Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D17F2/4C88A7A0FDFE11E9BD667D1FC4F9AE02/3AD41AB212B211EFA3A56838C4F9AE02.roa
File: 3AD41AB212B211EFA3A56838C4F9AE02.roa (raw, json)
Hash identifier: hmpVo4RKfn7VasRGg8KPnL9nY9ddl+9lYQAgqJgslmg=
Subject key identifier: 28:8D:25:DD:F6:FE:36:A3:74:E0:39:9B:96:27:7F:95:21:F8:15:FB
Certificate issuer: /CN=A91D17F2/serialNumber=5486376B05B8A2552329E361BD725C77E1F8D0C9
Certificate serial: 0BF9
Authority key identifier: 54:86:37:6B:05:B8:A2:55:23:29:E3:61:BD:72:5C:77:E1:F8:D0:C9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VIY3awW4olUjKeNhvXJcd-H40Mk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D17F2/4C88A7A0FDFE11E9BD667D1FC4F9AE02/3AD41AB212B211EFA3A56838C4F9AE02.roa
Signing time: Wed 15 May 2024 11:59:58 +0000
ROA not before: Wed 15 May 2024 11:59:57 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 397373
IP address blocks: 59.152.60.0/24 maxlen: 24
59.152.61.0/24 maxlen: 24
59.152.62.0/24 maxlen: 24
59.152.63.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 16 May 2024 12:36:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3065 (0xbf9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D17F2/serialNumber=5486376B05B8A2552329E361BD725C77E1F8D0C9
Validity
Not Before: May 15 11:59:57 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=6644a3bd-c16a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:18:f6:36:76:47:2b:57:f7:70:c5:d6:e4:c5:
6c:3e:46:39:50:2a:e0:bb:a1:65:bd:49:7a:04:20:
b2:66:d2:2f:f7:4a:43:61:c3:2f:d6:1f:01:ce:8e:
f8:6e:e4:7c:2e:76:26:fb:ba:c2:fa:23:49:69:e0:
11:3d:b5:4f:ee:b5:c8:43:a0:c5:98:7a:93:38:9a:
7e:d1:81:6d:24:e8:61:f6:8e:d3:19:96:ed:e3:1a:
79:dc:db:56:b8:e6:c0:e5:bc:62:ae:01:89:75:1e:
0d:3b:1d:41:63:44:96:9f:58:71:8c:94:ff:0a:94:
76:64:bd:1b:a0:67:4d:f3:53:ca:35:11:e8:40:e6:
42:fd:c9:76:59:7d:0c:03:94:e6:ad:8f:7a:cd:84:
17:53:45:49:83:24:a8:64:29:43:18:92:8b:77:1e:
4d:42:fa:9e:f1:dc:df:15:b8:e3:bb:8a:f5:c6:33:
d2:51:58:d8:6d:ed:c5:77:2b:b5:5e:72:e0:3f:bd:
34:39:6d:3a:1f:7e:15:78:0f:16:a4:2c:27:c2:bf:
eb:89:6f:43:e0:7e:a0:a0:7d:9e:c0:19:85:f8:a6:
c6:49:fd:d5:6f:82:fd:b5:6e:48:6a:45:94:e1:f3:
13:49:75:8c:e0:ef:5b:17:1f:25:72:03:e2:aa:5c:
bb:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:8D:25:DD:F6:FE:36:A3:74:E0:39:9B:96:27:7F:95:21:F8:15:FB
X509v3 Authority Key Identifier:
keyid:54:86:37:6B:05:B8:A2:55:23:29:E3:61:BD:72:5C:77:E1:F8:D0:C9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D17F2/4C88A7A0FDFE11E9BD667D1FC4F9AE02/VIY3awW4olUjKeNhvXJcd-H40Mk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VIY3awW4olUjKeNhvXJcd-H40Mk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D17F2/4C88A7A0FDFE11E9BD667D1FC4F9AE02/3AD41AB212B211EFA3A56838C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.152.60.0/22
Signature Algorithm: sha256WithRSAEncryption
a6:d8:d9:ee:16:aa:98:ce:03:a3:78:4a:12:b3:2f:0b:c1:fc:
99:7b:cf:89:c9:ec:82:d7:86:b1:91:49:46:5c:e8:95:85:f2:
bd:a7:a5:a2:c0:d6:f9:12:f0:93:1d:17:67:2b:4e:2b:f1:a6:
8b:f9:83:ee:d1:e5:b3:cc:de:43:e7:b4:86:b8:04:d4:51:9a:
d4:e4:e6:4a:fa:fa:16:e3:d3:c5:6a:c2:84:13:88:44:97:9a:
65:5a:da:ac:50:39:f3:33:b2:38:4e:52:c3:e4:f4:86:31:74:
0a:82:14:7e:29:20:3e:32:9c:f9:15:19:9f:71:0d:ca:9c:bb:
d2:0d:26:c4:7a:67:a0:df:e9:98:c6:44:c7:0a:c9:9c:29:99:
d5:ab:68:22:66:6d:5a:1e:07:a8:9e:c9:72:40:00:95:18:53:
b1:50:50:0a:af:fc:9e:fc:41:2d:55:a2:1f:99:ae:36:81:14:
23:84:24:a8:2a:42:fb:85:3e:1c:c7:1f:f2:67:cf:ad:76:bf:
df:a6:de:96:97:c5:34:69:4a:b4:6f:66:a2:50:94:74:0f:d1:
21:41:c4:e9:af:3f:5b:1d:f4:7b:a9:fa:0f:f1:25:bb:b2:07:
29:0b:06:32:40:b9:f4:b9:33:e9:5e:59:ff:84:23:3d:e8:9f:
72:41:0c:aa
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICC/kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDE3RjIxMTAvBgNVBAUTKDU0ODYzNzZCMDVCOEEyNTUyMzI5RTM2MUJENzI1Qzc3
RTFGOEQwQzkwHhcNMjQwNTE1MTE1OTU3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQ0YTNiZC1jMTZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqBj2NnZHK1f3cMXW5MVsPkY5UCrgu6FlvUl6BCCyZtIv90pDYcMv1h8Bzo74
buR8LnYm+7rC+iNJaeARPbVP7rXIQ6DFmHqTOJp+0YFtJOhh9o7TGZbt4xp53NtW
uObA5bxirgGJdR4NOx1BY0SWn1hxjJT/CpR2ZL0boGdN81PKNRHoQOZC/cl2WX0M
A5TmrY96zYQXU0VJgySoZClDGJKLdx5NQvqe8dzfFbjju4r1xjPSUVjYbe3Fdyu1
XnLgP700OW06H34VeA8WpCwnwr/riW9D4H6goH2ewBmF+KbGSf3Vb4L9tW5IakWU
4fMTSXWM4O9bFx8lcgPiqly7TQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCiNJd32
/jajdOA5m5Ynf5Uh+BX7MB8GA1UdIwQYMBaAFFSGN2sFuKJVIynjYb1yXHfh+NDJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMTdGMi80Qzg4QTdBMEZE
RkUxMUU5QkQ2NjdEMUZDNEY5QUUwMi9WSVkzYXdXNG9sVWpLZU5odlhKY2QtSDQw
TWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZJWTNhd1c0b2xVaktlTmh2WEpjZC1INDBNay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDE3RjIvNEM4OEE3QTBGREZFMTFFOUJENjY3RDFGQzRGOUFFMDIvM0FENDFBQjIx
MkIyMTFFRkEzQTU2ODM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAI7mDwwDQYJKoZIhvcNAQELBQADggEBAKbY2e4WqpjOA6N4
ShKzLwvB/Jl7z4nJ7ILXhrGRSUZc6JWF8r2npaLA1vkS8JMdF2crTivxpov5g+7R
5bPM3kPntIa4BNRRmtTk5kr6+hbj08VqwoQTiESXmmVa2qxQOfMzsjhOUsPk9IYx
dAqCFH4pID4ynPkVGZ9xDcqcu9INJsR6Z6Df6ZjGRMcKyZwpmdWraCJmbVoeB6ie
yXJAAJUYU7FQUAqv/J78QS1Voh+ZrjaBFCOEJKgqQvuFPhzHH/Jnz612v9+m3paX
xTRpSrRvZqJQlHQP0SFBxOmvP1sd9Hup+g/xJbuyBykLBjJAufS5M+leWf+EIz3o
n3JBDKo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org