Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9114EF6/8DAE05A0D0D411EFBCD5123EC4F9AE02/CDC36D44D0E611EF93AE8B77C4F9AE02.roa
File: CDC36D44D0E611EF93AE8B77C4F9AE02.roa (raw, json)
Hash identifier: o8Vc+mrBF4RRWJQIzjk0Ha5ll8USPDBYPw4Vse1gatg=
Subject key identifier: EB:0A:A0:6D:CE:18:4F:77:F1:84:F5:8D:13:84:A7:29:EF:A2:86:47
Certificate issuer: /CN=A9114EF6/serialNumber=AF461D57A90A335B2FA77A7AAEC16734954923B1
Certificate serial: 09
Authority key identifier: AF:46:1D:57:A9:0A:33:5B:2F:A7:7A:7A:AE:C1:67:34:95:49:23:B1
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/r0YdV6kKM1svp3p6rsFnNJVJI7E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9114EF6/8DAE05A0D0D411EFBCD5123EC4F9AE02/CDC36D44D0E611EF93AE8B77C4F9AE02.roa
Signing time: Sun 12 Jan 2025 13:12:43 +0000
ROA not before: Sun 12 Jan 2025 13:12:43 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 153491
IP address blocks: 161.248.120.0/23 maxlen: 23
161.248.120.0/24 maxlen: 24
161.248.121.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 13 Jan 2025 04:11:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9114EF6
Validity
Not Before: Jan 12 13:12:43 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=6783bfcb-89da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:52:ac:ef:9a:44:fa:53:c2:0f:e0:98:de:b9:
a8:50:60:2f:7d:64:1b:fe:1c:c5:cb:06:e1:12:e4:
44:8d:59:b3:d7:e6:03:4c:c5:66:45:ab:85:67:4b:
6e:59:f5:db:8c:da:df:df:b4:d6:76:56:86:c1:ad:
fa:f5:02:a4:6e:7a:ff:30:e3:3b:11:e0:b7:85:bc:
8e:54:67:db:6f:5b:0f:cc:6c:24:df:8f:d5:ad:84:
30:1d:3e:fe:e6:3a:5c:f9:6f:fa:7a:42:1b:b0:bc:
ab:61:15:5f:b2:81:ad:ea:ca:1b:b1:2d:26:e8:52:
e2:1f:8f:cf:90:48:3c:eb:be:76:c5:30:85:7b:8b:
6b:de:1a:99:e7:3e:bb:77:02:eb:20:f0:45:4f:79:
d9:55:e1:7f:dd:e3:e2:a3:2f:2f:27:a8:f8:e8:a7:
04:f9:f4:d0:ab:7b:43:89:34:80:e4:4a:be:08:e2:
f5:3e:25:95:5d:16:d8:c1:a2:09:3f:d1:25:7f:00:
2c:65:ee:29:3b:29:af:2f:7c:e2:20:91:3c:0c:15:
80:b6:ab:dc:e1:16:ba:eb:1a:f3:9e:e6:fb:60:e7:
10:79:b8:4a:26:23:5f:dd:2d:aa:26:a6:fb:8a:92:
b9:79:34:3b:7a:1d:48:1e:11:d0:89:75:0e:25:2e:
7f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:0A:A0:6D:CE:18:4F:77:F1:84:F5:8D:13:84:A7:29:EF:A2:86:47
X509v3 Authority Key Identifier:
keyid:AF:46:1D:57:A9:0A:33:5B:2F:A7:7A:7A:AE:C1:67:34:95:49:23:B1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9114EF6/8DAE05A0D0D411EFBCD5123EC4F9AE02/r0YdV6kKM1svp3p6rsFnNJVJI7E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/r0YdV6kKM1svp3p6rsFnNJVJI7E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9114EF6/8DAE05A0D0D411EFBCD5123EC4F9AE02/CDC36D44D0E611EF93AE8B77C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
161.248.120.0/23
Signature Algorithm: sha256WithRSAEncryption
45:3c:ea:2e:2e:4f:8e:74:08:8a:d2:a5:da:7b:c8:5c:94:56:
64:82:fd:41:79:6b:29:26:42:03:33:68:f7:8d:0a:be:29:08:
0c:ec:9d:ea:7a:58:24:d6:93:a3:ec:36:ba:3e:a2:91:93:f0:
95:d9:54:bd:71:85:b7:13:90:11:1b:33:3e:76:ec:7c:d3:a2:
42:da:5a:2c:9c:25:ff:20:dd:74:69:da:b9:0c:4d:e2:12:01:
0e:ac:ce:12:0a:d4:71:1c:f3:63:ec:3f:28:7b:4c:3d:7f:64:
d5:ad:0d:31:fe:bc:5f:05:7c:22:36:36:14:11:26:88:64:31:
97:56:41:f6:59:34:7e:25:68:83:d5:d1:3e:2c:f6:5e:c7:4d:
d4:bb:69:a9:fc:ec:c1:b5:b8:d1:12:2d:cc:c9:8b:bf:67:61:
30:ed:4a:d4:54:86:93:4c:2f:d3:30:9b:e3:ab:23:32:be:98:
e6:14:2f:98:ee:23:af:db:e0:35:fa:5c:61:9e:f1:d7:6a:6d:
2a:5e:bf:3f:9f:54:1d:b3:22:de:9d:42:1f:8b:9c:0b:71:e5:
f8:35:ee:d2:7d:f3:02:cf:4b:8e:64:bf:92:a0:7b:ee:54:82:
39:6b:38:51:1e:46:9a:bf:ff:42:bc:8d:2a:77:f2:8d:50:0e:
f0:b0:69:eb
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBCTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
NEVGNjExMC8GA1UEBRMoQUY0NjFENTdBOTBBMzM1QjJGQTc3QTdBQUVDMTY3MzQ5
NTQ5MjNCMTAeFw0yNTAxMTIxMzEyNDNaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3ODNiZmNiLTg5ZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDjUqzvmkT6U8IP4JjeuahQYC99ZBv+HMXLBuES5ESNWbPX5gNMxWZFq4VnS25Z
9duM2t/ftNZ2VobBrfr1AqRuev8w4zsR4LeFvI5UZ9tvWw/MbCTfj9WthDAdPv7m
Olz5b/p6QhuwvKthFV+yga3qyhuxLSboUuIfj8+QSDzrvnbFMIV7i2veGpnnPrt3
Ausg8EVPedlV4X/d4+KjLy8nqPjopwT59NCre0OJNIDkSr4I4vU+JZVdFtjBogk/
0SV/ACxl7ik7Ka8vfOIgkTwMFYC2q9zhFrrrGvOe5vtg5xB5uEomI1/dLaompvuK
krl5NDt6HUgeEdCJdQ4lLn/1AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU6wqgbc4Y
T3fxhPWNE4SnKe+ihkcwHwYDVR0jBBgwFoAUr0YdV6kKM1svp3p6rsFnNJVJI7Ew
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTE0RUY2LzhEQUUwNUEwRDBE
NDExRUZCQ0Q1MTIzRUM0RjlBRTAyL3IwWWRWNmtLTTFzdnAzcDZyc0ZuTkpWSkk3
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvcjBZZFY2a0tNMXN2cDNwNnJzRm5OSlZKSTdFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
NEVGNi84REFFMDVBMEQwRDQxMUVGQkNENTEyM0VDNEY5QUUwMi9DREMzNkQ0NEQw
RTYxMUVGOTNBRThCNzdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaH4eDANBgkqhkiG9w0BAQsFAAOCAQEARTzqLi5PjnQIitKl
2nvIXJRWZIL9QXlrKSZCAzNo940KvikIDOyd6npYJNaTo+w2uj6ikZPwldlUvXGF
txOQERszPnbsfNOiQtpaLJwl/yDddGnauQxN4hIBDqzOEgrUcRzzY+w/KHtMPX9k
1a0NMf68XwV8IjY2FBEmiGQxl1ZB9lk0fiVog9XRPiz2XsdN1LtpqfzswbW40RIt
zMmLv2dhMO1K1FSGk0wv0zCb46sjMr6Y5hQvmO4jr9vgNfpcYZ7x12ptKl6/P59U
HbMi3p1CH4ucC3Hl+DXu0n3zAs9LjmS/kqB77lSCOWs4UR5Gmr//QryNKnfyjVAO
8LBp6w==
-----END CERTIFICATE-----
Generated at Wed Feb 5 22:47:29 2025 by rpki-client