Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEF41/C75DA132F2FB11EE9FCF764CC4F9AE02/4DFA6ED6F30211EEAB3C7785C4F9AE02.roa
File: 4DFA6ED6F30211EEAB3C7785C4F9AE02.roa (raw, json)
Hash identifier: GVlptDOSbQ9INtyG3feAvCyLqyx3ka+/HbIx2154iLc=
Subject key identifier: BE:4A:52:F8:A9:1B:17:99:F4:1E:8A:F9:B4:2D:D4:F5:93:FC:05:FE
Certificate issuer: /CN=A91DEF41/serialNumber=336DDE7EC3280499964371CAEE2620FBFCACDC98
Certificate serial: 02
Authority key identifier: 33:6D:DE:7E:C3:28:04:99:96:43:71:CA:EE:26:20:FB:FC:AC:DC:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M23efsMoBJmWQ3HK7iYg-_ys3Jg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DEF41/C75DA132F2FB11EE9FCF764CC4F9AE02/4DFA6ED6F30211EEAB3C7785C4F9AE02.roa
Signing time: Fri 05 Apr 2024 04:09:32 +0000
ROA not before: Fri 05 Apr 2024 04:09:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 147295
IP address blocks: 203.170.90.0/24 maxlen: 24
203.170.91.0/24 maxlen: 24
2001:df3:a2c0::/48 maxlen: 48
Validation: Failed, certificate revoked on Sat 06 Apr 2024 03:23:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DEF41/serialNumber=336DDE7EC3280499964371CAEE2620FBFCACDC98
Validity
Not Before: Apr 5 04:09:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=660f797c-876c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:76:55:23:67:81:f3:58:da:8d:17:1e:77:53:
54:de:f3:ce:4c:bd:4f:ca:96:fb:99:8d:71:9d:18:
8a:96:8d:ac:a9:58:d9:03:3f:50:0f:9a:d9:45:93:
53:99:72:03:49:4c:12:90:ca:c2:4f:b4:4f:ea:aa:
0c:a4:c1:0e:4d:69:04:6b:86:9d:7f:68:56:1f:49:
5a:ee:d6:a1:51:33:9f:cb:71:ea:c2:d2:c0:c0:e7:
80:b8:29:6d:67:1c:d9:79:26:52:ce:c1:1f:32:b1:
d7:cd:66:fc:4a:86:15:8a:53:d9:be:1e:be:fc:62:
3c:de:0f:a2:d2:7a:86:a6:67:20:97:d1:69:8e:6a:
b2:97:18:2c:78:a4:a5:75:55:9d:a6:e3:c5:d6:97:
ae:31:24:8e:f6:6f:81:81:37:f2:88:20:b1:2b:cd:
99:2f:2f:1f:bf:83:3d:e3:03:fe:63:9d:25:79:15:
64:f5:7e:2a:f5:77:9b:01:05:b6:99:06:ca:a7:99:
78:ce:0a:ce:87:a8:38:bf:f3:ae:d8:4f:64:54:69:
55:3b:f9:04:f4:21:c3:64:60:bf:bc:a8:96:f4:1e:
ae:c1:1f:d9:3f:f7:37:36:34:0e:e0:1f:92:0d:32:
fb:a7:09:7f:13:b4:33:89:48:57:ce:c6:c3:c7:8a:
ea:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:4A:52:F8:A9:1B:17:99:F4:1E:8A:F9:B4:2D:D4:F5:93:FC:05:FE
X509v3 Authority Key Identifier:
keyid:33:6D:DE:7E:C3:28:04:99:96:43:71:CA:EE:26:20:FB:FC:AC:DC:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DEF41/C75DA132F2FB11EE9FCF764CC4F9AE02/M23efsMoBJmWQ3HK7iYg-_ys3Jg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M23efsMoBJmWQ3HK7iYg-_ys3Jg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEF41/C75DA132F2FB11EE9FCF764CC4F9AE02/4DFA6ED6F30211EEAB3C7785C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.170.90.0/23
IPv6:
2001:df3:a2c0::/48
Signature Algorithm: sha256WithRSAEncryption
4c:06:a0:3a:bc:5a:fc:d3:77:66:a8:df:ea:9c:58:f5:c1:d7:
c9:6f:f4:6b:58:8e:18:8d:d7:cc:e9:f6:81:3f:9f:f8:e1:a7:
6f:68:73:d2:df:bc:b6:52:3e:d5:49:8c:f4:5e:b1:e3:3d:47:
a3:b2:b3:dd:50:fc:e5:b5:9e:4d:31:55:ea:7d:df:60:8f:4a:
9e:36:ae:fb:02:1b:9f:c0:b0:b4:cb:ab:0d:78:ff:4d:8b:b1:
6d:da:8e:91:f2:a6:3f:a8:56:c7:97:b4:8e:32:0e:91:f3:b8:
f2:18:4e:ee:77:7b:14:2c:34:bf:30:9a:19:81:58:34:60:24:
54:a6:c7:a7:4f:26:a1:ec:d2:23:4e:bd:21:89:5e:84:20:7d:
92:1c:cc:4f:ab:dc:aa:87:0a:85:0d:82:56:c1:0c:b0:e8:78:
89:d2:b7:35:bc:43:5a:15:d6:51:9e:bb:b7:09:7d:e0:d1:85:
e5:fa:be:f2:61:23:11:c7:5a:9d:60:74:9b:74:c8:30:83:48:
c5:b9:0e:e8:5b:4f:56:17:f1:49:33:aa:bd:7b:48:2a:d0:f1:
8c:11:b0:d1:78:f6:37:cb:0e:4a:a9:ee:3a:62:e3:ca:13:b2:
8c:51:9b:38:e7:26:b1:49:b8:3e:7f:8c:f8:8f:4c:41:27:6a:
7d:5f:e7:7c
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
RUY0MTExMC8GA1UEBRMoMzM2RERFN0VDMzI4MDQ5OTk2NDM3MUNBRUUyNjIwRkJG
Q0FDREM5ODAeFw0yNDA0MDUwNDA5MzJaFw0yNTA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2MGY3OTdjLTg3NmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAdlUjZ4HzWNqNFx53U1Te885MvU/KlvuZjXGdGIqWjaypWNkDP1APmtlFk1OZ
cgNJTBKQysJPtE/qqgykwQ5NaQRrhp1/aFYfSVru1qFRM5/LcerC0sDA54C4KW1n
HNl5JlLOwR8ysdfNZvxKhhWKU9m+Hr78YjzeD6LSeoamZyCX0WmOarKXGCx4pKV1
VZ2m48XWl64xJI72b4GBN/KIILErzZkvLx+/gz3jA/5jnSV5FWT1fir1d5sBBbaZ
BsqnmXjOCs6HqDi/867YT2RUaVU7+QT0IcNkYL+8qJb0Hq7BH9k/9zc2NA7gH5IN
MvunCX8TtDOJSFfOxsPHiuqtAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUvkpS+Kkb
F5n0Hor5tC3U9ZP8Bf4wHwYDVR0jBBgwFoAUM23efsMoBJmWQ3HK7iYg+/ys3Jgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MURFRjQxL0M3NURBMTMyRjJG
QjExRUU5RkNGNzY0Q0M0RjlBRTAyL00yM2Vmc01vQkptV1EzSEs3aVlnLV95czNK
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTTIzZWZzTW9CSm1XUTNISzdpWWctX3lzM0pnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
RUY0MS9DNzVEQTEzMkYyRkIxMUVFOUZDRjc2NENDNEY5QUUwMi80REZBNkVENkYz
MDIxMUVFQUIzQzc3ODVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAcuqWjAPBAIAAjAJAwcAIAEN86LAMA0GCSqGSIb3DQEBCwUA
A4IBAQBMBqA6vFr803dmqN/qnFj1wdfJb/RrWI4YjdfM6faBP5/44advaHPS37y2
Uj7VSYz0XrHjPUejsrPdUPzltZ5NMVXqfd9gj0qeNq77AhufwLC0y6sNeP9Ni7Ft
2o6R8qY/qFbHl7SOMg6R87jyGE7ud3sULDS/MJoZgVg0YCRUpsenTyah7NIjTr0h
iV6EIH2SHMxPq9yqhwqFDYJWwQyw6HiJ0rc1vENaFdZRnru3CX3g0YXl+r7yYSMR
x1qdYHSbdMgwg0jFuQ7oW09WF/FJM6q9e0gq0PGMEbDRePY3yw5Kqe46YuPKE7KM
UZs45yaxSbg+f4z4j0xBJ2p9X+d8
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:31 2024 by rpki-client on console-ams.rpki-client.org