Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/C977D594FB6311E999847F4DC4F9AE02.roa
File: C977D594FB6311E999847F4DC4F9AE02.roa (raw, json)
Hash identifier: 9vLiUsksiEG122Xgr4X/Panv+eQk4afncqdCgDZyKCM=
Subject key identifier: 7E:0A:20:78:A8:22:77:36:6F:BF:82:A2:FC:20:07:EA:AC:EA:02:B9
Certificate issuer: /CN=A919D6BB/serialNumber=3753728E54F09A48513DFFD2FA71804411FCDB20
Certificate serial: 0B58
Authority key identifier: 37:53:72:8E:54:F0:9A:48:51:3D:FF:D2:FA:71:80:44:11:FC:DB:20
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N1NyjlTwmkhRPf_S-nGARBH82yA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/C977D594FB6311E999847F4DC4F9AE02.roa
Signing time: Fri 20 Oct 2023 19:07:19 +0000
ROA not before: Fri 20 Oct 2023 19:07:19 +0000
ROA not after: Fri 31 Jan 2025 00:00:00 +0000
asID: 134525
IP address blocks: 103.2.88.0/24 maxlen: 24
202.1.171.0/24 maxlen: 24
202.1.179.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 03 May 2024 05:19:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2904 (0xb58)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919D6BB/serialNumber=3753728E54F09A48513DFFD2FA71804411FCDB20
Validity
Not Before: Oct 20 19:07:19 2023 GMT
Not After : Jan 31 00:00:00 2025 GMT
Subject: CN=6532cfe7-e3d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:9a:5c:ba:e2:08:b3:33:b4:72:1c:a1:00:c1:
bb:f2:8b:8e:b4:1d:ca:fe:08:40:ee:1d:9f:31:c0:
a7:3b:40:f1:76:db:ee:c0:13:a0:08:d2:cc:01:5d:
78:ac:8d:e6:f0:da:16:6b:06:bf:48:87:b5:cf:b9:
14:d9:9e:51:19:a4:04:cd:a5:4c:be:16:8e:95:fe:
08:cd:4e:ab:03:17:0d:c5:2d:c8:37:a3:31:c4:2d:
ce:78:d0:53:17:1f:d5:d4:f1:94:dc:2f:0e:00:d6:
59:5a:54:4c:87:1b:08:ae:9e:8b:00:b2:bd:36:16:
41:b7:03:25:53:9a:d7:b9:ca:3a:6f:d4:3b:ed:98:
8c:48:0f:9d:50:38:c9:f2:2d:77:cf:ad:fd:72:16:
fb:86:dc:50:1e:0a:1a:44:60:95:2c:62:d5:88:bf:
2f:d0:6b:23:68:0b:57:88:39:9d:b5:94:55:d1:7b:
13:7e:db:d9:54:04:4f:15:3a:15:11:52:ea:2c:72:
d2:6a:33:f2:78:24:e7:28:0b:e2:51:e4:ed:4b:5f:
f6:e2:2a:92:c5:6d:a4:cd:1d:42:6a:da:d2:83:5e:
c6:c5:6a:50:f9:af:13:9c:ce:46:1c:a8:d2:0c:f8:
29:ba:22:58:6d:cf:ee:40:43:48:03:c0:13:a4:66:
e3:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:0A:20:78:A8:22:77:36:6F:BF:82:A2:FC:20:07:EA:AC:EA:02:B9
X509v3 Authority Key Identifier:
keyid:37:53:72:8E:54:F0:9A:48:51:3D:FF:D2:FA:71:80:44:11:FC:DB:20
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/N1NyjlTwmkhRPf_S-nGARBH82yA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N1NyjlTwmkhRPf_S-nGARBH82yA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/C977D594FB6311E999847F4DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.2.88.0/24
202.1.171.0/24
202.1.179.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:46:89:5b:fb:bb:87:e4:02:c7:08:10:70:a9:5e:9f:4a:77:
a7:26:cf:64:b5:f7:c5:d8:29:48:74:45:24:85:85:82:68:9d:
18:05:48:ba:23:43:ed:a4:4d:4c:d1:8f:c2:1e:67:b1:b6:5d:
57:41:f2:a9:28:81:0e:33:53:45:90:d8:97:52:da:4a:74:50:
39:22:75:93:6f:c6:7f:d8:a3:76:27:f4:49:e3:9e:0b:a4:ff:
16:91:d8:61:f6:40:f9:d7:cb:c7:7e:97:29:10:8f:f9:42:0d:
ef:19:0d:6a:b8:db:1e:08:6b:e2:ee:7e:1b:b7:b3:15:45:9d:
fd:44:f1:4d:2a:36:e5:e6:c3:05:01:23:c7:e5:08:0f:64:da:
05:a1:53:33:43:12:cf:a0:20:19:a3:b1:d7:0e:ed:70:5f:ec:
b0:d5:46:03:86:e2:8a:b4:30:48:fb:17:4f:9f:f7:5d:27:60:
fd:fa:59:2d:12:a2:b7:6d:78:6c:86:d9:b6:64:5e:6e:a7:bc:
73:3a:0b:b6:98:e5:41:06:ef:91:20:33:87:6c:37:62:82:91:
44:34:7b:bc:d8:70:c8:61:cc:e3:5c:b7:d2:e4:e7:20:f8:07:
9e:05:9b:63:2f:a9:dd:7d:3f:44:0f:0b:75:cc:a6:75:d5:c3:
4e:a5:b5:61
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICC1gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUQ2QkIxMTAvBgNVBAUTKDM3NTM3MjhFNTRGMDlBNDg1MTNERkZEMkZBNzE4MDQ0
MTFGQ0RCMjAwHhcNMjMxMDIwMTkwNzE5WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTMyY2ZlNy1lM2Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ZpcuuIIszO0chyhAMG78ouOtB3K/ghA7h2fMcCnO0DxdtvuwBOgCNLMAV14
rI3m8NoWawa/SIe1z7kU2Z5RGaQEzaVMvhaOlf4IzU6rAxcNxS3IN6MxxC3OeNBT
Fx/V1PGU3C8OANZZWlRMhxsIrp6LALK9NhZBtwMlU5rXuco6b9Q77ZiMSA+dUDjJ
8i13z639chb7htxQHgoaRGCVLGLViL8v0GsjaAtXiDmdtZRV0XsTftvZVARPFToV
EVLqLHLSajPyeCTnKAviUeTtS1/24iqSxW2kzR1CatrSg17GxWpQ+a8TnM5GHKjS
DPgpuiJYbc/uQENIA8ATpGbj7QIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFH4KIHio
Inc2b7+CovwgB+qs6gK5MB8GA1UdIwQYMBaAFDdTco5U8JpIUT3/0vpxgEQR/Nsg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RDZCQi8zQUIwRjc2QUZC
NjIxMUU5QTgyQjM5NEFDNEY5QUUwMi9OMU55amxUd21raFJQZl9TLW5HQVJCSDgy
eUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL04xTnlqbFR3bWtoUlBmX1MtbkdBUkJIODJ5QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUQ2QkIvM0FCMEY3NkFGQjYyMTFFOUE4MkIzOTRBQzRGOUFFMDIvQzk3N0Q1OTRG
QjYzMTFFOTk5ODQ3RjREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABnAlgDBADKAasDBADKAbMwDQYJKoZIhvcNAQELBQADggEB
AG9GiVv7u4fkAscIEHCpXp9Kd6cmz2S198XYKUh0RSSFhYJonRgFSLojQ+2kTUzR
j8IeZ7G2XVdB8qkogQ4zU0WQ2JdS2kp0UDkidZNvxn/Yo3Yn9Enjnguk/xaR2GH2
QPnXy8d+lykQj/lCDe8ZDWq42x4Ia+Lufhu3sxVFnf1E8U0qNuXmwwUBI8flCA9k
2gWhUzNDEs+gIBmjsdcO7XBf7LDVRgOG4oq0MEj7F0+f910nYP36WS0SordteGyG
2bZkXm6nvHM6C7aY5UEG75EgM4dsN2KCkUQ0e7zYcMhhzONct9Lk5yD4B54Fm2Mv
qd19P0QPC3XMpnXVw06ltWE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:49 2024 by rpki-client on console-ams.rpki-client.org