Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0D87/F683CEF221EB11EC92501819C4F9AE02/05CB9E7C21F011ECBA678C1DC4F9AE02.roa
File: 05CB9E7C21F011ECBA678C1DC4F9AE02.roa (raw, json)
Hash identifier: +9ZUIefRwBlPsm2FtFg2SuHe8cuLMLULz+kIpXH0GsU=
Subject key identifier: E1:59:E5:FF:EF:CE:2F:99:36:82:06:3A:55:54:AD:4F:D7:1D:DF:B9
Certificate issuer: /CN=A91E0D87/serialNumber=725FD977CE734BBA9933F2943DC26939FA0608A7
Certificate serial: 03D1
Authority key identifier: 72:5F:D9:77:CE:73:4B:BA:99:33:F2:94:3D:C2:69:39:FA:06:08:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cl_Zd85zS7qZM_KUPcJpOfoGCKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E0D87/F683CEF221EB11EC92501819C4F9AE02/05CB9E7C21F011ECBA678C1DC4F9AE02.roa
Signing time: Fri 29 Dec 2023 01:43:33 +0000
ROA not before: Fri 29 Dec 2023 01:43:32 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 64071
IP address blocks: 103.204.20.0/24 maxlen: 24
103.204.21.0/24 maxlen: 24
103.204.22.0/24 maxlen: 24
103.204.23.0/24 maxlen: 24
2001:df7:e400::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 01 Oct 2024 10:52:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 977 (0x3d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E0D87/serialNumber=725FD977CE734BBA9933F2943DC26939FA0608A7
Validity
Not Before: Dec 29 01:43:32 2023 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=658e2444-949f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:e6:09:88:b5:99:fa:a6:54:4b:aa:1b:ee:b0:
75:35:3a:69:96:83:13:3d:94:d1:03:3a:35:e5:10:
a4:08:a1:be:2c:37:4c:05:1e:5b:10:b7:2e:ac:da:
d3:3f:54:d9:e0:00:e8:9a:5b:b5:73:88:2b:cd:d3:
24:c5:7f:a9:27:5e:d1:5a:d7:bd:d1:72:4d:e4:02:
63:04:c2:4c:85:41:48:92:86:e1:1e:22:41:07:f3:
15:85:4b:37:cd:2f:0e:02:18:57:b4:64:f1:e0:56:
73:2a:c6:da:0b:20:17:58:6e:01:51:b8:0a:01:4f:
ff:d1:97:17:1b:6c:28:5e:f6:22:d0:e2:98:b5:60:
f7:f0:fa:cd:62:e5:65:dd:c6:67:c1:ba:8f:21:5b:
72:8f:0b:a0:17:91:7c:9a:00:45:a3:f6:55:5a:dc:
a4:fb:00:0f:ff:09:59:a0:07:3e:f8:dc:51:cd:73:
ec:1a:ce:f0:5b:ca:2f:02:00:19:7b:68:8e:89:9a:
bb:d3:2f:9b:b8:fe:65:82:ee:52:e7:b0:6f:06:d1:
ce:98:48:86:cd:47:af:ec:27:8d:bf:c4:19:af:db:
87:04:d8:10:5d:04:d4:ed:28:78:d6:32:ab:e5:0d:
a4:e3:30:f4:c5:2a:4f:a1:e6:13:5f:a9:83:45:ca:
0b:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:59:E5:FF:EF:CE:2F:99:36:82:06:3A:55:54:AD:4F:D7:1D:DF:B9
X509v3 Authority Key Identifier:
keyid:72:5F:D9:77:CE:73:4B:BA:99:33:F2:94:3D:C2:69:39:FA:06:08:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E0D87/F683CEF221EB11EC92501819C4F9AE02/cl_Zd85zS7qZM_KUPcJpOfoGCKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cl_Zd85zS7qZM_KUPcJpOfoGCKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0D87/F683CEF221EB11EC92501819C4F9AE02/05CB9E7C21F011ECBA678C1DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.204.20.0/22
IPv6:
2001:df7:e400::/48
Signature Algorithm: sha256WithRSAEncryption
10:16:a4:ed:51:52:3f:8f:22:e4:f7:cf:ca:c9:b7:9d:6e:1d:
9c:8b:16:2f:be:2f:5d:68:f6:c4:69:4c:96:e3:29:3c:f3:83:
28:c2:3b:03:51:26:03:ed:68:6c:13:86:38:15:78:2f:b5:6f:
1b:4a:1b:bf:cd:ad:33:22:2a:de:95:3c:a0:d9:9e:e2:8e:cb:
2c:fb:e2:61:f8:3d:45:3f:0d:cf:e9:ae:70:e9:6e:2c:bc:2a:
30:ab:6c:99:b4:13:8f:5d:4c:44:1c:7a:17:c5:6a:19:f5:60:
16:16:f5:69:e8:ae:e7:91:82:67:f2:6b:cd:c3:d8:9c:8f:f9:
07:2c:10:76:d5:a6:a4:b2:93:8a:5a:07:b6:53:7b:2c:15:0f:
bf:10:a3:ed:5e:6e:37:30:bd:54:85:21:b5:75:d5:6b:33:2e:
52:5e:0d:8f:47:a1:1a:26:85:aa:95:16:af:5c:f1:96:50:0e:
59:01:a5:23:68:79:a4:a0:70:4f:e6:a9:95:6e:fc:ed:f5:28:
92:c9:9f:77:02:fd:51:fe:df:f8:9a:25:49:6b:35:bf:ba:67:
42:d9:d9:f7:44:50:0d:db:c6:e2:2b:4f:ba:d4:2d:bb:b5:f4:
f5:59:45:be:d1:85:3e:b7:6f:ca:f7:67:1f:c3:a9:fc:cd:bf:
a2:0e:b7:e2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICA9EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTBEODcxMTAvBgNVBAUTKDcyNUZEOTc3Q0U3MzRCQkE5OTMzRjI5NDNEQzI2OTM5
RkEwNjA4QTcwHhcNMjMxMjI5MDE0MzMyWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThlMjQ0NC05NDlmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzeYJiLWZ+qZUS6ob7rB1NTpploMTPZTRAzo15RCkCKG+LDdMBR5bELcurNrT
P1TZ4ADomlu1c4grzdMkxX+pJ17RWte90XJN5AJjBMJMhUFIkobhHiJBB/MVhUs3
zS8OAhhXtGTx4FZzKsbaCyAXWG4BUbgKAU//0ZcXG2woXvYi0OKYtWD38PrNYuVl
3cZnwbqPIVtyjwugF5F8mgBFo/ZVWtyk+wAP/wlZoAc++NxRzXPsGs7wW8ovAgAZ
e2iOiZq70y+buP5lgu5S57BvBtHOmEiGzUev7CeNv8QZr9uHBNgQXQTU7Sh41jKr
5Q2k4zD0xSpPoeYTX6mDRcoL9QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFOFZ5f/v
zi+ZNoIGOlVUrU/XHd+5MB8GA1UdIwQYMBaAFHJf2XfOc0u6mTPylD3CaTn6Bgin
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMEQ4Ny9GNjgzQ0VGMjIx
RUIxMUVDOTI1MDE4MTlDNEY5QUUwMi9jbF9aZDg1elM3cVpNX0tVUGNKcE9mb0dD
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NsX1pkODV6UzdxWk1fS1VQY0pwT2ZvR0NLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTBEODcvRjY4M0NFRjIyMUVCMTFFQzkyNTAxODE5QzRGOUFFMDIvMDVDQjlFN0My
MUYwMTFFQ0JBNjc4QzFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJnzBQwDwQCAAIwCQMHACABDffkADANBgkqhkiG9w0BAQsF
AAOCAQEAEBak7VFSP48i5PfPysm3nW4dnIsWL74vXWj2xGlMluMpPPODKMI7A1Em
A+1obBOGOBV4L7VvG0obv82tMyIq3pU8oNme4o7LLPviYfg9RT8Nz+mucOluLLwq
MKtsmbQTj11MRBx6F8VqGfVgFhb1aeiu55GCZ/JrzcPYnI/5BywQdtWmpLKTiloH
tlN7LBUPvxCj7V5uNzC9VIUhtXXVazMuUl4Nj0ehGiaFqpUWr1zxllAOWQGlI2h5
pKBwT+aplW787fUoksmfdwL9Uf7f+JolSWs1v7pnQtnZ90RQDdvG4itPutQtu7X0
9VlFvtGFPrdvyvdnH8Op/M2/og634g==
-----END CERTIFICATE-----
Generated at Tue Oct 1 13:52:15 2024 by rpki-client on console-fra.rpki-client.org