79:6e:50:24:99:37:9b:f4:96:
ff:a2:b4:c2:86:02:a1:30:9f:1e:cc:76:d0:b4:c1:
5f:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:D7:59:D2:57:33:6C:AB:A8:AD:AE:52:A9:46:03:86:EA:4E:BC:F2
X509v3 Authority Key Identifier:
keyid:98:B5:C6:14:76:18:FC:B6:4C:21:4D:CC:C0:77:74:13:08:7E:97:70
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91228BC/0E7D64D6DF0D11EBB1130D81C4F9AE02/mLXGFHYY_LZMIU3MwHd0Ewh-l3A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mLXGFHYY_LZMIU3MwHd0Ewh-l3A.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91228BC/0E7D64D6DF0D11EBB1130D81C4F9AE02/9017F7B806EC11EF8B407A22C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.169.99.0/24
IPv6:
2001:df6:f580::/48
Signature Algorithm: sha256WithRSAEncryption
67:2e:bf:8e:72:29:9e:9b:5a:18:20:bc:cc:57:94:83:fa:e8:
35:4b:d2:47:95:36:5c:96:8f:f5:b4:00:2d:85:c5:68:b2:fc:
3c:d7:1f:95:e0:d2:15:0e:3f:8e:9a:76:f0:53:ee:0d:0f:b4:
14:dd:fa:fe:1d:77:b2:c2:ec:7e:6d:64:f7:18:c6:61:a3:04:
56:3e:48:a4:d7:cc:a0:05:50:4f:a5:e0:fc:d5:9c:d8:19:89:
d2:b5:c2:21:46:46:99:f9:43:6d:5a:02:3c:17:e5:8e:6d:ae:
c1:75:b3:12:0f:e4:9f:0a:61:01:5a:38:5c:00:d4:14:9c:37:
75:d3:b8:35:96:08:b5:a8:20:37:24:bf:3e:e8:77:2c:d6:a5:
5b:8f:1c:5d:78:80:30:9f:fe:9f:3a:c7:85:ef:a0:b8:4f:00:
f5:6c:f2:d1:47:66:7e:44:b7:4f:91:86:21:26:37:d2:23:f8:
57:1c:7a:24:5f:37:c5:04:69:4c:c0:0c:78:c9:dc:ee:de:27:
e6:80:70:7a:7a:0d:03:60:57:38:c5:07:7c:ef:72:d8:1e:22:
d7:84:e5:3b:69:98:5f:d7:62:11:9b:b5:fa:73:ad:83:09:23:
ad:ab:20:c1:9e:e7:55:a5:a8:c1:f1:3d:44:a8:bd:a4:ab:0f:
d9:a8:11:92
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBPYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjI4QkMxMTAvBgNVBAUTKDk4QjVDNjE0NzYxOEZDQjY0QzIxNERDQ0MwNzc3NDEz
MDg3RTk3NzAwHhcNMjQwNzMxMDA0MjUxWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE5ODg4Yi1hYTIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt5EHwniX0zgbzDL0FUgtwMECH1rEY1D/k+mOQvVgxmrf4o3GXmdCCWd88za7
EZcIinlDs8XhLh2crncTe4TGIa45mOhhSt4npnZBn9fYcRg2kuzy1UTeTfwk952x
TKXVPOiErRelhTeyk7QQLl+hSezKnFkH99AbIjBwWF5PPkpa3cwTJ4RK8B1vPB8H
x0vczplSxyFRtt/ZiLeIxtS4sVjNn8G53fTHJa8UewTjT0qm+qZe+V9/umzwIIpU
mBHBZEPy+rqk+F14hJtMxrSuLAgBcfcaHnHqILIKWz0xbcypcCL5ZcJ5blAkmTeb
9Jb/orTChgKhMJ8ezHbQtMFf/QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJDXWdJX
M2yrqK2uUqlGA4bqTrzyMB8GA1UdIwQYMBaAFJi1xhR2GPy2TCFNzMB3dBMIfpdw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMjhCQy8wRTdENjRENkRG
MEQxMUVCQjExMzBEODFDNEY5QUUwMi9tTFhHRkhZWV9MWk1JVTNNd0hkMEV3aC1s
M0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21MWEdGSFlZX0xaTUlVM013SGQwRXdoLWwzQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjI4QkMvMEU3RDY0RDZERjBEMTFFQkIxMTMwRDgxQzRGOUFFMDIvOTAxN0Y3Qjgw
NkVDMTFFRjhCNDA3QTIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnqWMwDwQCAAIwCQMHACABDfb1gDANBgkqhkiG9w0BAQsF
AAOCAQEAZy6/jnIpnptaGCC8zFeUg/roNUvSR5U2XJaP9bQALYXFaLL8PNcfleDS
FQ4/jpp28FPuDQ+0FN36/h13ssLsfm1k9xjGYaMEVj5IpNfMoAVQT6Xg/NWc2BmJ
0rXCIUZGmflDbVoCPBfljm2uwXWzEg/knwphAVo4XADUFJw3ddO4NZYItaggNyS/
Puh3LNalW48cXXiAMJ/+nzrHhe+guE8A9Wzy0UdmfkS3T5GGISY30iP4Vxx6JF83
xQRpTMAMeMnc7t4n5oBwenoNA2BXOMUHfO9y2B4i14TlO2mYX9diEZu1+nOtgwkj
rasgwZ7nVaWowfE9RKi9pKsP2agRkg==
-----END CERTIFICATE-----
Generated at Tue Aug 20 13:32:11 2024 by rpki-client on console-ams.rpki-client.org