Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C08EE/53C678D6430011ED840B3357C4F9AE02/CA954EAA47EC11EE8A738D61C4F9AE02.roa
File: CA954EAA47EC11EE8A738D61C4F9AE02.roa (raw, json)
Hash identifier: iO+E0yWj4nuXZ1Fjw2Fh/3tsJtRB9WSyje2lJim2aTM=
Subject key identifier: DF:7D:50:82:BA:81:07:79:81:E0:16:D0:C4:AB:1A:C6:0B:B3:94:1E
Certificate issuer: /CN=A91C08EE/serialNumber=158B96664FB1C9AEEEB3D28707F877FE237B02DC
Certificate serial: 018C
Authority key identifier: 15:8B:96:66:4F:B1:C9:AE:EE:B3:D2:87:07:F8:77:FE:23:7B:02:DC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FYuWZk-xya7us9KHB_h3_iN7Atw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C08EE/53C678D6430011ED840B3357C4F9AE02/CA954EAA47EC11EE8A738D61C4F9AE02.roa
Signing time: Thu 29 Aug 2024 03:46:01 +0000
ROA not before: Thu 29 Aug 2024 03:46:01 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 150177
IP address blocks: 103.203.88.0/24 maxlen: 24
2001:df1:2ec0::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 11 Nov 2024 10:04:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 396 (0x18c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C08EE/serialNumber=158B96664FB1C9AEEEB3D28707F877FE237B02DC
Validity
Not Before: Aug 29 03:46:01 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=66cfeef9-db98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:16:e5:5b:0f:fe:23:68:fb:bd:8d:40:dd:94:
ad:c3:47:79:0d:b4:b7:3c:b2:97:35:69:c8:b8:d5:
04:67:40:93:d2:51:e3:b2:c4:58:d5:f8:82:8e:60:
83:af:64:6e:62:cc:bc:25:52:2d:ec:77:96:f3:59:
dd:c9:e5:00:c5:1a:cc:b5:02:23:03:87:73:17:85:
5c:ca:3e:d7:cd:aa:3f:b0:d0:bf:8d:b7:33:42:3a:
f0:61:00:54:ba:bc:71:14:e8:dc:27:c5:d1:5c:e4:
2b:40:78:91:66:f4:f4:34:58:ce:4b:b9:6b:81:c7:
b2:a3:f2:bd:a5:99:91:c0:e9:25:5d:fa:f9:09:6d:
e1:74:16:05:c7:25:e2:20:2b:ff:50:46:3c:ee:6d:
f9:85:2c:2b:5d:db:20:ce:4b:03:6f:68:19:90:16:
c8:ff:65:6a:09:03:8d:4b:e7:aa:cb:6a:d3:12:1e:
26:f3:fa:84:5f:00:49:30:13:24:05:ee:47:74:75:
4a:ee:3e:c9:0a:e9:6b:49:82:dc:08:a6:84:34:b4:
4b:4d:30:97:3d:1f:1a:1d:b0:e2:3d:b6:64:a4:2e:
73:7a:91:ba:42:a3:ad:a8:28:c8:73:a9:c8:db:0c:
69:a5:5b:72:01:4b:3d:89:26:4c:03:39:d1:ae:d6:
90:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:7D:50:82:BA:81:07:79:81:E0:16:D0:C4:AB:1A:C6:0B:B3:94:1E
X509v3 Authority Key Identifier:
keyid:15:8B:96:66:4F:B1:C9:AE:EE:B3:D2:87:07:F8:77:FE:23:7B:02:DC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C08EE/53C678D6430011ED840B3357C4F9AE02/FYuWZk-xya7us9KHB_h3_iN7Atw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FYuWZk-xya7us9KHB_h3_iN7Atw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C08EE/53C678D6430011ED840B3357C4F9AE02/CA954EAA47EC11EE8A738D61C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.203.88.0/24
IPv6:
2001:df1:2ec0::/48
Signature Algorithm: sha256WithRSAEncryption
7d:85:78:14:85:76:c9:33:01:53:06:e4:b4:7f:20:49:6c:16:
5f:14:4c:27:f6:e4:29:10:b2:21:02:8b:07:15:f8:8f:45:3d:
31:3d:09:98:b0:cd:63:3c:e2:e7:88:3e:78:82:57:a9:ef:39:
1c:bb:0e:48:50:da:6d:19:75:2f:5c:77:87:90:01:93:3d:91:
dc:68:63:1d:e1:35:04:f9:cd:e9:7e:1d:71:7c:30:81:1b:bb:
68:2a:23:f6:74:aa:d9:dd:b6:68:ba:e9:4c:80:9a:ed:3c:dd:
3e:88:7d:60:5b:15:40:83:29:f2:e0:83:6d:24:21:f6:3e:c7:
8c:83:dc:26:1e:0e:2d:97:87:16:f2:15:40:76:a9:44:79:78:
fc:54:e4:10:8d:51:f1:1f:14:03:b3:78:9d:7d:a7:d1:ef:55:
d7:09:22:b1:50:d5:a9:f3:25:ff:1e:e4:16:dc:85:c4:76:8a:
14:e1:91:67:82:25:56:b8:5e:5f:18:a5:34:a4:1b:97:db:58:
f0:22:9a:10:84:ed:64:f7:30:a9:f7:49:1e:e5:c0:c3:ff:d6:
4f:2a:6b:fc:d6:74:f5:f1:2b:77:de:1f:42:32:80:d9:6c:0d:
cc:b4:20:48:80:71:88:fd:5c:9f:b0:9c:61:de:7f:d8:7a:84:
2d:99:31:ec
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAYwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzA4RUUxMTAvBgNVBAUTKDE1OEI5NjY2NEZCMUM5QUVFRUIzRDI4NzA3Rjg3N0ZF
MjM3QjAyREMwHhcNMjQwODI5MDM0NjAxWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmNmZWVmOS1kYjk4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5hblWw/+I2j7vY1A3ZStw0d5DbS3PLKXNWnIuNUEZ0CT0lHjssRY1fiCjmCD
r2RuYsy8JVIt7HeW81ndyeUAxRrMtQIjA4dzF4Vcyj7Xzao/sNC/jbczQjrwYQBU
urxxFOjcJ8XRXOQrQHiRZvT0NFjOS7lrgceyo/K9pZmRwOklXfr5CW3hdBYFxyXi
ICv/UEY87m35hSwrXdsgzksDb2gZkBbI/2VqCQONS+eqy2rTEh4m8/qEXwBJMBMk
Be5HdHVK7j7JCulrSYLcCKaENLRLTTCXPR8aHbDiPbZkpC5zepG6QqOtqCjIc6nI
2wxppVtyAUs9iSZMAznRrtaQpwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFN99UIK6
gQd5geAW0MSrGsYLs5QeMB8GA1UdIwQYMBaAFBWLlmZPscmu7rPShwf4d/4jewLc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMDhFRS81M0M2NzhENjQz
MDAxMUVEODQwQjMzNTdDNEY5QUUwMi9GWXVXWmsteHlhN3VzOUtIQl9oM19pTjdB
dHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZZdVdaay14eWE3dXM5S0hCX2gzX2lON0F0dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzA4RUUvNTNDNjc4RDY0MzAwMTFFRDg0MEIzMzU3QzRGOUFFMDIvQ0E5NTRFQUE0
N0VDMTFFRThBNzM4RDYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABny1gwDwQCAAIwCQMHACABDfEuwDANBgkqhkiG9w0BAQsF
AAOCAQEAfYV4FIV2yTMBUwbktH8gSWwWXxRMJ/bkKRCyIQKLBxX4j0U9MT0JmLDN
Yzzi54g+eIJXqe85HLsOSFDabRl1L1x3h5ABkz2R3GhjHeE1BPnN6X4dcXwwgRu7
aCoj9nSq2d22aLrpTICa7TzdPoh9YFsVQIMp8uCDbSQh9j7HjIPcJh4OLZeHFvIV
QHapRHl4/FTkEI1R8R8UA7N4nX2n0e9V1wkisVDVqfMl/x7kFtyFxHaKFOGRZ4Il
VrheXxilNKQbl9tY8CKaEITtZPcwqfdJHuXAw//WTypr/NZ09fErd94fQjKA2WwN
zLQgSIBxiP1cn7CcYd5/2HqELZkx7A==
-----END CERTIFICATE-----
Generated at Mon Nov 11 13:29:11 2024 by rpki-client on console-ams.rpki-client.org