Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/ECEF5CE6CA1C11EDA694E286C4F9AE02.roa
File: ECEF5CE6CA1C11EDA694E286C4F9AE02.roa (raw, json)
Hash identifier: XR49nU+K7daQB6lOqvfr9PIjFDk5ZUUlhVQRlQWjO3o=
Subject key identifier: 61:B5:43:B8:BB:6A:A8:08:46:FB:1B:38:B3:BD:13:F7:B4:F0:8E:CA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9698
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/ECEF5CE6CA1C11EDA694E286C4F9AE02.roa
Signing time: Mon 12 Aug 2024 09:02:33 +0000
ROA not before: Mon 12 Aug 2024 09:02:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133275
IP address blocks: 43.228.220.0/22 maxlen: 24
43.248.236.0/22 maxlen: 24
43.249.52.0/22 maxlen: 24
45.115.4.0/22 maxlen: 24
45.119.136.0/22 maxlen: 24
45.119.140.0/22 maxlen: 24
45.125.60.0/22 maxlen: 24
103.13.104.0/22 maxlen: 24
103.36.124.0/22 maxlen: 24
103.46.192.0/23 maxlen: 24
103.46.194.0/23 maxlen: 24
103.47.168.0/22 maxlen: 24
103.47.236.0/22 maxlen: 24
103.59.192.0/22 maxlen: 24
103.59.196.0/22 maxlen: 24
103.73.92.0/22 maxlen: 24
103.86.40.0/22 maxlen: 24
103.95.120.0/22 maxlen: 24
103.124.12.0/22 maxlen: 24
103.176.162.0/23 maxlen: 24
103.193.196.0/22 maxlen: 24
103.196.52.0/22 maxlen: 24
103.197.116.0/22 maxlen: 24
103.206.248.0/22 maxlen: 24
103.208.200.0/22 maxlen: 24
103.215.248.0/22 maxlen: 24
103.216.88.0/22 maxlen: 24
103.243.4.0/24 maxlen: 24
103.248.116.0/22 maxlen: 24
116.204.188.0/22 maxlen: 24
137.59.240.0/22 maxlen: 24
157.119.124.0/22 maxlen: 24
157.119.216.0/24 maxlen: 24
157.119.217.0/24 maxlen: 24
157.119.218.0/24 maxlen: 24
157.119.219.0/24 maxlen: 24
175.111.132.0/22 maxlen: 24
210.16.80.0/22 maxlen: 24
220.158.160.0/22 maxlen: 24
2404:4340::/32 maxlen: 32
2404:4340::/33 maxlen: 33
2404:4340::/48 maxlen: 48
2404:4340:1::/48 maxlen: 48
2404:4340:2::/48 maxlen: 48
2404:4340:3::/48 maxlen: 48
2404:4340:4::/48 maxlen: 48
2404:4340:5::/48 maxlen: 48
2404:4340:6::/48 maxlen: 48
2404:4340:7::/48 maxlen: 48
2404:4340:8000::/33 maxlen: 33
Validation: Failed, certificate revoked on Wed 28 Aug 2024 07:26:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38552 (0x9698)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Aug 12 09:02:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66b9cfa9-36fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:4e:3d:a8:d7:97:98:1a:d0:d9:4b:07:1d:c6:
d2:35:9b:f5:fb:e8:08:3b:d7:90:15:b4:32:4e:56:
6a:96:95:1a:b2:d0:05:4f:a2:77:a3:41:f6:54:3b:
9e:ea:83:be:66:0c:83:eb:3e:56:4f:f0:ab:fa:61:
4f:ee:e3:8f:db:a6:ed:67:c9:8c:4b:c5:16:aa:f8:
7c:f1:d0:9e:65:e6:57:ff:49:bb:73:64:33:40:13:
1d:96:71:70:d8:c7:87:f2:ad:96:19:48:bd:00:e7:
54:3a:1e:66:4f:61:05:7d:97:57:73:08:b5:5e:1f:
83:e4:c8:2e:50:81:d9:5a:15:f5:bf:6c:f7:de:68:
3a:3a:39:06:f2:5d:bd:dc:ed:57:40:0f:67:65:99:
c8:e9:bf:6e:3c:69:02:fe:90:cd:81:3d:05:76:ee:
f5:4b:87:31:dc:34:f9:50:4f:f8:84:6b:30:3a:e1:
cf:35:7f:4c:02:34:39:f1:7e:4e:cf:eb:5f:35:62:
d7:26:e0:ca:be:15:a8:1f:96:90:aa:c6:ce:66:52:
cb:37:15:89:78:15:08:44:37:41:3d:c2:e6:75:33:
41:f1:e8:c0:ed:cc:29:9c:6f:0e:8d:15:9e:37:95:
e5:1d:cb:bc:dc:2f:3b:04:da:b8:cb:52:ff:21:88:
ed:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:B5:43:B8:BB:6A:A8:08:46:FB:1B:38:B3:BD:13:F7:B4:F0:8E:CA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/ECEF5CE6CA1C11EDA694E286C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.220.0/22
43.248.236.0/22
43.249.52.0/22
45.115.4.0/22
45.119.136.0/21
45.125.60.0/22
103.13.104.0/22
103.36.124.0/22
103.46.192.0/22
103.47.168.0/22
103.47.236.0/22
103.59.192.0/21
103.73.92.0/22
103.86.40.0/22
103.95.120.0/22
103.124.12.0/22
103.176.162.0/23
103.193.196.0/22
103.196.52.0/22
103.197.116.0/22
103.206.248.0/22
103.208.200.0/22
103.215.248.0/22
103.216.88.0/22
103.243.4.0/24
103.248.116.0/22
116.204.188.0/22
137.59.240.0/22
157.119.124.0/22
157.119.216.0/22
175.111.132.0/22
210.16.80.0/22
220.158.160.0/22
IPv6:
2404:4340::/32
Signature Algorithm: sha256WithRSAEncryption
a6:74:a5:44:12:80:5a:1e:ad:3e:18:f3:32:8a:83:1b:24:00:
8c:93:17:03:b0:6f:84:e7:de:8f:d4:e3:f9:e1:8d:36:21:59:
18:7b:47:eb:33:19:12:ac:7f:cb:55:91:fa:22:43:f1:b8:21:
5f:2c:42:cb:82:0f:4e:2d:d7:82:4c:7c:4e:6d:9b:cb:a0:5a:
e3:a4:1b:7c:e9:28:1c:18:2f:f9:63:97:fe:bd:ac:1c:1c:3c:
50:ae:0f:d3:68:00:38:07:a8:2b:f4:f8:0a:0a:57:ca:84:d2:
58:5c:43:ec:e7:ee:c4:ed:5d:7f:11:ef:13:d0:90:37:ad:3c:
9d:90:ee:af:8c:a5:bd:69:31:97:b9:b6:a7:85:c6:0b:83:78:
e8:6c:a2:20:cf:12:49:a5:d8:a5:2d:d8:33:82:ad:0d:a1:6e:
f8:d2:db:76:b9:35:60:a0:5b:2b:aa:0d:f5:1d:77:d6:42:1b:
ce:67:be:68:aa:33:ad:75:a0:3b:c6:13:44:54:17:c6:ba:28:
1e:cb:e6:06:54:81:1a:63:52:9f:d0:31:f2:06:2a:b1:67:d8:
00:5a:2c:1c:98:16:b2:e5:6b:04:35:6d:e7:f2:d4:92:6b:9c:
15:89:a6:52:2f:0f:7a:6b:5f:39:74:d4:d4:60:50:01:18:7c:
21:03:6c:18
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIDAJaYMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDgxMjA5MDIzM1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZiOWNmYTktMzZmYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhOPajXl5ga0NlLBx3G0jWb9fvoCDvXkBW0Mk5WapaVGrLQBU+id6NB9lQ7
nuqDvmYMg+s+Vk/wq/phT+7jj9um7WfJjEvFFqr4fPHQnmXmV/9Ju3NkM0ATHZZx
cNjHh/KtlhlIvQDnVDoeZk9hBX2XV3MItV4fg+TILlCB2VoV9b9s995oOjo5BvJd
vdztV0APZ2WZyOm/bjxpAv6QzYE9BXbu9UuHMdw0+VBP+IRrMDrhzzV/TAI0OfF+
Ts/rXzVi1ybgyr4VqB+WkKrGzmZSyzcViXgVCEQ3QT3C5nUzQfHowO3MKZxvDo0V
njeV5R3LvNwvOwTauMtS/yGI7W8CAwEAAaOCA2kwggNlMB0GA1UdDgQWBBRhtUO4
u2qoCEb7GzizvRP3tPCOyjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0VDRUY1Q0U2
Q0ExQzExRURBNjk0RTI4NkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIHyBggrBgEFBQcBBwEB
/wSB4jCB3zCBzQQCAAEwgcYDBAIr5NwDBAIr+OwDBAIr+TQDBAItcwQDBAMtd4gD
BAItfTwDBAJnDWgDBAJnJHwDBAJnLsADBAJnL6gDBAJnL+wDBANnO8ADBAJnSVwD
BAJnVigDBAJnX3gDBAJnfAwDBAFnsKIDBAJnwcQDBAJnxDQDBAJnxXQDBAJnzvgD
BAJn0MgDBAJn1/gDBAJn2FgDBABn8wQDBAJn+HQDBAJ0zLwDBAKJO/ADBAKdd3wD
BAKdd9gDBAKvb4QDBALSEFADBALcnqAwDQQCAAIwBwMFACQEQ0AwDQYJKoZIhvcN
AQELBQADggEBAKZ0pUQSgFoerT4Y8zKKgxskAIyTFwOwb4Tn3o/U4/nhjTYhWRh7
R+szGRKsf8tVkfoiQ/G4IV8sQsuCD04t14JMfE5tm8ugWuOkG3zpKBwYL/ljl/69
rBwcPFCuD9NoADgHqCv0+AoKV8qE0lhcQ+zn7sTtXX8R7xPQkDetPJ2Q7q+Mpb1p
MZe5tqeFxguDeOhsoiDPEkml2KUt2DOCrQ2hbvjS23a5NWCgWyuqDfUdd9ZCG85n
vmiqM611oDvGE0RUF8a6KB7L5gZUgRpjUp/QMfIGKrFn2ABaLByYFrLlawQ1befy
1JJrnBWJplIvD3prXzl01NRgUAEYfCEDbBg=
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:51:48 2025 by rpki-client