Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0425/5FC8AADC06A811EBBDFEB970C4F9AE02/8F4AF01606A911EBB5828C71C4F9AE02.roa
File: 8F4AF01606A911EBB5828C71C4F9AE02.roa (raw, json)
Hash identifier: eM7aF4ymH6aDPZBOyFk/6QJ9vCpU8peuNx+mA0a7hNg=
Subject key identifier: FA:FE:9B:B8:5E:3F:DA:1C:BC:28:3D:CD:97:7D:B8:C0:6E:1F:FD:A8
Certificate issuer: /CN=A91E0425/serialNumber=1549F9494714A8A2D704FDE9A0463BBC34B5F4E0
Certificate serial: 0698
Authority key identifier: 15:49:F9:49:47:14:A8:A2:D7:04:FD:E9:A0:46:3B:BC:34:B5:F4:E0
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FUn5SUcUqKLXBP3poEY7vDS19OA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E0425/5FC8AADC06A811EBBDFEB970C4F9AE02/8F4AF01606A911EBB5828C71C4F9AE02.roa
Signing time: Thu 28 Dec 2023 22:40:50 +0000
ROA not before: Thu 28 Dec 2023 22:40:50 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 55720
IP address blocks: 103.253.108.0/24 maxlen: 24
103.253.109.0/24 maxlen: 24
103.253.110.0/24 maxlen: 24
103.253.111.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 23 Oct 2024 07:08:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1688 (0x698)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E0425/serialNumber=1549F9494714A8A2D704FDE9A0463BBC34B5F4E0
Validity
Not Before: Dec 28 22:40:50 2023 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=658df972-f685
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:9c:29:d7:52:27:d5:84:a8:84:55:b2:c9:b6:
b8:f2:36:2f:b7:7e:e3:70:00:c7:28:91:d5:61:64:
fb:71:2a:a2:f6:b9:dd:79:41:f0:7b:d4:ed:1e:24:
21:3c:d1:7c:ab:b9:56:fb:57:ca:33:32:20:da:05:
dc:d8:22:6a:0e:39:ea:91:98:ff:4a:52:60:68:57:
2f:8c:b2:10:94:87:d6:e2:a2:51:bd:94:1b:f8:52:
b5:bc:3a:79:61:93:dd:e8:3f:01:f1:71:0a:82:19:
ba:a0:60:6c:5b:1e:77:b7:cd:e5:82:b1:56:37:41:
c7:fc:63:d9:b1:7e:b6:a0:71:82:1c:a8:d8:ec:58:
ce:61:60:50:a1:87:aa:fc:6a:aa:4d:f5:4e:85:92:
7f:9f:cc:db:e4:e8:e7:44:db:dd:36:ad:76:55:48:
22:78:b4:90:6a:29:24:58:06:6b:3d:f7:83:97:84:
30:be:8f:45:ae:92:ea:4a:ff:21:27:99:ac:a1:5f:
0a:2c:6e:af:f3:e9:51:87:26:2f:04:08:4c:03:98:
67:8d:e1:ad:2d:98:f2:f8:4c:3e:e8:33:24:a1:3e:
6a:0f:d5:5d:a6:6f:cc:5d:e1:e5:7f:fd:20:57:d8:
20:2b:96:f4:60:3b:6a:16:4b:5a:77:9c:29:91:3c:
1b:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:FE:9B:B8:5E:3F:DA:1C:BC:28:3D:CD:97:7D:B8:C0:6E:1F:FD:A8
X509v3 Authority Key Identifier:
keyid:15:49:F9:49:47:14:A8:A2:D7:04:FD:E9:A0:46:3B:BC:34:B5:F4:E0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E0425/5FC8AADC06A811EBBDFEB970C4F9AE02/FUn5SUcUqKLXBP3poEY7vDS19OA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FUn5SUcUqKLXBP3poEY7vDS19OA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0425/5FC8AADC06A811EBBDFEB970C4F9AE02/8F4AF01606A911EBB5828C71C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.253.108.0/22
Signature Algorithm: sha256WithRSAEncryption
30:0a:d8:95:83:86:7e:c4:03:81:f8:69:1f:06:a5:33:a0:d9:
72:91:79:0a:c0:86:57:cc:71:cb:87:0c:a3:56:7b:c7:cc:f9:
46:d2:b5:49:a2:fd:8c:9c:a1:e2:f7:a9:12:ea:81:09:11:7f:
85:9a:0e:bc:00:c8:a9:11:65:d5:8c:cc:20:d6:1e:46:58:ac:
34:54:56:65:4c:96:e3:43:b4:26:d1:dd:dc:f2:3f:22:8f:f3:
ec:31:77:09:97:e5:6f:f6:e9:c7:5d:18:36:f3:96:d3:1b:4d:
95:57:af:61:5c:b6:01:ec:32:83:ef:4c:0a:09:c2:46:df:13:
1e:7f:2e:19:7d:cc:1d:6d:21:55:4c:dc:1d:d9:94:9b:91:93:
80:3c:83:ac:4d:74:7f:7f:78:bf:5e:59:d9:bd:67:5f:75:f8:
66:12:5e:3e:02:4b:e3:8c:98:92:f7:c9:af:1f:a0:df:a2:2d:
b1:03:44:47:7e:9b:3e:e5:97:be:e2:08:70:ca:e4:f0:67:bb:
f0:58:af:11:91:b3:99:9c:73:4e:8c:67:49:9a:e0:24:d2:1c:
ad:5d:6b:3e:ea:53:84:97:73:6c:82:33:c1:3b:21:dd:e1:a4:
d8:f1:d8:bd:ed:ba:c5:87:e0:bc:de:c0:66:74:5b:77:39:2e:
ad:72:e9:38
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBpgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTA0MjUxMTAvBgNVBAUTKDE1NDlGOTQ5NDcxNEE4QTJENzA0RkRFOUEwNDYzQkJD
MzRCNUY0RTAwHhcNMjMxMjI4MjI0MDUwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThkZjk3Mi1mNjg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwpwp11In1YSohFWyyba48jYvt37jcADHKJHVYWT7cSqi9rndeUHwe9TtHiQh
PNF8q7lW+1fKMzIg2gXc2CJqDjnqkZj/SlJgaFcvjLIQlIfW4qJRvZQb+FK1vDp5
YZPd6D8B8XEKghm6oGBsWx53t83lgrFWN0HH/GPZsX62oHGCHKjY7FjOYWBQoYeq
/GqqTfVOhZJ/n8zb5OjnRNvdNq12VUgieLSQaikkWAZrPfeDl4Qwvo9FrpLqSv8h
J5msoV8KLG6v8+lRhyYvBAhMA5hnjeGtLZjy+Ew+6DMkoT5qD9Vdpm/MXeHlf/0g
V9ggK5b0YDtqFktad5wpkTwbqwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPr+m7he
P9ocvCg9zZd9uMBuH/2oMB8GA1UdIwQYMBaAFBVJ+UlHFKii1wT96aBGO7w0tfTg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMDQyNS81RkM4QUFEQzA2
QTgxMUVCQkRGRUI5NzBDNEY5QUUwMi9GVW41U1VjVXFLTFhCUDNwb0VZN3ZEUzE5
T0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZVbjVTVWNVcUtMWEJQM3BvRVk3dkRTMTlPQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTA0MjUvNUZDOEFBREMwNkE4MTFFQkJERkVCOTcwQzRGOUFFMDIvOEY0QUYwMTYw
NkE5MTFFQkI1ODI4QzcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJn/WwwDQYJKoZIhvcNAQELBQADggEBADAK2JWDhn7EA4H4
aR8GpTOg2XKReQrAhlfMccuHDKNWe8fM+UbStUmi/YycoeL3qRLqgQkRf4WaDrwA
yKkRZdWMzCDWHkZYrDRUVmVMluNDtCbR3dzyPyKP8+wxdwmX5W/26cddGDbzltMb
TZVXr2FctgHsMoPvTAoJwkbfEx5/Lhl9zB1tIVVM3B3ZlJuRk4A8g6xNdH9/eL9e
Wdm9Z191+GYSXj4CS+OMmJL3ya8foN+iLbEDREd+mz7ll77iCHDK5PBnu/BYrxGR
s5mcc06MZ0ma4CTSHK1daz7qU4SXc2yCM8E7Id3hpNjx2L3tusWH4LzewGZ0W3c5
Lq1y6Tg=
-----END CERTIFICATE-----
Generated at Wed Oct 23 10:37:17 2024 by rpki-client on console-ams.rpki-client.org