Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9184D71/983A0C9E9D1F11E7876E6611C4F9AE02/3605735A9D2011E7BDFC1712C4F9AE02.roa
File: 3605735A9D2011E7BDFC1712C4F9AE02.roa (raw, json)
Hash identifier: /LIRlJxcMXWX7ybJqLyXCjrd0yKuUAi4OuB4k3kDjBI=
Subject key identifier: 86:55:E7:20:5B:23:4B:C0:AD:DA:99:67:80:85:91:40:F8:56:FA:34
Certificate issuer: /CN=A9184D71/serialNumber=DDF9FDA94BBA359A37E0DBB007571AFF3E5117A2
Certificate serial: 1733
Authority key identifier: DD:F9:FD:A9:4B:BA:35:9A:37:E0:DB:B0:07:57:1A:FF:3E:51:17:A2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3fn9qUu6NZo34NuwB1ca_z5RF6I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9184D71/983A0C9E9D1F11E7876E6611C4F9AE02/3605735A9D2011E7BDFC1712C4F9AE02.roa
Signing time: Fri 14 Jul 2023 16:53:41 +0000
ROA not before: Fri 14 Jul 2023 16:53:41 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 38001
IP address blocks: 45.119.200.0/24 maxlen: 24
45.119.201.0/24 maxlen: 24
45.119.202.0/24 maxlen: 24
103.60.8.0/24 maxlen: 24
103.60.11.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 07 Mar 2024 06:46:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5939 (0x1733)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9184D71/serialNumber=DDF9FDA94BBA359A37E0DBB007571AFF3E5117A2
Validity
Not Before: Jul 14 16:53:41 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64b17d95-2994
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a3:f2:94:84:57:9f:86:f5:8e:c1:17:57:29:
86:2c:78:a2:39:48:6e:fb:92:cb:91:a8:c5:22:82:
58:28:93:30:69:a1:95:b6:8d:95:ae:a6:27:20:10:
8b:c1:92:3a:26:ed:6e:9a:dc:e1:53:c2:18:01:56:
d5:ac:ed:59:33:fc:78:90:48:3c:c8:72:88:24:49:
4c:b9:16:4d:9c:c3:1c:81:2b:f2:d9:65:aa:ca:41:
81:93:a0:76:35:1d:ca:29:7f:b4:9b:a9:b7:2f:e8:
c4:b0:71:2d:96:09:fb:75:99:3a:bc:63:fc:37:b4:
b2:26:6b:42:09:82:46:7b:90:c2:ce:97:36:38:73:
73:82:bf:85:aa:75:bb:2d:eb:ad:a0:82:5b:3e:76:
65:ab:60:a7:a7:87:59:e9:57:37:dd:2f:24:fa:c4:
c1:ed:e6:c3:d0:06:45:bd:66:bd:83:47:d6:40:67:
e2:37:83:ac:ef:36:e3:a2:bc:60:57:77:51:b1:c1:
69:b7:0b:a6:00:d3:c8:55:7e:dd:15:28:32:fd:f4:
ae:33:02:b2:84:df:84:67:66:5b:d4:d2:41:7c:ef:
cb:63:04:1f:c0:42:d0:9e:27:a1:9e:9e:74:e9:1f:
4c:a6:fc:86:2a:d5:79:9d:7f:5c:70:db:ea:83:34:
e4:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:55:E7:20:5B:23:4B:C0:AD:DA:99:67:80:85:91:40:F8:56:FA:34
X509v3 Authority Key Identifier:
keyid:DD:F9:FD:A9:4B:BA:35:9A:37:E0:DB:B0:07:57:1A:FF:3E:51:17:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9184D71/983A0C9E9D1F11E7876E6611C4F9AE02/3fn9qUu6NZo34NuwB1ca_z5RF6I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3fn9qUu6NZo34NuwB1ca_z5RF6I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9184D71/983A0C9E9D1F11E7876E6611C4F9AE02/3605735A9D2011E7BDFC1712C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.119.200.0-45.119.202.255
103.60.8.0/24
103.60.11.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:a6:3d:f6:8c:7e:98:d8:38:31:f7:fc:f6:eb:07:20:62:5d:
3f:b6:2a:0e:85:00:48:b9:bf:f1:f5:85:0a:c0:05:38:31:27:
72:f2:3f:20:d7:fd:b1:ce:e9:da:7e:48:37:82:43:bd:2d:10:
6b:cc:84:a9:aa:0f:a7:0b:21:c9:c3:42:8e:ed:5b:63:6f:71:
78:2c:72:ab:38:f7:a2:e6:41:ec:53:50:1d:fa:af:3b:c6:7c:
01:3b:1f:24:79:03:fd:0b:a3:cf:27:15:f0:7c:78:5f:6c:38:
27:85:41:5e:9c:29:ab:42:e2:c2:3d:95:d6:da:bd:39:ff:b3:
5c:d2:f8:49:5c:e2:ed:9d:44:10:df:a1:3e:63:70:d6:79:00:
dd:a5:f7:28:75:47:c7:68:8b:a9:3f:9a:15:c2:b6:3c:a8:09:
ca:30:87:cb:a4:37:59:66:05:8a:d2:23:18:ed:dd:33:43:4c:
38:3d:f5:74:2b:3f:f5:92:76:17:dd:bb:c7:76:6d:56:e0:4c:
de:1e:8e:f8:f4:59:9a:fa:7c:46:04:80:e4:72:58:99:f1:f4:
be:0c:ad:01:5b:4c:7a:d7:da:d3:76:ab:1f:44:cb:b8:4f:a0:
90:80:23:c2:3d:ba:8b:9f:89:87:f2:ce:d6:b7:78:35:32:e5:
71:cc:64:18
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICFzMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODRENzExMTAvBgNVBAUTKERERjlGREE5NEJCQTM1OUEzN0UwREJCMDA3NTcxQUZG
M0U1MTE3QTIwHhcNMjMwNzE0MTY1MzQxWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGIxN2Q5NS0yOTk0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0qPylIRXn4b1jsEXVymGLHiiOUhu+5LLkajFIoJYKJMwaaGVto2VrqYnIBCL
wZI6Ju1umtzhU8IYAVbVrO1ZM/x4kEg8yHKIJElMuRZNnMMcgSvy2WWqykGBk6B2
NR3KKX+0m6m3L+jEsHEtlgn7dZk6vGP8N7SyJmtCCYJGe5DCzpc2OHNzgr+FqnW7
LeutoIJbPnZlq2Cnp4dZ6Vc33S8k+sTB7ebD0AZFvWa9g0fWQGfiN4Os7zbjorxg
V3dRscFptwumANPIVX7dFSgy/fSuMwKyhN+EZ2Zb1NJBfO/LYwQfwELQniehnp50
6R9MpvyGKtV5nX9ccNvqgzTk+QIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFIZV5yBb
I0vArdqZZ4CFkUD4Vvo0MB8GA1UdIwQYMBaAFN35/alLujWaN+DbsAdXGv8+URei
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NEQ3MS85ODNBMEM5RTlE
MUYxMUU3ODc2RTY2MTFDNEY5QUUwMi8zZm45cVV1Nk5abzM0TnV3QjFjYV96NVJG
NkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNmbjlxVXU2TlpvMzROdXdCMWNhX3o1UkY2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODRENzEvOTgzQTBDOUU5RDFGMTFFNzg3NkU2NjExQzRGOUFFMDIvMzYwNTczNUE5
RDIwMTFFN0JERkMxNzEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAy13yAMEAC13ygMEAGc8CAMEAGc8CzANBgkqhkiG9w0B
AQsFAAOCAQEApKY99ox+mNg4Mff89usHIGJdP7YqDoUASLm/8fWFCsAFODEncvI/
INf9sc7p2n5IN4JDvS0Qa8yEqaoPpwshycNCju1bY29xeCxyqzj3ouZB7FNQHfqv
O8Z8ATsfJHkD/QujzycV8Hx4X2w4J4VBXpwpq0Liwj2V1tq9Of+zXNL4SVzi7Z1E
EN+hPmNw1nkA3aX3KHVHx2iLqT+aFcK2PKgJyjCHy6Q3WWYFitIjGO3dM0NMOD31
dCs/9ZJ2F927x3ZtVuBM3h6O+PRZmvp8RgSA5HJYmfH0vgytAVtMetfa03arH0TL
uE+gkIAjwj26i5+Jh/LO1rd4NTLlccxkGA==
-----END CERTIFICATE-----
Generated at Thu Mar 7 11:06:30 2024 by rpki-client on console-ams.rpki-client.org