Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914EC08/812A2C587D3B11ED98BF9E48C4F9AE02/C9517AA8CB1A11EE9EB85B6AC4F9AE02.roa
File: C9517AA8CB1A11EE9EB85B6AC4F9AE02.roa (raw, json)
Hash identifier: Mf9vw9zQwAOjOoeKAEVwlgh/2ZJONPKEGI8Inrgij5Y=
Subject key identifier: AE:3A:12:7F:66:88:20:70:34:AA:7B:A4:01:6C:59:7F:EB:FE:94:46
Certificate issuer: /CN=A914EC08/serialNumber=D1B8E671973559020F8703D17DCD892692E640A2
Certificate serial: 0109
Authority key identifier: D1:B8:E6:71:97:35:59:02:0F:87:03:D1:7D:CD:89:26:92:E6:40:A2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0bjmcZc1WQIPhwPRfc2JJpLmQKI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914EC08/812A2C587D3B11ED98BF9E48C4F9AE02/C9517AA8CB1A11EE9EB85B6AC4F9AE02.roa
Signing time: Wed 14 Feb 2024 09:24:00 +0000
ROA not before: Wed 14 Feb 2024 09:24:00 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 7018
IP address blocks: 103.73.34.0/24 maxlen: 24
103.73.35.0/24 maxlen: 24
103.99.32.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 22 May 2024 05:25:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 265 (0x109)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EC08/serialNumber=D1B8E671973559020F8703D17DCD892692E640A2
Validity
Not Before: Feb 14 09:24:00 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65cc86b0-e7b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b3:cd:6d:81:c5:b1:25:74:95:bc:b9:03:cb:
c6:db:92:be:ee:a4:d6:fb:5b:fb:61:68:3f:a9:55:
da:b8:5c:c4:3f:0e:57:c0:a2:f0:a5:4d:3c:a9:9e:
78:bc:17:16:e7:40:0f:26:0d:e8:e8:c1:98:fa:26:
3e:00:dc:c2:7f:ea:f6:1c:e0:88:0e:ec:c1:99:94:
3c:81:e7:b1:aa:bc:c5:0d:37:d3:06:28:ec:31:eb:
0d:8e:77:ed:31:32:3b:7c:33:fb:a1:a5:4f:cb:e3:
99:21:7f:07:13:74:df:da:8e:04:49:6e:ab:c1:a4:
c7:ef:ac:89:a1:a1:bf:70:06:b3:1e:a0:e6:17:f5:
f5:6e:9b:9a:05:92:d1:d6:6d:0e:8c:0f:f2:77:f5:
6d:af:11:33:0d:fe:25:cf:c4:8c:09:d4:92:9e:0c:
ba:11:f9:82:61:57:53:2d:bb:c1:54:ec:9a:18:5e:
cf:25:c9:bf:80:86:31:62:d3:a7:bf:13:22:d1:1a:
a5:41:60:95:ca:fa:4d:a0:12:3c:2e:7d:7f:84:22:
2c:6c:6e:fa:d9:fd:00:e1:ac:58:b5:df:c5:da:e2:
e5:20:d3:63:fe:a9:4c:41:03:68:b1:7b:c1:3c:7c:
a2:a4:ce:85:1f:ae:c8:4b:21:19:d8:a5:09:ef:ee:
91:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:3A:12:7F:66:88:20:70:34:AA:7B:A4:01:6C:59:7F:EB:FE:94:46
X509v3 Authority Key Identifier:
keyid:D1:B8:E6:71:97:35:59:02:0F:87:03:D1:7D:CD:89:26:92:E6:40:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914EC08/812A2C587D3B11ED98BF9E48C4F9AE02/0bjmcZc1WQIPhwPRfc2JJpLmQKI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0bjmcZc1WQIPhwPRfc2JJpLmQKI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EC08/812A2C587D3B11ED98BF9E48C4F9AE02/C9517AA8CB1A11EE9EB85B6AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.73.34.0/23
103.99.32.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:fb:ec:27:5a:de:51:c6:cc:02:d5:69:6e:f0:b8:e5:10:0d:
93:f2:72:18:1d:2b:84:35:27:96:c2:f6:b3:7c:24:90:9b:21:
98:c3:ca:75:b7:e4:0d:d4:88:98:72:f2:d0:e6:5c:c3:a0:87:
2e:a9:1e:08:c0:78:c9:88:21:21:06:18:10:d0:57:66:91:9f:
f6:17:9e:0b:47:e1:52:f2:84:6c:be:be:45:b3:38:ac:42:bf:
c7:21:5c:ed:e8:fd:da:37:2f:e4:c0:5f:66:35:7c:b8:9d:14:
7c:11:4f:99:88:31:9f:cb:20:fb:21:00:3f:66:b6:4a:be:48:
88:d5:a1:2b:fc:d6:1d:59:b1:30:3d:21:a0:e4:6e:b4:ba:b7:
00:c7:4f:0c:3f:d9:97:dd:a1:ec:b7:40:db:f1:43:96:66:28:
16:33:81:c3:bb:fd:b9:19:fd:81:41:90:6b:b8:71:37:9b:85:
ec:b5:d7:65:12:d8:81:21:65:27:29:91:cb:8d:60:05:e7:6b:
4d:c6:47:a5:93:a9:a0:48:11:f2:a9:87:6a:d9:55:f1:7d:c9:
f9:60:3f:a2:18:db:70:66:7f:57:87:25:31:0b:b4:10:f2:76:
03:df:6c:ba:32:42:e2:b6:c6:90:e4:88:9c:7f:c1:c9:8d:94:
60:eb:31:d7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAQkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVDMDgxMTAvBgNVBAUTKEQxQjhFNjcxOTczNTU5MDIwRjg3MDNEMTdEQ0Q4OTI2
OTJFNjQwQTIwHhcNMjQwMjE0MDkyNDAwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWNjODZiMC1lN2IzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqLPNbYHFsSV0lby5A8vG25K+7qTW+1v7YWg/qVXauFzEPw5XwKLwpU08qZ54
vBcW50APJg3o6MGY+iY+ANzCf+r2HOCIDuzBmZQ8geexqrzFDTfTBijsMesNjnft
MTI7fDP7oaVPy+OZIX8HE3Tf2o4ESW6rwaTH76yJoaG/cAazHqDmF/X1bpuaBZLR
1m0OjA/yd/VtrxEzDf4lz8SMCdSSngy6EfmCYVdTLbvBVOyaGF7PJcm/gIYxYtOn
vxMi0RqlQWCVyvpNoBI8Ln1/hCIsbG762f0A4axYtd/F2uLlINNj/qlMQQNosXvB
PHyipM6FH67ISyEZ2KUJ7+6ROQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFK46En9m
iCBwNKp7pAFsWX/r/pRGMB8GA1UdIwQYMBaAFNG45nGXNVkCD4cD0X3NiSaS5kCi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUMwOC84MTJBMkM1ODdE
M0IxMUVEOThCRjlFNDhDNEY5QUUwMi8wYmptY1pjMVdRSVBod1BSZmMySkpwTG1R
S0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBiam1jWmMxV1FJUGh3UFJmYzJKSnBMbVFLSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVDMDgvODEyQTJDNTg3RDNCMTFFRDk4QkY5RTQ4QzRGOUFFMDIvQzk1MTdBQThD
QjFBMTFFRTlFQjg1QjZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnSSIDBABnYyAwDQYJKoZIhvcNAQELBQADggEBAKH77Cda
3lHGzALVaW7wuOUQDZPychgdK4Q1J5bC9rN8JJCbIZjDynW35A3UiJhy8tDmXMOg
hy6pHgjAeMmIISEGGBDQV2aRn/YXngtH4VLyhGy+vkWzOKxCv8chXO3o/do3L+TA
X2Y1fLidFHwRT5mIMZ/LIPshAD9mtkq+SIjVoSv81h1ZsTA9IaDkbrS6twDHTww/
2Zfdoey3QNvxQ5ZmKBYzgcO7/bkZ/YFBkGu4cTebhey112US2IEhZScpkcuNYAXn
a03GR6WTqaBIEfKph2rZVfF9yflgP6IY23Bmf1eHJTELtBDydgPfbLoyQuK2xpDk
iJx/wcmNlGDrMdc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org