Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91809AD/656DD26AA76811E89333C725C4F9AE02/3DCB68C8699A11ED98B1CA19C4F9AE02.roa
File: 3DCB68C8699A11ED98B1CA19C4F9AE02.roa (raw, json)
Hash identifier: o7s4QY2MDLG7R6QOjE4ThNzr6/pCidgOiPC5oUALc8A=
Subject key identifier: 97:C1:D2:62:20:3E:5B:AA:D4:7E:8D:43:91:98:74:7E:52:8E:29:BE
Certificate issuer: /CN=A91809AD/serialNumber=6D7C226A7DCB85F2F49216B7EBB00D5F03A605C3
Certificate serial: 1301
Authority key identifier: 6D:7C:22:6A:7D:CB:85:F2:F4:92:16:B7:EB:B0:0D:5F:03:A6:05:C3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bXwian3LhfL0kha367ANXwOmBcM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91809AD/656DD26AA76811E89333C725C4F9AE02/3DCB68C8699A11ED98B1CA19C4F9AE02.roa
Signing time: Wed 06 Nov 2024 13:36:35 +0000
ROA not before: Wed 06 Nov 2024 13:36:35 +0000
ROA not after: Sun 31 Aug 2025 00:00:00 +0000
asID: 138039
IP address blocks: 103.120.116.0/24 maxlen: 24
103.120.118.0/24 maxlen: 24
103.120.119.0/24 maxlen: 24
103.120.119.0/25 maxlen: 25
103.120.119.128/25 maxlen: 25
2407:1840::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 06 Nov 2024 17:44:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4865 (0x1301)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91809AD
Validity
Not Before: Nov 6 13:36:35 2024 GMT
Not After : Aug 31 00:00:00 2025 GMT
Subject: CN=672b70e3-0b89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3a:41:c0:d6:34:8a:7b:c5:bb:54:b1:6b:05:
08:9c:f4:18:cc:60:ca:f9:4a:80:e1:5b:53:ce:4e:
42:cd:77:e6:87:ac:bb:94:40:7f:d9:ed:44:c2:f0:
cd:72:89:8c:37:a2:45:81:17:d6:a9:8c:70:d1:c0:
4c:5b:a9:ed:a1:22:e3:25:78:9d:11:6a:25:13:d4:
4a:59:db:35:91:a3:4a:18:48:61:9a:55:e3:a6:47:
33:e8:9b:00:d5:5f:dc:ca:19:da:a2:2d:38:b6:6f:
11:ea:f0:52:20:2a:d4:4c:74:47:45:79:b5:ac:2e:
49:dd:80:5e:13:89:29:da:3c:d1:44:09:ed:6d:58:
00:24:cd:5a:d4:2f:ab:6b:8c:a5:31:61:7f:22:10:
3d:fc:a5:ef:a5:0a:21:5a:f1:f5:ce:01:54:db:9e:
d8:d5:84:6e:d9:b2:35:ce:f4:14:00:a3:4b:c4:dc:
0e:48:4d:33:5d:e4:f2:95:2b:76:8d:44:ca:eb:9b:
c0:ff:24:4f:9b:7e:17:77:21:2e:fa:d5:72:fc:a3:
8b:51:bb:c2:8e:c5:fb:8f:ce:6d:45:b5:3b:3d:81:
07:3f:c9:fb:96:79:88:2a:62:a5:b6:fd:1b:52:2c:
91:66:a8:1b:25:72:b5:fa:31:b6:4a:1f:82:54:e1:
e9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:C1:D2:62:20:3E:5B:AA:D4:7E:8D:43:91:98:74:7E:52:8E:29:BE
X509v3 Authority Key Identifier:
keyid:6D:7C:22:6A:7D:CB:85:F2:F4:92:16:B7:EB:B0:0D:5F:03:A6:05:C3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91809AD/656DD26AA76811E89333C725C4F9AE02/bXwian3LhfL0kha367ANXwOmBcM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bXwian3LhfL0kha367ANXwOmBcM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91809AD/656DD26AA76811E89333C725C4F9AE02/3DCB68C8699A11ED98B1CA19C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.120.116.0/24
103.120.118.0/23
IPv6:
2407:1840::/32
Signature Algorithm: sha256WithRSAEncryption
31:47:63:67:35:0e:a0:ea:86:c6:2b:77:1f:54:20:1f:3c:9a:
e1:33:4c:22:c9:96:43:5e:07:a8:4b:49:ca:7d:58:43:ac:92:
c1:c3:f2:46:5c:de:5c:28:ec:93:54:09:c8:2a:99:4d:8e:b1:
78:64:1e:ac:1f:eb:d9:79:7f:63:0b:ce:b5:c0:00:eb:f6:38:
f4:37:ba:55:01:09:8b:03:f7:cc:5d:2e:52:4c:a6:6c:31:38:
07:36:19:01:15:73:f2:4a:7f:ed:60:d1:9e:36:6b:18:98:3a:
7d:db:31:c5:4a:ec:e4:ad:57:61:46:97:2b:30:3a:d6:7f:18:
49:e1:86:11:32:43:19:d9:05:b2:f9:d1:a6:39:74:ff:33:1c:
04:2c:04:f2:5c:e9:4b:59:b1:02:69:4d:8e:64:d3:e1:97:ea:
b7:50:01:1c:98:eb:8e:31:ed:0d:92:63:f9:fe:90:43:a5:ca:
b4:69:15:58:44:8b:dd:7c:57:d8:c5:3a:ed:e7:80:1b:f6:ad:
54:e6:04:8d:fc:e2:41:db:4e:85:74:3f:1c:ef:95:f1:50:7c:
63:11:e3:db:eb:c0:1a:bb:ee:0c:27:a5:19:ab:7a:b7:5d:67:
21:25:0f:e6:13:56:e3:b8:7d:5b:89:ce:d1:72:31:89:a2:a9:
d7:b5:d5:c0
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICEwEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODA5QUQxMTAvBgNVBAUTKDZEN0MyMjZBN0RDQjg1RjJGNDkyMTZCN0VCQjAwRDVG
MDNBNjA1QzMwHhcNMjQxMTA2MTMzNjM1WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJiNzBlMy0wYjg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuzpBwNY0invFu1SxawUInPQYzGDK+UqA4VtTzk5CzXfmh6y7lEB/2e1EwvDN
comMN6JFgRfWqYxw0cBMW6ntoSLjJXidEWolE9RKWds1kaNKGEhhmlXjpkcz6JsA
1V/cyhnaoi04tm8R6vBSICrUTHRHRXm1rC5J3YBeE4kp2jzRRAntbVgAJM1a1C+r
a4ylMWF/IhA9/KXvpQohWvH1zgFU257Y1YRu2bI1zvQUAKNLxNwOSE0zXeTylSt2
jUTK65vA/yRPm34XdyEu+tVy/KOLUbvCjsX7j85tRbU7PYEHP8n7lnmIKmKltv0b
UiyRZqgbJXK1+jG2Sh+CVOHpdQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFJfB0mIg
Pluq1H6NQ5GYdH5Sjim+MB8GA1UdIwQYMBaAFG18Imp9y4Xy9JIWt+uwDV8DpgXD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MDlBRC82NTZERDI2QUE3
NjgxMUU4OTMzM0M3MjVDNEY5QUUwMi9iWHdpYW4zTGhmTDBraGEzNjdBTlh3T21C
Y00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JYd2lhbjNMaGZMMGtoYTM2N0FOWHdPbUJjTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODA5QUQvNjU2REQyNkFBNzY4MTFFODkzMzNDNzI1QzRGOUFFMDIvM0RDQjY4Qzg2
OTlBMTFFRDk4QjFDQTE5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBABneHQDBAFneHYwDQQCAAIwBwMFACQHGEAwDQYJKoZIhvcN
AQELBQADggEBADFHY2c1DqDqhsYrdx9UIB88muEzTCLJlkNeB6hLScp9WEOsksHD
8kZc3lwo7JNUCcgqmU2OsXhkHqwf69l5f2MLzrXAAOv2OPQ3ulUBCYsD98xdLlJM
pmwxOAc2GQEVc/JKf+1g0Z42axiYOn3bMcVK7OStV2FGlyswOtZ/GEnhhhEyQxnZ
BbL50aY5dP8zHAQsBPJc6UtZsQJpTY5k0+GX6rdQARyY644x7Q2SY/n+kEOlyrRp
FVhEi918V9jFOu3ngBv2rVTmBI384kHbToV0PxzvlfFQfGMR49vrwBq77gwnpRmr
erddZyElD+YTVuO4fVuJztFyMYmiqde11cA=
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:33:07 2025 by rpki-client