Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B2472/E62B735A481911EFB8BE4534C4F9AE02/3D1CCBF0481A11EFA8EC5869C4F9AE02.roa
File: 3D1CCBF0481A11EFA8EC5869C4F9AE02.roa (raw, json)
Hash identifier: iH80c0M61oGWSI2CjZok5t9DwDMeQX6ObDPSnQn2mw0=
Subject key identifier: 4F:85:F7:B8:FE:43:1B:8A:0B:61:E6:45:6A:92:51:F8:CE:4A:49:B2
Certificate issuer: /CN=A91B2472/serialNumber=9E513ACC4D7B90014A867FB52AF89229E00BA4AC
Certificate serial: 02
Authority key identifier: 9E:51:3A:CC:4D:7B:90:01:4A:86:7F:B5:2A:F8:92:29:E0:0B:A4:AC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nlE6zE17kAFKhn-1KviSKeALpKw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B2472/E62B735A481911EFB8BE4534C4F9AE02/3D1CCBF0481A11EFA8EC5869C4F9AE02.roa
Signing time: Mon 22 Jul 2024 11:05:00 +0000
ROA not before: Mon 22 Jul 2024 11:05:00 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 18199
IP address blocks: 202.37.68.0/24 maxlen: 24
202.37.167.0/24 maxlen: 24
202.50.240.0/24 maxlen: 24
202.169.192.0/19 maxlen: 24
2403:de00::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 23 Jul 2024 04:57:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B2472/serialNumber=9E513ACC4D7B90014A867FB52AF89229E00BA4AC
Validity
Not Before: Jul 22 11:05:00 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=669e3cdc-c1ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:ef:67:89:4b:48:3f:3c:b1:a5:50:11:65:f9:
f2:aa:d4:59:8a:ed:74:ba:5e:b8:cd:26:00:6c:67:
51:97:b5:44:65:f3:c6:19:6b:a0:3d:0f:b8:fc:d0:
c7:22:4f:75:fa:4b:70:13:5a:6a:69:46:d4:e5:96:
1a:38:53:b6:93:f2:22:57:e5:10:ce:a0:2d:d5:f4:
ae:19:2e:48:bf:29:8f:7e:52:51:9f:d8:4c:6c:e7:
0e:04:94:35:db:2f:5c:f8:9a:ad:b6:6b:c5:c8:8a:
78:d6:e9:44:c0:b7:b4:af:2d:25:45:d9:bf:78:09:
ed:40:f6:1d:c0:07:39:c4:e2:b2:3f:7c:0d:cd:6d:
6a:e3:ff:ba:61:38:28:0c:71:93:bb:e7:cb:55:76:
aa:0e:6a:67:3f:51:87:24:25:ff:ed:d0:07:f4:da:
1c:ef:ab:00:f6:a3:77:b3:5d:0b:74:af:03:8d:93:
dc:44:8d:c4:de:c3:9d:8e:6a:40:88:1e:b4:65:44:
00:78:de:2f:4b:97:93:ed:f0:a5:aa:72:85:58:a4:
09:2b:32:d9:50:2a:b2:ab:9a:21:de:cc:dd:4d:21:
46:bd:45:1d:09:23:c4:a1:9f:fe:9a:9a:5c:ed:55:
39:c3:47:fc:36:d4:91:5a:fd:46:4c:c4:36:11:c2:
9b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:85:F7:B8:FE:43:1B:8A:0B:61:E6:45:6A:92:51:F8:CE:4A:49:B2
X509v3 Authority Key Identifier:
keyid:9E:51:3A:CC:4D:7B:90:01:4A:86:7F:B5:2A:F8:92:29:E0:0B:A4:AC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B2472/E62B735A481911EFB8BE4534C4F9AE02/nlE6zE17kAFKhn-1KviSKeALpKw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nlE6zE17kAFKhn-1KviSKeALpKw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B2472/E62B735A481911EFB8BE4534C4F9AE02/3D1CCBF0481A11EFA8EC5869C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.37.68.0/24
202.37.167.0/24
202.50.240.0/24
202.169.192.0/19
IPv6:
2403:de00::/32
Signature Algorithm: sha256WithRSAEncryption
1b:56:ff:e4:07:f9:48:9f:e8:4c:64:42:13:db:bb:c0:d7:e7:
7c:74:25:5a:8a:b2:6e:d3:fa:d2:36:96:a1:90:47:b3:24:32:
91:9c:63:6e:16:ac:57:4e:61:d1:a2:8c:dd:65:3b:54:e2:8c:
4e:b4:35:69:bd:58:33:f3:10:66:11:18:51:9c:30:b3:4d:b7:
e9:fa:a6:99:26:3b:0a:76:f5:69:39:72:f0:b0:2c:4a:e7:fa:
63:f8:64:9e:a7:1b:6b:5b:c7:68:f9:c7:fd:dd:ff:52:28:de:
33:92:93:69:c3:29:1b:c5:d3:f2:a1:dc:0e:b4:31:24:ba:52:
5c:b3:b5:69:03:c4:76:0e:6d:e4:42:43:18:39:0e:cd:10:fb:
c2:da:47:40:54:9a:da:cd:3a:bf:bd:6d:1c:7c:eb:05:46:fb:
1b:49:7d:f4:98:10:80:80:2f:37:58:f7:a8:81:02:fa:48:8b:
2d:3a:f8:89:54:43:9c:88:66:cc:77:41:f9:a1:05:54:53:ae:
59:13:4a:b6:88:75:1e:b7:4d:f4:86:eb:30:fa:64:35:1b:dc:
a5:63:28:f6:df:65:c7:02:f5:46:f5:11:35:39:3a:ab:41:c6:
36:a9:4b:ed:ae:17:ce:51:b0:0d:2c:7e:19:a2:f3:eb:58:8c:
ee:0b:14:e5
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
MjQ3MjExMC8GA1UEBRMoOUU1MTNBQ0M0RDdCOTAwMTRBODY3RkI1MkFGODkyMjlF
MDBCQTRBQzAeFw0yNDA3MjIxMTA1MDBaFw0yNTEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OWUzY2RjLWMxY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDk72eJS0g/PLGlUBFl+fKq1FmK7XS6XrjNJgBsZ1GXtURl88YZa6A9D7j80Mci
T3X6S3ATWmppRtTllho4U7aT8iJX5RDOoC3V9K4ZLki/KY9+UlGf2Exs5w4ElDXb
L1z4mq22a8XIinjW6UTAt7SvLSVF2b94Ce1A9h3ABznE4rI/fA3NbWrj/7phOCgM
cZO758tVdqoOamc/UYckJf/t0Af02hzvqwD2o3ezXQt0rwONk9xEjcTew52OakCI
HrRlRAB43i9Ll5Pt8KWqcoVYpAkrMtlQKrKrmiHezN1NIUa9RR0JI8Shn/6amlzt
VTnDR/w21JFa/UZMxDYRwpv9AgMBAAGjggK2MIICsjAdBgNVHQ4EFgQUT4X3uP5D
G4oLYeZFapJR+M5KSbIwHwYDVR0jBBgwFoAUnlE6zE17kAFKhn+1KviSKeALpKww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUIyNDcyL0U2MkI3MzVBNDgx
OTExRUZCOEJFNDUzNEM0RjlBRTAyL25sRTZ6RTE3a0FGS2huLTFLdmlTS2VBTHBL
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvbmxFNnpFMTdrQUZLaG4tMUt2aVNLZUFMcEt3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
MjQ3Mi9FNjJCNzM1QTQ4MTkxMUVGQjhCRTQ1MzRDNEY5QUUwMi8zRDFDQ0JGMDQ4
MUExMUVGQThFQzU4NjlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAMolRAMEAMolpwMEAMoy8AMEBcqpwDANBAIAAjAHAwUAJAPe
ADANBgkqhkiG9w0BAQsFAAOCAQEAG1b/5Af5SJ/oTGRCE9u7wNfnfHQlWoqybtP6
0jaWoZBHsyQykZxjbhasV05h0aKM3WU7VOKMTrQ1ab1YM/MQZhEYUZwws0236fqm
mSY7Cnb1aTly8LAsSuf6Y/hknqcba1vHaPnH/d3/UijeM5KTacMpG8XT8qHcDrQx
JLpSXLO1aQPEdg5t5EJDGDkOzRD7wtpHQFSa2s06v71tHHzrBUb7G0l99JgQgIAv
N1j3qIEC+kiLLTr4iVRDnIhmzHdB+aEFVFOuWRNKtoh1HrdN9IbrMPpkNRvcpWMo
9t9lxwL1RvURNTk6q0HGNqlL7a4XzlGwDSx+GaLz61iM7gsU5Q==
-----END CERTIFICATE-----
Generated at Tue Jul 23 07:10:28 2024 by rpki-client on console-ams.rpki-client.org