Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91478E2/4C908A22E0B611E7B2D0FD80C4F9AE02/33D96CA0E81F11EBBEC75A6CC4F9AE02.roa
File: 33D96CA0E81F11EBBEC75A6CC4F9AE02.roa (raw, json)
Hash identifier: T4WkbEj4DHKGwcOs3KXvibDEuw5St4zuXLWav5gt5Xg=
Subject key identifier: B9:61:4C:B5:07:F8:68:88:17:3E:75:6D:D6:2F:76:A1:FB:25:DF:93
Certificate issuer: /CN=A91478E2/serialNumber=C14853D9BD3F78F6480C63352076943BC79B9FC2
Certificate serial: 15E0
Authority key identifier: C1:48:53:D9:BD:3F:78:F6:48:0C:63:35:20:76:94:3B:C7:9B:9F:C2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wUhT2b0_ePZIDGM1IHaUO8ebn8I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91478E2/4C908A22E0B611E7B2D0FD80C4F9AE02/33D96CA0E81F11EBBEC75A6CC4F9AE02.roa
Signing time: Tue 28 Mar 2023 08:24:11 +0000
ROA not before: Tue 28 Mar 2023 08:24:11 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 17557
IP address blocks: 103.103.42.0/24 maxlen: 24
103.103.43.0/24 maxlen: 24
103.120.70.0/24 maxlen: 24
103.120.71.0/24 maxlen: 24
2402:2ec0::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5600 (0x15e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91478E2/serialNumber=C14853D9BD3F78F6480C63352076943BC79B9FC2
Validity
Not Before: Mar 28 08:24:11 2023 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=6422a42a-db13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:90:18:ae:5e:0c:97:c1:d1:45:6b:85:76:70:
5e:11:67:0e:32:3a:4d:ae:b2:13:a7:d9:de:5e:75:
0d:17:21:0e:03:16:8b:37:f5:44:a2:9e:2e:96:e3:
e0:2e:c4:ea:86:25:fe:f0:6e:1c:bc:5e:5e:f5:b9:
8e:a0:09:d6:48:9d:1c:35:4e:49:bc:07:22:85:52:
65:e2:5b:9a:f9:6d:23:ef:f4:4e:4b:c4:3d:8e:78:
75:2a:06:29:46:01:3f:b8:78:bc:74:7b:b9:33:c9:
09:29:77:4d:ac:c3:d9:39:f8:78:d3:ca:b8:97:23:
ee:6b:e5:cb:d6:63:2c:42:80:33:1a:d0:e4:82:77:
20:78:cc:0b:c6:57:98:21:4d:03:1d:1c:63:ff:d5:
40:fb:2d:fd:90:28:63:5f:7a:50:49:e8:cf:b5:27:
0b:a5:ee:59:d6:cf:76:72:8e:d8:85:8a:d7:98:04:
29:60:62:32:30:3f:66:81:82:90:ef:2b:58:a7:1f:
72:d9:81:9c:2c:c1:52:b7:04:a3:eb:98:63:d5:03:
8f:2a:3c:b5:91:42:dd:50:76:07:18:c1:0a:73:55:
85:c3:ce:bf:a8:4b:10:df:74:e8:ba:a7:bc:16:48:
73:b5:35:bf:e1:58:c9:9e:e1:a7:ea:01:ca:9d:c9:
da:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:61:4C:B5:07:F8:68:88:17:3E:75:6D:D6:2F:76:A1:FB:25:DF:93
X509v3 Authority Key Identifier:
keyid:C1:48:53:D9:BD:3F:78:F6:48:0C:63:35:20:76:94:3B:C7:9B:9F:C2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91478E2/4C908A22E0B611E7B2D0FD80C4F9AE02/wUhT2b0_ePZIDGM1IHaUO8ebn8I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wUhT2b0_ePZIDGM1IHaUO8ebn8I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91478E2/4C908A22E0B611E7B2D0FD80C4F9AE02/33D96CA0E81F11EBBEC75A6CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.103.42.0/23
103.120.70.0/23
IPv6:
2402:2ec0::/32
Signature Algorithm: sha256WithRSAEncryption
43:df:89:5d:df:e0:4a:6d:7f:fa:78:38:57:b5:6c:a8:64:2d:
e9:9e:ba:25:c6:15:a2:c9:a8:38:69:85:2d:b8:d0:49:b5:37:
29:5f:ce:89:5b:a9:c7:3e:bc:fc:bd:c3:4a:af:12:6e:4a:d3:
bf:88:17:ac:25:de:8b:9c:ff:75:d5:06:4d:52:86:6c:dc:d9:
c3:db:b4:83:9c:e5:61:16:7a:e5:28:3d:9c:9f:b9:3a:d3:2e:
39:d3:11:22:6c:cd:58:13:bc:c5:7f:b7:b0:06:8e:09:22:2f:
f0:30:4e:e3:78:50:c8:24:e5:99:2e:5a:ce:f3:e8:f4:6b:10:
3b:6d:64:35:01:68:23:46:e0:69:24:09:07:45:2f:ee:fb:0c:
50:4a:5b:38:32:c7:2e:79:9d:a4:20:ef:db:63:34:86:c0:4c:
98:af:8e:5e:2b:02:b2:21:f8:14:77:a0:c1:b1:03:09:d1:10:
9b:57:4d:9d:01:d7:2a:c4:f8:91:e0:55:c3:cf:e4:8e:3d:3a:
ee:88:c0:ac:0a:ce:85:a2:75:aa:cd:fe:75:93:9b:d5:fd:4f:
e2:27:1e:84:de:40:25:76:1a:2b:86:9d:b3:b3:ee:77:a9:5b:
46:16:41:b9:45:44:04:bd:b0:28:33:ee:fa:59:9f:8e:02:90:
d9:a7:fe:b2
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICFeAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDc4RTIxMTAvBgNVBAUTKEMxNDg1M0Q5QkQzRjc4RjY0ODBDNjMzNTIwNzY5NDNC
Qzc5QjlGQzIwHhcNMjMwMzI4MDgyNDExWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDIyYTQyYS1kYjEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyZAYrl4Ml8HRRWuFdnBeEWcOMjpNrrITp9neXnUNFyEOAxaLN/VEop4uluPg
LsTqhiX+8G4cvF5e9bmOoAnWSJ0cNU5JvAcihVJl4lua+W0j7/ROS8Q9jnh1KgYp
RgE/uHi8dHu5M8kJKXdNrMPZOfh408q4lyPua+XL1mMsQoAzGtDkgncgeMwLxleY
IU0DHRxj/9VA+y39kChjX3pQSejPtScLpe5Z1s92co7YhYrXmAQpYGIyMD9mgYKQ
7ytYpx9y2YGcLMFStwSj65hj1QOPKjy1kULdUHYHGMEKc1WFw86/qEsQ33Touqe8
FkhztTW/4VjJnuGn6gHKncnagQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFLlhTLUH
+GiIFz51bdYvdqH7Jd+TMB8GA1UdIwQYMBaAFMFIU9m9P3j2SAxjNSB2lDvHm5/C
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NzhFMi80QzkwOEEyMkUw
QjYxMUU3QjJEMEZEODBDNEY5QUUwMi93VWhUMmIwX2VQWklER00xSUhhVU84ZWJu
OEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dVaFQyYjBfZVBaSURHTTFJSGFVTzhlYm44SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDc4RTIvNEM5MDhBMjJFMEI2MTFFN0IyRDBGRDgwQzRGOUFFMDIvMzNEOTZDQTBF
ODFGMTFFQkJFQzc1QTZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFnZyoDBAFneEYwDQQCAAIwBwMFACQCLsAwDQYJKoZIhvcN
AQELBQADggEBAEPfiV3f4Eptf/p4OFe1bKhkLemeuiXGFaLJqDhphS240Em1Nylf
zolbqcc+vPy9w0qvEm5K07+IF6wl3ouc/3XVBk1Shmzc2cPbtIOc5WEWeuUoPZyf
uTrTLjnTESJszVgTvMV/t7AGjgkiL/AwTuN4UMgk5ZkuWs7z6PRrEDttZDUBaCNG
4GkkCQdFL+77DFBKWzgyxy55naQg79tjNIbATJivjl4rArIh+BR3oMGxAwnREJtX
TZ0B1yrE+JHgVcPP5I49Ou6IwKwKzoWidarN/nWTm9X9T+InHoTeQCV2GiuGnbOz
7nepW0YWQblFRAS9sCgz7vpZn44CkNmn/rI=
-----END CERTIFICATE-----
Generated at Fri Aug 4 10:44:24 2023 by rpki-client on console-fra.rpki-client.org