Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1A4E/A49B4D7437C611EA9D96AE51C4F9AE02/524BC24680CA11EE8853A44EC4F9AE02.roa
File: 524BC24680CA11EE8853A44EC4F9AE02.roa (raw, json)
Hash identifier: XOzpsB44+bx6O2IVEEOGM2J0T+pjKsGmIFq7S7voc7Y=
Subject key identifier: 0F:76:ED:C0:0F:94:3A:16:15:AA:E4:D4:92:DD:14:1E:41:FB:E7:E8
Certificate issuer: /CN=A91C1A4E/serialNumber=A921635C7493F21CD26093D5903510802F4E3586
Certificate serial: 0A7B
Authority key identifier: A9:21:63:5C:74:93:F2:1C:D2:60:93:D5:90:35:10:80:2F:4E:35:86
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qSFjXHST8hzSYJPVkDUQgC9ONYY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C1A4E/A49B4D7437C611EA9D96AE51C4F9AE02/524BC24680CA11EE8853A44EC4F9AE02.roa
Signing time: Fri 16 Feb 2024 20:28:39 +0000
ROA not before: Fri 16 Feb 2024 20:28:39 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 138585
IP address blocks: 103.133.210.0/24 maxlen: 24
2404:53c0::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 05 Apr 2024 11:27:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2683 (0xa7b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C1A4E/serialNumber=A921635C7493F21CD26093D5903510802F4E3586
Validity
Not Before: Feb 16 20:28:39 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=65cfc577-7371
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:da:63:88:67:bd:4f:df:4b:7d:8d:c0:b7:8c:
3f:95:d8:54:e5:a9:0b:24:e2:35:ee:6d:37:3c:1f:
4a:ef:8c:f6:13:a6:d2:59:ab:17:59:33:0a:fd:3a:
85:e7:12:e8:8a:ec:4c:a6:7b:46:14:95:fa:88:3d:
28:d4:09:52:d9:b8:52:24:8d:82:f0:4f:4b:9d:3c:
43:d0:aa:95:46:f5:2d:bb:3c:6c:f4:9d:6a:81:ee:
bc:d1:4a:fe:fa:18:41:fc:a5:b0:5a:09:a7:7d:8c:
03:80:38:55:5f:4b:f7:49:b4:ad:68:fe:7a:65:bf:
b8:49:1b:5b:07:12:a7:83:fe:5f:1e:67:77:de:fa:
db:b6:c5:b5:20:d8:e0:f8:3a:04:62:5b:17:81:c3:
7d:23:42:ee:28:ae:40:00:34:37:ed:57:53:59:79:
c3:d5:ac:0c:d6:1d:9c:d8:26:82:da:95:63:67:a8:
a7:52:76:51:17:ab:81:c9:a9:10:50:7c:a6:14:63:
91:e2:4d:7a:fa:0a:0b:7f:c2:a7:c1:f1:69:2a:ca:
69:6c:6a:81:67:5a:6b:1c:ae:5e:99:25:5d:41:e2:
57:27:2d:b1:aa:ed:0d:9e:2e:c7:6d:bc:3d:3f:2d:
bf:d5:66:46:65:ae:63:77:4e:68:6b:bf:1b:4e:9c:
56:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:76:ED:C0:0F:94:3A:16:15:AA:E4:D4:92:DD:14:1E:41:FB:E7:E8
X509v3 Authority Key Identifier:
keyid:A9:21:63:5C:74:93:F2:1C:D2:60:93:D5:90:35:10:80:2F:4E:35:86
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C1A4E/A49B4D7437C611EA9D96AE51C4F9AE02/qSFjXHST8hzSYJPVkDUQgC9ONYY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qSFjXHST8hzSYJPVkDUQgC9ONYY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1A4E/A49B4D7437C611EA9D96AE51C4F9AE02/524BC24680CA11EE8853A44EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.133.210.0/24
IPv6:
2404:53c0::/32
Signature Algorithm: sha256WithRSAEncryption
97:ad:fe:e7:94:a7:db:48:36:f5:ce:bf:34:ce:14:0a:37:87:
ff:2c:ff:33:14:f8:f9:f0:1d:14:4f:e1:fd:22:30:d7:9e:f1:
60:bb:58:9e:8e:45:a9:6f:f8:8c:db:fe:e7:db:8b:8d:36:d7:
4b:f1:f3:fa:25:47:f4:ef:62:fe:53:c3:54:2a:cc:98:01:5e:
eb:82:1b:b7:a5:70:c8:d8:63:81:bb:1b:7f:ac:bc:f4:3b:96:
c9:c3:03:72:23:e1:99:4d:d0:3d:44:f7:c4:a7:19:c8:d3:18:
28:ed:b6:93:38:a7:42:9c:df:98:f3:82:91:89:7d:e7:68:9a:
93:44:1a:2b:45:c9:36:d6:c5:77:27:39:d6:5b:91:14:f3:92:
8c:29:fe:09:6f:ee:9b:63:04:64:e5:80:f8:bc:b1:5a:b4:e5:
cc:94:bd:8f:15:97:63:b4:23:68:3c:1d:a6:18:ad:23:55:da:
76:bc:30:b2:09:7a:84:f5:ba:38:a4:11:a5:af:38:22:a9:c3:
80:d7:a0:93:49:54:f9:2b:42:8f:41:c1:1c:e9:71:0c:81:ad:
83:b6:af:cc:f0:ab:d2:35:a7:5b:72:86:ab:1d:ac:fe:4d:8c:
81:5c:e4:b9:4c:fc:9a:13:a3:17:72:02:98:3e:9f:e8:ea:42:
d9:1a:51:02
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCnswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzFBNEUxMTAvBgNVBAUTKEE5MjE2MzVDNzQ5M0YyMUNEMjYwOTNENTkwMzUxMDgw
MkY0RTM1ODYwHhcNMjQwMjE2MjAyODM5WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWNmYzU3Ny03MzcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu9pjiGe9T99LfY3At4w/ldhU5akLJOI17m03PB9K74z2E6bSWasXWTMK/TqF
5xLoiuxMpntGFJX6iD0o1AlS2bhSJI2C8E9LnTxD0KqVRvUtuzxs9J1qge680Ur+
+hhB/KWwWgmnfYwDgDhVX0v3SbStaP56Zb+4SRtbBxKng/5fHmd33vrbtsW1INjg
+DoEYlsXgcN9I0LuKK5AADQ37VdTWXnD1awM1h2c2CaC2pVjZ6inUnZRF6uByakQ
UHymFGOR4k16+goLf8KnwfFpKsppbGqBZ1prHK5emSVdQeJXJy2xqu0Nni7Hbbw9
Py2/1WZGZa5jd05oa78bTpxWvQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFA927cAP
lDoWFark1JLdFB5B++foMB8GA1UdIwQYMBaAFKkhY1x0k/Ic0mCT1ZA1EIAvTjWG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMUE0RS9BNDlCNEQ3NDM3
QzYxMUVBOUQ5NkFFNTFDNEY5QUUwMi9xU0ZqWEhTVDhoelNZSlBWa0RVUWdDOU9O
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FTRmpYSFNUOGh6U1lKUFZrRFVRZ0M5T05ZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzFBNEUvQTQ5QjRENzQzN0M2MTFFQTlEOTZBRTUxQzRGOUFFMDIvNTI0QkMyNDY4
MENBMTFFRTg4NTNBNDRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBABnhdIwDQQCAAIwBwMFACQEU8AwDQYJKoZIhvcNAQELBQAD
ggEBAJet/ueUp9tINvXOvzTOFAo3h/8s/zMU+PnwHRRP4f0iMNee8WC7WJ6ORalv
+Izb/ufbi40210vx8/olR/TvYv5Tw1QqzJgBXuuCG7elcMjYY4G7G3+svPQ7lsnD
A3Ij4ZlN0D1E98SnGcjTGCjttpM4p0Kc35jzgpGJfedompNEGitFyTbWxXcnOdZb
kRTzkowp/glv7ptjBGTlgPi8sVq05cyUvY8Vl2O0I2g8HaYYrSNV2na8MLIJeoT1
ujikEaWvOCKpw4DXoJNJVPkrQo9BwRzpcQyBrYO2r8zwq9I1p1tyhqsdrP5NjIFc
5LlM/JoToxdyApg+n+jqQtkaUQI=
-----END CERTIFICATE-----
Generated at Fri Apr 5 15:45:30 2024 by rpki-client on console-fra.rpki-client.org