Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EE09C/EEF762C0907511EE87D26680C4F9AE02/4E09E264D3F711EEB3B14125C4F9AE02.roa
File: 4E09E264D3F711EEB3B14125C4F9AE02.roa (raw, json)
Hash identifier: ZHpevyv0ZW8E1Lmrg0tJrLvdfaj0sTVL7DDMQJKjkxA=
Subject key identifier: B5:EB:74:55:9A:67:A4:AB:BD:45:BE:5F:6F:F3:B9:BE:FA:8A:35:60
Certificate issuer: /CN=A91EE09C/serialNumber=3C69B9B601D2C9F2A3915A6FFBCA3DAD62E99245
Certificate serial: 3E
Authority key identifier: 3C:69:B9:B6:01:D2:C9:F2:A3:91:5A:6F:FB:CA:3D:AD:62:E9:92:45
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PGm5tgHSyfKjkVpv-8o9rWLpkkU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EE09C/EEF762C0907511EE87D26680C4F9AE02/4E09E264D3F711EEB3B14125C4F9AE02.roa
Signing time: Wed 28 Feb 2024 14:01:09 +0000
ROA not before: Wed 28 Feb 2024 14:01:09 +0000
ROA not after: Fri 31 Jan 2025 00:00:00 +0000
asID: 151987
IP address blocks: 203.99.144.0/24 maxlen: 24
203.99.145.0/24 maxlen: 24
2001:df3:18c0::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 06 Mar 2024 12:34:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 62 (0x3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EE09C/serialNumber=3C69B9B601D2C9F2A3915A6FFBCA3DAD62E99245
Validity
Not Before: Feb 28 14:01:09 2024 GMT
Not After : Jan 31 00:00:00 2025 GMT
Subject: CN=65df3ca5-49bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:8c:9e:65:9e:ee:25:02:9c:35:af:88:0a:1a:
d4:2e:80:96:64:12:f9:ee:64:26:6a:a6:cd:5c:03:
cc:ac:33:b0:83:00:cb:12:b4:e2:9e:19:24:f4:1b:
8c:7e:9e:74:00:0f:d7:7f:70:4f:1e:d6:cc:81:54:
1f:79:69:74:7d:fa:94:19:4e:b3:9c:ff:9c:c7:78:
d8:8c:7e:94:54:e9:a0:ad:5d:b0:86:eb:20:58:1e:
58:f0:28:c8:4a:b4:ec:ca:06:fd:4a:88:d6:28:7c:
95:91:10:a8:55:9d:4a:63:81:66:f8:47:aa:34:02:
83:9c:62:25:18:93:ea:f5:56:a7:28:d7:e9:82:22:
f8:34:62:24:bd:d5:d7:d0:4f:b8:22:c1:5a:a9:e9:
75:75:49:ef:25:74:89:ee:3e:5c:ab:90:aa:cb:c9:
aa:56:a9:dc:2b:b7:4b:53:0c:7b:50:cd:d0:ea:60:
21:38:15:cc:24:38:ef:d7:6c:a9:5a:b1:c1:87:b4:
d6:42:c2:bc:97:c2:66:c9:8c:6f:b1:6d:42:df:43:
68:f5:f3:5a:8c:ac:1c:4f:1a:31:a1:71:94:34:e7:
88:99:b7:fb:37:86:14:a2:f2:dc:82:be:70:43:95:
ac:01:f6:37:26:f6:97:97:64:c0:d3:78:6f:5c:bf:
70:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:EB:74:55:9A:67:A4:AB:BD:45:BE:5F:6F:F3:B9:BE:FA:8A:35:60
X509v3 Authority Key Identifier:
keyid:3C:69:B9:B6:01:D2:C9:F2:A3:91:5A:6F:FB:CA:3D:AD:62:E9:92:45
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EE09C/EEF762C0907511EE87D26680C4F9AE02/PGm5tgHSyfKjkVpv-8o9rWLpkkU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PGm5tgHSyfKjkVpv-8o9rWLpkkU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EE09C/EEF762C0907511EE87D26680C4F9AE02/4E09E264D3F711EEB3B14125C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.99.144.0/23
IPv6:
2001:df3:18c0::/48
Signature Algorithm: sha256WithRSAEncryption
73:cb:69:4f:9e:ad:ca:af:c1:48:52:1a:ef:60:e1:16:e1:a5:
e0:20:30:6d:7a:ec:c6:b5:44:70:78:2b:47:50:a5:1e:9d:fb:
b3:92:3e:49:96:c4:22:94:4d:9c:6b:10:09:c5:04:dc:c7:ff:
c3:79:cf:bb:f1:dc:f8:b1:5f:23:d1:9e:6a:4c:e7:2c:29:ed:
40:cb:8c:d9:39:94:03:63:7e:8e:b0:16:75:ee:cc:9f:49:82:
95:dc:28:39:7e:64:0d:ed:b1:bc:cc:6c:93:cb:9a:40:11:2d:
06:b4:c4:3f:24:bc:60:82:79:94:6b:f4:61:d0:bc:eb:e3:4c:
9c:66:36:ea:f0:e9:0f:12:40:96:6e:ac:fa:8b:7f:62:a1:e6:
7c:67:d6:6b:bd:09:e9:9f:11:e3:ca:1a:ed:7e:93:8f:c3:d3:
29:ff:2e:44:73:82:bc:a9:e2:c2:b6:22:57:7d:3c:25:e4:ce:
2b:04:c3:b5:cc:d3:33:d5:a5:20:53:92:d6:6f:31:ee:e9:c9:
4c:9b:b1:56:78:99:d3:98:fe:47:35:a7:c0:87:89:e9:78:ad:
17:70:45:30:d4:73:24:b2:03:cd:07:ba:c4:c9:36:2c:18:6d:
57:28:87:99:71:58:34:fa:e6:22:e0:5d:3e:40:64:09:07:1e:
03:55:00:52
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBPjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
RTA5QzExMC8GA1UEBRMoM0M2OUI5QjYwMUQyQzlGMkEzOTE1QTZGRkJDQTNEQUQ2
MkU5OTI0NTAeFw0yNDAyMjgxNDAxMDlaFw0yNTAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZGYzY2E1LTQ5YmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCjjJ5lnu4lApw1r4gKGtQugJZkEvnuZCZqps1cA8ysM7CDAMsStOKeGST0G4x+
nnQAD9d/cE8e1syBVB95aXR9+pQZTrOc/5zHeNiMfpRU6aCtXbCG6yBYHljwKMhK
tOzKBv1KiNYofJWREKhVnUpjgWb4R6o0AoOcYiUYk+r1Vqco1+mCIvg0YiS91dfQ
T7giwVqp6XV1Se8ldInuPlyrkKrLyapWqdwrt0tTDHtQzdDqYCE4FcwkOO/XbKla
scGHtNZCwryXwmbJjG+xbULfQ2j181qMrBxPGjGhcZQ054iZt/s3hhSi8tyCvnBD
lawB9jcm9peXZMDTeG9cv3DrAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUtet0VZpn
pKu9Rb5fb/O5vvqKNWAwHwYDVR0jBBgwFoAUPGm5tgHSyfKjkVpv+8o9rWLpkkUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUVFMDlDL0VFRjc2MkMwOTA3
NTExRUU4N0QyNjY4MEM0RjlBRTAyL1BHbTV0Z0hTeWZLamtWcHYtOG85cldMcGtr
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUEdtNXRnSFN5Zktqa1Zwdi04bzlyV0xwa2tVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
RTA5Qy9FRUY3NjJDMDkwNzUxMUVFODdEMjY2ODBDNEY5QUUwMi80RTA5RTI2NEQz
RjcxMUVFQjNCMTQxMjVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEActjkDAPBAIAAjAJAwcAIAEN8xjAMA0GCSqGSIb3DQEBCwUA
A4IBAQBzy2lPnq3Kr8FIUhrvYOEW4aXgIDBteuzGtURweCtHUKUenfuzkj5JlsQi
lE2caxAJxQTcx//Dec+78dz4sV8j0Z5qTOcsKe1Ay4zZOZQDY36OsBZ17syfSYKV
3Cg5fmQN7bG8zGyTy5pAES0GtMQ/JLxggnmUa/Rh0Lzr40ycZjbq8OkPEkCWbqz6
i39ioeZ8Z9ZrvQnpnxHjyhrtfpOPw9Mp/y5Ec4K8qeLCtiJXfTwl5M4rBMO1zNMz
1aUgU5LWbzHu6clMm7FWeJnTmP5HNafAh4npeK0XcEUw1HMksgPNB7rEyTYsGG1X
KIeZcVg0+uYi4F0+QGQJBx4DVQBS
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:47 2024 by rpki-client on console-fra.rpki-client.org